From 87be52fdc0f4afbd3db181b0c7bd0d18bc49d05f Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Sun, 10 Sep 2023 15:54:34 +0530 Subject: [PATCH 01/25] uc: events to business action --- .vscode/settings.json | 1 + .../uc_events-to-business-actions/main.tf | 120 +++++++++++++++ .../uc_events-to-business-actions/provider.tf | 31 ++++ .../terraform.tfvars | 16 ++ .../variables.tf | 142 ++++++++++++++++++ 5 files changed, 310 insertions(+) create mode 100644 .vscode/settings.json create mode 100644 released/uc_events-to-business-actions/main.tf create mode 100644 released/uc_events-to-business-actions/provider.tf create mode 100644 released/uc_events-to-business-actions/terraform.tfvars create mode 100644 released/uc_events-to-business-actions/variables.tf diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 00000000..9e26dfee --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/released/uc_events-to-business-actions/main.tf b/released/uc_events-to-business-actions/main.tf new file mode 100644 index 00000000..0c9d2487 --- /dev/null +++ b/released/uc_events-to-business-actions/main.tf @@ -0,0 +1,120 @@ +############################################################################################### +# Setup of names in accordance to naming convention +############################################################################################### +locals { + random_uuid = uuid() + project_subaccount_domain = "teched23-tf-e2b-actions-${local.random_uuid}" + project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) +} + +############################################################################################### +# Creation of subaccount +############################################################################################### +resource "btp_subaccount" "project" { + name = var.subaccount_name + subdomain = local.project_subaccount_domain + region = lower(var.region) +} + +############################################################################################### +# Assignment of users as sub account administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = btp_subaccount.project.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} + +############################################################################################### +# Assignment of users as sub account service administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { + for_each = toset("${var.subaccount_service_admins}") + subaccount_id = btp_subaccount.project.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} + +###################################################################### +# Creation of Cloud Foundry environment +###################################################################### +module "cloudfoundry_environment" { + source = "../modules/envinstance-cloudfoundry/" + subaccount_id = btp_subaccount.project.id + instance_name = local.project_subaccount_cf_org + plan_name = "standard" + cloudfoundry_org_name = local.project_subaccount_cf_org +} + +###################################################################### +# Creation of Cloud Foundry space +###################################################################### +module "cloudfoundry_space" { + source = "../modules/cloudfoundry-space/" + cf_org_id = module.cloudfoundry_environment.org_id + name = var.cf_space_name + cf_space_managers = var.cf_space_managers + cf_space_developers = var.cf_space_developers + cf_space_auditors = var.cf_space_auditors +} + +###################################################################### +# Add "sleep" resource for generic purposes +###################################################################### +resource "time_sleep" "wait_a_few_seconds" { + create_duration = "30s" +} + +###################################################################### +# Entitlement of all services and apps +###################################################################### +resource "btp_subaccount_entitlement" "name" { + depends_on = [time_sleep.wait_a_few_seconds] + for_each = { + for index, entitlement in var.entitlements : + index => entitlement + } + subaccount_id = btp_subaccount.project.id + service_name = each.value.service_name + plan_name = each.value.plan_name +} + +###################################################################### +# Create service instances (and service keys when needed) +###################################################################### +# hana-cloud +module "create_cf_service_instance_hana_cloud" { + depends_on = [module.cloudfoundry_space, btp_subaccount_entitlement.name, time_sleep.wait_a_few_seconds] + source = "../modules/cloudfoundry-service-instance/" + cf_space_id = module.cloudfoundry_space.id + service_name = "hana-cloud" + plan_name = "hana" + parameters = jsonencode({ "data" : { "memory" : 30, "edition" : "cloud", "systempassword" : "Abcd1234", "whitelistIPs" : ["0.0.0.0/0"] } }) +} + +# privatelink -> Azure details are needed +# module "create_cf_service_instance_01" { +# depends_on = [module.cloudfoundry_space, btp_subaccount_entitlement.name, time_sleep.wait_a_few_seconds] +# source = "../modules/cloudfoundry-service-instance/" +# cf_space_id = module.cloudfoundry_space.id +# service_name = "privatelink" +# plan_name = "standard" +# parameters = null +# } + +###################################################################### +# Create app subscriptions +###################################################################### +resource "btp_subaccount_subscription" "app" { + subaccount_id = btp_subaccount.project.id + for_each = { + for index, entitlement in var.entitlements : + index => entitlement if contains(["app"], entitlement.type) + } + + app_name = each.value.service_name + plan_name = each.value.plan_name + depends_on = [btp_subaccount_entitlement.name] +} + diff --git a/released/uc_events-to-business-actions/provider.tf b/released/uc_events-to-business-actions/provider.tf new file mode 100644 index 00000000..14cb509a --- /dev/null +++ b/released/uc_events-to-business-actions/provider.tf @@ -0,0 +1,31 @@ + +terraform { + required_providers { + btp = { + source = "sap/btp" + version = "0.4.0-beta1" + } + cloudfoundry = { + source = "cloudfoundry-community/cloudfoundry" + version = "0.51.3" + } + } +} + +# Please checkout documentation on how best to authenticate against SAP BTP +# via the Terraform provider for SAP BTP +provider "btp" { + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url +} + +# Get the Cloudfoundry API endpoint +module "cloudfoundry_api" { + source = "../modules/envinstance-cloudfoundry-apiurl" + environment_label = var.cf_environment_label +} + +// Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs +provider "cloudfoundry" { + api_url = module.cloudfoundry_api.api_url +} \ No newline at end of file diff --git a/released/uc_events-to-business-actions/terraform.tfvars b/released/uc_events-to-business-actions/terraform.tfvars new file mode 100644 index 00000000..605d9fd8 --- /dev/null +++ b/released/uc_events-to-business-actions/terraform.tfvars @@ -0,0 +1,16 @@ +################################# +# Project specific configuration +################################# +# Your global account subdomain +globalaccount = "ticoo" +region = "us10" +subaccount_name = "UC - Events to Business Actions" +cf_environment_label = "cf-us10" +cf_space_name = "dev" + +subaccount_admins = ["shanthakumar.krishnaswamy@sap.com"] +subaccount_service_admins = ["m.palavalli@sap.com","shanthakumar.krishnaswamy@sap.com"] + +cf_space_managers = ["m.palavalli@sap.com", "shanthakumar.krishnaswamy@sap.com"] +cf_space_developers = ["m.palavalli@sap.com"] +cf_space_auditors = ["m.palavalli@sap.com"] diff --git a/released/uc_events-to-business-actions/variables.tf b/released/uc_events-to-business-actions/variables.tf new file mode 100644 index 00000000..75b31243 --- /dev/null +++ b/released/uc_events-to-business-actions/variables.tf @@ -0,0 +1,142 @@ +###################################################################### +# Customer account setup +###################################################################### +# subaccount +variable "globalaccount" { + type = string + description = "The globalaccount subdomain." + default = "yourglobalaccount" +} +# subaccount +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "UC - Events to Business Actions" +} +# Region +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "us10" +} +# Cloudfoundry environment label +variable "cf_environment_label" { + type = string + description = "The Cloudfoundry environment label" + default = "cf-us10" +} + +# Cloudfoundry space name +variable "cf_space_name" { + type = string + description = "The Cloudfoundry space name" + default = "dev" +} + +# hana password +variable "hana_cloud_system_password" { + type = string + description = "The system password for the hana_cloud service instance." + default = "Abcd1234" +} + +# CLI server +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cpcli.cf.eu10.hana.ondemand.com" +} + +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_space_managers" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry space managers" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_space_developers" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry space developers" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_space_auditors" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry space auditors" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +### +# Entitlements +### +variable "entitlements" { + type = list(object({ + service_name = string + plan_name = string + type = string + })) + description = "The list of entitlements that shall be added to the subaccount." + default = [ + { + service_name = "connectivity" + plan_name = "lite", + type = "service" + }, + { + service_name = "destination" + plan_name = "lite", + type = "service" + }, + { + service_name = "html5-apps-repo" + plan_name = "app-host", + type = "service" + }, + { + service_name = "sapappstudio" + plan_name = "standard-edition", + type = "app" + }, + { + service_name = "enterprise-messaging" + plan_name = "default", + type = "service" + }, + { + service_name = "enterprise-messaging-hub" + plan_name = "standard", + type = "app" + }, + { + service_name = "privatelink" + plan_name = "standard", + type = "service" + }, + { + service_name = "xsuaa" + plan_name = "application", + type = "service" + }, + { + service_name = "hana" + plan_name = "hdi-shared", + type = "service" + }, + { + service_name = "hana-cloud" + plan_name = "hana", + type = "service" + } + ] +} From 839b422592721cd2c46e659d3bf8ee1e4f977367 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Sun, 10 Sep 2023 16:00:14 +0530 Subject: [PATCH 02/25] Added Readme - UC - Events to Business Actions --- released/uc_events-to-business-actions/README.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 released/uc_events-to-business-actions/README.md diff --git a/released/uc_events-to-business-actions/README.md b/released/uc_events-to-business-actions/README.md new file mode 100644 index 00000000..c4ad4efc --- /dev/null +++ b/released/uc_events-to-business-actions/README.md @@ -0,0 +1,5 @@ +# Use case: Dynamically react to changing business events in your supply chain + +This script is based on the [GitHub repository for the use case of Build Events-to-Business Actions Scenarios with SAP BTP and Microsoft Azure/AWS](https://github.com/SAP-samples/btp-events-to-business-actions-framework/tree/main). + +It uses the [Terraform provider for SAP BTP](https://registry.terraform.io/providers/SAP/btp/latest/docs) to setup the necessary BTP infrastructure for that use case. From 78211fed22c254a86bf639cb8691bf631ddd2bab Mon Sep 17 00:00:00 2001 From: Mahesh Palavalli Date: Sun, 10 Sep 2023 16:03:46 +0530 Subject: [PATCH 03/25] Added the environment variables documentation --- released/uc_events-to-business-actions/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/released/uc_events-to-business-actions/README.md b/released/uc_events-to-business-actions/README.md index c4ad4efc..c3b73d2d 100644 --- a/released/uc_events-to-business-actions/README.md +++ b/released/uc_events-to-business-actions/README.md @@ -3,3 +3,7 @@ This script is based on the [GitHub repository for the use case of Build Events-to-Business Actions Scenarios with SAP BTP and Microsoft Azure/AWS](https://github.com/SAP-samples/btp-events-to-business-actions-framework/tree/main). It uses the [Terraform provider for SAP BTP](https://registry.terraform.io/providers/SAP/btp/latest/docs) to setup the necessary BTP infrastructure for that use case. + +Set environment variables for BTP, CF User Name and Password - "BTP_USERNAME", "BTP_PASSWORD", "CF_USER", "CF_PASSWORD" in terminal before executing terraform scripts +eg: export CF_USER="john.doe@test.com" + From bab3bee0174086903d3dc9f9de578391eab365e3 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Thu, 28 Sep 2023 14:48:12 +0530 Subject: [PATCH 04/25] documentation --- released/uc_events-to-business-actions/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/released/uc_events-to-business-actions/README.md b/released/uc_events-to-business-actions/README.md index c3b73d2d..24bd7226 100644 --- a/released/uc_events-to-business-actions/README.md +++ b/released/uc_events-to-business-actions/README.md @@ -1,6 +1,6 @@ # Use case: Dynamically react to changing business events in your supply chain -This script is based on the [GitHub repository for the use case of Build Events-to-Business Actions Scenarios with SAP BTP and Microsoft Azure/AWS](https://github.com/SAP-samples/btp-events-to-business-actions-framework/tree/main). +This script is based on the [GitHub repository for the use case of Build Events-to-Business Actions Scenarios with SAP BTP and Microsoft Azure/AWS](https://github.com/SAP-samples/btp-events-to-business-actions-framework/tree/main). This is expected to work with SAP Cloud Connector and not for the Private Link. It uses the [Terraform provider for SAP BTP](https://registry.terraform.io/providers/SAP/btp/latest/docs) to setup the necessary BTP infrastructure for that use case. From 59b204726654a015734e9e451a5e68b39f59ce29 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Wed, 4 Oct 2023 10:27:50 +0200 Subject: [PATCH 05/25] Update provider.tf Adapting to the new folder structure. --- released/uc_events-to-business-actions/provider.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/released/uc_events-to-business-actions/provider.tf b/released/uc_events-to-business-actions/provider.tf index 14cb509a..399c7280 100644 --- a/released/uc_events-to-business-actions/provider.tf +++ b/released/uc_events-to-business-actions/provider.tf @@ -3,7 +3,7 @@ terraform { required_providers { btp = { source = "sap/btp" - version = "0.4.0-beta1" + version = "0.5.0-beta1" } cloudfoundry = { source = "cloudfoundry-community/cloudfoundry" @@ -21,11 +21,11 @@ provider "btp" { # Get the Cloudfoundry API endpoint module "cloudfoundry_api" { - source = "../modules/envinstance-cloudfoundry-apiurl" + source = "../../modules/environment/cloudfoundry/envinstance-cf" environment_label = var.cf_environment_label } // Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs provider "cloudfoundry" { api_url = module.cloudfoundry_api.api_url -} \ No newline at end of file +} From 44ae93fd7dc06e95e97fa36b71ba547074158109 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Wed, 4 Oct 2023 10:35:15 +0200 Subject: [PATCH 06/25] Update terraform.tfvars --- .../terraform.tfvars | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/released/uc_events-to-business-actions/terraform.tfvars b/released/uc_events-to-business-actions/terraform.tfvars index 605d9fd8..85b0379b 100644 --- a/released/uc_events-to-business-actions/terraform.tfvars +++ b/released/uc_events-to-business-actions/terraform.tfvars @@ -1,16 +1,19 @@ -################################# -# Project specific configuration -################################# +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ # Your global account subdomain -globalaccount = "ticoo" +globalaccount = "youraccount" region = "us10" -subaccount_name = "UC - Events to Business Actions" +subaccount_name = "Discovery Center mission - build Events-to-Business actions" cf_environment_label = "cf-us10" cf_space_name = "dev" -subaccount_admins = ["shanthakumar.krishnaswamy@sap.com"] -subaccount_service_admins = ["m.palavalli@sap.com","shanthakumar.krishnaswamy@sap.com"] +# ------------------------------------------------------------------------------------------------------ +# Project specific configuration (please adapt!) +# ------------------------------------------------------------------------------------------------------ +subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] -cf_space_managers = ["m.palavalli@sap.com", "shanthakumar.krishnaswamy@sap.com"] -cf_space_developers = ["m.palavalli@sap.com"] -cf_space_auditors = ["m.palavalli@sap.com"] +cf_space_managers = ["jane.doe@test.com", "john.doe@test.com"] +cf_space_developers = ["jane.doe@test.com", "john.doe@test.com"] +cf_space_auditors = ["jane.doe@test.com", "john.doe@test.com"] From 1c50fd0720a054800af8a5a409bb76de362497b9 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Fri, 6 Oct 2023 19:37:24 +0530 Subject: [PATCH 07/25] new structure and btp provider changes --- released/discovery_center/README.md | 61 ++++++++++++++++++- .../mission_4172}/README.md | 0 .../mission_4172}/main.tf | 57 +++++++++-------- .../mission_4172}/provider.tf | 14 ++--- .../mission_4172/samples.tfvars} | 5 +- .../mission_4172}/variables.tf | 32 ++++++++++ 6 files changed, 131 insertions(+), 38 deletions(-) rename released/{uc_events-to-business-actions => discovery_center/mission_4172}/README.md (100%) rename released/{uc_events-to-business-actions => discovery_center/mission_4172}/main.tf (73%) rename released/{uc_events-to-business-actions => discovery_center/mission_4172}/provider.tf (71%) rename released/{uc_events-to-business-actions/terraform.tfvars => discovery_center/mission_4172/samples.tfvars} (84%) rename released/{uc_events-to-business-actions => discovery_center/mission_4172}/variables.tf (82%) diff --git a/released/discovery_center/README.md b/released/discovery_center/README.md index ffdc33bc..e269a394 100644 --- a/released/discovery_center/README.md +++ b/released/discovery_center/README.md @@ -1,5 +1,60 @@ -# Discovery center missions +# Discovery Center Mission: Build Events-to-Business Actions Apps with SAP BTP and MS Azure/AWS (4172) -This folder (will) contain Terraform scripts for missions from the SAP Discovery Center. +## Overview -Stay tuned for more. \ No newline at end of file +This sample shows how to create a landscape for the Discovery Center Mission "Build Events-to-Business Actions Apps with SAP BTP and MS Azure/AWS" + +## Content of setup + +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Entitlements of services +- Subscriptions to applications +- Role collection assignments to users +- Creation of CF environments +- Management of users and roles on org and space level + +## Deploying the resources + +To deploy the resources you must: + +1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider + + ```hcl + username = "" + password = "" + ``` + +2. Change the variables in the `samples.tfvars` file to meet your requirements + + > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. + + +3. Initialize your workspace: + + ```bash + terraform init + ``` + +4. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="sample.tfvars" + ``` + +5. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="sample.tfvars" + ``` + +6. You have to replace the local variable - "project_subaccount_domain" in "main.tf" with generated Subdomain ID if you want to perform any updates to the subaccount. + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy +``` diff --git a/released/uc_events-to-business-actions/README.md b/released/discovery_center/mission_4172/README.md similarity index 100% rename from released/uc_events-to-business-actions/README.md rename to released/discovery_center/mission_4172/README.md diff --git a/released/uc_events-to-business-actions/main.tf b/released/discovery_center/mission_4172/main.tf similarity index 73% rename from released/uc_events-to-business-actions/main.tf rename to released/discovery_center/mission_4172/main.tf index 0c9d2487..2611e48c 100644 --- a/released/uc_events-to-business-actions/main.tf +++ b/released/discovery_center/mission_4172/main.tf @@ -1,9 +1,11 @@ ############################################################################################### # Setup of names in accordance to naming convention ############################################################################################### +resource "random_uuid" "uuid" {} + locals { - random_uuid = uuid() - project_subaccount_domain = "teched23-tf-e2b-actions-${local.random_uuid}" + random_uuid = random_uuid.uuid.result + project_subaccount_domain = lower(replace("mission-4172-${local.random_uuid}", "_", "-")) project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) } @@ -40,19 +42,22 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" # Creation of Cloud Foundry environment ###################################################################### module "cloudfoundry_environment" { - source = "../modules/envinstance-cloudfoundry/" - subaccount_id = btp_subaccount.project.id - instance_name = local.project_subaccount_cf_org - plan_name = "standard" - cloudfoundry_org_name = local.project_subaccount_cf_org + source = "../../modules/environment/cloudfoundry/envinstance_cf" + subaccount_id = btp_subaccount.project.id + instance_name = local.project_subaccount_cf_org + plan_name = "standard" + cf_org_name = local.project_subaccount_cf_org + cf_org_auditors = var.cf_org_auditors + cf_org_managers = var.cf_org_managers + cf_org_billing_managers = var.cf_org_billing_managers } ###################################################################### # Creation of Cloud Foundry space ###################################################################### module "cloudfoundry_space" { - source = "../modules/cloudfoundry-space/" - cf_org_id = module.cloudfoundry_environment.org_id + source = "../../modules/environment/cloudfoundry/space_cf" + cf_org_id = module.cloudfoundry_environment.cf_org_id name = var.cf_space_name cf_space_managers = var.cf_space_managers cf_space_developers = var.cf_space_developers @@ -70,7 +75,7 @@ resource "time_sleep" "wait_a_few_seconds" { # Entitlement of all services and apps ###################################################################### resource "btp_subaccount_entitlement" "name" { - depends_on = [time_sleep.wait_a_few_seconds] + depends_on = [ module.cloudfoundry_space, time_sleep.wait_a_few_seconds] for_each = { for index, entitlement in var.entitlements : index => entitlement @@ -83,25 +88,23 @@ resource "btp_subaccount_entitlement" "name" { ###################################################################### # Create service instances (and service keys when needed) ###################################################################### -# hana-cloud -module "create_cf_service_instance_hana_cloud" { - depends_on = [module.cloudfoundry_space, btp_subaccount_entitlement.name, time_sleep.wait_a_few_seconds] - source = "../modules/cloudfoundry-service-instance/" - cf_space_id = module.cloudfoundry_space.id - service_name = "hana-cloud" - plan_name = "hana" - parameters = jsonencode({ "data" : { "memory" : 30, "edition" : "cloud", "systempassword" : "Abcd1234", "whitelistIPs" : ["0.0.0.0/0"] } }) + +# hana plan id +data "btp_subaccount_service_plan" "hana_plan" { + subaccount_id = btp_subaccount.project.id + name = "hana" + offering_name = "hana-cloud" + depends_on = [ btp_subaccount_entitlement.name] } -# privatelink -> Azure details are needed -# module "create_cf_service_instance_01" { -# depends_on = [module.cloudfoundry_space, btp_subaccount_entitlement.name, time_sleep.wait_a_few_seconds] -# source = "../modules/cloudfoundry-service-instance/" -# cf_space_id = module.cloudfoundry_space.id -# service_name = "privatelink" -# plan_name = "standard" -# parameters = null -# } +# hana-cloud +resource "btp_subaccount_service_instance" "hana_instance" { + depends_on = [module.cloudfoundry_space, data.btp_subaccount_service_plan.hana_plan] + name = "hana_cloud_instance" + serviceplan_id = data.btp_subaccount_service_plan.hana_plan.id + subaccount_id = btp_subaccount.project.id + parameters = jsonencode({ "data" : { "memory" : 32, "edition" : "cloud", "systempassword" : "Abcd1234", "whitelistIPs" : ["0.0.0.0/0"] } }) +} ###################################################################### # Create app subscriptions diff --git a/released/uc_events-to-business-actions/provider.tf b/released/discovery_center/mission_4172/provider.tf similarity index 71% rename from released/uc_events-to-business-actions/provider.tf rename to released/discovery_center/mission_4172/provider.tf index 399c7280..a77602d8 100644 --- a/released/uc_events-to-business-actions/provider.tf +++ b/released/discovery_center/mission_4172/provider.tf @@ -17,15 +17,15 @@ terraform { provider "btp" { globalaccount = var.globalaccount cli_server_url = var.cli_server_url -} - -# Get the Cloudfoundry API endpoint -module "cloudfoundry_api" { - source = "../../modules/environment/cloudfoundry/envinstance-cf" - environment_label = var.cf_environment_label + username = var.username + password = var.password } // Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs provider "cloudfoundry" { - api_url = module.cloudfoundry_api.api_url + api_url = "https://api.cf.${var.region}.hana.ondemand.com" + user = var.username + password = var.password } + + diff --git a/released/uc_events-to-business-actions/terraform.tfvars b/released/discovery_center/mission_4172/samples.tfvars similarity index 84% rename from released/uc_events-to-business-actions/terraform.tfvars rename to released/discovery_center/mission_4172/samples.tfvars index 85b0379b..193acc5d 100644 --- a/released/uc_events-to-business-actions/terraform.tfvars +++ b/released/discovery_center/mission_4172/samples.tfvars @@ -5,7 +5,6 @@ globalaccount = "youraccount" region = "us10" subaccount_name = "Discovery Center mission - build Events-to-Business actions" -cf_environment_label = "cf-us10" cf_space_name = "dev" # ------------------------------------------------------------------------------------------------------ @@ -17,3 +16,7 @@ subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] cf_space_managers = ["jane.doe@test.com", "john.doe@test.com"] cf_space_developers = ["jane.doe@test.com", "john.doe@test.com"] cf_space_auditors = ["jane.doe@test.com", "john.doe@test.com"] + +cf_org_auditors = ["jane.doe@test.com", "john.doe@test.com"] +cf_org_managers = ["jane.doe@test.com", "john.doe@test.com"] +cf_org_billing_managers = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file diff --git a/released/uc_events-to-business-actions/variables.tf b/released/discovery_center/mission_4172/variables.tf similarity index 82% rename from released/uc_events-to-business-actions/variables.tf rename to released/discovery_center/mission_4172/variables.tf index 75b31243..113c9b78 100644 --- a/released/uc_events-to-business-actions/variables.tf +++ b/released/discovery_center/mission_4172/variables.tf @@ -77,6 +77,24 @@ variable "cf_space_auditors" { default = ["jane.doe@test.com", "john.doe@test.com"] } +variable "cf_org_auditors" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry org auditors" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_org_managers" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry org auditors" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_org_billing_managers" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry org auditors" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + ### # Entitlements ### @@ -140,3 +158,17 @@ variable "entitlements" { } ] } + + +variable "username" { + description = "BTP username" + type = string + sensitive = false + +} + +variable "password" { + description = "BTP user password" + type = string + sensitive = true +} \ No newline at end of file From 3de3460d76648c0cb8abdf52cb9b06a4acbf7f5f Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Fri, 6 Oct 2023 19:43:21 +0530 Subject: [PATCH 08/25] docu update --- released/discovery_center/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/released/discovery_center/README.md b/released/discovery_center/README.md index e269a394..1c9650d3 100644 --- a/released/discovery_center/README.md +++ b/released/discovery_center/README.md @@ -49,8 +49,6 @@ To deploy the resources you must: terraform apply -var-file="sample.tfvars" ``` -6. You have to replace the local variable - "project_subaccount_domain" in "main.tf" with generated Subdomain ID if you want to perform any updates to the subaccount. - ## In the end You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: From 26f27a2bf622616f7b6c07a97391b2c889d60a9f Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Fri, 6 Oct 2023 19:48:30 +0530 Subject: [PATCH 09/25] removed .vscode folder --- .vscode/settings.json | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 9e26dfee..00000000 --- a/.vscode/settings.json +++ /dev/null @@ -1 +0,0 @@ -{} \ No newline at end of file From f2bb4796eb1851750ab1e770be8f08bb0a5c5394 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Fri, 6 Oct 2023 21:43:13 +0530 Subject: [PATCH 10/25] readme update for dcmission 4172 --- released/discovery_center/README.md | 59 +------------------ .../discovery_center/mission_4172/README.md | 59 +++++++++++++++++-- 2 files changed, 57 insertions(+), 61 deletions(-) diff --git a/released/discovery_center/README.md b/released/discovery_center/README.md index 1c9650d3..ffdc33bc 100644 --- a/released/discovery_center/README.md +++ b/released/discovery_center/README.md @@ -1,58 +1,5 @@ -# Discovery Center Mission: Build Events-to-Business Actions Apps with SAP BTP and MS Azure/AWS (4172) +# Discovery center missions -## Overview +This folder (will) contain Terraform scripts for missions from the SAP Discovery Center. -This sample shows how to create a landscape for the Discovery Center Mission "Build Events-to-Business Actions Apps with SAP BTP and MS Azure/AWS" - -## Content of setup - -The setup comprises the following resources: - -- Creation of the SAP BTP subaccount -- Entitlements of services -- Subscriptions to applications -- Role collection assignments to users -- Creation of CF environments -- Management of users and roles on org and space level - -## Deploying the resources - -To deploy the resources you must: - -1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider - - ```hcl - username = "" - password = "" - ``` - -2. Change the variables in the `samples.tfvars` file to meet your requirements - - > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. - - -3. Initialize your workspace: - - ```bash - terraform init - ``` - -4. You can check what Terraform plans to apply based on your configuration: - - ```bash - terraform plan -var-file="sample.tfvars" - ``` - -5. Apply your configuration to provision the resources: - - ```bash - terraform apply -var-file="sample.tfvars" - ``` - -## In the end - -You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: - -```bash -terraform destroy -``` +Stay tuned for more. \ No newline at end of file diff --git a/released/discovery_center/mission_4172/README.md b/released/discovery_center/mission_4172/README.md index 24bd7226..1c9650d3 100644 --- a/released/discovery_center/mission_4172/README.md +++ b/released/discovery_center/mission_4172/README.md @@ -1,9 +1,58 @@ -# Use case: Dynamically react to changing business events in your supply chain +# Discovery Center Mission: Build Events-to-Business Actions Apps with SAP BTP and MS Azure/AWS (4172) -This script is based on the [GitHub repository for the use case of Build Events-to-Business Actions Scenarios with SAP BTP and Microsoft Azure/AWS](https://github.com/SAP-samples/btp-events-to-business-actions-framework/tree/main). This is expected to work with SAP Cloud Connector and not for the Private Link. +## Overview -It uses the [Terraform provider for SAP BTP](https://registry.terraform.io/providers/SAP/btp/latest/docs) to setup the necessary BTP infrastructure for that use case. +This sample shows how to create a landscape for the Discovery Center Mission "Build Events-to-Business Actions Apps with SAP BTP and MS Azure/AWS" -Set environment variables for BTP, CF User Name and Password - "BTP_USERNAME", "BTP_PASSWORD", "CF_USER", "CF_PASSWORD" in terminal before executing terraform scripts -eg: export CF_USER="john.doe@test.com" +## Content of setup +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Entitlements of services +- Subscriptions to applications +- Role collection assignments to users +- Creation of CF environments +- Management of users and roles on org and space level + +## Deploying the resources + +To deploy the resources you must: + +1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider + + ```hcl + username = "" + password = "" + ``` + +2. Change the variables in the `samples.tfvars` file to meet your requirements + + > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. + + +3. Initialize your workspace: + + ```bash + terraform init + ``` + +4. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="sample.tfvars" + ``` + +5. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="sample.tfvars" + ``` + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy +``` From 1f0bb8c6fcbe43c40e6903d4ef9c00acfc6b8d6c Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Mon, 9 Oct 2023 13:30:20 +0530 Subject: [PATCH 11/25] mission 4356 --- .../discovery_center/mission_4356/README.md | 58 ++++++ .../discovery_center/mission_4356/main.tf | 153 +++++++++++++++ .../discovery_center/mission_4356/provider.tf | 31 +++ .../mission_4356/samples.tfvars | 28 +++ .../mission_4356/variables.tf | 177 ++++++++++++++++++ 5 files changed, 447 insertions(+) create mode 100644 released/discovery_center/mission_4356/README.md create mode 100644 released/discovery_center/mission_4356/main.tf create mode 100644 released/discovery_center/mission_4356/provider.tf create mode 100644 released/discovery_center/mission_4356/samples.tfvars create mode 100644 released/discovery_center/mission_4356/variables.tf diff --git a/released/discovery_center/mission_4356/README.md b/released/discovery_center/mission_4356/README.md new file mode 100644 index 00000000..2f9949e3 --- /dev/null +++ b/released/discovery_center/mission_4356/README.md @@ -0,0 +1,58 @@ +# Discovery Center Mission: Discovery Center mission - Deliver Connected Experiences with a single view of Material Availability + +## Overview + +This sample shows how to create a landscape for the Discovery Center Mission "Discovery Center mission - Deliver Connected Experiences with a single view of Material Availability" + +## Content of setup + +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Entitlements of services +- Subscriptions to applications +- Role collection assignments to users +- Creation of CF environments +- Management of users and roles on org and space level + +## Deploying the resources + +To deploy the resources you must: + +1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider + + ```hcl + username = "" + password = "" + ``` + +2. Change the variables in the `samples.tfvars` file to meet your requirements + + > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. + + +3. Initialize your workspace: + + ```bash + terraform init + ``` + +4. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="sample.tfvars" + ``` + +5. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="sample.tfvars" + ``` + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy +``` diff --git a/released/discovery_center/mission_4356/main.tf b/released/discovery_center/mission_4356/main.tf new file mode 100644 index 00000000..616bcf16 --- /dev/null +++ b/released/discovery_center/mission_4356/main.tf @@ -0,0 +1,153 @@ +############################################################################################### +# Setup of names in accordance to naming convention +############################################################################################### +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + project_subaccount_domain = lower(replace("mission-4172-${local.random_uuid}", "_", "-")) + project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) +} + +############################################################################################### +# Creation of subaccount +############################################################################################### +resource "btp_subaccount" "project" { + name = var.subaccount_name + subdomain = local.project_subaccount_domain + region = lower(var.region) +} + +############################################################################################### +# Assignment of users as sub account administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = btp_subaccount.project.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} + +############################################################################################### +# Assignment of users as sub account service administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { + for_each = toset("${var.subaccount_service_admins}") + subaccount_id = btp_subaccount.project.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} + +###################################################################### +# Creation of Cloud Foundry environment +###################################################################### +module "cloudfoundry_environment" { + source = "../../modules/environment/cloudfoundry/envinstance_cf" + subaccount_id = btp_subaccount.project.id + instance_name = local.project_subaccount_cf_org + plan_name = "standard" + cf_org_name = local.project_subaccount_cf_org + cf_org_auditors = var.cf_org_auditors + cf_org_managers = var.cf_org_managers + cf_org_billing_managers = var.cf_org_billing_managers +} + +###################################################################### +# Creation of Cloud Foundry space +###################################################################### +module "cloudfoundry_space" { + source = "../../modules/environment/cloudfoundry/space_cf" + cf_org_id = module.cloudfoundry_environment.cf_org_id + name = var.cf_space_name + cf_space_managers = var.cf_space_managers + cf_space_developers = var.cf_space_developers + cf_space_auditors = var.cf_space_auditors +} + +###################################################################### +# Add "sleep" resource for generic purposes +###################################################################### +resource "time_sleep" "wait_a_few_seconds" { + create_duration = "30s" +} + +###################################################################### +# Entitlement of all services +###################################################################### +resource "btp_subaccount_entitlement" "name" { + depends_on = [ module.cloudfoundry_space, time_sleep.wait_a_few_seconds] + for_each = { + for index, entitlement in var.entitlements : + index => entitlement + } + subaccount_id = btp_subaccount.project.id + service_name = each.value.service_name + plan_name = each.value.plan_name +} + +###################################################################### +# Create app subscriptions +###################################################################### +data"btp_subaccount_subscriptions" "all"{ + subaccount_id = btp_subaccount.project.id + depends_on = [ btp_subaccount_entitlement.name ] +} + +resource "btp_subaccount_subscription" "app" { + subaccount_id = btp_subaccount.project.id + for_each = { + for index, entitlement in var.entitlements : + index => entitlement if contains(["app"], entitlement.type) + } + app_name = [ + for subscription in data.btp_subaccount_subscriptions.all.values: + subscription + if subscription.commercial_app_name == each.value.service_name + ][0].app_name + plan_name = each.value.plan_name + depends_on = [data.btp_subaccount_subscriptions.all] +} + +###################################################################### +# Assign Role Collection +###################################################################### + +resource "btp_subaccount_role_collection_assignment" "bas_dev" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.appstudio_developers) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Developer" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "bas_admn" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.appstudio_admin) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "cloud_conn_admn" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.cloudconnector_admin) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Cloud Connector Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.conn_dest_admin) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Connectivity and Destination Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "int_prov" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.int_provisioner) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Integration_Provisioner" + user_name = each.value +} \ No newline at end of file diff --git a/released/discovery_center/mission_4356/provider.tf b/released/discovery_center/mission_4356/provider.tf new file mode 100644 index 00000000..a77602d8 --- /dev/null +++ b/released/discovery_center/mission_4356/provider.tf @@ -0,0 +1,31 @@ + +terraform { + required_providers { + btp = { + source = "sap/btp" + version = "0.5.0-beta1" + } + cloudfoundry = { + source = "cloudfoundry-community/cloudfoundry" + version = "0.51.3" + } + } +} + +# Please checkout documentation on how best to authenticate against SAP BTP +# via the Terraform provider for SAP BTP +provider "btp" { + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url + username = var.username + password = var.password +} + +// Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs +provider "cloudfoundry" { + api_url = "https://api.cf.${var.region}.hana.ondemand.com" + user = var.username + password = var.password +} + + diff --git a/released/discovery_center/mission_4356/samples.tfvars b/released/discovery_center/mission_4356/samples.tfvars new file mode 100644 index 00000000..9c8a3fef --- /dev/null +++ b/released/discovery_center/mission_4356/samples.tfvars @@ -0,0 +1,28 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ +# Your global account subdomain +globalaccount = "youraccount" +region = "us10" +subaccount_name = "Discovery Center mission - build Events-to-Business actions" +cf_space_name = "dev" + +# ------------------------------------------------------------------------------------------------------ +# Project specific configuration (please adapt!) +# ------------------------------------------------------------------------------------------------------ +subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] + +cf_space_managers = ["jane.doe@test.com", "john.doe@test.com"] +cf_space_developers = ["jane.doe@test.com", "john.doe@test.com"] +cf_space_auditors = ["jane.doe@test.com", "john.doe@test.com"] + +cf_org_auditors = ["jane.doe@test.com", "john.doe@test.com"] +cf_org_managers = ["jane.doe@test.com", "john.doe@test.com"] +cf_org_billing_managers = ["jane.doe@test.com", "john.doe@test.com"] + +appstudio_developers = ["jane.doe@test.com", "john.doe@test.com"] +appstudio_admin = ["jane.doe@test.com", "john.doe@test.com"] +cloudconnector_admin = ["jane.doe@test.com", "john.doe@test.com"] +conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] +int_provisioner = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file diff --git a/released/discovery_center/mission_4356/variables.tf b/released/discovery_center/mission_4356/variables.tf new file mode 100644 index 00000000..3964c6c8 --- /dev/null +++ b/released/discovery_center/mission_4356/variables.tf @@ -0,0 +1,177 @@ +###################################################################### +# Customer account setup +###################################################################### +# subaccount +variable "globalaccount" { + type = string + description = "The globalaccount subdomain." + default = "yourglobalaccount" +} +# subaccount +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "UC - Deliver Connected Experiences with a single view of Material Availability" +} +# Region +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "us10" +} + +# Cloudfoundry space name +variable "cf_space_name" { + type = string + description = "The Cloudfoundry space name" + default = "dev" +} + +# hana password +variable "hana_cloud_system_password" { + type = string + description = "The system password for the hana_cloud service instance." + default = "Abcd1234" +} + +# CLI server +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cpcli.cf.eu10.hana.ondemand.com" +} + +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_space_managers" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry space managers" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_space_developers" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry space developers" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_space_auditors" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry space auditors" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_org_auditors" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry org auditors" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_org_managers" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry org auditors" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_org_billing_managers" { + type = list(string) + description = "Defines the colleagues who are Cloudfoundry org auditors" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +### +# Entitlements +### +variable "entitlements" { + type = list(object({ + service_name = string + plan_name = string + type = string + })) + description = "The list of entitlements that shall be added to the subaccount." + default = [ + { + service_name = "connectivity" + plan_name = "lite", + type = "service" + }, + { + service_name = "destination" + plan_name = "lite", + type = "service" + }, + { + service_name = "html5-apps-repo" + plan_name = "app-host", + type = "service" + }, + { + service_name = "sapappstudio" + plan_name = "standard-edition", + type = "app" + }, + { + service_name = "xsuaa" + plan_name = "application", + type = "service" + }, + { + service_name = "integrationsuite" + plan_name = "enterprise_agreement", + type = "app" + } + ] +} + +variable "appstudio_developers" { + type = list(string) + description = "Business Application Studio Developer" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "appstudio_admin" { + type = list(string) + description = "Business Application Studio Administrator" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cloudconnector_admin" { + type = list(string) + description = "Cloud Connector Administrator" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "conn_dest_admin" { + type = list(string) + description = "Connectivity and Destination Administrator" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "int_provisioner" { + type = list(string) + description = "Integration Provisioner" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "username" { + description = "BTP username" + type = string + sensitive = false + +} + +variable "password" { + description = "BTP user password" + type = string + sensitive = true +} \ No newline at end of file From 4d7a739a2b3c50609f553db0eb1ecc9be7012fe2 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Thu, 19 Oct 2023 00:17:09 +0530 Subject: [PATCH 12/25] DC Mission 4033 and updates to 4172 - AEM --- .gitignore | 3 +- .../discovery_center/mission_4033/README.md | 57 +++++ .../discovery_center/mission_4033/main.tf | 201 ++++++++++++++++++ .../discovery_center/mission_4033/provider.tf | 31 +++ .../mission_4033/samples.tfvars | 35 +++ .../mission_4033/variables.tf | 184 ++++++++++++++++ .../discovery_center/mission_4172/main.tf | 78 ++++++- .../mission_4172/samples.tfvars | 10 +- .../mission_4172/variables.tf | 62 ++++-- 9 files changed, 639 insertions(+), 22 deletions(-) create mode 100644 released/discovery_center/mission_4033/README.md create mode 100644 released/discovery_center/mission_4033/main.tf create mode 100644 released/discovery_center/mission_4033/provider.tf create mode 100644 released/discovery_center/mission_4033/samples.tfvars create mode 100644 released/discovery_center/mission_4033/variables.tf diff --git a/.gitignore b/.gitignore index 9f69d1be..bb16f686 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,5 @@ secret.auto.tfvars terraform.tfvars # Any kind of invironment variables -*.env \ No newline at end of file +*.env +.vscode/settings.json diff --git a/released/discovery_center/mission_4033/README.md b/released/discovery_center/mission_4033/README.md new file mode 100644 index 00000000..e68bef61 --- /dev/null +++ b/released/discovery_center/mission_4033/README.md @@ -0,0 +1,57 @@ +# Discovery Center Mission: Discovery Center mission - Create simple, connected digital experiences with API-based integration + +## Overview + +This sample shows how to create a landscape for the Discovery Center Mission "Discovery Center mission - Create simple, connected digital experiences with API-based integration" + +## Content of setup + +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Entitlements of services +- Subscriptions to applications +- Role collection assignments to users +- Creation of Kyma Environment + +## Deploying the resources + +To deploy the resources you must: + +1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider + + ```hcl + username = "" + password = "" + ``` + +2. Change the variables in the `samples.tfvars` file to meet your requirements + + > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. + + +3. Initialize your workspace: + + ```bash + terraform init + ``` + +4. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="sample.tfvars" + ``` + +5. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="sample.tfvars" + ``` + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy +``` diff --git a/released/discovery_center/mission_4033/main.tf b/released/discovery_center/mission_4033/main.tf new file mode 100644 index 00000000..f5bafaa3 --- /dev/null +++ b/released/discovery_center/mission_4033/main.tf @@ -0,0 +1,201 @@ +############################################################################################### +# Setup of names in accordance to naming convention +############################################################################################### +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + project_subaccount_domain = lower(replace("mission-4033-${local.random_uuid}", "_", "-")) + project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) +} + +############################################################################################### +# Creation of subaccount +############################################################################################### +resource "btp_subaccount" "project" { + name = var.subaccount_name + subdomain = local.project_subaccount_domain + region = lower(var.region) +} + +############################################################################################### +# Assignment of users as sub account administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = btp_subaccount.project.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} + +############################################################################################### +# Assignment of users as sub account service administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { + for_each = toset("${var.subaccount_service_admins}") + subaccount_id = btp_subaccount.project.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} + +###################################################################### +# Add "sleep" resource for generic purposes +###################################################################### +resource "time_sleep" "wait_a_few_seconds" { + create_duration = "30s" +} + +###################################################################### +# Setup Kyma +###################################################################### +data "btp_regions" "all" {} + +locals { + subaccount_iaas_provider = [for region in data.btp_regions.all.values : region if region.region == data.btp_subaccount.this.region][0].iaas_provider +} + +data "btp_subaccount" "this" { + id = btp_subaccount.project.id +} + +resource "btp_subaccount_entitlement" "kymaruntime" { + subaccount_id = btp_subaccount.project.id + service_name = "kymaruntime" + plan_name = lower(local.subaccount_iaas_provider) + amount = 1 +} + + +resource "btp_subaccount_environment_instance" "kyma" { + subaccount_id = btp_subaccount.project.id + name = var.kyma_instance.name + environment_type = "kyma" + service_name = "kymaruntime" + plan_name = "aws" + parameters = jsonencode({ + name = var.kyma_instance.name + region = var.kyma_instance.region + machine_type = var.kyma_instance.machine_type + auto_scaler_min = var.kyma_instance.auto_scaler_min + auto_scaler_max = var.kyma_instance.auto_scaler_max + }) + timeouts = { + create = var.kyma_instance.createtimeout + update = var.kyma_instance.updatetimeout + delete = var.kyma_instance.deletetimeout + } + depends_on = [ btp_subaccount_entitlement.kymaruntime ] +} + +# module "sap_kyma_instance" { +# source = "../../../in-development/modules/envinstance-kyma" +# subaccount_id = btp_subaccount.project.id +# name = var.kyma_instance.name +# } + + +###################################################################### +# Entitlement of all services +###################################################################### +resource "btp_subaccount_entitlement" "name" { + depends_on = [time_sleep.wait_a_few_seconds] + for_each = { + for index, entitlement in var.entitlements : + index => entitlement + } + subaccount_id = btp_subaccount.project.id + service_name = each.value.service_name + plan_name = each.value.plan_name +} + +###################################################################### +# Create app subscriptions +###################################################################### +data"btp_subaccount_subscriptions" "all"{ + subaccount_id = btp_subaccount.project.id + depends_on = [ btp_subaccount_entitlement.name ] +} + +resource "btp_subaccount_subscription" "app" { + subaccount_id = btp_subaccount.project.id + for_each = { + for index, entitlement in var.entitlements : + index => entitlement if contains(["app"], entitlement.type) + } + app_name = [ + for subscription in data.btp_subaccount_subscriptions.all.values: + subscription + if subscription.commercial_app_name == each.value.service_name + ][0].app_name + plan_name = each.value.plan_name + depends_on = [data.btp_subaccount_subscriptions.all] +} + +###################################################################### +# Assign Role Collection +###################################################################### + +resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.conn_dest_admin) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Connectivity and Destination Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "int_prov" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.int_provisioner) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Integration_Provisioner" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_admin" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.ProcessAutomationAdmin) + subaccount_id = btp_subaccount.project.id + role_collection_name = "ProcessAutomationAdmin" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_dev" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.ProcessAutomationAdmin) + subaccount_id = btp_subaccount.project.id + role_collection_name = "ProcessAutomationAdmin" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_part" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.ProcessAutomationParticipant) + subaccount_id = btp_subaccount.project.id + role_collection_name = "ProcessAutomationParticipant" + user_name = each.value +} + +###################################################################### +# Assign custom IDP to sub account +###################################################################### +resource "btp_subaccount_trust_configuration" "fully_customized" { + subaccount_id = btp_subaccount.project.id + identity_provider = var.custom_idp + depends_on = [ btp_subaccount.project.id ] +} + +###################################################################### +# Create app subscription to SAP Build Apps (depends on entitlement) +###################################################################### +module "sap-build-apps_standard" { + source = "../../modules/services_apps/sap_build_apps/standard" + subaccount_id = btp_subaccount.project.id + subaccount_domain = btp_subaccount.project.subdomain + region = var.region + custom_idp_origin = btp_subaccount_trust_configuration.fully_customized.origin + users_BuildAppsAdmin = var.users_BuildAppsAdmin + users_BuildAppsDeveloper = var.users_BuildAppsDeveloper + users_RegistryAdmin = var.users_RegistryAdmin + users_RegistryDeveloper = var.users_RegistryDeveloper + depends_on = [btp_subaccount_trust_configuration.fully_customized, btp_subaccount_entitlement.name] +} diff --git a/released/discovery_center/mission_4033/provider.tf b/released/discovery_center/mission_4033/provider.tf new file mode 100644 index 00000000..a77602d8 --- /dev/null +++ b/released/discovery_center/mission_4033/provider.tf @@ -0,0 +1,31 @@ + +terraform { + required_providers { + btp = { + source = "sap/btp" + version = "0.5.0-beta1" + } + cloudfoundry = { + source = "cloudfoundry-community/cloudfoundry" + version = "0.51.3" + } + } +} + +# Please checkout documentation on how best to authenticate against SAP BTP +# via the Terraform provider for SAP BTP +provider "btp" { + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url + username = var.username + password = var.password +} + +// Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs +provider "cloudfoundry" { + api_url = "https://api.cf.${var.region}.hana.ondemand.com" + user = var.username + password = var.password +} + + diff --git a/released/discovery_center/mission_4033/samples.tfvars b/released/discovery_center/mission_4033/samples.tfvars new file mode 100644 index 00000000..3ba9bf5d --- /dev/null +++ b/released/discovery_center/mission_4033/samples.tfvars @@ -0,0 +1,35 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ +# Your global account subdomain +globalaccount = "yoursubaccount" +region = "us10" +subaccount_name = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration 2" +custom_idp = "youridp.accounts.ondemand.com" + +kyma_instance = { + name = "my-kyma-environment" + region = "us-east-1" + machine_type = "mx5.xlarge" + auto_scaler_min = 3 + auto_scaler_max = 20 + createtimeout = "1h" + updatetimeout = "35m" + deletetimeout = "1h" +} + +# ------------------------------------------------------------------------------------------------------ +# Project specific configuration (please adapt!) +# ------------------------------------------------------------------------------------------------------ +subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] + +conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] +int_provisioner = ["jane.doe@test.com", "john.doe@test.com"] +users_BuildAppsAdmin = ["jane.doe@test.com", "john.doe@test.com"] +users_RegistryAdmin = ["jane.doe@test.com", "john.doe@test.com"] +users_BuildAppsDeveloper = ["jane.doe@test.com", "john.doe@test.com"] +users_RegistryDeveloper = ["jane.doe@test.com", "john.doe@test.com"] +ProcessAutomationAdmin = ["jane.doe@test.com", "john.doe@test.com"] +ProcessAutomationDeveloper = ["jane.doe@test.com", "john.doe@test.com"] +ProcessAutomationParticipant = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file diff --git a/released/discovery_center/mission_4033/variables.tf b/released/discovery_center/mission_4033/variables.tf new file mode 100644 index 00000000..53065126 --- /dev/null +++ b/released/discovery_center/mission_4033/variables.tf @@ -0,0 +1,184 @@ +###################################################################### +# Customer account setup +###################################################################### +# subaccount +variable "globalaccount" { + type = string + description = "The globalaccount subdomain." + default = "yourglobalaccount" +} +# subaccount +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration" +} +# Region +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "us10" +} + +# CLI server +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cpcli.cf.eu10.hana.ondemand.com" +} + +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + + + +### +# Entitlements +### +variable "entitlements" { + type = list(object({ + service_name = string + plan_name = string + type = string + })) + description = "The list of entitlements that shall be added to the subaccount." + default = [ + { + service_name = "destination" + plan_name = "lite", + type = "service" + }, + { + service_name = "xsuaa" + plan_name = "application", + type = "service" + }, + { + service_name = "integrationsuite" + plan_name = "enterprise_agreement", + type = "app" + }, + { + service_name = "sap-build-apps" + plan_name = "standard" + type = "service" + }, + { + service_name = "process-automation" + plan_name = "standard", + type = "app" + }, + { + service_name = "process-automation-service" + plan_name = "standard", + type = "service" + }, + { + service_name = "apimanagement-apiportal" + plan_name = "apiportal-apiaccess", + type = "service" + }, + { + service_name = "apimanagement-devportal" + plan_name = "devportal-apiaccess", + type = "service" + } + ] +} + +variable kyma_instance { type = object({ + name = string + region = string + machine_type = string + auto_scaler_min = number + auto_scaler_max = number + createtimeout = string + updatetimeout = string + deletetimeout = string +})} + +variable "conn_dest_admin" { + type = list(string) + description = "Connectivity and Destination Administrator" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "int_provisioner" { + type = list(string) + description = "Integration Provisioner" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "custom_idp" { + type = string + description = "Defines the custom IDP to be used for the subaccount" + default = "terraformint" + + validation { + condition = can(regex("^[a-z-]", var.custom_idp)) + error_message = "Please enter a valid entry for the custom-idp of the subaccount." + } +} + +variable "users_BuildAppsAdmin" { + type = list(string) + description = "Defines the colleagues who have the role of 'BuildAppsAdmin' in SAP Build Apps." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "users_BuildAppsDeveloper" { + type = list(string) + description = "Defines the colleagues who have the role of 'BuildAppsDeveloper' in SAP Build Apps." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "users_RegistryAdmin" { + type = list(string) + description = "Defines the colleagues who have the role of 'RegistryAdmin' in SAP Build Apps." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "users_RegistryDeveloper" { + type = list(string) + description = "Defines the colleagues who have the role of RegistryDeveloper' in SAP Build Apps." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "ProcessAutomationAdmin" { + type = list(string) + description = "Defines the users who have the role of ProcessAutomationAdmin in SAP Build Process Automation" + default = [ "jane.doe@test.com", "john.doe@test.com"] +} + +variable "ProcessAutomationDeveloper" { + type = list(string) + description = "Defines the users who have the role of ProcessAutomationDeveloper in SAP Build Process Automation" + default = [ "jane.doe@test.com", "john.doe@test.com"] +} + +variable "ProcessAutomationParticipant" { + type = list(string) + description = "Defines the users who have the role of ProcessAutomationParticipant in SAP Build Process Automation" + default = [ "jane.doe@test.com", "john.doe@test.com"] +} + +variable "username" { + description = "BTP username" + type = string + sensitive = false +} + +variable "password" { + description = "BTP user password" + type = string + sensitive = true +} \ No newline at end of file diff --git a/released/discovery_center/mission_4172/main.tf b/released/discovery_center/mission_4172/main.tf index 2611e48c..a495c676 100644 --- a/released/discovery_center/mission_4172/main.tf +++ b/released/discovery_center/mission_4172/main.tf @@ -88,7 +88,6 @@ resource "btp_subaccount_entitlement" "name" { ###################################################################### # Create service instances (and service keys when needed) ###################################################################### - # hana plan id data "btp_subaccount_service_plan" "hana_plan" { subaccount_id = btp_subaccount.project.id @@ -106,18 +105,89 @@ resource "btp_subaccount_service_instance" "hana_instance" { parameters = jsonencode({ "data" : { "memory" : 32, "edition" : "cloud", "systempassword" : "Abcd1234", "whitelistIPs" : ["0.0.0.0/0"] } }) } +# ------------------------------------------------------------------------------------------------------ +# Assign custom IDP to sub account +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_trust_configuration" "fully_customized" { + subaccount_id = btp_subaccount.project.id + identity_provider = var.custom_idp + depends_on = [ btp_subaccount_role_collection_assignment.subaccount-service-admins ] +} + ###################################################################### # Create app subscriptions ###################################################################### +data"btp_subaccount_subscriptions" "all"{ + subaccount_id = btp_subaccount.project.id + depends_on = [ btp_subaccount_entitlement.name ] +} + resource "btp_subaccount_subscription" "app" { subaccount_id = btp_subaccount.project.id for_each = { for index, entitlement in var.entitlements : index => entitlement if contains(["app"], entitlement.type) } - - app_name = each.value.service_name + app_name = [ + for subscription in data.btp_subaccount_subscriptions.all.values: + subscription + if subscription.commercial_app_name == each.value.service_name + ][0].app_name plan_name = each.value.plan_name - depends_on = [btp_subaccount_entitlement.name] + depends_on = [data.btp_subaccount_subscriptions.all, btp_subaccount_trust_configuration.fully_customized] +} + +###################################################################### +# Role Collections +###################################################################### +resource "btp_subaccount_role_collection_assignment" "bas_dev" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.appstudio_developers) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Developer" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "bas_admn" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.appstudio_admin) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "cloud_conn_admn" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.cloudconnector_admin) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Cloud Connector Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.conn_dest_admin) + subaccount_id = btp_subaccount.project.id + role_collection_name = "Connectivity and Destination Administrator" + user_name = each.value +} + +###################################################################### +# Advanced Event Mesh +###################################################################### +resource "btp_subaccount_entitlement" "aem" { + subaccount_id = btp_subaccount.project.id + service_name = "integration-suite-advanced-event-mesh" + plan_name = "default" +} + +resource "btp_subaccount_subscription" "aem_app" { + subaccount_id = btp_subaccount.project.id + app_name = "integration-suite-advanced-event-mesh" + plan_name = "default" + parameters = jsonencode({ + "admin_user_email": var.advanced_event_mesh_admin + }) + depends_on = [ btp_subaccount_entitlement.aem ] } diff --git a/released/discovery_center/mission_4172/samples.tfvars b/released/discovery_center/mission_4172/samples.tfvars index 193acc5d..960a5c14 100644 --- a/released/discovery_center/mission_4172/samples.tfvars +++ b/released/discovery_center/mission_4172/samples.tfvars @@ -6,6 +6,7 @@ globalaccount = "youraccount" region = "us10" subaccount_name = "Discovery Center mission - build Events-to-Business actions" cf_space_name = "dev" +custom_idp = "abcde1234.accounts.ondemand.com" # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) @@ -19,4 +20,11 @@ cf_space_auditors = ["jane.doe@test.com", "john.doe@test.com"] cf_org_auditors = ["jane.doe@test.com", "john.doe@test.com"] cf_org_managers = ["jane.doe@test.com", "john.doe@test.com"] -cf_org_billing_managers = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file +cf_org_billing_managers = ["jane.doe@test.com", "john.doe@test.com"] + +advanced_event_mesh_admin = "jane.doe@test.com" + +appstudio_developers = ["jane.doe@test.com", "john.doe@test.com"] +appstudio_admin = ["jane.doe@test.com", "john.doe@test.com"] +cloudconnector_admin = ["jane.doe@test.com", "john.doe@test.com"] +conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file diff --git a/released/discovery_center/mission_4172/variables.tf b/released/discovery_center/mission_4172/variables.tf index 113c9b78..856323cf 100644 --- a/released/discovery_center/mission_4172/variables.tf +++ b/released/discovery_center/mission_4172/variables.tf @@ -95,6 +95,36 @@ variable "cf_org_billing_managers" { default = ["jane.doe@test.com", "john.doe@test.com"] } +variable "advanced_event_mesh_admin" { + type = string + description = "Defines the colleagues who are Cloudfoundry org auditors" + default = "jane.doe@test.com" +} + +variable "appstudio_developers" { + type = list(string) + description = "Business Application Studio Developer" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "appstudio_admin" { + type = list(string) + description = "Business Application Studio Administrator" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cloudconnector_admin" { + type = list(string) + description = "Cloud Connector Administrator" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "conn_dest_admin" { + type = list(string) + description = "Connectivity and Destination Administrator" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + ### # Entitlements ### @@ -126,21 +156,6 @@ variable "entitlements" { plan_name = "standard-edition", type = "app" }, - { - service_name = "enterprise-messaging" - plan_name = "default", - type = "service" - }, - { - service_name = "enterprise-messaging-hub" - plan_name = "standard", - type = "app" - }, - { - service_name = "privatelink" - plan_name = "standard", - type = "service" - }, { service_name = "xsuaa" plan_name = "application", @@ -159,6 +174,9 @@ variable "entitlements" { ] } +# variable "advanced_event_mesh" { +# service_name = "integration-suite-advanced-event-mesh" +# } variable "username" { description = "BTP username" @@ -171,4 +189,16 @@ variable "password" { description = "BTP user password" type = string sensitive = true -} \ No newline at end of file +} + +variable "custom_idp" { + type = string + description = "Defines the custom IDP to be used for the subaccount" + default = "terraformint" + + validation { + condition = can(regex("^[a-z-]", var.custom_idp)) + error_message = "Please enter a valid entry for the custom-idp of the subaccount." + } +} + From e47651aa0a2f5529453802cc76a30299a17ffdec Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Fri, 20 Oct 2023 03:34:28 +0530 Subject: [PATCH 13/25] cf space creation removed --- .../discovery_center/mission_4172/main.tf | 26 +++++++++---------- .../discovery_center/mission_4356/main.tf | 24 ++++++++--------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/released/discovery_center/mission_4172/main.tf b/released/discovery_center/mission_4172/main.tf index a495c676..fdd22935 100644 --- a/released/discovery_center/mission_4172/main.tf +++ b/released/discovery_center/mission_4172/main.tf @@ -52,17 +52,17 @@ module "cloudfoundry_environment" { cf_org_billing_managers = var.cf_org_billing_managers } -###################################################################### -# Creation of Cloud Foundry space -###################################################################### -module "cloudfoundry_space" { - source = "../../modules/environment/cloudfoundry/space_cf" - cf_org_id = module.cloudfoundry_environment.cf_org_id - name = var.cf_space_name - cf_space_managers = var.cf_space_managers - cf_space_developers = var.cf_space_developers - cf_space_auditors = var.cf_space_auditors -} +# ###################################################################### +# # Creation of Cloud Foundry space +# ###################################################################### +# module "cloudfoundry_space" { +# source = "../../modules/environment/cloudfoundry/space_cf" +# cf_org_id = module.cloudfoundry_environment.cf_org_id +# name = var.cf_space_name +# cf_space_managers = var.cf_space_managers +# cf_space_developers = var.cf_space_developers +# cf_space_auditors = var.cf_space_auditors +# } ###################################################################### # Add "sleep" resource for generic purposes @@ -75,7 +75,7 @@ resource "time_sleep" "wait_a_few_seconds" { # Entitlement of all services and apps ###################################################################### resource "btp_subaccount_entitlement" "name" { - depends_on = [ module.cloudfoundry_space, time_sleep.wait_a_few_seconds] + depends_on = [ time_sleep.wait_a_few_seconds] for_each = { for index, entitlement in var.entitlements : index => entitlement @@ -98,7 +98,7 @@ data "btp_subaccount_service_plan" "hana_plan" { # hana-cloud resource "btp_subaccount_service_instance" "hana_instance" { - depends_on = [module.cloudfoundry_space, data.btp_subaccount_service_plan.hana_plan] + depends_on = [data.btp_subaccount_service_plan.hana_plan] name = "hana_cloud_instance" serviceplan_id = data.btp_subaccount_service_plan.hana_plan.id subaccount_id = btp_subaccount.project.id diff --git a/released/discovery_center/mission_4356/main.tf b/released/discovery_center/mission_4356/main.tf index 616bcf16..2a8816a0 100644 --- a/released/discovery_center/mission_4356/main.tf +++ b/released/discovery_center/mission_4356/main.tf @@ -52,17 +52,17 @@ module "cloudfoundry_environment" { cf_org_billing_managers = var.cf_org_billing_managers } -###################################################################### -# Creation of Cloud Foundry space -###################################################################### -module "cloudfoundry_space" { - source = "../../modules/environment/cloudfoundry/space_cf" - cf_org_id = module.cloudfoundry_environment.cf_org_id - name = var.cf_space_name - cf_space_managers = var.cf_space_managers - cf_space_developers = var.cf_space_developers - cf_space_auditors = var.cf_space_auditors -} +# ###################################################################### +# # Creation of Cloud Foundry space +# ###################################################################### +# module "cloudfoundry_space" { +# source = "../../modules/environment/cloudfoundry/space_cf" +# cf_org_id = module.cloudfoundry_environment.cf_org_id +# name = var.cf_space_name +# cf_space_managers = var.cf_space_managers +# cf_space_developers = var.cf_space_developers +# cf_space_auditors = var.cf_space_auditors +# } ###################################################################### # Add "sleep" resource for generic purposes @@ -75,7 +75,7 @@ resource "time_sleep" "wait_a_few_seconds" { # Entitlement of all services ###################################################################### resource "btp_subaccount_entitlement" "name" { - depends_on = [ module.cloudfoundry_space, time_sleep.wait_a_few_seconds] + depends_on = [ module.cloudfoundry_environment, time_sleep.wait_a_few_seconds] for_each = { for index, entitlement in var.entitlements : index => entitlement From 64eea9a87d12d29feb12ca4487f2ac47c6eb085a Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Fri, 20 Oct 2023 19:37:53 +0530 Subject: [PATCH 14/25] DC Missions - 4033,4172,4356 restructuring --- .../discovery_center/mission_4033/README.md | 2 +- .../app_subscriptions_setup.tf | 92 ++++++++++++ .../app_subscriptions_variables.tf | 87 +++++++++++ .../discovery_center/mission_4033/main.tf | 140 +++++------------- .../discovery_center/mission_4033/provider.tf | 12 -- .../mission_4033/samples.tfvars | 2 +- .../discovery_center/mission_4172/README.md | 2 +- .../discovery_center/mission_4172/main.tf | 78 ++++------ .../discovery_center/mission_4172/provider.tf | 13 -- .../mission_4172/samples.tfvars | 10 +- .../mission_4172/variables.tf | 57 +------ .../discovery_center/mission_4356/README.md | 2 +- .../discovery_center/mission_4356/main.tf | 52 +++---- .../discovery_center/mission_4356/provider.tf | 12 -- .../mission_4356/samples.tfvars | 10 +- .../mission_4356/variables.tf | 51 +------ 16 files changed, 283 insertions(+), 339 deletions(-) create mode 100644 released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_setup.tf create mode 100644 released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_variables.tf diff --git a/released/discovery_center/mission_4033/README.md b/released/discovery_center/mission_4033/README.md index e68bef61..a07518bd 100644 --- a/released/discovery_center/mission_4033/README.md +++ b/released/discovery_center/mission_4033/README.md @@ -2,7 +2,7 @@ ## Overview -This sample shows how to create a landscape for the Discovery Center Mission "Discovery Center mission - Create simple, connected digital experiences with API-based integration" +This sample shows how to create a landscape for the Discovery Center Mission - [Create simple, connected digital experiences with API-based integration](https://discovery-center.cloud.sap/missiondetail/4033/) ## Content of setup diff --git a/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_setup.tf b/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_setup.tf new file mode 100644 index 00000000..77dc6629 --- /dev/null +++ b/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_setup.tf @@ -0,0 +1,92 @@ +# ------------------------------------------------------------------------------------------------------ +# Define the required providers for this module +# ------------------------------------------------------------------------------------------------------ +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "0.5.0-beta1" + } + } +} + +###################################################################### +# Create app subscriptions +###################################################################### +data "btp_subaccount_subscriptions" "all" { + subaccount_id = var.btp_subaccount_id +} + +resource "btp_subaccount_subscription" "app" { + subaccount_id = var.btp_subaccount_id + for_each = { + for index, entitlement in var.entitlements : + index => entitlement if contains(["app"], entitlement.type) + } + app_name = [ + for subscription in data.btp_subaccount_subscriptions.all.values : + subscription + if subscription.commercial_app_name == each.value.service_name + ][0].app_name + plan_name = each.value.plan_name + depends_on = [data.btp_subaccount_subscriptions.all] +} + +###################################################################### +# Assign Role Collection +###################################################################### + +resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.conn_dest_admin) + subaccount_id = var.btp_subaccount_id + role_collection_name = "Connectivity and Destination Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "int_prov" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.int_provisioner) + subaccount_id = var.btp_subaccount_id + role_collection_name = "Integration_Provisioner" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_admin" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.ProcessAutomationAdmin) + subaccount_id = var.btp_subaccount_id + role_collection_name = "ProcessAutomationAdmin" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_dev" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.ProcessAutomationAdmin) + subaccount_id = var.btp_subaccount_id + role_collection_name = "ProcessAutomationAdmin" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_part" { + depends_on = [btp_subaccount_subscription.app] + for_each = toset(var.ProcessAutomationParticipant) + subaccount_id = var.btp_subaccount_id + role_collection_name = "ProcessAutomationParticipant" + user_name = each.value +} + +###################################################################### +# Create app subscription to SAP Build Apps (depends on entitlement) +###################################################################### +module "sap-build-apps_standard" { + source = "../../../modules/services_apps/sap_build_apps/standard" + subaccount_id = var.btp_subaccount_id + subaccount_domain = var.subdomain + region = var.region + custom_idp_origin = var.custom_idp_origin + users_BuildAppsAdmin = var.users_BuildAppsAdmin + users_BuildAppsDeveloper = var.users_BuildAppsDeveloper + users_RegistryAdmin = var.users_RegistryAdmin + users_RegistryDeveloper = var.users_RegistryDeveloper +} diff --git a/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_variables.tf b/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_variables.tf new file mode 100644 index 00000000..a597eafd --- /dev/null +++ b/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_variables.tf @@ -0,0 +1,87 @@ +### +# Entitlements +### +variable "entitlements" { + type = list(object({ + service_name = string + plan_name = string + type = string + })) + description = "The list of entitlements that shall be added to the subaccount." +} + +variable kyma_instance { type = object({ + name = string + region = string + machine_type = string + auto_scaler_min = number + auto_scaler_max = number + createtimeout = string + updatetimeout = string + deletetimeout = string +})} + +variable "conn_dest_admin" { + type = list(string) + description = "Connectivity and Destination Administrator" +} + +variable "int_provisioner" { + type = list(string) + description = "Integration Provisioner" +} + +variable "custom_idp_origin" { + type = string + description = "Defines the custom IDP origin to be used for the subaccount" +} + +variable "users_BuildAppsAdmin" { + type = list(string) + description = "Defines the colleagues who have the role of 'BuildAppsAdmin' in SAP Build Apps." +} + +variable "users_BuildAppsDeveloper" { + type = list(string) + description = "Defines the colleagues who have the role of 'BuildAppsDeveloper' in SAP Build Apps." +} + +variable "users_RegistryAdmin" { + type = list(string) + description = "Defines the colleagues who have the role of 'RegistryAdmin' in SAP Build Apps." +} + +variable "users_RegistryDeveloper" { + type = list(string) + description = "Defines the colleagues who have the role of RegistryDeveloper' in SAP Build Apps." +} + +variable "ProcessAutomationAdmin" { + type = list(string) + description = "Defines the users who have the role of ProcessAutomationAdmin in SAP Build Process Automation" +} + +variable "ProcessAutomationDeveloper" { + type = list(string) + description = "Defines the users who have the role of ProcessAutomationDeveloper in SAP Build Process Automation" +} + +variable "ProcessAutomationParticipant" { + type = list(string) + description = "Defines the users who have the role of ProcessAutomationParticipant in SAP Build Process Automation" +} + +variable "region" { + type = string + description = "The region where the project account shall be created in." +} + +variable "btp_subaccount_id" { + type = string + description = "SAP BTP Subaccount ID" +} + +variable "subdomain" { + type = string + description = "SAP BTP Subdomain" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4033/main.tf b/released/discovery_center/mission_4033/main.tf index f5bafaa3..a84a63c8 100644 --- a/released/discovery_center/mission_4033/main.tf +++ b/released/discovery_center/mission_4033/main.tf @@ -39,30 +39,33 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" } ###################################################################### -# Add "sleep" resource for generic purposes +# Assign custom IDP to sub account ###################################################################### -resource "time_sleep" "wait_a_few_seconds" { - create_duration = "30s" +resource "btp_subaccount_trust_configuration" "fully_customized" { + subaccount_id = btp_subaccount.project.id + identity_provider = var.custom_idp + depends_on = [btp_subaccount.project] } + ###################################################################### # Setup Kyma ###################################################################### data "btp_regions" "all" {} -locals { - subaccount_iaas_provider = [for region in data.btp_regions.all.values : region if region.region == data.btp_subaccount.this.region][0].iaas_provider -} - data "btp_subaccount" "this" { id = btp_subaccount.project.id } +locals { + subaccount_iaas_provider = [for region in data.btp_regions.all.values : region if region.region == data.btp_subaccount.this.region][0].iaas_provider +} + resource "btp_subaccount_entitlement" "kymaruntime" { subaccount_id = btp_subaccount.project.id - service_name = "kymaruntime" - plan_name = lower(local.subaccount_iaas_provider) - amount = 1 + service_name = "kymaruntime" + plan_name = lower(local.subaccount_iaas_provider) + amount = 1 } @@ -84,21 +87,14 @@ resource "btp_subaccount_environment_instance" "kyma" { update = var.kyma_instance.updatetimeout delete = var.kyma_instance.deletetimeout } - depends_on = [ btp_subaccount_entitlement.kymaruntime ] + depends_on = [btp_subaccount_entitlement.kymaruntime] } -# module "sap_kyma_instance" { -# source = "../../../in-development/modules/envinstance-kyma" -# subaccount_id = btp_subaccount.project.id -# name = var.kyma_instance.name -# } - - ###################################################################### # Entitlement of all services ###################################################################### resource "btp_subaccount_entitlement" "name" { - depends_on = [time_sleep.wait_a_few_seconds] + depends_on = [btp_subaccount.project] for_each = { for index, entitlement in var.entitlements : index => entitlement @@ -108,94 +104,28 @@ resource "btp_subaccount_entitlement" "name" { plan_name = each.value.plan_name } -###################################################################### -# Create app subscriptions -###################################################################### -data"btp_subaccount_subscriptions" "all"{ - subaccount_id = btp_subaccount.project.id - depends_on = [ btp_subaccount_entitlement.name ] -} - -resource "btp_subaccount_subscription" "app" { - subaccount_id = btp_subaccount.project.id - for_each = { - for index, entitlement in var.entitlements : - index => entitlement if contains(["app"], entitlement.type) - } - app_name = [ - for subscription in data.btp_subaccount_subscriptions.all.values: - subscription - if subscription.commercial_app_name == each.value.service_name - ][0].app_name - plan_name = each.value.plan_name - depends_on = [data.btp_subaccount_subscriptions.all] -} ###################################################################### -# Assign Role Collection +# Create App Subscriptions ###################################################################### - -resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.conn_dest_admin) - subaccount_id = btp_subaccount.project.id - role_collection_name = "Connectivity and Destination Administrator" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "int_prov" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.int_provisioner) - subaccount_id = btp_subaccount.project.id - role_collection_name = "Integration_Provisioner" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "sbpa_admin" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.ProcessAutomationAdmin) - subaccount_id = btp_subaccount.project.id - role_collection_name = "ProcessAutomationAdmin" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "sbpa_dev" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.ProcessAutomationAdmin) - subaccount_id = btp_subaccount.project.id - role_collection_name = "ProcessAutomationAdmin" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "sbpa_part" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.ProcessAutomationParticipant) - subaccount_id = btp_subaccount.project.id - role_collection_name = "ProcessAutomationParticipant" - user_name = each.value -} - -###################################################################### -# Assign custom IDP to sub account -###################################################################### -resource "btp_subaccount_trust_configuration" "fully_customized" { - subaccount_id = btp_subaccount.project.id - identity_provider = var.custom_idp - depends_on = [ btp_subaccount.project.id ] -} - -###################################################################### -# Create app subscription to SAP Build Apps (depends on entitlement) -###################################################################### -module "sap-build-apps_standard" { - source = "../../modules/services_apps/sap_build_apps/standard" - subaccount_id = btp_subaccount.project.id - subaccount_domain = btp_subaccount.project.subdomain - region = var.region +module "create_app_subscriptions" { + source = "./app_susbscriptions" + btp_subaccount_id = btp_subaccount.project.id + subdomain = btp_subaccount.project.subdomain custom_idp_origin = btp_subaccount_trust_configuration.fully_customized.origin - users_BuildAppsAdmin = var.users_BuildAppsAdmin - users_BuildAppsDeveloper = var.users_BuildAppsDeveloper - users_RegistryAdmin = var.users_RegistryAdmin - users_RegistryDeveloper = var.users_RegistryDeveloper - depends_on = [btp_subaccount_trust_configuration.fully_customized, btp_subaccount_entitlement.name] + entitlements = var.entitlements + region = var.region + kyma_instance = var.kyma_instance + + int_provisioner = var.int_provisioner + conn_dest_admin = var.conn_dest_admin + users_BuildAppsAdmin = var.users_BuildAppsAdmin + users_BuildAppsDeveloper = var.users_BuildAppsDeveloper + users_RegistryAdmin = var.users_RegistryAdmin + users_RegistryDeveloper = var.users_RegistryDeveloper + ProcessAutomationAdmin = var.ProcessAutomationAdmin + ProcessAutomationDeveloper = var.ProcessAutomationDeveloper + ProcessAutomationParticipant = var.ProcessAutomationParticipant + + depends_on = [btp_subaccount_entitlement.name] } diff --git a/released/discovery_center/mission_4033/provider.tf b/released/discovery_center/mission_4033/provider.tf index a77602d8..4bae7a07 100644 --- a/released/discovery_center/mission_4033/provider.tf +++ b/released/discovery_center/mission_4033/provider.tf @@ -5,10 +5,6 @@ terraform { source = "sap/btp" version = "0.5.0-beta1" } - cloudfoundry = { - source = "cloudfoundry-community/cloudfoundry" - version = "0.51.3" - } } } @@ -21,11 +17,3 @@ provider "btp" { password = var.password } -// Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs -provider "cloudfoundry" { - api_url = "https://api.cf.${var.region}.hana.ondemand.com" - user = var.username - password = var.password -} - - diff --git a/released/discovery_center/mission_4033/samples.tfvars b/released/discovery_center/mission_4033/samples.tfvars index 3ba9bf5d..556acb84 100644 --- a/released/discovery_center/mission_4033/samples.tfvars +++ b/released/discovery_center/mission_4033/samples.tfvars @@ -2,7 +2,7 @@ # Provider configuration # ------------------------------------------------------------------------------------------------------ # Your global account subdomain -globalaccount = "yoursubaccount" +globalaccount = "yoursubdomain" region = "us10" subaccount_name = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration 2" custom_idp = "youridp.accounts.ondemand.com" diff --git a/released/discovery_center/mission_4172/README.md b/released/discovery_center/mission_4172/README.md index 1c9650d3..0055c17a 100644 --- a/released/discovery_center/mission_4172/README.md +++ b/released/discovery_center/mission_4172/README.md @@ -2,7 +2,7 @@ ## Overview -This sample shows how to create a landscape for the Discovery Center Mission "Build Events-to-Business Actions Apps with SAP BTP and MS Azure/AWS" +This sample shows how to create a landscape for the Discovery Center Mission - [Build Events-to-Business Actions Apps with SAP BTP and MS Azure/AWS](https://discovery-center.cloud.sap/missiondetail/4172/) ## Content of setup diff --git a/released/discovery_center/mission_4172/main.tf b/released/discovery_center/mission_4172/main.tf index fdd22935..7a47f760 100644 --- a/released/discovery_center/mission_4172/main.tf +++ b/released/discovery_center/mission_4172/main.tf @@ -41,41 +41,23 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" ###################################################################### # Creation of Cloud Foundry environment ###################################################################### -module "cloudfoundry_environment" { - source = "../../modules/environment/cloudfoundry/envinstance_cf" - subaccount_id = btp_subaccount.project.id - instance_name = local.project_subaccount_cf_org - plan_name = "standard" - cf_org_name = local.project_subaccount_cf_org - cf_org_auditors = var.cf_org_auditors - cf_org_managers = var.cf_org_managers - cf_org_billing_managers = var.cf_org_billing_managers -} - -# ###################################################################### -# # Creation of Cloud Foundry space -# ###################################################################### -# module "cloudfoundry_space" { -# source = "../../modules/environment/cloudfoundry/space_cf" -# cf_org_id = module.cloudfoundry_environment.cf_org_id -# name = var.cf_space_name -# cf_space_managers = var.cf_space_managers -# cf_space_developers = var.cf_space_developers -# cf_space_auditors = var.cf_space_auditors -# } - -###################################################################### -# Add "sleep" resource for generic purposes -###################################################################### -resource "time_sleep" "wait_a_few_seconds" { - create_duration = "30s" +resource "btp_subaccount_environment_instance" "cf" { + subaccount_id = btp_subaccount.project.id + name = local.project_subaccount_cf_org + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = "standard" + landscape_label = var.cf_environment_label + parameters = jsonencode({ + instance_name = local.project_subaccount_cf_org + }) } ###################################################################### # Entitlement of all services and apps ###################################################################### resource "btp_subaccount_entitlement" "name" { - depends_on = [ time_sleep.wait_a_few_seconds] + depends_on = [btp_subaccount.project] for_each = { for index, entitlement in var.entitlements : index => entitlement @@ -93,33 +75,33 @@ data "btp_subaccount_service_plan" "hana_plan" { subaccount_id = btp_subaccount.project.id name = "hana" offering_name = "hana-cloud" - depends_on = [ btp_subaccount_entitlement.name] + depends_on = [btp_subaccount_entitlement.name] } # hana-cloud resource "btp_subaccount_service_instance" "hana_instance" { - depends_on = [data.btp_subaccount_service_plan.hana_plan] - name = "hana_cloud_instance" + depends_on = [data.btp_subaccount_service_plan.hana_plan] + name = "hana_cloud_instance" serviceplan_id = data.btp_subaccount_service_plan.hana_plan.id - subaccount_id = btp_subaccount.project.id - parameters = jsonencode({ "data" : { "memory" : 32, "edition" : "cloud", "systempassword" : "Abcd1234", "whitelistIPs" : ["0.0.0.0/0"] } }) + subaccount_id = btp_subaccount.project.id + parameters = jsonencode({ "data" : { "memory" : 32, "edition" : "cloud", "systempassword" : "Abcd1234", "whitelistIPs" : ["0.0.0.0/0"] } }) } -# ------------------------------------------------------------------------------------------------------ +###################################################################### # Assign custom IDP to sub account -# ------------------------------------------------------------------------------------------------------ +###################################################################### resource "btp_subaccount_trust_configuration" "fully_customized" { subaccount_id = btp_subaccount.project.id identity_provider = var.custom_idp - depends_on = [ btp_subaccount_role_collection_assignment.subaccount-service-admins ] + depends_on = [btp_subaccount.project] } ###################################################################### # Create app subscriptions ###################################################################### -data"btp_subaccount_subscriptions" "all"{ +data "btp_subaccount_subscriptions" "all" { subaccount_id = btp_subaccount.project.id - depends_on = [ btp_subaccount_entitlement.name ] + depends_on = [btp_subaccount_entitlement.name] } resource "btp_subaccount_subscription" "app" { @@ -128,9 +110,9 @@ resource "btp_subaccount_subscription" "app" { for index, entitlement in var.entitlements : index => entitlement if contains(["app"], entitlement.type) } - app_name = [ - for subscription in data.btp_subaccount_subscriptions.all.values: - subscription + app_name = [ + for subscription in data.btp_subaccount_subscriptions.all.values : + subscription if subscription.commercial_app_name == each.value.service_name ][0].app_name plan_name = each.value.plan_name @@ -177,17 +159,17 @@ resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { ###################################################################### resource "btp_subaccount_entitlement" "aem" { subaccount_id = btp_subaccount.project.id - service_name = "integration-suite-advanced-event-mesh" - plan_name = "default" + service_name = "integration-suite-advanced-event-mesh" + plan_name = "default" } resource "btp_subaccount_subscription" "aem_app" { subaccount_id = btp_subaccount.project.id - app_name = "integration-suite-advanced-event-mesh" - plan_name = "default" + app_name = "integration-suite-advanced-event-mesh" + plan_name = "default" parameters = jsonencode({ - "admin_user_email": var.advanced_event_mesh_admin + "admin_user_email" : var.advanced_event_mesh_admin }) - depends_on = [ btp_subaccount_entitlement.aem ] + depends_on = [btp_subaccount_entitlement.aem] } diff --git a/released/discovery_center/mission_4172/provider.tf b/released/discovery_center/mission_4172/provider.tf index a77602d8..ed55d515 100644 --- a/released/discovery_center/mission_4172/provider.tf +++ b/released/discovery_center/mission_4172/provider.tf @@ -1,14 +1,9 @@ - terraform { required_providers { btp = { source = "sap/btp" version = "0.5.0-beta1" } - cloudfoundry = { - source = "cloudfoundry-community/cloudfoundry" - version = "0.51.3" - } } } @@ -21,11 +16,3 @@ provider "btp" { password = var.password } -// Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs -provider "cloudfoundry" { - api_url = "https://api.cf.${var.region}.hana.ondemand.com" - user = var.username - password = var.password -} - - diff --git a/released/discovery_center/mission_4172/samples.tfvars b/released/discovery_center/mission_4172/samples.tfvars index 960a5c14..48845519 100644 --- a/released/discovery_center/mission_4172/samples.tfvars +++ b/released/discovery_center/mission_4172/samples.tfvars @@ -5,7 +5,7 @@ globalaccount = "youraccount" region = "us10" subaccount_name = "Discovery Center mission - build Events-to-Business actions" -cf_space_name = "dev" +cf_environment_label = "cf-us10" custom_idp = "abcde1234.accounts.ondemand.com" # ------------------------------------------------------------------------------------------------------ @@ -14,14 +14,6 @@ custom_idp = "abcde1234.accounts.ondemand.com" subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] -cf_space_managers = ["jane.doe@test.com", "john.doe@test.com"] -cf_space_developers = ["jane.doe@test.com", "john.doe@test.com"] -cf_space_auditors = ["jane.doe@test.com", "john.doe@test.com"] - -cf_org_auditors = ["jane.doe@test.com", "john.doe@test.com"] -cf_org_managers = ["jane.doe@test.com", "john.doe@test.com"] -cf_org_billing_managers = ["jane.doe@test.com", "john.doe@test.com"] - advanced_event_mesh_admin = "jane.doe@test.com" appstudio_developers = ["jane.doe@test.com", "john.doe@test.com"] diff --git a/released/discovery_center/mission_4172/variables.tf b/released/discovery_center/mission_4172/variables.tf index 856323cf..d69a99d6 100644 --- a/released/discovery_center/mission_4172/variables.tf +++ b/released/discovery_center/mission_4172/variables.tf @@ -19,19 +19,6 @@ variable "region" { description = "The region where the project account shall be created in." default = "us10" } -# Cloudfoundry environment label -variable "cf_environment_label" { - type = string - description = "The Cloudfoundry environment label" - default = "cf-us10" -} - -# Cloudfoundry space name -variable "cf_space_name" { - type = string - description = "The Cloudfoundry space name" - default = "dev" -} # hana password variable "hana_cloud_system_password" { @@ -59,42 +46,6 @@ variable "subaccount_service_admins" { default = ["jane.doe@test.com", "john.doe@test.com"] } -variable "cf_space_managers" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry space managers" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cf_space_developers" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry space developers" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cf_space_auditors" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry space auditors" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cf_org_auditors" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry org auditors" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cf_org_managers" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry org auditors" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cf_org_billing_managers" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry org auditors" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - variable "advanced_event_mesh_admin" { type = string description = "Defines the colleagues who are Cloudfoundry org auditors" @@ -202,3 +153,11 @@ variable "custom_idp" { } } +# Cloudfoundry environment label +variable "cf_environment_label" { + type = string + description = "The Cloudfoundry environment label" + default = "cf-us10" +} + + diff --git a/released/discovery_center/mission_4356/README.md b/released/discovery_center/mission_4356/README.md index 2f9949e3..9936cf77 100644 --- a/released/discovery_center/mission_4356/README.md +++ b/released/discovery_center/mission_4356/README.md @@ -2,7 +2,7 @@ ## Overview -This sample shows how to create a landscape for the Discovery Center Mission "Discovery Center mission - Deliver Connected Experiences with a single view of Material Availability" +This sample shows how to create a landscape for the Discovery Center Mission - [Deliver Connected Experiences with a single view of Material Availability](https://discovery-center.cloud.sap/missiondetail/4356/) ## Content of setup diff --git a/released/discovery_center/mission_4356/main.tf b/released/discovery_center/mission_4356/main.tf index 2a8816a0..a528ba12 100644 --- a/released/discovery_center/mission_4356/main.tf +++ b/released/discovery_center/mission_4356/main.tf @@ -41,41 +41,23 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" ###################################################################### # Creation of Cloud Foundry environment ###################################################################### -module "cloudfoundry_environment" { - source = "../../modules/environment/cloudfoundry/envinstance_cf" - subaccount_id = btp_subaccount.project.id - instance_name = local.project_subaccount_cf_org - plan_name = "standard" - cf_org_name = local.project_subaccount_cf_org - cf_org_auditors = var.cf_org_auditors - cf_org_managers = var.cf_org_managers - cf_org_billing_managers = var.cf_org_billing_managers -} - -# ###################################################################### -# # Creation of Cloud Foundry space -# ###################################################################### -# module "cloudfoundry_space" { -# source = "../../modules/environment/cloudfoundry/space_cf" -# cf_org_id = module.cloudfoundry_environment.cf_org_id -# name = var.cf_space_name -# cf_space_managers = var.cf_space_managers -# cf_space_developers = var.cf_space_developers -# cf_space_auditors = var.cf_space_auditors -# } - -###################################################################### -# Add "sleep" resource for generic purposes -###################################################################### -resource "time_sleep" "wait_a_few_seconds" { - create_duration = "30s" +resource "btp_subaccount_environment_instance" "cf" { + subaccount_id = btp_subaccount.project.id + name = local.project_subaccount_cf_org + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = "standard" + landscape_label = var.cf_environment_label + parameters = jsonencode({ + instance_name = local.project_subaccount_cf_org + }) } ###################################################################### # Entitlement of all services ###################################################################### resource "btp_subaccount_entitlement" "name" { - depends_on = [ module.cloudfoundry_environment, time_sleep.wait_a_few_seconds] + depends_on = [btp_subaccount.project] for_each = { for index, entitlement in var.entitlements : index => entitlement @@ -88,9 +70,9 @@ resource "btp_subaccount_entitlement" "name" { ###################################################################### # Create app subscriptions ###################################################################### -data"btp_subaccount_subscriptions" "all"{ +data "btp_subaccount_subscriptions" "all" { subaccount_id = btp_subaccount.project.id - depends_on = [ btp_subaccount_entitlement.name ] + depends_on = [btp_subaccount_entitlement.name] } resource "btp_subaccount_subscription" "app" { @@ -99,9 +81,9 @@ resource "btp_subaccount_subscription" "app" { for index, entitlement in var.entitlements : index => entitlement if contains(["app"], entitlement.type) } - app_name = [ - for subscription in data.btp_subaccount_subscriptions.all.values: - subscription + app_name = [ + for subscription in data.btp_subaccount_subscriptions.all.values : + subscription if subscription.commercial_app_name == each.value.service_name ][0].app_name plan_name = each.value.plan_name @@ -150,4 +132,4 @@ resource "btp_subaccount_role_collection_assignment" "int_prov" { subaccount_id = btp_subaccount.project.id role_collection_name = "Integration_Provisioner" user_name = each.value -} \ No newline at end of file +} diff --git a/released/discovery_center/mission_4356/provider.tf b/released/discovery_center/mission_4356/provider.tf index a77602d8..99c49605 100644 --- a/released/discovery_center/mission_4356/provider.tf +++ b/released/discovery_center/mission_4356/provider.tf @@ -1,14 +1,9 @@ - terraform { required_providers { btp = { source = "sap/btp" version = "0.5.0-beta1" } - cloudfoundry = { - source = "cloudfoundry-community/cloudfoundry" - version = "0.51.3" - } } } @@ -21,11 +16,4 @@ provider "btp" { password = var.password } -// Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs -provider "cloudfoundry" { - api_url = "https://api.cf.${var.region}.hana.ondemand.com" - user = var.username - password = var.password -} - diff --git a/released/discovery_center/mission_4356/samples.tfvars b/released/discovery_center/mission_4356/samples.tfvars index 9c8a3fef..e45ab057 100644 --- a/released/discovery_center/mission_4356/samples.tfvars +++ b/released/discovery_center/mission_4356/samples.tfvars @@ -5,7 +5,7 @@ globalaccount = "youraccount" region = "us10" subaccount_name = "Discovery Center mission - build Events-to-Business actions" -cf_space_name = "dev" +cf_environment_label = "cf-us10" # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) @@ -13,14 +13,6 @@ cf_space_name = "dev" subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] -cf_space_managers = ["jane.doe@test.com", "john.doe@test.com"] -cf_space_developers = ["jane.doe@test.com", "john.doe@test.com"] -cf_space_auditors = ["jane.doe@test.com", "john.doe@test.com"] - -cf_org_auditors = ["jane.doe@test.com", "john.doe@test.com"] -cf_org_managers = ["jane.doe@test.com", "john.doe@test.com"] -cf_org_billing_managers = ["jane.doe@test.com", "john.doe@test.com"] - appstudio_developers = ["jane.doe@test.com", "john.doe@test.com"] appstudio_admin = ["jane.doe@test.com", "john.doe@test.com"] cloudconnector_admin = ["jane.doe@test.com", "john.doe@test.com"] diff --git a/released/discovery_center/mission_4356/variables.tf b/released/discovery_center/mission_4356/variables.tf index 3964c6c8..32ddd923 100644 --- a/released/discovery_center/mission_4356/variables.tf +++ b/released/discovery_center/mission_4356/variables.tf @@ -20,13 +20,6 @@ variable "region" { default = "us10" } -# Cloudfoundry space name -variable "cf_space_name" { - type = string - description = "The Cloudfoundry space name" - default = "dev" -} - # hana password variable "hana_cloud_system_password" { type = string @@ -53,41 +46,6 @@ variable "subaccount_service_admins" { default = ["jane.doe@test.com", "john.doe@test.com"] } -variable "cf_space_managers" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry space managers" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cf_space_developers" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry space developers" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cf_space_auditors" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry space auditors" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cf_org_auditors" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry org auditors" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cf_org_managers" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry org auditors" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cf_org_billing_managers" { - type = list(string) - description = "Defines the colleagues who are Cloudfoundry org auditors" - default = ["jane.doe@test.com", "john.doe@test.com"] -} ### # Entitlements @@ -174,4 +132,11 @@ variable "password" { description = "BTP user password" type = string sensitive = true -} \ No newline at end of file +} + +# Cloudfoundry environment label +variable "cf_environment_label" { + type = string + description = "The Cloudfoundry environment label" + default = "cf-us10" +} From be23d0ddb84dcc558e5eefecb651585b165b518f Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Fri, 20 Oct 2023 20:11:51 +0530 Subject: [PATCH 15/25] formatting --- .../discovery_center/mission_4033/provider.tf | 4 +-- .../mission_4033/samples.tfvars | 26 +++++++++---------- .../mission_4033/variables.tf | 22 ++++++++-------- .../discovery_center/mission_4172/main.tf | 2 +- .../discovery_center/mission_4172/provider.tf | 4 +-- .../mission_4172/samples.tfvars | 4 +-- .../discovery_center/mission_4356/main.tf | 2 +- .../discovery_center/mission_4356/provider.tf | 4 +-- .../mission_4356/samples.tfvars | 6 ++--- 9 files changed, 37 insertions(+), 37 deletions(-) diff --git a/released/discovery_center/mission_4033/provider.tf b/released/discovery_center/mission_4033/provider.tf index 4bae7a07..8babc9e9 100644 --- a/released/discovery_center/mission_4033/provider.tf +++ b/released/discovery_center/mission_4033/provider.tf @@ -13,7 +13,7 @@ terraform { provider "btp" { globalaccount = var.globalaccount cli_server_url = var.cli_server_url - username = var.username - password = var.password + username = var.username + password = var.password } diff --git a/released/discovery_center/mission_4033/samples.tfvars b/released/discovery_center/mission_4033/samples.tfvars index 556acb84..8b7b9a4c 100644 --- a/released/discovery_center/mission_4033/samples.tfvars +++ b/released/discovery_center/mission_4033/samples.tfvars @@ -2,10 +2,10 @@ # Provider configuration # ------------------------------------------------------------------------------------------------------ # Your global account subdomain -globalaccount = "yoursubdomain" -region = "us10" -subaccount_name = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration 2" -custom_idp = "youridp.accounts.ondemand.com" +globalaccount = "yoursubdomain" +region = "us10" +subaccount_name = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration 2" +custom_idp = "youridp.accounts.ondemand.com" kyma_instance = { name = "my-kyma-environment" @@ -24,12 +24,12 @@ kyma_instance = { subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] -conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] -int_provisioner = ["jane.doe@test.com", "john.doe@test.com"] -users_BuildAppsAdmin = ["jane.doe@test.com", "john.doe@test.com"] -users_RegistryAdmin = ["jane.doe@test.com", "john.doe@test.com"] -users_BuildAppsDeveloper = ["jane.doe@test.com", "john.doe@test.com"] -users_RegistryDeveloper = ["jane.doe@test.com", "john.doe@test.com"] -ProcessAutomationAdmin = ["jane.doe@test.com", "john.doe@test.com"] -ProcessAutomationDeveloper = ["jane.doe@test.com", "john.doe@test.com"] -ProcessAutomationParticipant = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file +conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] +int_provisioner = ["jane.doe@test.com", "john.doe@test.com"] +users_BuildAppsAdmin = ["jane.doe@test.com", "john.doe@test.com"] +users_RegistryAdmin = ["jane.doe@test.com", "john.doe@test.com"] +users_BuildAppsDeveloper = ["jane.doe@test.com", "john.doe@test.com"] +users_RegistryDeveloper = ["jane.doe@test.com", "john.doe@test.com"] +ProcessAutomationAdmin = ["jane.doe@test.com", "john.doe@test.com"] +ProcessAutomationDeveloper = ["jane.doe@test.com", "john.doe@test.com"] +ProcessAutomationParticipant = ["jane.doe@test.com", "john.doe@test.com"] diff --git a/released/discovery_center/mission_4033/variables.tf b/released/discovery_center/mission_4033/variables.tf index 53065126..ba1f3ec3 100644 --- a/released/discovery_center/mission_4033/variables.tf +++ b/released/discovery_center/mission_4033/variables.tf @@ -69,8 +69,8 @@ variable "entitlements" { }, { service_name = "sap-build-apps" - plan_name = "standard" - type = "service" + plan_name = "standard" + type = "service" }, { service_name = "process-automation" @@ -95,7 +95,7 @@ variable "entitlements" { ] } -variable kyma_instance { type = object({ +variable "kyma_instance" { type = object({ name = string region = string machine_type = string @@ -104,7 +104,7 @@ variable kyma_instance { type = object({ createtimeout = string updatetimeout = string deletetimeout = string -})} +}) } variable "conn_dest_admin" { type = list(string) @@ -154,21 +154,21 @@ variable "users_RegistryDeveloper" { } variable "ProcessAutomationAdmin" { - type = list(string) + type = list(string) description = "Defines the users who have the role of ProcessAutomationAdmin in SAP Build Process Automation" - default = [ "jane.doe@test.com", "john.doe@test.com"] + default = ["jane.doe@test.com", "john.doe@test.com"] } variable "ProcessAutomationDeveloper" { - type = list(string) + type = list(string) description = "Defines the users who have the role of ProcessAutomationDeveloper in SAP Build Process Automation" - default = [ "jane.doe@test.com", "john.doe@test.com"] + default = ["jane.doe@test.com", "john.doe@test.com"] } variable "ProcessAutomationParticipant" { - type = list(string) + type = list(string) description = "Defines the users who have the role of ProcessAutomationParticipant in SAP Build Process Automation" - default = [ "jane.doe@test.com", "john.doe@test.com"] + default = ["jane.doe@test.com", "john.doe@test.com"] } variable "username" { @@ -181,4 +181,4 @@ variable "password" { description = "BTP user password" type = string sensitive = true -} \ No newline at end of file +} diff --git a/released/discovery_center/mission_4172/main.tf b/released/discovery_center/mission_4172/main.tf index 7a47f760..8550d15b 100644 --- a/released/discovery_center/mission_4172/main.tf +++ b/released/discovery_center/mission_4172/main.tf @@ -47,7 +47,7 @@ resource "btp_subaccount_environment_instance" "cf" { environment_type = "cloudfoundry" service_name = "cloudfoundry" plan_name = "standard" - landscape_label = var.cf_environment_label + landscape_label = var.cf_environment_label parameters = jsonencode({ instance_name = local.project_subaccount_cf_org }) diff --git a/released/discovery_center/mission_4172/provider.tf b/released/discovery_center/mission_4172/provider.tf index ed55d515..d0725e12 100644 --- a/released/discovery_center/mission_4172/provider.tf +++ b/released/discovery_center/mission_4172/provider.tf @@ -12,7 +12,7 @@ terraform { provider "btp" { globalaccount = var.globalaccount cli_server_url = var.cli_server_url - username = var.username - password = var.password + username = var.username + password = var.password } diff --git a/released/discovery_center/mission_4172/samples.tfvars b/released/discovery_center/mission_4172/samples.tfvars index 48845519..76816115 100644 --- a/released/discovery_center/mission_4172/samples.tfvars +++ b/released/discovery_center/mission_4172/samples.tfvars @@ -17,6 +17,6 @@ subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] advanced_event_mesh_admin = "jane.doe@test.com" appstudio_developers = ["jane.doe@test.com", "john.doe@test.com"] -appstudio_admin = ["jane.doe@test.com", "john.doe@test.com"] +appstudio_admin = ["jane.doe@test.com", "john.doe@test.com"] cloudconnector_admin = ["jane.doe@test.com", "john.doe@test.com"] -conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file +conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] diff --git a/released/discovery_center/mission_4356/main.tf b/released/discovery_center/mission_4356/main.tf index a528ba12..cb0e9c3f 100644 --- a/released/discovery_center/mission_4356/main.tf +++ b/released/discovery_center/mission_4356/main.tf @@ -47,7 +47,7 @@ resource "btp_subaccount_environment_instance" "cf" { environment_type = "cloudfoundry" service_name = "cloudfoundry" plan_name = "standard" - landscape_label = var.cf_environment_label + landscape_label = var.cf_environment_label parameters = jsonencode({ instance_name = local.project_subaccount_cf_org }) diff --git a/released/discovery_center/mission_4356/provider.tf b/released/discovery_center/mission_4356/provider.tf index 99c49605..4ccd942e 100644 --- a/released/discovery_center/mission_4356/provider.tf +++ b/released/discovery_center/mission_4356/provider.tf @@ -12,8 +12,8 @@ terraform { provider "btp" { globalaccount = var.globalaccount cli_server_url = var.cli_server_url - username = var.username - password = var.password + username = var.username + password = var.password } diff --git a/released/discovery_center/mission_4356/samples.tfvars b/released/discovery_center/mission_4356/samples.tfvars index e45ab057..cef35613 100644 --- a/released/discovery_center/mission_4356/samples.tfvars +++ b/released/discovery_center/mission_4356/samples.tfvars @@ -14,7 +14,7 @@ subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] appstudio_developers = ["jane.doe@test.com", "john.doe@test.com"] -appstudio_admin = ["jane.doe@test.com", "john.doe@test.com"] +appstudio_admin = ["jane.doe@test.com", "john.doe@test.com"] cloudconnector_admin = ["jane.doe@test.com", "john.doe@test.com"] -conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] -int_provisioner = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file +conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] +int_provisioner = ["jane.doe@test.com", "john.doe@test.com"] From b3bac566179df7cde20975188e5dfcf1c827dcc2 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Mon, 23 Oct 2023 15:35:59 +0530 Subject: [PATCH 16/25] dependencies update --- released/discovery_center/mission_4033/README.md | 2 +- released/discovery_center/mission_4033/main.tf | 2 -- released/discovery_center/mission_4172/main.tf | 2 -- released/discovery_center/mission_4356/main.tf | 1 - 4 files changed, 1 insertion(+), 6 deletions(-) diff --git a/released/discovery_center/mission_4033/README.md b/released/discovery_center/mission_4033/README.md index a07518bd..1b417493 100644 --- a/released/discovery_center/mission_4033/README.md +++ b/released/discovery_center/mission_4033/README.md @@ -1,4 +1,4 @@ -# Discovery Center Mission: Discovery Center mission - Create simple, connected digital experiences with API-based integration +# Discovery Center mission - Create simple, connected digital experiences with API-based integration ## Overview diff --git a/released/discovery_center/mission_4033/main.tf b/released/discovery_center/mission_4033/main.tf index a84a63c8..bdda4a21 100644 --- a/released/discovery_center/mission_4033/main.tf +++ b/released/discovery_center/mission_4033/main.tf @@ -44,7 +44,6 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" resource "btp_subaccount_trust_configuration" "fully_customized" { subaccount_id = btp_subaccount.project.id identity_provider = var.custom_idp - depends_on = [btp_subaccount.project] } @@ -94,7 +93,6 @@ resource "btp_subaccount_environment_instance" "kyma" { # Entitlement of all services ###################################################################### resource "btp_subaccount_entitlement" "name" { - depends_on = [btp_subaccount.project] for_each = { for index, entitlement in var.entitlements : index => entitlement diff --git a/released/discovery_center/mission_4172/main.tf b/released/discovery_center/mission_4172/main.tf index 8550d15b..de83e6bc 100644 --- a/released/discovery_center/mission_4172/main.tf +++ b/released/discovery_center/mission_4172/main.tf @@ -57,7 +57,6 @@ resource "btp_subaccount_environment_instance" "cf" { # Entitlement of all services and apps ###################################################################### resource "btp_subaccount_entitlement" "name" { - depends_on = [btp_subaccount.project] for_each = { for index, entitlement in var.entitlements : index => entitlement @@ -93,7 +92,6 @@ resource "btp_subaccount_service_instance" "hana_instance" { resource "btp_subaccount_trust_configuration" "fully_customized" { subaccount_id = btp_subaccount.project.id identity_provider = var.custom_idp - depends_on = [btp_subaccount.project] } ###################################################################### diff --git a/released/discovery_center/mission_4356/main.tf b/released/discovery_center/mission_4356/main.tf index cb0e9c3f..cbe1c661 100644 --- a/released/discovery_center/mission_4356/main.tf +++ b/released/discovery_center/mission_4356/main.tf @@ -57,7 +57,6 @@ resource "btp_subaccount_environment_instance" "cf" { # Entitlement of all services ###################################################################### resource "btp_subaccount_entitlement" "name" { - depends_on = [btp_subaccount.project] for_each = { for index, entitlement in var.entitlements : index => entitlement From a5faa05ea6f1e85da775247c48ca55f0aeb165f5 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Tue, 2 Jul 2024 15:47:44 +0530 Subject: [PATCH 17/25] 4033 4356 --- .../discovery_center/mission_4033/README.md | 2 +- .../app_subscriptions_setup.tf | 92 ------ .../app_subscriptions_variables.tf | 87 ----- .../discovery_center/mission_4033/locals.tf | 5 + .../discovery_center/mission_4033/main.tf | 297 +++++++++++++++--- .../discovery_center/mission_4033/outputs.tf | 4 + .../discovery_center/mission_4033/provider.tf | 2 - .../mission_4033/samples.tfvars | 30 +- .../mission_4033/variables.tf | 75 +++-- 9 files changed, 324 insertions(+), 270 deletions(-) delete mode 100644 released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_setup.tf delete mode 100644 released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_variables.tf create mode 100644 released/discovery_center/mission_4033/locals.tf create mode 100644 released/discovery_center/mission_4033/outputs.tf diff --git a/released/discovery_center/mission_4033/README.md b/released/discovery_center/mission_4033/README.md index 1b417493..84e4b130 100644 --- a/released/discovery_center/mission_4033/README.md +++ b/released/discovery_center/mission_4033/README.md @@ -45,7 +45,7 @@ To deploy the resources you must: 5. Apply your configuration to provision the resources: ```bash - terraform apply -var-file="sample.tfvars" + terraform apply -var-file="samples.tfvars" ``` ## In the end diff --git a/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_setup.tf b/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_setup.tf deleted file mode 100644 index 65aa7dba..00000000 --- a/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_setup.tf +++ /dev/null @@ -1,92 +0,0 @@ -# ------------------------------------------------------------------------------------------------------ -# Define the required providers for this module -# ------------------------------------------------------------------------------------------------------ -terraform { - required_providers { - btp = { - source = "SAP/btp" - version = "~> 1.4.0" - } - } -} - -###################################################################### -# Create app subscriptions -###################################################################### -data "btp_subaccount_subscriptions" "all" { - subaccount_id = var.btp_subaccount_id -} - -resource "btp_subaccount_subscription" "app" { - subaccount_id = var.btp_subaccount_id - for_each = { - for index, entitlement in var.entitlements : - index => entitlement if contains(["app"], entitlement.type) - } - app_name = [ - for subscription in data.btp_subaccount_subscriptions.all.values : - subscription - if subscription.commercial_app_name == each.value.service_name - ][0].app_name - plan_name = each.value.plan_name - depends_on = [data.btp_subaccount_subscriptions.all] -} - -###################################################################### -# Assign Role Collection -###################################################################### - -resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.conn_dest_admin) - subaccount_id = var.btp_subaccount_id - role_collection_name = "Connectivity and Destination Administrator" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "int_prov" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.int_provisioner) - subaccount_id = var.btp_subaccount_id - role_collection_name = "Integration_Provisioner" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "sbpa_admin" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.ProcessAutomationAdmin) - subaccount_id = var.btp_subaccount_id - role_collection_name = "ProcessAutomationAdmin" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "sbpa_dev" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.ProcessAutomationAdmin) - subaccount_id = var.btp_subaccount_id - role_collection_name = "ProcessAutomationAdmin" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "sbpa_part" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.ProcessAutomationParticipant) - subaccount_id = var.btp_subaccount_id - role_collection_name = "ProcessAutomationParticipant" - user_name = each.value -} - -###################################################################### -# Create app subscription to SAP Build Apps (depends on entitlement) -###################################################################### -module "sap-build-apps_standard" { - source = "../../../modules/services_apps/sap_build_apps/standard" - subaccount_id = var.btp_subaccount_id - subaccount_domain = var.subdomain - region = var.region - custom_idp_origin = var.custom_idp_origin - users_BuildAppsAdmin = var.users_BuildAppsAdmin - users_BuildAppsDeveloper = var.users_BuildAppsDeveloper - users_RegistryAdmin = var.users_RegistryAdmin - users_RegistryDeveloper = var.users_RegistryDeveloper -} diff --git a/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_variables.tf b/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_variables.tf deleted file mode 100644 index 0d8a1186..00000000 --- a/released/discovery_center/mission_4033/app_susbscriptions/app_subscriptions_variables.tf +++ /dev/null @@ -1,87 +0,0 @@ -### -# Entitlements -### -variable "entitlements" { - type = list(object({ - service_name = string - plan_name = string - type = string - })) - description = "The list of entitlements that shall be added to the subaccount." -} - -variable "kyma_instance" { type = object({ - name = string - region = string - machine_type = string - auto_scaler_min = number - auto_scaler_max = number - createtimeout = string - updatetimeout = string - deletetimeout = string -}) } - -variable "conn_dest_admin" { - type = list(string) - description = "Connectivity and Destination Administrator" -} - -variable "int_provisioner" { - type = list(string) - description = "Integration Provisioner" -} - -variable "custom_idp_origin" { - type = string - description = "Defines the custom IDP origin to be used for the subaccount" -} - -variable "users_BuildAppsAdmin" { - type = list(string) - description = "Defines the colleagues who have the role of 'BuildAppsAdmin' in SAP Build Apps." -} - -variable "users_BuildAppsDeveloper" { - type = list(string) - description = "Defines the colleagues who have the role of 'BuildAppsDeveloper' in SAP Build Apps." -} - -variable "users_RegistryAdmin" { - type = list(string) - description = "Defines the colleagues who have the role of 'RegistryAdmin' in SAP Build Apps." -} - -variable "users_RegistryDeveloper" { - type = list(string) - description = "Defines the colleagues who have the role of RegistryDeveloper' in SAP Build Apps." -} - -variable "ProcessAutomationAdmin" { - type = list(string) - description = "Defines the users who have the role of ProcessAutomationAdmin in SAP Build Process Automation" -} - -variable "ProcessAutomationDeveloper" { - type = list(string) - description = "Defines the users who have the role of ProcessAutomationDeveloper in SAP Build Process Automation" -} - -variable "ProcessAutomationParticipant" { - type = list(string) - description = "Defines the users who have the role of ProcessAutomationParticipant in SAP Build Process Automation" -} - -variable "region" { - type = string - description = "The region where the project account shall be created in." -} - -variable "btp_subaccount_id" { - type = string - description = "SAP BTP Subaccount ID" -} - -variable "subdomain" { - type = string - description = "SAP BTP Subdomain" -} \ No newline at end of file diff --git a/released/discovery_center/mission_4033/locals.tf b/released/discovery_center/mission_4033/locals.tf new file mode 100644 index 00000000..9942c552 --- /dev/null +++ b/released/discovery_center/mission_4033/locals.tf @@ -0,0 +1,5 @@ +locals { + service_name__sap_build_apps = "sap-build-apps" + service_name__sap_process_automation = "process-automation" + service_name__sap_integration_suite = "integrationsuite" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4033/main.tf b/released/discovery_center/mission_4033/main.tf index bdda4a21..07acb822 100644 --- a/released/discovery_center/mission_4033/main.tf +++ b/released/discovery_center/mission_4033/main.tf @@ -13,27 +13,32 @@ locals { # Creation of subaccount ############################################################################################### resource "btp_subaccount" "project" { + count = var.subaccount_id == "" ? 1 : 0 + name = var.subaccount_name subdomain = local.project_subaccount_domain region = lower(var.region) + usage = "USED_FOR_PRODUCTION" +} + +data "btp_subaccount" "project" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.project[0].id } + ############################################################################################### -# Assignment of users as sub account administrators +# Assignment of emergency admins to the sub account as sub account administrators ############################################################################################### -resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { +resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { for_each = toset("${var.subaccount_admins}") - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id role_collection_name = "Subaccount Administrator" user_name = each.value } -############################################################################################### -# Assignment of users as sub account service administrators -############################################################################################### -resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { +resource "btp_subaccount_role_collection_assignment" "subaccount_service_admin" { for_each = toset("${var.subaccount_service_admins}") - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id role_collection_name = "Subaccount Service Administrator" user_name = each.value } @@ -42,8 +47,27 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" # Assign custom IDP to sub account ###################################################################### resource "btp_subaccount_trust_configuration" "fully_customized" { - subaccount_id = btp_subaccount.project.id - identity_provider = var.custom_idp + subaccount_id = data.btp_subaccount.project.id + identity_provider = var.custom_idp != "" ? var.custom_idp : element(split("/", btp_subaccount_subscription.identity_instance[0].subscription_url), 2) +} + +resource "btp_subaccount_entitlement" "identity" { + count = var.custom_idp == "" ? 1 : 0 + + subaccount_id = data.btp_subaccount.project.id + service_name = "sap-identity-services-onboarding" + plan_name = "default" +} + +resource "btp_subaccount_subscription" "identity_instance" { + count = var.custom_idp == "" ? 1 : 0 + + subaccount_id = data.btp_subaccount.project.id + app_name = "sap-identity-services-onboarding" + plan_name = "default" + parameters = jsonencode({ + cloud_service = "TEST" + }) } @@ -52,16 +76,16 @@ resource "btp_subaccount_trust_configuration" "fully_customized" { ###################################################################### data "btp_regions" "all" {} -data "btp_subaccount" "this" { - id = btp_subaccount.project.id -} +# data "btp_subaccount" "this" { +# id = data.btp_subaccount.project.id +# } locals { - subaccount_iaas_provider = [for region in data.btp_regions.all.values : region if region.region == data.btp_subaccount.this.region][0].iaas_provider + subaccount_iaas_provider = [for region in data.btp_regions.all.values : region if region.region == data.btp_subaccount.project.region][0].iaas_provider } resource "btp_subaccount_entitlement" "kymaruntime" { - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id service_name = "kymaruntime" plan_name = lower(local.subaccount_iaas_provider) amount = 1 @@ -69,11 +93,11 @@ resource "btp_subaccount_entitlement" "kymaruntime" { resource "btp_subaccount_environment_instance" "kyma" { - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id name = var.kyma_instance.name environment_type = "kyma" service_name = "kymaruntime" - plan_name = "aws" + plan_name = lower(local.subaccount_iaas_provider) parameters = jsonencode({ name = var.kyma_instance.name region = var.kyma_instance.region @@ -90,40 +114,231 @@ resource "btp_subaccount_environment_instance" "kyma" { } ###################################################################### -# Entitlement of all services +# Entitlement of all general services ###################################################################### -resource "btp_subaccount_entitlement" "name" { +resource "btp_subaccount_entitlement" "genentitlements" { for_each = { for index, entitlement in var.entitlements : index => entitlement } - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id service_name = each.value.service_name plan_name = each.value.plan_name } +###################################################################### +# Assign Role Collection +###################################################################### + +resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { + depends_on = [btp_subaccount_entitlement.genentitlements] + for_each = toset(var.conn_dest_admin) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Connectivity and Destination Administrator" + user_name = each.value +} ###################################################################### -# Create App Subscriptions +# Create app subscription to SAP Integration Suite ###################################################################### -module "create_app_subscriptions" { - source = "./app_susbscriptions" - btp_subaccount_id = btp_subaccount.project.id - subdomain = btp_subaccount.project.subdomain - custom_idp_origin = btp_subaccount_trust_configuration.fully_customized.origin - entitlements = var.entitlements - region = var.region - kyma_instance = var.kyma_instance - - int_provisioner = var.int_provisioner - conn_dest_admin = var.conn_dest_admin - users_BuildAppsAdmin = var.users_BuildAppsAdmin - users_BuildAppsDeveloper = var.users_BuildAppsDeveloper - users_RegistryAdmin = var.users_RegistryAdmin - users_RegistryDeveloper = var.users_RegistryDeveloper - ProcessAutomationAdmin = var.ProcessAutomationAdmin - ProcessAutomationDeveloper = var.ProcessAutomationDeveloper - ProcessAutomationParticipant = var.ProcessAutomationParticipant - - depends_on = [btp_subaccount_entitlement.name] +resource "btp_subaccount_entitlement" "sap_integration_suite" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service_name__sap_integration_suite + plan_name = var.service_plan__sap_integration_suite +} + +data "btp_subaccount_subscriptions" "all" { + subaccount_id = data.btp_subaccount.project.id + depends_on = [ btp_subaccount_entitlement.sap_integration_suite ] +} + +resource "btp_subaccount_subscription" "sap_integration_suite" { + subaccount_id = data.btp_subaccount.project.id + app_name = [ + for subscription in data.btp_subaccount_subscriptions.all.values : + subscription + if subscription.commercial_app_name == local.service_name__sap_integration_suite + ][0].app_name + plan_name = var.service_plan__sap_integration_suite + depends_on = [data.btp_subaccount_subscriptions.all] +} + +resource "btp_subaccount_role_collection_assignment" "int_prov" { + depends_on = [btp_subaccount_subscription.sap_integration_suite] + for_each = toset(var.int_provisioner) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Integration_Provisioner" + user_name = each.value +} + +# ###################################################################### +# # Create app subscription to SAP Build Process Automation +# ###################################################################### + +resource "btp_subaccount_entitlement" "build_process_automation" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service_name__sap_process_automation + plan_name = var.service_plan__sap_process_automation +} + +# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) +resource "btp_subaccount_subscription" "build_process_automation" { + subaccount_id = data.btp_subaccount.project.id + app_name = local.service_name__sap_process_automation + plan_name = var.service_plan__sap_process_automation + depends_on = [btp_subaccount_entitlement.build_process_automation] +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_admin" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.ProcessAutomationAdmin) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "ProcessAutomationAdmin" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_dev" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.ProcessAutomationAdmin) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "ProcessAutomationAdmin" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_part" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.ProcessAutomationParticipant) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "ProcessAutomationParticipant" + user_name = each.value +} + +############################################################################################### +# Prepare and setup app: SAP Build Apps +############################################################################################### +# Entitle subaccount for usage of SAP Build Apps +resource "btp_subaccount_entitlement" "sap_build_apps" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service_name__sap_build_apps + plan_name = var.service_plan__sap_build_apps + amount = 1 + depends_on = [btp_subaccount_trust_configuration.fully_customized] +} + +# Create a subscription to the SAP Build Apps +resource "btp_subaccount_subscription" "sap-build-apps_standard" { + subaccount_id = data.btp_subaccount.project.id + app_name = "sap-appgyver-ee" + plan_name = var.service_plan__sap_build_apps + depends_on = [btp_subaccount_entitlement.sap_build_apps] +} + +# Get all roles in the subaccount +data "btp_subaccount_roles" "all" { + subaccount_id = data.btp_subaccount.project.id + depends_on = [btp_subaccount_subscription.sap-build-apps_standard] +} + +############################################################################################### +# Setup for role collection BuildAppsAdmin +############################################################################################### +# Create the role collection +resource "btp_subaccount_role_collection" "build_apps_BuildAppsAdmin" { + subaccount_id = data.btp_subaccount.project.id + name = "BuildAppsAdmin" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["BuildAppsAdmin"], role.name) + ] +} +# Assign users to the role collection +resource "btp_subaccount_role_collection_assignment" "build_apps_BuildAppsAdmin" { + depends_on = [btp_subaccount_role_collection.build_apps_BuildAppsAdmin] + for_each = toset(var.users_BuildAppsAdmin) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "BuildAppsAdmin" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin +} + +############################################################################################### +# Setup for role collection BuildAppsDeveloper +############################################################################################### +# Create the role collection +resource "btp_subaccount_role_collection" "build_apps_BuildAppsDeveloper" { + subaccount_id = data.btp_subaccount.project.id + name = "BuildAppsDeveloper" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["BuildAppsDeveloper"], role.name) + ] +} +# Assign users to the role collection +resource "btp_subaccount_role_collection_assignment" "build_apps_BuildAppsDeveloper" { + depends_on = [btp_subaccount_role_collection.build_apps_BuildAppsDeveloper] + for_each = toset(var.users_BuildAppsDeveloper) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "BuildAppsDeveloper" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin +} + +############################################################################################### +# Setup for role collection RegistryAdmin +############################################################################################### +# Create the role collection +resource "btp_subaccount_role_collection" "build_apps_RegistryAdmin" { + subaccount_id = data.btp_subaccount.project.id + name = "RegistryAdmin" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["RegistryAdmin"], role.name) + ] +} +# Assign users to the role collection +resource "btp_subaccount_role_collection_assignment" "build_apps_RegistryAdmin" { + depends_on = [btp_subaccount_role_collection.build_apps_RegistryAdmin] + for_each = toset(var.users_RegistryAdmin) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "RegistryAdmin" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin +} + +############################################################################################### +# Setup for role collection RegistryDeveloper +############################################################################################### +# Create the role collection +resource "btp_subaccount_role_collection" "build_apps_RegistryDeveloper" { + subaccount_id = data.btp_subaccount.project.id + name = "RegistryDeveloper" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["RegistryDeveloper"], role.name) + ] +} +# Assign users to the role collection +resource "btp_subaccount_role_collection_assignment" "build_apps_RegistryDeveloper" { + depends_on = [btp_subaccount_role_collection.build_apps_RegistryDeveloper] + for_each = toset(var.users_RegistryDeveloper) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "RegistryDeveloper" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin } diff --git a/released/discovery_center/mission_4033/outputs.tf b/released/discovery_center/mission_4033/outputs.tf new file mode 100644 index 00000000..c12e4ba4 --- /dev/null +++ b/released/discovery_center/mission_4033/outputs.tf @@ -0,0 +1,4 @@ +output "subaccount_id" { + value = data.btp_subaccount.project.id + description = "The ID of the project subaccount." +} \ No newline at end of file diff --git a/released/discovery_center/mission_4033/provider.tf b/released/discovery_center/mission_4033/provider.tf index b06d38d9..d27c2b83 100644 --- a/released/discovery_center/mission_4033/provider.tf +++ b/released/discovery_center/mission_4033/provider.tf @@ -13,7 +13,5 @@ terraform { provider "btp" { globalaccount = var.globalaccount cli_server_url = var.cli_server_url - username = var.username - password = var.password } diff --git a/released/discovery_center/mission_4033/samples.tfvars b/released/discovery_center/mission_4033/samples.tfvars index 8b7b9a4c..2829787a 100644 --- a/released/discovery_center/mission_4033/samples.tfvars +++ b/released/discovery_center/mission_4033/samples.tfvars @@ -2,10 +2,10 @@ # Provider configuration # ------------------------------------------------------------------------------------------------------ # Your global account subdomain -globalaccount = "yoursubdomain" +globalaccount = "ticoo" region = "us10" -subaccount_name = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration 2" -custom_idp = "youridp.accounts.ondemand.com" +subaccount_name = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration 1" +custom_idp = "ag6010bvf.accounts.ondemand.com" kyma_instance = { name = "my-kyma-environment" @@ -21,15 +21,15 @@ kyma_instance = { # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] -subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] - -conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] -int_provisioner = ["jane.doe@test.com", "john.doe@test.com"] -users_BuildAppsAdmin = ["jane.doe@test.com", "john.doe@test.com"] -users_RegistryAdmin = ["jane.doe@test.com", "john.doe@test.com"] -users_BuildAppsDeveloper = ["jane.doe@test.com", "john.doe@test.com"] -users_RegistryDeveloper = ["jane.doe@test.com", "john.doe@test.com"] -ProcessAutomationAdmin = ["jane.doe@test.com", "john.doe@test.com"] -ProcessAutomationDeveloper = ["jane.doe@test.com", "john.doe@test.com"] -ProcessAutomationParticipant = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +subaccount_service_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +emergency_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +conn_dest_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +int_provisioner = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +users_BuildAppsAdmin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +users_RegistryAdmin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +users_BuildAppsDeveloper = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +users_RegistryDeveloper = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +ProcessAutomationAdmin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +ProcessAutomationDeveloper = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +ProcessAutomationParticipant = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] diff --git a/released/discovery_center/mission_4033/variables.tf b/released/discovery_center/mission_4033/variables.tf index ba1f3ec3..8fca2772 100644 --- a/released/discovery_center/mission_4033/variables.tf +++ b/released/discovery_center/mission_4033/variables.tf @@ -13,6 +13,13 @@ variable "subaccount_name" { description = "The subaccount name." default = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration" } + +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} + # Region variable "region" { type = string @@ -29,17 +36,48 @@ variable "cli_server_url" { variable "subaccount_admins" { type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] + description = "Defines the colleagues who are added to each subaccount as Subaccount administrators." } variable "subaccount_service_admins" { type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] + description = "Defines the colleagues who are added to each subaccount as Subaccount service administrators." } +variable "emergency_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as Subaccount service administrators." +} +variable "service_plan__sap_build_apps" { + type = string + description = "The plan for SAP Build Apps subscription" + default = "free" + validation { + condition = contains(["free", "standard", "partner"], var.service_plan__sap_build_apps) + error_message = "Invalid value for service_plan__sap_build_apps. Only 'free', 'standard' and 'partner' are allowed." + } +} + +variable "service_plan__sap_process_automation" { + type = string + description = "The plan for SAP Build Process Automation" + default = "standard" + validation { + condition = contains(["standard", "advanced-user"], var.service_plan__sap_process_automation) + error_message = "Invalid value for service_plan__sap_process_automation. Only 'standard' and 'advanced-user' are allowed." + } +} + +variable "service_plan__sap_integration_suite" { + type = string + description = "The plan for SAP Integration Suite" + default = "enterprise_agreement" + validation { + condition = contains(["enterprise_agreement"], var.service_plan__sap_integration_suite) + error_message = "Invalid value for service_plan__sap_integration_suite. Only 'enterprise_agreement' are allowed." + } +} ### # Entitlements @@ -62,21 +100,6 @@ variable "entitlements" { plan_name = "application", type = "service" }, - { - service_name = "integrationsuite" - plan_name = "enterprise_agreement", - type = "app" - }, - { - service_name = "sap-build-apps" - plan_name = "standard" - type = "service" - }, - { - service_name = "process-automation" - plan_name = "standard", - type = "app" - }, { service_name = "process-automation-service" plan_name = "standard", @@ -169,16 +192,4 @@ variable "ProcessAutomationParticipant" { type = list(string) description = "Defines the users who have the role of ProcessAutomationParticipant in SAP Build Process Automation" default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "username" { - description = "BTP username" - type = string - sensitive = false -} - -variable "password" { - description = "BTP user password" - type = string - sensitive = true -} +} \ No newline at end of file From f39d7433f54354ad98e60308acbd8af9899dde96 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Tue, 2 Jul 2024 15:49:45 +0530 Subject: [PATCH 18/25] 4033 and 4356 --- .../mission_4356 Stages/README.md | 58 ++++++ .../mission_4356 Stages/apply.sh | 14 ++ .../mission_4356 Stages/step-1/locals.tf | 4 + .../mission_4356 Stages/step-1/main.tf | 176 ++++++++++++++++++ .../mission_4356 Stages/step-1/output.tf | 15 ++ .../mission_4356 Stages/step-1/provider.tf | 16 ++ .../mission_4356 Stages/step-1/samples.tfvars | 20 ++ .../mission_4356 Stages/step-1/variables.tf | 146 +++++++++++++++ .../mission_4356 Stages/step-2/main.tf | 7 + .../mission_4356 Stages/step-2/output.tf | 19 ++ .../mission_4356 Stages/step-2/provider.tf | 16 ++ .../mission_4356 Stages/step-2/samples.tfvars | 20 ++ .../mission_4356 Stages/step-2/variables.tf | 19 ++ .../discovery_center/mission_4356/locals.tf | 4 + .../discovery_center/mission_4356/main.tf | 99 ++++++---- .../discovery_center/mission_4356/provider.tf | 2 - .../mission_4356/samples.tfvars | 16 +- .../mission_4356/variables.tf | 49 ++--- 18 files changed, 631 insertions(+), 69 deletions(-) create mode 100644 released/discovery_center/mission_4356 Stages/README.md create mode 100644 released/discovery_center/mission_4356 Stages/apply.sh create mode 100644 released/discovery_center/mission_4356 Stages/step-1/locals.tf create mode 100644 released/discovery_center/mission_4356 Stages/step-1/main.tf create mode 100644 released/discovery_center/mission_4356 Stages/step-1/output.tf create mode 100644 released/discovery_center/mission_4356 Stages/step-1/provider.tf create mode 100644 released/discovery_center/mission_4356 Stages/step-1/samples.tfvars create mode 100644 released/discovery_center/mission_4356 Stages/step-1/variables.tf create mode 100644 released/discovery_center/mission_4356 Stages/step-2/main.tf create mode 100644 released/discovery_center/mission_4356 Stages/step-2/output.tf create mode 100644 released/discovery_center/mission_4356 Stages/step-2/provider.tf create mode 100644 released/discovery_center/mission_4356 Stages/step-2/samples.tfvars create mode 100644 released/discovery_center/mission_4356 Stages/step-2/variables.tf create mode 100644 released/discovery_center/mission_4356/locals.tf diff --git a/released/discovery_center/mission_4356 Stages/README.md b/released/discovery_center/mission_4356 Stages/README.md new file mode 100644 index 00000000..9936cf77 --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/README.md @@ -0,0 +1,58 @@ +# Discovery Center Mission: Discovery Center mission - Deliver Connected Experiences with a single view of Material Availability + +## Overview + +This sample shows how to create a landscape for the Discovery Center Mission - [Deliver Connected Experiences with a single view of Material Availability](https://discovery-center.cloud.sap/missiondetail/4356/) + +## Content of setup + +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Entitlements of services +- Subscriptions to applications +- Role collection assignments to users +- Creation of CF environments +- Management of users and roles on org and space level + +## Deploying the resources + +To deploy the resources you must: + +1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider + + ```hcl + username = "" + password = "" + ``` + +2. Change the variables in the `samples.tfvars` file to meet your requirements + + > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. + + +3. Initialize your workspace: + + ```bash + terraform init + ``` + +4. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="sample.tfvars" + ``` + +5. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="sample.tfvars" + ``` + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy +``` diff --git a/released/discovery_center/mission_4356 Stages/apply.sh b/released/discovery_center/mission_4356 Stages/apply.sh new file mode 100644 index 00000000..b2f9e2bd --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/apply.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +cd step-1 + +terraform init +terraform apply -var-file=samples.tfvars -auto-approve +terraform output > ../step-2/samples.tfvars + +cd ../step-2 + +terraform init +terraform apply -var-file=samples.tfvars -auto-approve + +cd .. \ No newline at end of file diff --git a/released/discovery_center/mission_4356 Stages/step-1/locals.tf b/released/discovery_center/mission_4356 Stages/step-1/locals.tf new file mode 100644 index 00000000..bc48719d --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-1/locals.tf @@ -0,0 +1,4 @@ +locals { + service__sap_business_app_studio = "sapappstudio" + service_name__sap_integration_suite = "integrationsuite" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4356 Stages/step-1/main.tf b/released/discovery_center/mission_4356 Stages/step-1/main.tf new file mode 100644 index 00000000..a3577465 --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-1/main.tf @@ -0,0 +1,176 @@ +############################################################################################### +# Setup of names in accordance to naming convention +############################################################################################### +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + project_subaccount_domain = lower(replace("mission-4172-${local.random_uuid}", "_", "-")) + project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) +} + +############################################################################################### +# Creation of subaccount +############################################################################################### +resource "btp_subaccount" "project" { + count = var.subaccount_id == "" ? 1 : 0 + + name = var.subaccount_name + subdomain = local.project_subaccount_domain + region = lower(var.region) + usage = "USED_FOR_PRODUCTION" +} + +data "btp_subaccount" "project" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.project[0].id +} + +############################################################################################### +# Assignment of users as sub account administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} + +############################################################################################### +# Assignment of users as sub account service administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { + for_each = toset("${var.subaccount_service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} + +###################################################################### +# Extract list of CF landscape labels from environments +###################################################################### +data "btp_subaccount_environments" "all" { + subaccount_id = btp_subaccount.project.id +} + +locals { + cf_landscape_labels = [ + for env in data.btp_subaccount_environments.all.values : env.landscape_label + if env.environment_type == "cloudfoundry" + ] +} + + +###################################################################### +# Creation of Cloud Foundry environment +###################################################################### +resource "btp_subaccount_environment_instance" "cloudfoundry" { + subaccount_id = data.btp_subaccount.project.id + name = "cf-environment" + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = "standard" + landscape_label =local.cf_landscape_labels[0] + parameters = jsonencode({ + instance_name = local.project_subaccount_cf_org + }) +} + +###################################################################### +# Entitlement of all general services +###################################################################### +resource "btp_subaccount_entitlement" "genentitlements" { + for_each = { + for index, entitlement in var.entitlements : + index => entitlement + } + subaccount_id = data.btp_subaccount.project.id + service_name = each.value.service_name + plan_name = each.value.plan_name +} + +# ###################################################################### +# # Create app subscription to SAP Integration Suite +# ###################################################################### +# resource "btp_subaccount_entitlement" "sap_integration_suite" { +# subaccount_id = data.btp_subaccount.project.id +# service_name = local.service_name__sap_integration_suite +# plan_name = var.service_plan__sap_integration_suite +# } + +# data "btp_subaccount_subscriptions" "all" { +# subaccount_id = data.btp_subaccount.project.id +# depends_on = [ btp_subaccount_entitlement.sap_integration_suite ] +# } + +# resource "btp_subaccount_subscription" "sap_integration_suite" { +# subaccount_id = data.btp_subaccount.project.id +# app_name = [ +# for subscription in data.btp_subaccount_subscriptions.all.values : +# subscription +# if subscription.commercial_app_name == local.service_name__sap_integration_suite +# ][0].app_name +# plan_name = var.service_plan__sap_integration_suite +# depends_on = [data.btp_subaccount_subscriptions.all] +# } + +# resource "btp_subaccount_role_collection_assignment" "int_prov" { +# depends_on = [btp_subaccount_subscription.sap_integration_suite] +# for_each = toset(var.int_provisioner) +# subaccount_id = data.btp_subaccount.project.id +# role_collection_name = "Integration_Provisioner" +# user_name = each.value +# } + +# # ###################################################################### +# # # Create app subscription to SAP Business APplication Studio +# # ###################################################################### + +# resource "btp_subaccount_entitlement" "bas" { +# subaccount_id = data.btp_subaccount.project.id +# service_name = local.service__sap_business_app_studio +# plan_name = var.service_plan__sap_business_app_studio +# } + +# # Create app subscription to busineass applicaiton stuido +# resource "btp_subaccount_subscription" "bas" { +# subaccount_id = data.btp_subaccount.project.id +# app_name = local.service__sap_business_app_studio +# plan_name = var.service_plan__sap_business_app_studio +# depends_on = [btp_subaccount_entitlement.bas] +# } + +# resource "btp_subaccount_role_collection_assignment" "bas_dev" { +# depends_on = [btp_subaccount_subscription.bas] +# for_each = toset(var.appstudio_developers) +# subaccount_id = data.btp_subaccount.project.id +# role_collection_name = "Business_Application_Studio_Developer" +# user_name = each.value +# } + +# resource "btp_subaccount_role_collection_assignment" "bas_admn" { +# depends_on = [btp_subaccount_subscription.bas] +# for_each = toset(var.appstudio_admin) +# subaccount_id = data.btp_subaccount.project.id +# role_collection_name = "Business_Application_Studio_Administrator" +# user_name = each.value +# } + +# ###################################################################### +# # Assign Role Collection +# ###################################################################### + +# resource "btp_subaccount_role_collection_assignment" "cloud_conn_admn" { +# depends_on = [btp_subaccount_entitlement.genentitlements] +# for_each = toset(var.cloudconnector_admin) +# subaccount_id = data.btp_subaccount.project.id +# role_collection_name = "Cloud Connector Administrator" +# user_name = each.value +# } + +# resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { +# depends_on = [btp_subaccount_entitlement.genentitlements] +# for_each = toset(var.conn_dest_admin) +# subaccount_id = data.btp_subaccount.project.id +# role_collection_name = "Connectivity and Destination Administrator" +# user_name = each.value +# } diff --git a/released/discovery_center/mission_4356 Stages/step-1/output.tf b/released/discovery_center/mission_4356 Stages/step-1/output.tf new file mode 100644 index 00000000..ddaaca36 --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-1/output.tf @@ -0,0 +1,15 @@ +output "cf_landscape_label" { + value = btp_subaccount_environment_instance.cloudfoundry.landscape_label +} + +output "cf_api_url" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] +} + +output "cf_org_id" { + value = btp_subaccount_environment_instance.cloudfoundry.platform_id +} + +output "subaccount_id" { + value = data.btp_subaccount.project.id +} \ No newline at end of file diff --git a/released/discovery_center/mission_4356 Stages/step-1/provider.tf b/released/discovery_center/mission_4356 Stages/step-1/provider.tf new file mode 100644 index 00000000..f4e6f577 --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-1/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "1.4.0" + } + } +} + +###################################################################### +# Configure BTP provider +###################################################################### +provider "btp" { + cli_server_url = var.cli_server_url + globalaccount = var.globalaccount +} \ No newline at end of file diff --git a/released/discovery_center/mission_4356 Stages/step-1/samples.tfvars b/released/discovery_center/mission_4356 Stages/step-1/samples.tfvars new file mode 100644 index 00000000..b19885be --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-1/samples.tfvars @@ -0,0 +1,20 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ +# Your global account subdomain +globalaccount = "ticoo" +region = "us10" +subaccount_name = "Discovery Center mission - build Events-to-Business actions" +cf_environment_label = "cf-us10" + +# ------------------------------------------------------------------------------------------------------ +# Project specific configuration (please adapt!) +# ------------------------------------------------------------------------------------------------------ +subaccount_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +subaccount_service_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] + +appstudio_developers = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +appstudio_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +cloudconnector_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +conn_dest_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +int_provisioner = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] diff --git a/released/discovery_center/mission_4356 Stages/step-1/variables.tf b/released/discovery_center/mission_4356 Stages/step-1/variables.tf new file mode 100644 index 00000000..48a4d924 --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-1/variables.tf @@ -0,0 +1,146 @@ +###################################################################### +# Customer account setup +###################################################################### +# subaccount +variable "globalaccount" { + type = string + description = "The globalaccount subdomain." + default = "yourglobalaccount" +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} + +# subaccount +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "UC - Deliver Connected Experiences with a single view of Material Availability" +} +# Region +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "us10" +} + +# hana password +variable "hana_cloud_system_password" { + type = string + description = "The system password for the hana_cloud service instance." + default = "Abcd1234" +} + +# CLI server +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cpcli.cf.eu10.hana.ondemand.com" +} + +# subaccount variables +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "service_plan__sap_integration_suite" { + type = string + description = "The plan for SAP Integration Suite" + default = "enterprise_agreement" + validation { + condition = contains(["enterprise_agreement"], var.service_plan__sap_integration_suite) + error_message = "Invalid value for service_plan__sap_integration_suite. Only 'enterprise_agreement' is allowed." + } +} + +variable "service_plan__sap_business_app_studio" { + type = string + description = "The plan for SAP Business Application Studio" + default = "standard-edition" + validation { + condition = contains(["standard-edition"], var.service_plan__sap_business_app_studio) + error_message = "Invalid value for service_plan__sap_business_app_studio. Only 'standard-edition' is allowed." + } +} + +### +# Entitlements +### +variable "entitlements" { + type = list(object({ + service_name = string + plan_name = string + type = string + })) + description = "The list of entitlements that shall be added to the subaccount." + default = [ + { + service_name = "connectivity" + plan_name = "lite", + type = "service" + }, + { + service_name = "destination" + plan_name = "lite", + type = "service" + }, + { + service_name = "html5-apps-repo" + plan_name = "app-host", + type = "service" + }, + { + service_name = "xsuaa" + plan_name = "application", + type = "service" + } + ] +} + +variable "appstudio_developers" { + type = list(string) + description = "Business Application Studio Developer" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "appstudio_admin" { + type = list(string) + description = "Business Application Studio Administrator" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cloudconnector_admin" { + type = list(string) + description = "Cloud Connector Administrator" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "conn_dest_admin" { + type = list(string) + description = "Connectivity and Destination Administrator" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "int_provisioner" { + type = list(string) + description = "Integration Provisioner" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +# Cloudfoundry environment label +variable "cf_environment_label" { + type = string + description = "The Cloudfoundry environment label" + default = "cf-us10" +} diff --git a/released/discovery_center/mission_4356 Stages/step-2/main.tf b/released/discovery_center/mission_4356 Stages/step-2/main.tf new file mode 100644 index 00000000..c630b8bd --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-2/main.tf @@ -0,0 +1,7 @@ +###################################################################### +# Create space using CF provider +###################################################################### +resource "cloudfoundry_space" "dev" { + name = "DEV" + org = var.cf_org_id +} \ No newline at end of file diff --git a/released/discovery_center/mission_4356 Stages/step-2/output.tf b/released/discovery_center/mission_4356 Stages/step-2/output.tf new file mode 100644 index 00000000..9425898f --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-2/output.tf @@ -0,0 +1,19 @@ +output "subaccount_id" { + value = var.subaccount_id +} + +output "cf_landscape_label" { + value = var.cf_landscape_label +} + +output "cf_org_id" { + value = var.cf_org_id +} + +output "cf_api_url" { + value = var.cf_api_url +} + +output "cf_space_name" { + value = cloudfoundry_space.dev.name +} \ No newline at end of file diff --git a/released/discovery_center/mission_4356 Stages/step-2/provider.tf b/released/discovery_center/mission_4356 Stages/step-2/provider.tf new file mode 100644 index 00000000..a42145c5 --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-2/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + cloudfoundry = { + source = "SAP/cloudfoundry" + version = "0.2.1-beta" + } + } +} + +###################################################################### +# Configure CF provider +###################################################################### +provider "cloudfoundry" { + # resolve API URL from environment instance + api_url = var.cf_api_url +} \ No newline at end of file diff --git a/released/discovery_center/mission_4356 Stages/step-2/samples.tfvars b/released/discovery_center/mission_4356 Stages/step-2/samples.tfvars new file mode 100644 index 00000000..88cb994e --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-2/samples.tfvars @@ -0,0 +1,20 @@ +# # ------------------------------------------------------------------------------------------------------ +# # Provider configuration +# # ------------------------------------------------------------------------------------------------------ +# # Your global account subdomain +# globalaccount = "ticoo" +# region = "us10" +# subaccount_name = "Discovery Center mission - build Events-to-Business actions" +# cf_environment_label = "cf-us10" + +# # ------------------------------------------------------------------------------------------------------ +# # Project specific configuration (please adapt!) +# # ------------------------------------------------------------------------------------------------------ +# subaccount_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +# subaccount_service_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] + +# appstudio_developers = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +# appstudio_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +# cloudconnector_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +# conn_dest_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +# int_provisioner = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] diff --git a/released/discovery_center/mission_4356 Stages/step-2/variables.tf b/released/discovery_center/mission_4356 Stages/step-2/variables.tf new file mode 100644 index 00000000..e8e73e86 --- /dev/null +++ b/released/discovery_center/mission_4356 Stages/step-2/variables.tf @@ -0,0 +1,19 @@ +variable "custom_idp_origin" { + type = string +} + +variable "cf_api_url" { + type = string +} + +variable "cf_landscape_label" { + type = string +} + +variable "cf_org_id" { + type = string +} + +variable "subaccount_id" { + type = string +} \ No newline at end of file diff --git a/released/discovery_center/mission_4356/locals.tf b/released/discovery_center/mission_4356/locals.tf new file mode 100644 index 00000000..bc48719d --- /dev/null +++ b/released/discovery_center/mission_4356/locals.tf @@ -0,0 +1,4 @@ +locals { + service__sap_business_app_studio = "sapappstudio" + service_name__sap_integration_suite = "integrationsuite" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4356/main.tf b/released/discovery_center/mission_4356/main.tf index cbe1c661..7e56333b 100644 --- a/released/discovery_center/mission_4356/main.tf +++ b/released/discovery_center/mission_4356/main.tf @@ -13,9 +13,16 @@ locals { # Creation of subaccount ############################################################################################### resource "btp_subaccount" "project" { + count = var.subaccount_id == "" ? 1 : 0 + name = var.subaccount_name subdomain = local.project_subaccount_domain region = lower(var.region) + usage = "USED_FOR_PRODUCTION" +} + +data "btp_subaccount" "project" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.project[0].id } ############################################################################################### @@ -23,7 +30,7 @@ resource "btp_subaccount" "project" { ############################################################################################### resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { for_each = toset("${var.subaccount_admins}") - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id role_collection_name = "Subaccount Administrator" user_name = each.value } @@ -33,7 +40,7 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { ############################################################################################### resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { for_each = toset("${var.subaccount_service_admins}") - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id role_collection_name = "Subaccount Service Administrator" user_name = each.value } @@ -42,7 +49,7 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" # Creation of Cloud Foundry environment ###################################################################### resource "btp_subaccount_environment_instance" "cf" { - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id name = local.project_subaccount_cf_org environment_type = "cloudfoundry" service_name = "cloudfoundry" @@ -54,81 +61,101 @@ resource "btp_subaccount_environment_instance" "cf" { } ###################################################################### -# Entitlement of all services +# Entitlement of all general services ###################################################################### -resource "btp_subaccount_entitlement" "name" { +resource "btp_subaccount_entitlement" "genentitlements" { for_each = { for index, entitlement in var.entitlements : index => entitlement } - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id service_name = each.value.service_name plan_name = each.value.plan_name } ###################################################################### -# Create app subscriptions +# Create app subscription to SAP Integration Suite ###################################################################### +resource "btp_subaccount_entitlement" "sap_integration_suite" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service_name__sap_integration_suite + plan_name = var.service_plan__sap_integration_suite +} + data "btp_subaccount_subscriptions" "all" { - subaccount_id = btp_subaccount.project.id - depends_on = [btp_subaccount_entitlement.name] + subaccount_id = data.btp_subaccount.project.id + depends_on = [ btp_subaccount_entitlement.sap_integration_suite ] } -resource "btp_subaccount_subscription" "app" { - subaccount_id = btp_subaccount.project.id - for_each = { - for index, entitlement in var.entitlements : - index => entitlement if contains(["app"], entitlement.type) - } +resource "btp_subaccount_subscription" "sap_integration_suite" { + subaccount_id = data.btp_subaccount.project.id app_name = [ for subscription in data.btp_subaccount_subscriptions.all.values : subscription - if subscription.commercial_app_name == each.value.service_name + if subscription.commercial_app_name == local.service_name__sap_integration_suite ][0].app_name - plan_name = each.value.plan_name + plan_name = var.service_plan__sap_integration_suite depends_on = [data.btp_subaccount_subscriptions.all] } -###################################################################### -# Assign Role Collection -###################################################################### +resource "btp_subaccount_role_collection_assignment" "int_prov" { + depends_on = [btp_subaccount_subscription.sap_integration_suite] + for_each = toset(var.int_provisioner) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Integration_Provisioner" + user_name = each.value +} + +# ###################################################################### +# # Create app subscription to SAP Business APplication Studio +# ###################################################################### + +resource "btp_subaccount_entitlement" "bas" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service__sap_business_app_studio + plan_name = var.service_plan__sap_business_app_studio +} + +# Create app subscription to busineass applicaiton stuido +resource "btp_subaccount_subscription" "bas" { + subaccount_id = data.btp_subaccount.project.id + app_name = local.service__sap_business_app_studio + plan_name = var.service_plan__sap_business_app_studio + depends_on = [btp_subaccount_entitlement.bas] +} resource "btp_subaccount_role_collection_assignment" "bas_dev" { - depends_on = [btp_subaccount_subscription.app] + depends_on = [btp_subaccount_subscription.bas] for_each = toset(var.appstudio_developers) - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id role_collection_name = "Business_Application_Studio_Developer" user_name = each.value } resource "btp_subaccount_role_collection_assignment" "bas_admn" { - depends_on = [btp_subaccount_subscription.app] + depends_on = [btp_subaccount_subscription.bas] for_each = toset(var.appstudio_admin) - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id role_collection_name = "Business_Application_Studio_Administrator" user_name = each.value } +###################################################################### +# Assign Role Collection +###################################################################### + resource "btp_subaccount_role_collection_assignment" "cloud_conn_admn" { - depends_on = [btp_subaccount_subscription.app] + depends_on = [btp_subaccount_entitlement.genentitlements] for_each = toset(var.cloudconnector_admin) - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id role_collection_name = "Cloud Connector Administrator" user_name = each.value } resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { - depends_on = [btp_subaccount_subscription.app] + depends_on = [btp_subaccount_entitlement.genentitlements] for_each = toset(var.conn_dest_admin) - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.project.id role_collection_name = "Connectivity and Destination Administrator" user_name = each.value } - -resource "btp_subaccount_role_collection_assignment" "int_prov" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.int_provisioner) - subaccount_id = btp_subaccount.project.id - role_collection_name = "Integration_Provisioner" - user_name = each.value -} diff --git a/released/discovery_center/mission_4356/provider.tf b/released/discovery_center/mission_4356/provider.tf index 8eba4d6d..42f664bf 100644 --- a/released/discovery_center/mission_4356/provider.tf +++ b/released/discovery_center/mission_4356/provider.tf @@ -12,8 +12,6 @@ terraform { provider "btp" { globalaccount = var.globalaccount cli_server_url = var.cli_server_url - username = var.username - password = var.password } diff --git a/released/discovery_center/mission_4356/samples.tfvars b/released/discovery_center/mission_4356/samples.tfvars index cef35613..b19885be 100644 --- a/released/discovery_center/mission_4356/samples.tfvars +++ b/released/discovery_center/mission_4356/samples.tfvars @@ -2,7 +2,7 @@ # Provider configuration # ------------------------------------------------------------------------------------------------------ # Your global account subdomain -globalaccount = "youraccount" +globalaccount = "ticoo" region = "us10" subaccount_name = "Discovery Center mission - build Events-to-Business actions" cf_environment_label = "cf-us10" @@ -10,11 +10,11 @@ cf_environment_label = "cf-us10" # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] -subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +subaccount_service_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -appstudio_developers = ["jane.doe@test.com", "john.doe@test.com"] -appstudio_admin = ["jane.doe@test.com", "john.doe@test.com"] -cloudconnector_admin = ["jane.doe@test.com", "john.doe@test.com"] -conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] -int_provisioner = ["jane.doe@test.com", "john.doe@test.com"] +appstudio_developers = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +appstudio_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +cloudconnector_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +conn_dest_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +int_provisioner = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] diff --git a/released/discovery_center/mission_4356/variables.tf b/released/discovery_center/mission_4356/variables.tf index 32ddd923..4e754f97 100644 --- a/released/discovery_center/mission_4356/variables.tf +++ b/released/discovery_center/mission_4356/variables.tf @@ -7,6 +7,13 @@ variable "globalaccount" { description = "The globalaccount subdomain." default = "yourglobalaccount" } + +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} + # subaccount variable "subaccount_name" { type = string @@ -46,6 +53,25 @@ variable "subaccount_service_admins" { default = ["jane.doe@test.com", "john.doe@test.com"] } +variable "service_plan__sap_integration_suite" { + type = string + description = "The plan for SAP Integration Suite" + default = "enterprise_agreement" + validation { + condition = contains(["enterprise_agreement"], var.service_plan__sap_integration_suite) + error_message = "Invalid value for service_plan__sap_integration_suite. Only 'enterprise_agreement' is allowed." + } +} + +variable "service_plan__sap_business_app_studio" { + type = string + description = "The plan for SAP Business Application Studio" + default = "standard-edition" + validation { + condition = contains(["standard-edition"], var.service_plan__sap_business_app_studio) + error_message = "Invalid value for service_plan__sap_business_app_studio. Only 'standard-edition' is allowed." + } +} ### # Entitlements @@ -73,20 +99,10 @@ variable "entitlements" { plan_name = "app-host", type = "service" }, - { - service_name = "sapappstudio" - plan_name = "standard-edition", - type = "app" - }, { service_name = "xsuaa" plan_name = "application", type = "service" - }, - { - service_name = "integrationsuite" - plan_name = "enterprise_agreement", - type = "app" } ] } @@ -121,19 +137,6 @@ variable "int_provisioner" { default = ["jane.doe@test.com", "john.doe@test.com"] } -variable "username" { - description = "BTP username" - type = string - sensitive = false - -} - -variable "password" { - description = "BTP user password" - type = string - sensitive = true -} - # Cloudfoundry environment label variable "cf_environment_label" { type = string From 16b8cb84085dea8ee41fcd921f822490eefb5e3e Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Tue, 2 Jul 2024 19:36:52 +0530 Subject: [PATCH 19/25] 4033 and 4356 --- .../mission_4356 Stages/README.md | 58 ------ .../mission_4356 Stages/apply.sh | 14 -- .../mission_4356 Stages/step-1/main.tf | 176 ------------------ .../mission_4356 Stages/step-1/samples.tfvars | 20 -- .../mission_4356 Stages/step-2/main.tf | 7 - .../mission_4356 Stages/step-2/samples.tfvars | 20 -- .../mission_4356 Stages/step-2/variables.tf | 19 -- .../discovery_center/mission_4356/README.md | 35 +--- .../discovery_center/mission_4356/apply.sh | 14 ++ .../discovery_center/mission_4356/destroy.sh | 12 ++ .../discovery_center/mission_4356/locals.tf | 4 - .../discovery_center/mission_4356/provider.tf | 17 -- .../mission_4356/samples.tfvars | 20 +- .../step-1/locals.tf | 0 .../mission_4356/{ => step-1}/main.tf | 21 ++- .../step-1/output.tf | 0 .../step-1/provider.tf | 0 .../step-1/variables.tf | 8 + .../mission_4356/step-2/main.tf | 40 ++++ .../step-2/output.tf | 0 .../step-2/provider.tf | 0 .../mission_4356/step-2/variables.tf | 39 ++++ .../mission_4356/variables.tf | 145 --------------- 23 files changed, 145 insertions(+), 524 deletions(-) delete mode 100644 released/discovery_center/mission_4356 Stages/README.md delete mode 100644 released/discovery_center/mission_4356 Stages/apply.sh delete mode 100644 released/discovery_center/mission_4356 Stages/step-1/main.tf delete mode 100644 released/discovery_center/mission_4356 Stages/step-1/samples.tfvars delete mode 100644 released/discovery_center/mission_4356 Stages/step-2/main.tf delete mode 100644 released/discovery_center/mission_4356 Stages/step-2/samples.tfvars delete mode 100644 released/discovery_center/mission_4356 Stages/step-2/variables.tf create mode 100755 released/discovery_center/mission_4356/apply.sh create mode 100755 released/discovery_center/mission_4356/destroy.sh delete mode 100644 released/discovery_center/mission_4356/locals.tf delete mode 100644 released/discovery_center/mission_4356/provider.tf rename released/discovery_center/{mission_4356 Stages => mission_4356}/step-1/locals.tf (100%) rename released/discovery_center/mission_4356/{ => step-1}/main.tf (91%) rename released/discovery_center/{mission_4356 Stages => mission_4356}/step-1/output.tf (100%) rename released/discovery_center/{mission_4356 Stages => mission_4356}/step-1/provider.tf (100%) rename released/discovery_center/{mission_4356 Stages => mission_4356}/step-1/variables.tf (96%) create mode 100644 released/discovery_center/mission_4356/step-2/main.tf rename released/discovery_center/{mission_4356 Stages => mission_4356}/step-2/output.tf (100%) rename released/discovery_center/{mission_4356 Stages => mission_4356}/step-2/provider.tf (100%) create mode 100644 released/discovery_center/mission_4356/step-2/variables.tf delete mode 100644 released/discovery_center/mission_4356/variables.tf diff --git a/released/discovery_center/mission_4356 Stages/README.md b/released/discovery_center/mission_4356 Stages/README.md deleted file mode 100644 index 9936cf77..00000000 --- a/released/discovery_center/mission_4356 Stages/README.md +++ /dev/null @@ -1,58 +0,0 @@ -# Discovery Center Mission: Discovery Center mission - Deliver Connected Experiences with a single view of Material Availability - -## Overview - -This sample shows how to create a landscape for the Discovery Center Mission - [Deliver Connected Experiences with a single view of Material Availability](https://discovery-center.cloud.sap/missiondetail/4356/) - -## Content of setup - -The setup comprises the following resources: - -- Creation of the SAP BTP subaccount -- Entitlements of services -- Subscriptions to applications -- Role collection assignments to users -- Creation of CF environments -- Management of users and roles on org and space level - -## Deploying the resources - -To deploy the resources you must: - -1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider - - ```hcl - username = "" - password = "" - ``` - -2. Change the variables in the `samples.tfvars` file to meet your requirements - - > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. - - -3. Initialize your workspace: - - ```bash - terraform init - ``` - -4. You can check what Terraform plans to apply based on your configuration: - - ```bash - terraform plan -var-file="sample.tfvars" - ``` - -5. Apply your configuration to provision the resources: - - ```bash - terraform apply -var-file="sample.tfvars" - ``` - -## In the end - -You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: - -```bash -terraform destroy -``` diff --git a/released/discovery_center/mission_4356 Stages/apply.sh b/released/discovery_center/mission_4356 Stages/apply.sh deleted file mode 100644 index b2f9e2bd..00000000 --- a/released/discovery_center/mission_4356 Stages/apply.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -cd step-1 - -terraform init -terraform apply -var-file=samples.tfvars -auto-approve -terraform output > ../step-2/samples.tfvars - -cd ../step-2 - -terraform init -terraform apply -var-file=samples.tfvars -auto-approve - -cd .. \ No newline at end of file diff --git a/released/discovery_center/mission_4356 Stages/step-1/main.tf b/released/discovery_center/mission_4356 Stages/step-1/main.tf deleted file mode 100644 index a3577465..00000000 --- a/released/discovery_center/mission_4356 Stages/step-1/main.tf +++ /dev/null @@ -1,176 +0,0 @@ -############################################################################################### -# Setup of names in accordance to naming convention -############################################################################################### -resource "random_uuid" "uuid" {} - -locals { - random_uuid = random_uuid.uuid.result - project_subaccount_domain = lower(replace("mission-4172-${local.random_uuid}", "_", "-")) - project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) -} - -############################################################################################### -# Creation of subaccount -############################################################################################### -resource "btp_subaccount" "project" { - count = var.subaccount_id == "" ? 1 : 0 - - name = var.subaccount_name - subdomain = local.project_subaccount_domain - region = lower(var.region) - usage = "USED_FOR_PRODUCTION" -} - -data "btp_subaccount" "project" { - id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.project[0].id -} - -############################################################################################### -# Assignment of users as sub account administrators -############################################################################################### -resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { - for_each = toset("${var.subaccount_admins}") - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "Subaccount Administrator" - user_name = each.value -} - -############################################################################################### -# Assignment of users as sub account service administrators -############################################################################################### -resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { - for_each = toset("${var.subaccount_service_admins}") - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "Subaccount Service Administrator" - user_name = each.value -} - -###################################################################### -# Extract list of CF landscape labels from environments -###################################################################### -data "btp_subaccount_environments" "all" { - subaccount_id = btp_subaccount.project.id -} - -locals { - cf_landscape_labels = [ - for env in data.btp_subaccount_environments.all.values : env.landscape_label - if env.environment_type == "cloudfoundry" - ] -} - - -###################################################################### -# Creation of Cloud Foundry environment -###################################################################### -resource "btp_subaccount_environment_instance" "cloudfoundry" { - subaccount_id = data.btp_subaccount.project.id - name = "cf-environment" - environment_type = "cloudfoundry" - service_name = "cloudfoundry" - plan_name = "standard" - landscape_label =local.cf_landscape_labels[0] - parameters = jsonencode({ - instance_name = local.project_subaccount_cf_org - }) -} - -###################################################################### -# Entitlement of all general services -###################################################################### -resource "btp_subaccount_entitlement" "genentitlements" { - for_each = { - for index, entitlement in var.entitlements : - index => entitlement - } - subaccount_id = data.btp_subaccount.project.id - service_name = each.value.service_name - plan_name = each.value.plan_name -} - -# ###################################################################### -# # Create app subscription to SAP Integration Suite -# ###################################################################### -# resource "btp_subaccount_entitlement" "sap_integration_suite" { -# subaccount_id = data.btp_subaccount.project.id -# service_name = local.service_name__sap_integration_suite -# plan_name = var.service_plan__sap_integration_suite -# } - -# data "btp_subaccount_subscriptions" "all" { -# subaccount_id = data.btp_subaccount.project.id -# depends_on = [ btp_subaccount_entitlement.sap_integration_suite ] -# } - -# resource "btp_subaccount_subscription" "sap_integration_suite" { -# subaccount_id = data.btp_subaccount.project.id -# app_name = [ -# for subscription in data.btp_subaccount_subscriptions.all.values : -# subscription -# if subscription.commercial_app_name == local.service_name__sap_integration_suite -# ][0].app_name -# plan_name = var.service_plan__sap_integration_suite -# depends_on = [data.btp_subaccount_subscriptions.all] -# } - -# resource "btp_subaccount_role_collection_assignment" "int_prov" { -# depends_on = [btp_subaccount_subscription.sap_integration_suite] -# for_each = toset(var.int_provisioner) -# subaccount_id = data.btp_subaccount.project.id -# role_collection_name = "Integration_Provisioner" -# user_name = each.value -# } - -# # ###################################################################### -# # # Create app subscription to SAP Business APplication Studio -# # ###################################################################### - -# resource "btp_subaccount_entitlement" "bas" { -# subaccount_id = data.btp_subaccount.project.id -# service_name = local.service__sap_business_app_studio -# plan_name = var.service_plan__sap_business_app_studio -# } - -# # Create app subscription to busineass applicaiton stuido -# resource "btp_subaccount_subscription" "bas" { -# subaccount_id = data.btp_subaccount.project.id -# app_name = local.service__sap_business_app_studio -# plan_name = var.service_plan__sap_business_app_studio -# depends_on = [btp_subaccount_entitlement.bas] -# } - -# resource "btp_subaccount_role_collection_assignment" "bas_dev" { -# depends_on = [btp_subaccount_subscription.bas] -# for_each = toset(var.appstudio_developers) -# subaccount_id = data.btp_subaccount.project.id -# role_collection_name = "Business_Application_Studio_Developer" -# user_name = each.value -# } - -# resource "btp_subaccount_role_collection_assignment" "bas_admn" { -# depends_on = [btp_subaccount_subscription.bas] -# for_each = toset(var.appstudio_admin) -# subaccount_id = data.btp_subaccount.project.id -# role_collection_name = "Business_Application_Studio_Administrator" -# user_name = each.value -# } - -# ###################################################################### -# # Assign Role Collection -# ###################################################################### - -# resource "btp_subaccount_role_collection_assignment" "cloud_conn_admn" { -# depends_on = [btp_subaccount_entitlement.genentitlements] -# for_each = toset(var.cloudconnector_admin) -# subaccount_id = data.btp_subaccount.project.id -# role_collection_name = "Cloud Connector Administrator" -# user_name = each.value -# } - -# resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { -# depends_on = [btp_subaccount_entitlement.genentitlements] -# for_each = toset(var.conn_dest_admin) -# subaccount_id = data.btp_subaccount.project.id -# role_collection_name = "Connectivity and Destination Administrator" -# user_name = each.value -# } diff --git a/released/discovery_center/mission_4356 Stages/step-1/samples.tfvars b/released/discovery_center/mission_4356 Stages/step-1/samples.tfvars deleted file mode 100644 index b19885be..00000000 --- a/released/discovery_center/mission_4356 Stages/step-1/samples.tfvars +++ /dev/null @@ -1,20 +0,0 @@ -# ------------------------------------------------------------------------------------------------------ -# Provider configuration -# ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "ticoo" -region = "us10" -subaccount_name = "Discovery Center mission - build Events-to-Business actions" -cf_environment_label = "cf-us10" - -# ------------------------------------------------------------------------------------------------------ -# Project specific configuration (please adapt!) -# ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -subaccount_service_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] - -appstudio_developers = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -appstudio_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -cloudconnector_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -conn_dest_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -int_provisioner = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] diff --git a/released/discovery_center/mission_4356 Stages/step-2/main.tf b/released/discovery_center/mission_4356 Stages/step-2/main.tf deleted file mode 100644 index c630b8bd..00000000 --- a/released/discovery_center/mission_4356 Stages/step-2/main.tf +++ /dev/null @@ -1,7 +0,0 @@ -###################################################################### -# Create space using CF provider -###################################################################### -resource "cloudfoundry_space" "dev" { - name = "DEV" - org = var.cf_org_id -} \ No newline at end of file diff --git a/released/discovery_center/mission_4356 Stages/step-2/samples.tfvars b/released/discovery_center/mission_4356 Stages/step-2/samples.tfvars deleted file mode 100644 index 88cb994e..00000000 --- a/released/discovery_center/mission_4356 Stages/step-2/samples.tfvars +++ /dev/null @@ -1,20 +0,0 @@ -# # ------------------------------------------------------------------------------------------------------ -# # Provider configuration -# # ------------------------------------------------------------------------------------------------------ -# # Your global account subdomain -# globalaccount = "ticoo" -# region = "us10" -# subaccount_name = "Discovery Center mission - build Events-to-Business actions" -# cf_environment_label = "cf-us10" - -# # ------------------------------------------------------------------------------------------------------ -# # Project specific configuration (please adapt!) -# # ------------------------------------------------------------------------------------------------------ -# subaccount_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -# subaccount_service_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] - -# appstudio_developers = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -# appstudio_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -# cloudconnector_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -# conn_dest_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -# int_provisioner = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] diff --git a/released/discovery_center/mission_4356 Stages/step-2/variables.tf b/released/discovery_center/mission_4356 Stages/step-2/variables.tf deleted file mode 100644 index e8e73e86..00000000 --- a/released/discovery_center/mission_4356 Stages/step-2/variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -variable "custom_idp_origin" { - type = string -} - -variable "cf_api_url" { - type = string -} - -variable "cf_landscape_label" { - type = string -} - -variable "cf_org_id" { - type = string -} - -variable "subaccount_id" { - type = string -} \ No newline at end of file diff --git a/released/discovery_center/mission_4356/README.md b/released/discovery_center/mission_4356/README.md index 9936cf77..2fc17e02 100644 --- a/released/discovery_center/mission_4356/README.md +++ b/released/discovery_center/mission_4356/README.md @@ -19,40 +19,15 @@ The setup comprises the following resources: To deploy the resources you must: -1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider +1. Export environment variables BTP_USERNAME, BTP_PASSWORD, CF_USER, and CF_PASSWORD with your username and password for the custom IdP of your global account. - ```hcl - username = "" - password = "" - ``` - -2. Change the variables in the `samples.tfvars` file to meet your requirements +2. Change the variables in the `samples.tfvars` file in the main folder to meet your requirements > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. +3. Execute the apply.sh script. -3. Initialize your workspace: - - ```bash - terraform init - ``` - -4. You can check what Terraform plans to apply based on your configuration: - - ```bash - terraform plan -var-file="sample.tfvars" - ``` - -5. Apply your configuration to provision the resources: - - ```bash - terraform apply -var-file="sample.tfvars" - ``` - -## In the end +4. Verify e.g., in BTP cockpit that a new subaccount with a integration suite, SAP Business Application Studio, CF environment instance and a CF space have been created. -You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: +5. Clean up by running the destroy.sh script. -```bash -terraform destroy -``` diff --git a/released/discovery_center/mission_4356/apply.sh b/released/discovery_center/mission_4356/apply.sh new file mode 100755 index 00000000..6e378ee1 --- /dev/null +++ b/released/discovery_center/mission_4356/apply.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +cd step-1 + +terraform init +terraform apply -var-file='../samples.tfvars' -auto-approve +terraform output > ../step-2/step1vars.tfvars + +cd ../step-2 + +terraform init +terraform apply -var-file=step1vars.tfvars -var-file='../samples.tfvars' -auto-approve + +cd .. \ No newline at end of file diff --git a/released/discovery_center/mission_4356/destroy.sh b/released/discovery_center/mission_4356/destroy.sh new file mode 100755 index 00000000..549e1c4e --- /dev/null +++ b/released/discovery_center/mission_4356/destroy.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +cd step-2 + +terraform destroy -var-file=step1vars.tfvars -var-file='../samples.tfvars' -auto-approve +rm samples.tfvars + +cd ../step-1 + +terraform destroy -var-file='../samples.tfvars' -auto-approve + +cd .. \ No newline at end of file diff --git a/released/discovery_center/mission_4356/locals.tf b/released/discovery_center/mission_4356/locals.tf deleted file mode 100644 index bc48719d..00000000 --- a/released/discovery_center/mission_4356/locals.tf +++ /dev/null @@ -1,4 +0,0 @@ -locals { - service__sap_business_app_studio = "sapappstudio" - service_name__sap_integration_suite = "integrationsuite" -} \ No newline at end of file diff --git a/released/discovery_center/mission_4356/provider.tf b/released/discovery_center/mission_4356/provider.tf deleted file mode 100644 index 42f664bf..00000000 --- a/released/discovery_center/mission_4356/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_providers { - btp = { - source = "sap/btp" - version = "~> 1.4.0" - } - } -} - -# Please checkout documentation on how best to authenticate against SAP BTP -# via the Terraform provider for SAP BTP -provider "btp" { - globalaccount = var.globalaccount - cli_server_url = var.cli_server_url -} - - diff --git a/released/discovery_center/mission_4356/samples.tfvars b/released/discovery_center/mission_4356/samples.tfvars index b19885be..db6e9ab5 100644 --- a/released/discovery_center/mission_4356/samples.tfvars +++ b/released/discovery_center/mission_4356/samples.tfvars @@ -1,20 +1,18 @@ -# ------------------------------------------------------------------------------------------------------ -# Provider configuration -# ------------------------------------------------------------------------------------------------------ -# Your global account subdomain globalaccount = "ticoo" region = "us10" -subaccount_name = "Discovery Center mission - build Events-to-Business actions" -cf_environment_label = "cf-us10" +subaccount_name = "Discovery Center mission - Deliver Connected Experiences with a single view of Material Availability" +cf_org_name = "cf-environment" -# ------------------------------------------------------------------------------------------------------ -# Project specific configuration (please adapt!) -# ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -subaccount_service_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] +subaccount_admins = ["m.palavalli1@sap.com"] +subaccount_service_admins = ["m.palavalli1@sap.com"] appstudio_developers = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] appstudio_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] cloudconnector_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] conn_dest_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] int_provisioner = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] + +cf_space_developers = ["m.palavalli1@sap.com"] +cf_space_managers = [ "m.palavalli1@sap.com"] +cf_org_admins = ["m.palavalli1@sap.com"] +cf_org_users = ["m.palavalli1@sap.com"] diff --git a/released/discovery_center/mission_4356 Stages/step-1/locals.tf b/released/discovery_center/mission_4356/step-1/locals.tf similarity index 100% rename from released/discovery_center/mission_4356 Stages/step-1/locals.tf rename to released/discovery_center/mission_4356/step-1/locals.tf diff --git a/released/discovery_center/mission_4356/main.tf b/released/discovery_center/mission_4356/step-1/main.tf similarity index 91% rename from released/discovery_center/mission_4356/main.tf rename to released/discovery_center/mission_4356/step-1/main.tf index 7e56333b..6ab8a2e7 100644 --- a/released/discovery_center/mission_4356/main.tf +++ b/released/discovery_center/mission_4356/step-1/main.tf @@ -45,16 +45,31 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" user_name = each.value } +###################################################################### +# Extract list of CF landscape labels from environments +###################################################################### +data "btp_subaccount_environments" "all" { + subaccount_id = data.btp_subaccount.project.id +} + +locals { + cf_landscape_labels = [ + for env in data.btp_subaccount_environments.all.values : env.landscape_label + if env.environment_type == "cloudfoundry" + ] +} + + ###################################################################### # Creation of Cloud Foundry environment ###################################################################### -resource "btp_subaccount_environment_instance" "cf" { +resource "btp_subaccount_environment_instance" "cloudfoundry" { subaccount_id = data.btp_subaccount.project.id - name = local.project_subaccount_cf_org + name = var.cf_org_name environment_type = "cloudfoundry" service_name = "cloudfoundry" plan_name = "standard" - landscape_label = var.cf_environment_label + landscape_label =local.cf_landscape_labels[0] parameters = jsonencode({ instance_name = local.project_subaccount_cf_org }) diff --git a/released/discovery_center/mission_4356 Stages/step-1/output.tf b/released/discovery_center/mission_4356/step-1/output.tf similarity index 100% rename from released/discovery_center/mission_4356 Stages/step-1/output.tf rename to released/discovery_center/mission_4356/step-1/output.tf diff --git a/released/discovery_center/mission_4356 Stages/step-1/provider.tf b/released/discovery_center/mission_4356/step-1/provider.tf similarity index 100% rename from released/discovery_center/mission_4356 Stages/step-1/provider.tf rename to released/discovery_center/mission_4356/step-1/provider.tf diff --git a/released/discovery_center/mission_4356 Stages/step-1/variables.tf b/released/discovery_center/mission_4356/step-1/variables.tf similarity index 96% rename from released/discovery_center/mission_4356 Stages/step-1/variables.tf rename to released/discovery_center/mission_4356/step-1/variables.tf index 48a4d924..4cf8a08e 100644 --- a/released/discovery_center/mission_4356 Stages/step-1/variables.tf +++ b/released/discovery_center/mission_4356/step-1/variables.tf @@ -20,6 +20,14 @@ variable "subaccount_name" { description = "The subaccount name." default = "UC - Deliver Connected Experiences with a single view of Material Availability" } + +# cf org name +variable "cf_org_name" { + type = string + description = "Cloud Foundry Org Name" + default = "cloud-foundry" +} + # Region variable "region" { type = string diff --git a/released/discovery_center/mission_4356/step-2/main.tf b/released/discovery_center/mission_4356/step-2/main.tf new file mode 100644 index 00000000..76c4de91 --- /dev/null +++ b/released/discovery_center/mission_4356/step-2/main.tf @@ -0,0 +1,40 @@ +###################################################################### +# Create space using CF provider +###################################################################### +resource "cloudfoundry_space" "dev" { + name = "DEV" + org = var.cf_org_id +} + +###################################################################### +# add org and space users and managers +###################################################################### +resource "cloudfoundry_org_role" "organization_user" { + for_each = toset(var.cf_org_users) + username = each.value + type = "organization_user" + org = var.cf_org_id +} + +resource "cloudfoundry_org_role" "organization_manager" { + for_each = toset(var.cf_org_admins) + username = each.value + type = "organization_manager" + org = var.cf_org_id +} + +resource "cloudfoundry_space_role" "space_developer" { + for_each = toset(var.cf_space_developers) + username = each.value + type = "space_developer" + space = cloudfoundry_space.dev.id + depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] +} + +resource "cloudfoundry_space_role" "space_manager" { + for_each = toset(var.cf_space_managers) + username = each.value + type = "space_manager" + space = cloudfoundry_space.dev.id + depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] +} \ No newline at end of file diff --git a/released/discovery_center/mission_4356 Stages/step-2/output.tf b/released/discovery_center/mission_4356/step-2/output.tf similarity index 100% rename from released/discovery_center/mission_4356 Stages/step-2/output.tf rename to released/discovery_center/mission_4356/step-2/output.tf diff --git a/released/discovery_center/mission_4356 Stages/step-2/provider.tf b/released/discovery_center/mission_4356/step-2/provider.tf similarity index 100% rename from released/discovery_center/mission_4356 Stages/step-2/provider.tf rename to released/discovery_center/mission_4356/step-2/provider.tf diff --git a/released/discovery_center/mission_4356/step-2/variables.tf b/released/discovery_center/mission_4356/step-2/variables.tf new file mode 100644 index 00000000..c75d61a9 --- /dev/null +++ b/released/discovery_center/mission_4356/step-2/variables.tf @@ -0,0 +1,39 @@ +variable "cf_api_url" { + type = string +} + +variable "cf_landscape_label" { + type = string +} + +variable "cf_org_id" { + type = string +} + +variable "subaccount_id" { + type = string +} + +variable "cf_space_developers" { + type = list(string) + description = "CF Space developers" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_space_managers" { + type = list(string) + description = "CF Space managers" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_org_admins" { + type = list(string) + description = "CF Org Admins" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "cf_org_users" { + type = list(string) + description = "CF Org Users" + default = ["jane.doe@test.com", "john.doe@test.com"] +} diff --git a/released/discovery_center/mission_4356/variables.tf b/released/discovery_center/mission_4356/variables.tf deleted file mode 100644 index 4e754f97..00000000 --- a/released/discovery_center/mission_4356/variables.tf +++ /dev/null @@ -1,145 +0,0 @@ -###################################################################### -# Customer account setup -###################################################################### -# subaccount -variable "globalaccount" { - type = string - description = "The globalaccount subdomain." - default = "yourglobalaccount" -} - -variable "subaccount_id" { - type = string - description = "The subaccount ID." - default = "" -} - -# subaccount -variable "subaccount_name" { - type = string - description = "The subaccount name." - default = "UC - Deliver Connected Experiences with a single view of Material Availability" -} -# Region -variable "region" { - type = string - description = "The region where the project account shall be created in." - default = "us10" -} - -# hana password -variable "hana_cloud_system_password" { - type = string - description = "The system password for the hana_cloud service instance." - default = "Abcd1234" -} - -# CLI server -variable "cli_server_url" { - type = string - description = "The BTP CLI server URL." - default = "https://cpcli.cf.eu10.hana.ondemand.com" -} - -variable "subaccount_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "subaccount_service_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "service_plan__sap_integration_suite" { - type = string - description = "The plan for SAP Integration Suite" - default = "enterprise_agreement" - validation { - condition = contains(["enterprise_agreement"], var.service_plan__sap_integration_suite) - error_message = "Invalid value for service_plan__sap_integration_suite. Only 'enterprise_agreement' is allowed." - } -} - -variable "service_plan__sap_business_app_studio" { - type = string - description = "The plan for SAP Business Application Studio" - default = "standard-edition" - validation { - condition = contains(["standard-edition"], var.service_plan__sap_business_app_studio) - error_message = "Invalid value for service_plan__sap_business_app_studio. Only 'standard-edition' is allowed." - } -} - -### -# Entitlements -### -variable "entitlements" { - type = list(object({ - service_name = string - plan_name = string - type = string - })) - description = "The list of entitlements that shall be added to the subaccount." - default = [ - { - service_name = "connectivity" - plan_name = "lite", - type = "service" - }, - { - service_name = "destination" - plan_name = "lite", - type = "service" - }, - { - service_name = "html5-apps-repo" - plan_name = "app-host", - type = "service" - }, - { - service_name = "xsuaa" - plan_name = "application", - type = "service" - } - ] -} - -variable "appstudio_developers" { - type = list(string) - description = "Business Application Studio Developer" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "appstudio_admin" { - type = list(string) - description = "Business Application Studio Administrator" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cloudconnector_admin" { - type = list(string) - description = "Cloud Connector Administrator" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "conn_dest_admin" { - type = list(string) - description = "Connectivity and Destination Administrator" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "int_provisioner" { - type = list(string) - description = "Integration Provisioner" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -# Cloudfoundry environment label -variable "cf_environment_label" { - type = string - description = "The Cloudfoundry environment label" - default = "cf-us10" -} From c11a007cc47dac3555aaf81926c7487f18504d13 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Tue, 2 Jul 2024 14:45:57 +0000 Subject: [PATCH 20/25] update variables --- .../discovery_center/mission_4033/README.md | 8 +- .../discovery_center/mission_4033/locals.tf | 4 +- .../discovery_center/mission_4033/main.tf | 24 ++--- .../mission_4033/sample.tfvars | 36 ++++++++ .../mission_4033/samples.tfvars | 35 -------- .../mission_4033/variables.tf | 88 ++++++++++++++----- 6 files changed, 119 insertions(+), 76 deletions(-) create mode 100644 released/discovery_center/mission_4033/sample.tfvars delete mode 100644 released/discovery_center/mission_4033/samples.tfvars diff --git a/released/discovery_center/mission_4033/README.md b/released/discovery_center/mission_4033/README.md index 84e4b130..4c42264b 100644 --- a/released/discovery_center/mission_4033/README.md +++ b/released/discovery_center/mission_4033/README.md @@ -18,11 +18,11 @@ The setup comprises the following resources: To deploy the resources you must: -1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider +1. Set the environment variables BTP_USERNAME and BTP_PASSWORD to pass credentials to the BTP provider to authenticate and interact with your BTP environments. - ```hcl - username = "" - password = "" + ```bash + export BTP_USERNAME= + export BTP_PASSWORD= ``` 2. Change the variables in the `samples.tfvars` file to meet your requirements diff --git a/released/discovery_center/mission_4033/locals.tf b/released/discovery_center/mission_4033/locals.tf index 9942c552..b920c29a 100644 --- a/released/discovery_center/mission_4033/locals.tf +++ b/released/discovery_center/mission_4033/locals.tf @@ -1,5 +1,5 @@ locals { - service_name__sap_build_apps = "sap-build-apps" + service_name__sap_build_apps = "sap-build-apps" service_name__sap_process_automation = "process-automation" - service_name__sap_integration_suite = "integrationsuite" + service_name__sap_integration_suite = "integrationsuite" } \ No newline at end of file diff --git a/released/discovery_center/mission_4033/main.tf b/released/discovery_center/mission_4033/main.tf index 07acb822..3a5c9f00 100644 --- a/released/discovery_center/mission_4033/main.tf +++ b/released/discovery_center/mission_4033/main.tf @@ -30,14 +30,14 @@ data "btp_subaccount" "project" { # Assignment of emergency admins to the sub account as sub account administrators ############################################################################################### resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { - for_each = toset("${var.subaccount_admins}") + for_each = toset(var.subaccount_admins) subaccount_id = data.btp_subaccount.project.id role_collection_name = "Subaccount Administrator" user_name = each.value } resource "btp_subaccount_role_collection_assignment" "subaccount_service_admin" { - for_each = toset("${var.subaccount_service_admins}") + for_each = toset(var.subaccount_service_admins) subaccount_id = data.btp_subaccount.project.id role_collection_name = "Subaccount Service Administrator" user_name = each.value @@ -132,7 +132,7 @@ resource "btp_subaccount_entitlement" "genentitlements" { resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { depends_on = [btp_subaccount_entitlement.genentitlements] - for_each = toset(var.conn_dest_admin) + for_each = toset(var.conn_dest_admins) subaccount_id = data.btp_subaccount.project.id role_collection_name = "Connectivity and Destination Administrator" user_name = each.value @@ -149,7 +149,7 @@ resource "btp_subaccount_entitlement" "sap_integration_suite" { data "btp_subaccount_subscriptions" "all" { subaccount_id = data.btp_subaccount.project.id - depends_on = [ btp_subaccount_entitlement.sap_integration_suite ] + depends_on = [btp_subaccount_entitlement.sap_integration_suite] } resource "btp_subaccount_subscription" "sap_integration_suite" { @@ -165,7 +165,7 @@ resource "btp_subaccount_subscription" "sap_integration_suite" { resource "btp_subaccount_role_collection_assignment" "int_prov" { depends_on = [btp_subaccount_subscription.sap_integration_suite] - for_each = toset(var.int_provisioner) + for_each = toset(var.int_provisioners) subaccount_id = data.btp_subaccount.project.id role_collection_name = "Integration_Provisioner" user_name = each.value @@ -191,7 +191,7 @@ resource "btp_subaccount_subscription" "build_process_automation" { resource "btp_subaccount_role_collection_assignment" "sbpa_admin" { depends_on = [btp_subaccount_subscription.build_process_automation] - for_each = toset(var.ProcessAutomationAdmin) + for_each = toset(var.process_automation_admins) subaccount_id = data.btp_subaccount.project.id role_collection_name = "ProcessAutomationAdmin" user_name = each.value @@ -199,7 +199,7 @@ resource "btp_subaccount_role_collection_assignment" "sbpa_admin" { resource "btp_subaccount_role_collection_assignment" "sbpa_dev" { depends_on = [btp_subaccount_subscription.build_process_automation] - for_each = toset(var.ProcessAutomationAdmin) + for_each = toset(var.process_automation_developers) subaccount_id = data.btp_subaccount.project.id role_collection_name = "ProcessAutomationAdmin" user_name = each.value @@ -207,7 +207,7 @@ resource "btp_subaccount_role_collection_assignment" "sbpa_dev" { resource "btp_subaccount_role_collection_assignment" "sbpa_part" { depends_on = [btp_subaccount_subscription.build_process_automation] - for_each = toset(var.ProcessAutomationParticipant) + for_each = toset(var.process_automation_participants) subaccount_id = data.btp_subaccount.project.id role_collection_name = "ProcessAutomationParticipant" user_name = each.value @@ -258,7 +258,7 @@ resource "btp_subaccount_role_collection" "build_apps_BuildAppsAdmin" { # Assign users to the role collection resource "btp_subaccount_role_collection_assignment" "build_apps_BuildAppsAdmin" { depends_on = [btp_subaccount_role_collection.build_apps_BuildAppsAdmin] - for_each = toset(var.users_BuildAppsAdmin) + for_each = toset(var.users_buildApps_admins) subaccount_id = data.btp_subaccount.project.id role_collection_name = "BuildAppsAdmin" user_name = each.value @@ -284,7 +284,7 @@ resource "btp_subaccount_role_collection" "build_apps_BuildAppsDeveloper" { # Assign users to the role collection resource "btp_subaccount_role_collection_assignment" "build_apps_BuildAppsDeveloper" { depends_on = [btp_subaccount_role_collection.build_apps_BuildAppsDeveloper] - for_each = toset(var.users_BuildAppsDeveloper) + for_each = toset(var.users_buildApps_developers) subaccount_id = data.btp_subaccount.project.id role_collection_name = "BuildAppsDeveloper" user_name = each.value @@ -310,7 +310,7 @@ resource "btp_subaccount_role_collection" "build_apps_RegistryAdmin" { # Assign users to the role collection resource "btp_subaccount_role_collection_assignment" "build_apps_RegistryAdmin" { depends_on = [btp_subaccount_role_collection.build_apps_RegistryAdmin] - for_each = toset(var.users_RegistryAdmin) + for_each = toset(var.users_registry_admins) subaccount_id = data.btp_subaccount.project.id role_collection_name = "RegistryAdmin" user_name = each.value @@ -336,7 +336,7 @@ resource "btp_subaccount_role_collection" "build_apps_RegistryDeveloper" { # Assign users to the role collection resource "btp_subaccount_role_collection_assignment" "build_apps_RegistryDeveloper" { depends_on = [btp_subaccount_role_collection.build_apps_RegistryDeveloper] - for_each = toset(var.users_RegistryDeveloper) + for_each = toset(var.users_registry_developers) subaccount_id = data.btp_subaccount.project.id role_collection_name = "RegistryDeveloper" user_name = each.value diff --git a/released/discovery_center/mission_4033/sample.tfvars b/released/discovery_center/mission_4033/sample.tfvars new file mode 100644 index 00000000..52011a29 --- /dev/null +++ b/released/discovery_center/mission_4033/sample.tfvars @@ -0,0 +1,36 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ +# Your global account subdomain +globalaccount = "yourglobalaccount" +region = "us10" +subaccount_name = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration 1" +custom_idp = "xxxxxxxxxxxxx.accounts.ondemand.com" + +kyma_instance = { + name = "my-kyma-environment" + region = "us-east-1" + machine_type = "mx5.xlarge" + auto_scaler_min = 3 + auto_scaler_max = 20 + createtimeout = "1h" + updatetimeout = "35m" + deletetimeout = "1h" +} + +# ------------------------------------------------------------------------------------------------------ +# Project specific configuration (please adapt!) +# ------------------------------------------------------------------------------------------------------ + +subaccount_admins = ["another.user@test.com"] +subaccount_service_admins = ["another.user@test.com"] +conn_dest_admins = ["another.user@test.com"] +int_provisioners = ["another.user@test.com"] +users_buildApps_admins = ["another.user@test.com"] +users_registry_admins = ["another.user@test.com"] +users_buildApps_developers = ["another.user@test.com"] +users_registry_developers = ["another.user@test.com"] +process_automation_admins = ["another.user@test.com"] +process_automation_developers = ["another.user@test.com"] +process_automation_participants = ["another.user@test.com"] + diff --git a/released/discovery_center/mission_4033/samples.tfvars b/released/discovery_center/mission_4033/samples.tfvars deleted file mode 100644 index 2829787a..00000000 --- a/released/discovery_center/mission_4033/samples.tfvars +++ /dev/null @@ -1,35 +0,0 @@ -# ------------------------------------------------------------------------------------------------------ -# Provider configuration -# ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "ticoo" -region = "us10" -subaccount_name = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration 1" -custom_idp = "ag6010bvf.accounts.ondemand.com" - -kyma_instance = { - name = "my-kyma-environment" - region = "us-east-1" - machine_type = "mx5.xlarge" - auto_scaler_min = 3 - auto_scaler_max = 20 - createtimeout = "1h" - updatetimeout = "35m" - deletetimeout = "1h" -} - -# ------------------------------------------------------------------------------------------------------ -# Project specific configuration (please adapt!) -# ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -subaccount_service_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -emergency_admins = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -conn_dest_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -int_provisioner = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -users_BuildAppsAdmin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -users_RegistryAdmin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -users_BuildAppsDeveloper = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -users_RegistryDeveloper = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -ProcessAutomationAdmin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -ProcessAutomationDeveloper = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] -ProcessAutomationParticipant = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] diff --git a/released/discovery_center/mission_4033/variables.tf b/released/discovery_center/mission_4033/variables.tf index 8fca2772..c61cf79b 100644 --- a/released/discovery_center/mission_4033/variables.tf +++ b/released/discovery_center/mission_4033/variables.tf @@ -31,7 +31,7 @@ variable "region" { variable "cli_server_url" { type = string description = "The BTP CLI server URL." - default = "https://cpcli.cf.eu10.hana.ondemand.com" + default = "https://cli.btp.cloud.sap" } variable "subaccount_admins" { @@ -44,11 +44,6 @@ variable "subaccount_service_admins" { description = "Defines the colleagues who are added to each subaccount as Subaccount service administrators." } -variable "emergency_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as Subaccount service administrators." -} - variable "service_plan__sap_build_apps" { type = string description = "The plan for SAP Build Apps subscription" @@ -129,16 +124,27 @@ variable "kyma_instance" { type = object({ deletetimeout = string }) } -variable "conn_dest_admin" { +variable "conn_dest_admins" { type = list(string) description = "Connectivity and Destination Administrator" - default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.conn_dest_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.conn_dest_admins) + error_message = "Please enter a valid email address for the CF space managers." + } } -variable "int_provisioner" { +variable "int_provisioners" { type = list(string) description = "Integration Provisioner" - default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.int_provisioners : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.int_provisioners) + error_message = "Please enter a valid email address for the CF space managers." + } + } variable "custom_idp" { @@ -152,44 +158,80 @@ variable "custom_idp" { } } -variable "users_BuildAppsAdmin" { +variable "users_buildApps_admins" { type = list(string) description = "Defines the colleagues who have the role of 'BuildAppsAdmin' in SAP Build Apps." - default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.users_buildApps_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.users_buildApps_admins) + error_message = "Please enter a valid email address for the CF space managers." + } } -variable "users_BuildAppsDeveloper" { +variable "users_buildApps_developers" { type = list(string) description = "Defines the colleagues who have the role of 'BuildAppsDeveloper' in SAP Build Apps." - default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.users_buildApps_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.users_buildApps_developers) + error_message = "Please enter a valid email address for the CF space managers." + } } -variable "users_RegistryAdmin" { +variable "users_registry_admins" { type = list(string) description = "Defines the colleagues who have the role of 'RegistryAdmin' in SAP Build Apps." - default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.users_registry_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.users_registry_admins) + error_message = "Please enter a valid email address for the CF space managers." + } } -variable "users_RegistryDeveloper" { +variable "users_registry_developers" { type = list(string) description = "Defines the colleagues who have the role of RegistryDeveloper' in SAP Build Apps." - default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.users_registry_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.users_registry_developers) + error_message = "Please enter a valid email address for the CF space managers." + } } -variable "ProcessAutomationAdmin" { +variable "process_automation_admins" { type = list(string) description = "Defines the users who have the role of ProcessAutomationAdmin in SAP Build Process Automation" - default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.process_automation_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.process_automation_admins) + error_message = "Please enter a valid email address for the CF space managers." + } } -variable "ProcessAutomationDeveloper" { +variable "process_automation_developers" { type = list(string) description = "Defines the users who have the role of ProcessAutomationDeveloper in SAP Build Process Automation" - default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.process_automation_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.process_automation_developers) + error_message = "Please enter a valid email address for the CF space managers." + } } -variable "ProcessAutomationParticipant" { +variable "process_automation_participants" { type = list(string) description = "Defines the users who have the role of ProcessAutomationParticipant in SAP Build Process Automation" default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.process_automation_participants : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.process_automation_participants) + error_message = "Please enter a valid email address for the CF space managers." + } } \ No newline at end of file From 4db86c8013ab61a54f441fa72115cd558c163214 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Tue, 2 Jul 2024 14:50:20 +0000 Subject: [PATCH 21/25] rename folders --- .../discovery_center/mission_4356/{step-1 => step1}/locals.tf | 0 released/discovery_center/mission_4356/{step-1 => step1}/main.tf | 0 .../discovery_center/mission_4356/{step-1 => step1}/output.tf | 0 .../discovery_center/mission_4356/{step-1 => step1}/provider.tf | 0 .../discovery_center/mission_4356/{step-1 => step1}/variables.tf | 0 released/discovery_center/mission_4356/{step-2 => step2}/main.tf | 0 .../discovery_center/mission_4356/{step-2 => step2}/output.tf | 0 .../discovery_center/mission_4356/{step-2 => step2}/provider.tf | 0 .../discovery_center/mission_4356/{step-2 => step2}/variables.tf | 0 9 files changed, 0 insertions(+), 0 deletions(-) rename released/discovery_center/mission_4356/{step-1 => step1}/locals.tf (100%) rename released/discovery_center/mission_4356/{step-1 => step1}/main.tf (100%) rename released/discovery_center/mission_4356/{step-1 => step1}/output.tf (100%) rename released/discovery_center/mission_4356/{step-1 => step1}/provider.tf (100%) rename released/discovery_center/mission_4356/{step-1 => step1}/variables.tf (100%) rename released/discovery_center/mission_4356/{step-2 => step2}/main.tf (100%) rename released/discovery_center/mission_4356/{step-2 => step2}/output.tf (100%) rename released/discovery_center/mission_4356/{step-2 => step2}/provider.tf (100%) rename released/discovery_center/mission_4356/{step-2 => step2}/variables.tf (100%) diff --git a/released/discovery_center/mission_4356/step-1/locals.tf b/released/discovery_center/mission_4356/step1/locals.tf similarity index 100% rename from released/discovery_center/mission_4356/step-1/locals.tf rename to released/discovery_center/mission_4356/step1/locals.tf diff --git a/released/discovery_center/mission_4356/step-1/main.tf b/released/discovery_center/mission_4356/step1/main.tf similarity index 100% rename from released/discovery_center/mission_4356/step-1/main.tf rename to released/discovery_center/mission_4356/step1/main.tf diff --git a/released/discovery_center/mission_4356/step-1/output.tf b/released/discovery_center/mission_4356/step1/output.tf similarity index 100% rename from released/discovery_center/mission_4356/step-1/output.tf rename to released/discovery_center/mission_4356/step1/output.tf diff --git a/released/discovery_center/mission_4356/step-1/provider.tf b/released/discovery_center/mission_4356/step1/provider.tf similarity index 100% rename from released/discovery_center/mission_4356/step-1/provider.tf rename to released/discovery_center/mission_4356/step1/provider.tf diff --git a/released/discovery_center/mission_4356/step-1/variables.tf b/released/discovery_center/mission_4356/step1/variables.tf similarity index 100% rename from released/discovery_center/mission_4356/step-1/variables.tf rename to released/discovery_center/mission_4356/step1/variables.tf diff --git a/released/discovery_center/mission_4356/step-2/main.tf b/released/discovery_center/mission_4356/step2/main.tf similarity index 100% rename from released/discovery_center/mission_4356/step-2/main.tf rename to released/discovery_center/mission_4356/step2/main.tf diff --git a/released/discovery_center/mission_4356/step-2/output.tf b/released/discovery_center/mission_4356/step2/output.tf similarity index 100% rename from released/discovery_center/mission_4356/step-2/output.tf rename to released/discovery_center/mission_4356/step2/output.tf diff --git a/released/discovery_center/mission_4356/step-2/provider.tf b/released/discovery_center/mission_4356/step2/provider.tf similarity index 100% rename from released/discovery_center/mission_4356/step-2/provider.tf rename to released/discovery_center/mission_4356/step2/provider.tf diff --git a/released/discovery_center/mission_4356/step-2/variables.tf b/released/discovery_center/mission_4356/step2/variables.tf similarity index 100% rename from released/discovery_center/mission_4356/step-2/variables.tf rename to released/discovery_center/mission_4356/step2/variables.tf From 9983ae0dfacee68cd068eb7539171ea69590cf42 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Tue, 2 Jul 2024 22:29:25 +0530 Subject: [PATCH 22/25] 4172 changes --- .../discovery_center/mission_4172/README.md | 36 +-- .../discovery_center/mission_4172/apply.sh | 14 + .../discovery_center/mission_4172/destroy.sh | 12 + .../discovery_center/mission_4172/main.tf | 173 ---------- .../discovery_center/mission_4172/provider.tf | 18 -- .../mission_4172/samples.tfvars | 43 +-- .../mission_4172/step1/locals.tf | 5 + .../mission_4172/step1/main.tf | 306 ++++++++++++++++++ .../mission_4172/step1/output.tf | 15 + .../mission_4172/step1/provider.tf | 16 + .../mission_4172/step1/variables.tf | 272 ++++++++++++++++ .../mission_4172/step2/main.tf | 40 +++ .../mission_4172/step2/output.tf | 19 ++ .../mission_4172/step2/provider.tf | 16 + .../mission_4172/step2/variables.tf | 59 ++++ .../mission_4172/variables.tf | 163 ---------- 16 files changed, 803 insertions(+), 404 deletions(-) create mode 100755 released/discovery_center/mission_4172/apply.sh create mode 100755 released/discovery_center/mission_4172/destroy.sh delete mode 100644 released/discovery_center/mission_4172/main.tf delete mode 100644 released/discovery_center/mission_4172/provider.tf create mode 100644 released/discovery_center/mission_4172/step1/locals.tf create mode 100644 released/discovery_center/mission_4172/step1/main.tf create mode 100644 released/discovery_center/mission_4172/step1/output.tf create mode 100644 released/discovery_center/mission_4172/step1/provider.tf create mode 100644 released/discovery_center/mission_4172/step1/variables.tf create mode 100644 released/discovery_center/mission_4172/step2/main.tf create mode 100644 released/discovery_center/mission_4172/step2/output.tf create mode 100644 released/discovery_center/mission_4172/step2/provider.tf create mode 100644 released/discovery_center/mission_4172/step2/variables.tf delete mode 100644 released/discovery_center/mission_4172/variables.tf diff --git a/released/discovery_center/mission_4172/README.md b/released/discovery_center/mission_4172/README.md index 0055c17a..aaf708d9 100644 --- a/released/discovery_center/mission_4172/README.md +++ b/released/discovery_center/mission_4172/README.md @@ -19,40 +19,14 @@ The setup comprises the following resources: To deploy the resources you must: -1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider +1. Export environment variables BTP_USERNAME, BTP_PASSWORD, CF_USER, and CF_PASSWORD with your username and password for the custom IdP of your global account. - ```hcl - username = "" - password = "" - ``` - -2. Change the variables in the `samples.tfvars` file to meet your requirements +2. Change the variables in the `samples.tfvars` file in the main folder to meet your requirements > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. +3. Execute the apply.sh script. -3. Initialize your workspace: - - ```bash - terraform init - ``` - -4. You can check what Terraform plans to apply based on your configuration: - - ```bash - terraform plan -var-file="sample.tfvars" - ``` - -5. Apply your configuration to provision the resources: - - ```bash - terraform apply -var-file="sample.tfvars" - ``` - -## In the end - -You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: +4. Verify e.g., in BTP cockpit that a new subaccount with a integration suite, SAP Business Application Studio, CF environment instance and a CF space have been created. -```bash -terraform destroy -``` +5. Clean up by running the destroy.sh script. \ No newline at end of file diff --git a/released/discovery_center/mission_4172/apply.sh b/released/discovery_center/mission_4172/apply.sh new file mode 100755 index 00000000..fb333585 --- /dev/null +++ b/released/discovery_center/mission_4172/apply.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +cd step1 + +terraform init +terraform apply -var-file='../samples.tfvars' -auto-approve +terraform output > ../step2/step1vars.tfvars + +cd ../step2 + +terraform init +terraform apply -var-file=step1vars.tfvars -var-file='../samples.tfvars' -auto-approve + +cd .. \ No newline at end of file diff --git a/released/discovery_center/mission_4172/destroy.sh b/released/discovery_center/mission_4172/destroy.sh new file mode 100755 index 00000000..c149b746 --- /dev/null +++ b/released/discovery_center/mission_4172/destroy.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +cd step2 + +terraform destroy -var-file=step1vars.tfvars -var-file='../samples.tfvars' -auto-approve +rm step1vars.tfvars + +cd ../step1 + +terraform destroy -var-file='../samples.tfvars' -auto-approve + +cd .. \ No newline at end of file diff --git a/released/discovery_center/mission_4172/main.tf b/released/discovery_center/mission_4172/main.tf deleted file mode 100644 index de83e6bc..00000000 --- a/released/discovery_center/mission_4172/main.tf +++ /dev/null @@ -1,173 +0,0 @@ -############################################################################################### -# Setup of names in accordance to naming convention -############################################################################################### -resource "random_uuid" "uuid" {} - -locals { - random_uuid = random_uuid.uuid.result - project_subaccount_domain = lower(replace("mission-4172-${local.random_uuid}", "_", "-")) - project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) -} - -############################################################################################### -# Creation of subaccount -############################################################################################### -resource "btp_subaccount" "project" { - name = var.subaccount_name - subdomain = local.project_subaccount_domain - region = lower(var.region) -} - -############################################################################################### -# Assignment of users as sub account administrators -############################################################################################### -resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { - for_each = toset("${var.subaccount_admins}") - subaccount_id = btp_subaccount.project.id - role_collection_name = "Subaccount Administrator" - user_name = each.value -} - -############################################################################################### -# Assignment of users as sub account service administrators -############################################################################################### -resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { - for_each = toset("${var.subaccount_service_admins}") - subaccount_id = btp_subaccount.project.id - role_collection_name = "Subaccount Service Administrator" - user_name = each.value -} - -###################################################################### -# Creation of Cloud Foundry environment -###################################################################### -resource "btp_subaccount_environment_instance" "cf" { - subaccount_id = btp_subaccount.project.id - name = local.project_subaccount_cf_org - environment_type = "cloudfoundry" - service_name = "cloudfoundry" - plan_name = "standard" - landscape_label = var.cf_environment_label - parameters = jsonencode({ - instance_name = local.project_subaccount_cf_org - }) -} - -###################################################################### -# Entitlement of all services and apps -###################################################################### -resource "btp_subaccount_entitlement" "name" { - for_each = { - for index, entitlement in var.entitlements : - index => entitlement - } - subaccount_id = btp_subaccount.project.id - service_name = each.value.service_name - plan_name = each.value.plan_name -} - -###################################################################### -# Create service instances (and service keys when needed) -###################################################################### -# hana plan id -data "btp_subaccount_service_plan" "hana_plan" { - subaccount_id = btp_subaccount.project.id - name = "hana" - offering_name = "hana-cloud" - depends_on = [btp_subaccount_entitlement.name] -} - -# hana-cloud -resource "btp_subaccount_service_instance" "hana_instance" { - depends_on = [data.btp_subaccount_service_plan.hana_plan] - name = "hana_cloud_instance" - serviceplan_id = data.btp_subaccount_service_plan.hana_plan.id - subaccount_id = btp_subaccount.project.id - parameters = jsonencode({ "data" : { "memory" : 32, "edition" : "cloud", "systempassword" : "Abcd1234", "whitelistIPs" : ["0.0.0.0/0"] } }) -} - -###################################################################### -# Assign custom IDP to sub account -###################################################################### -resource "btp_subaccount_trust_configuration" "fully_customized" { - subaccount_id = btp_subaccount.project.id - identity_provider = var.custom_idp -} - -###################################################################### -# Create app subscriptions -###################################################################### -data "btp_subaccount_subscriptions" "all" { - subaccount_id = btp_subaccount.project.id - depends_on = [btp_subaccount_entitlement.name] -} - -resource "btp_subaccount_subscription" "app" { - subaccount_id = btp_subaccount.project.id - for_each = { - for index, entitlement in var.entitlements : - index => entitlement if contains(["app"], entitlement.type) - } - app_name = [ - for subscription in data.btp_subaccount_subscriptions.all.values : - subscription - if subscription.commercial_app_name == each.value.service_name - ][0].app_name - plan_name = each.value.plan_name - depends_on = [data.btp_subaccount_subscriptions.all, btp_subaccount_trust_configuration.fully_customized] -} - -###################################################################### -# Role Collections -###################################################################### -resource "btp_subaccount_role_collection_assignment" "bas_dev" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.appstudio_developers) - subaccount_id = btp_subaccount.project.id - role_collection_name = "Business_Application_Studio_Developer" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "bas_admn" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.appstudio_admin) - subaccount_id = btp_subaccount.project.id - role_collection_name = "Business_Application_Studio_Administrator" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "cloud_conn_admn" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.cloudconnector_admin) - subaccount_id = btp_subaccount.project.id - role_collection_name = "Cloud Connector Administrator" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { - depends_on = [btp_subaccount_subscription.app] - for_each = toset(var.conn_dest_admin) - subaccount_id = btp_subaccount.project.id - role_collection_name = "Connectivity and Destination Administrator" - user_name = each.value -} - -###################################################################### -# Advanced Event Mesh -###################################################################### -resource "btp_subaccount_entitlement" "aem" { - subaccount_id = btp_subaccount.project.id - service_name = "integration-suite-advanced-event-mesh" - plan_name = "default" -} - -resource "btp_subaccount_subscription" "aem_app" { - subaccount_id = btp_subaccount.project.id - app_name = "integration-suite-advanced-event-mesh" - plan_name = "default" - parameters = jsonencode({ - "admin_user_email" : var.advanced_event_mesh_admin - }) - depends_on = [btp_subaccount_entitlement.aem] -} - diff --git a/released/discovery_center/mission_4172/provider.tf b/released/discovery_center/mission_4172/provider.tf deleted file mode 100644 index f70eba0c..00000000 --- a/released/discovery_center/mission_4172/provider.tf +++ /dev/null @@ -1,18 +0,0 @@ -terraform { - required_providers { - btp = { - source = "sap/btp" - version = "~> 1.4.0" - } - } -} - -# Please checkout documentation on how best to authenticate against SAP BTP -# via the Terraform provider for SAP BTP -provider "btp" { - globalaccount = var.globalaccount - cli_server_url = var.cli_server_url - username = var.username - password = var.password -} - diff --git a/released/discovery_center/mission_4172/samples.tfvars b/released/discovery_center/mission_4172/samples.tfvars index 76816115..ba02fbf0 100644 --- a/released/discovery_center/mission_4172/samples.tfvars +++ b/released/discovery_center/mission_4172/samples.tfvars @@ -1,22 +1,27 @@ -# ------------------------------------------------------------------------------------------------------ -# Provider configuration -# ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "youraccount" -region = "us10" -subaccount_name = "Discovery Center mission - build Events-to-Business actions" -cf_environment_label = "cf-us10" -custom_idp = "abcde1234.accounts.ondemand.com" +globalaccount = "myglobalaccount" +region = "us10" +subaccount_name = "Discovery Center mission - Build Events-to-Business actions" +cf_org_name = "cf-environment" -# ------------------------------------------------------------------------------------------------------ -# Project specific configuration (please adapt!) -# ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] -subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_admins = ["john.doe@sap.com"] +subaccount_service_admins = ["john.doe@sap.com"] -advanced_event_mesh_admin = "jane.doe@test.com" +appstudio_developers = ["john.doe@sap.com"] +appstudio_admins = ["john.doe@sap.com"] +cloudconnector_admins = ["john.doe@sap.com"] +conn_dest_admins = ["john.doe@sap.com"] -appstudio_developers = ["jane.doe@test.com", "john.doe@test.com"] -appstudio_admin = ["jane.doe@test.com", "john.doe@test.com"] -cloudconnector_admin = ["jane.doe@test.com", "john.doe@test.com"] -conn_dest_admin = ["jane.doe@test.com", "john.doe@test.com"] +cf_space_developers = ["john.doe@sap.com"] +cf_space_managers = ["john.doe@sap.com"] +cf_org_admins = ["john.doe@sap.com"] +cf_org_users = ["john.doe@sap.com"] + +hana_system_password = "Abc12345" +hana_cloud_admins = ["john.doe@sap.com"] + +process_automation_admins = ["john.doe@sap.com"] +process_automation_developers = ["john.doe@sap.com"] +process_automation_participants = ["john.doe@sap.com"] + +event_mesh_admins = ["john.doe@sap.com"] +event_mesh_developers = ["john.doe@sap.com"] diff --git a/released/discovery_center/mission_4172/step1/locals.tf b/released/discovery_center/mission_4172/step1/locals.tf new file mode 100644 index 00000000..9ed60b68 --- /dev/null +++ b/released/discovery_center/mission_4172/step1/locals.tf @@ -0,0 +1,5 @@ +locals { + service__sap_business_app_studio = "sapappstudio" + service_name__hana_cloud_tools = "hana-cloud-tools" + service_name__sap_process_automation = "process-automation" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step1/main.tf b/released/discovery_center/mission_4172/step1/main.tf new file mode 100644 index 00000000..97797409 --- /dev/null +++ b/released/discovery_center/mission_4172/step1/main.tf @@ -0,0 +1,306 @@ +############################################################################################### +# Setup of names in accordance to naming convention +############################################################################################### +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + project_subaccount_domain = lower(replace("mission-4172-${local.random_uuid}", "_", "-")) + project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) +} + +############################################################################################### +# Creation of subaccount +############################################################################################### +resource "btp_subaccount" "project" { + count = var.subaccount_id == "" ? 1 : 0 + + name = var.subaccount_name + subdomain = local.project_subaccount_domain + region = lower(var.region) + usage = "USED_FOR_PRODUCTION" +} + +data "btp_subaccount" "project" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.project[0].id +} + +############################################################################################### +# Assignment of users as sub account administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} + +############################################################################################### +# Assignment of users as sub account service administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { + for_each = toset("${var.subaccount_service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} + +###################################################################### +# Extract list of CF landscape labels from environments +###################################################################### +data "btp_subaccount_environments" "all" { + subaccount_id = data.btp_subaccount.project.id +} + +locals { + cf_landscape_labels = [ + for env in data.btp_subaccount_environments.all.values : env.landscape_label + if env.environment_type == "cloudfoundry" + ] +} + + +###################################################################### +# Creation of Cloud Foundry environment +###################################################################### +resource "btp_subaccount_environment_instance" "cloudfoundry" { + subaccount_id = data.btp_subaccount.project.id + name = var.cf_org_name + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = "standard" + landscape_label =local.cf_landscape_labels[0] + parameters = jsonencode({ + instance_name = local.project_subaccount_cf_org + }) +} + +###################################################################### +# Entitlement of all general services +###################################################################### +resource "btp_subaccount_entitlement" "genentitlements" { + for_each = { + for index, entitlement in var.entitlements : + index => entitlement + } + subaccount_id = data.btp_subaccount.project.id + service_name = each.value.service_name + plan_name = each.value.plan_name +} + +# ###################################################################### +# # Create app subscription to SAP Business APplication Studio +# ###################################################################### + +resource "btp_subaccount_entitlement" "bas" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service__sap_business_app_studio + plan_name = var.service_plan__sap_business_app_studio +} + +# Create app subscription to busineass applicaiton stuido +resource "btp_subaccount_subscription" "bas" { + subaccount_id = data.btp_subaccount.project.id + app_name = local.service__sap_business_app_studio + plan_name = var.service_plan__sap_business_app_studio + depends_on = [btp_subaccount_entitlement.bas] +} + +resource "btp_subaccount_role_collection_assignment" "bas_dev" { + depends_on = [btp_subaccount_subscription.bas] + for_each = toset(var.appstudio_developers) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Developer" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "bas_admn" { + depends_on = [btp_subaccount_subscription.bas] + for_each = toset(var.appstudio_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Administrator" + user_name = each.value +} + +###################################################################### +# Assign other Role Collection +###################################################################### + +resource "btp_subaccount_role_collection_assignment" "cloud_conn_admn" { + depends_on = [btp_subaccount_entitlement.genentitlements] + for_each = toset(var.cloudconnector_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Cloud Connector Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { + depends_on = [btp_subaccount_entitlement.genentitlements] + for_each = toset(var.conn_dest_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Connectivity and Destination Administrator" + user_name = each.value +} + +# ------------------------------------------------------------------------------------------------------ +# Entitle subaccount for usage of SAP HANA Cloud tools +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_entitlement" "hana_cloud_tools" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service_name__hana_cloud_tools + plan_name = "tools" +} + +resource "btp_subaccount_subscription" "hana_cloud_tools" { + subaccount_id = data.btp_subaccount.project.id + app_name = local.service_name__hana_cloud_tools + plan_name = "tools" + depends_on = [btp_subaccount_entitlement.hana_cloud_tools] +} + +# Assign users to Role Collection: SAP HANA Cloud Administrator +resource "btp_subaccount_role_collection_assignment" "hana_cloud_admin" { + for_each = toset(var.hana_cloud_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "SAP HANA Cloud Administrator" + user_name = each.value + depends_on = [btp_subaccount_subscription.hana_cloud_tools] +} + +# ------------------------------------------------------------------------------------------------------ +# Entitle subaccount for usage of SAP HANA Cloud +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_entitlement" "hana_cloud" { + subaccount_id = data.btp_subaccount.project.id + service_name = "hana-cloud" + plan_name = "hana" +} + +# Get plan for SAP HANA Cloud +data "btp_subaccount_service_plan" "hana_cloud" { + subaccount_id = data.btp_subaccount.project.id + offering_name = "hana-cloud" + name = "hana" + depends_on = [btp_subaccount_entitlement.hana_cloud] +} + +resource "btp_subaccount_service_instance" "hana_cloud" { + subaccount_id = data.btp_subaccount.project.id + serviceplan_id = data.btp_subaccount_service_plan.hana_cloud.id + name = "my-hana-cloud-instance" + depends_on = [btp_subaccount_entitlement.hana_cloud] + parameters = jsonencode( + { + "data" : { + "memory" : 32, + "edition" : "cloud", + "systempassword" : "${var.hana_system_password}", + "additionalWorkers" : 0, + "disasterRecoveryMode" : "no_disaster_recovery", + "enabledservices" : { + "docstore" : false, + "dpserver" : true, + "scriptserver" : false + }, + "requestedOperation" : {}, + "serviceStopped" : false, + "slaLevel" : "standard", + "storage" : 120, + "vcpu" : 2, + "whitelistIPs" : ["0.0.0.0/0"] + } + }) + + timeouts = { + create = "45m" + update = "45m" + delete = "45m" + } +} + +# Create service binding to SAP HANA Cloud service +resource "btp_subaccount_service_binding" "hana_cloud" { + subaccount_id = data.btp_subaccount.project.id + service_instance_id = btp_subaccount_service_instance.hana_cloud.id + name = "hana-cloud-key" +} + +# ###################################################################### +# # Create app subscription to SAP Build Process Automation +# ###################################################################### + +resource "btp_subaccount_entitlement" "build_process_automation" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service_name__sap_process_automation + plan_name = var.service_plan__sap_process_automation +} + +# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) +resource "btp_subaccount_subscription" "build_process_automation" { + subaccount_id = data.btp_subaccount.project.id + app_name = local.service_name__sap_process_automation + plan_name = var.service_plan__sap_process_automation + depends_on = [btp_subaccount_entitlement.build_process_automation] +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_admin" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.process_automation_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "ProcessAutomationAdmin" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_dev" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.process_automation_developers) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "ProcessAutomationDeveloper" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_part" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.process_automation_participants) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "ProcessAutomationParticipant" + user_name = each.value +} + +###################################################################### +# Event Mesh +###################################################################### +resource "btp_subaccount_entitlement" "event_mesh" { + subaccount_id = data.btp_subaccount.project.id + service_name = "enterprise-messaging" + plan_name = "default" +} + +resource "btp_subaccount_entitlement" "event_mesh_application" { + subaccount_id = data.btp_subaccount.project.id + service_name = "enterprise-messaging-hub" + plan_name = "standard" +} + +resource "btp_subaccount_subscription" "event_mesh_application" { + subaccount_id = data.btp_subaccount.project.id + app_name = "enterprise-messaging-hub" + plan_name = "standard" + depends_on = [btp_subaccount_entitlement.event_mesh_application] +} + +resource "btp_subaccount_role_collection_assignment" "event_mesh_admin" { + depends_on = [btp_subaccount_entitlement.event_mesh_application] + for_each = toset(var.event_mesh_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Enterprise Messaging Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "event_mesh_developer" { + depends_on = [btp_subaccount_entitlement.event_mesh_application] + for_each = toset(var.event_mesh_developers) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Enterprise Messaging Developer" + user_name = each.value +} diff --git a/released/discovery_center/mission_4172/step1/output.tf b/released/discovery_center/mission_4172/step1/output.tf new file mode 100644 index 00000000..ddaaca36 --- /dev/null +++ b/released/discovery_center/mission_4172/step1/output.tf @@ -0,0 +1,15 @@ +output "cf_landscape_label" { + value = btp_subaccount_environment_instance.cloudfoundry.landscape_label +} + +output "cf_api_url" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] +} + +output "cf_org_id" { + value = btp_subaccount_environment_instance.cloudfoundry.platform_id +} + +output "subaccount_id" { + value = data.btp_subaccount.project.id +} \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step1/provider.tf b/released/discovery_center/mission_4172/step1/provider.tf new file mode 100644 index 00000000..f4e6f577 --- /dev/null +++ b/released/discovery_center/mission_4172/step1/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "1.4.0" + } + } +} + +###################################################################### +# Configure BTP provider +###################################################################### +provider "btp" { + cli_server_url = var.cli_server_url + globalaccount = var.globalaccount +} \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step1/variables.tf b/released/discovery_center/mission_4172/step1/variables.tf new file mode 100644 index 00000000..88540b91 --- /dev/null +++ b/released/discovery_center/mission_4172/step1/variables.tf @@ -0,0 +1,272 @@ +###################################################################### +# Customer account setup +###################################################################### +# subaccount +variable "globalaccount" { + type = string + description = "The globalaccount subdomain." + default = "yourglobalaccount" +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} + +# subaccount +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "UC - Deliver Connected Experiences with a single view of Material Availability" +} + +# cf org name +variable "cf_org_name" { + type = string + description = "Cloud Foundry Org Name" + default = "cloud-foundry" +} + +# Region +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "us10" +} + +# CLI server +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cli.btp.cloud.sap" +} + +# subaccount variables +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins) + error_message = "Please enter a valid email address for the Subaccount Admins." + } +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_service_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_service_admins) + error_message = "Please enter a valid email address for the Subaccount service Admins." + } +} + +variable "service_plan__sap_business_app_studio" { + type = string + description = "The plan for SAP Business Application Studio" + default = "standard-edition" + validation { + condition = contains(["standard-edition"], var.service_plan__sap_business_app_studio) + error_message = "Invalid value for service_plan__sap_business_app_studio. Only 'standard-edition' is allowed." + } +} + +### +# Entitlements +### +variable "entitlements" { + type = list(object({ + service_name = string + plan_name = string + type = string + })) + description = "The list of entitlements that shall be added to the subaccount." + default = [ + { + service_name = "connectivity" + plan_name = "lite", + type = "service" + }, + { + service_name = "destination" + plan_name = "lite", + type = "service" + }, + { + service_name = "html5-apps-repo" + plan_name = "app-host", + type = "service" + }, + { + service_name = "xsuaa" + plan_name = "application", + type = "service" + } + ] +} + +variable "appstudio_developers" { + type = list(string) + description = "Business Application Studio Developers" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Business Application Studio Developers contains a list of valid email addresses + validation { + condition = length([for email in var.appstudio_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.appstudio_developers) + error_message = "Please enter a valid email address for the Business Application Studio Developers" + } +} + +variable "appstudio_admins" { + type = list(string) + description = "Business Application Studio Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Business Application Studio Administrators contains a list of valid email addresses + validation { + condition = length([for email in var.appstudio_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.appstudio_admins) + error_message = "Please enter a valid email address for the Business Application Studio Administrators." + } +} + +variable "cloudconnector_admins" { + type = list(string) + description = "Cloud Connector Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Cloud Connector Administrators contains a list of valid email addresses + validation { + condition = length([for email in var.cloudconnector_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cloudconnector_admins) + error_message = "Please enter a valid email address for the Cloud Connector Administrators." + } +} + +variable "conn_dest_admins" { + type = list(string) + description = "Connectivity and Destination Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Connectivity and Destination Administrators contains a list of valid email addresses + validation { + condition = length([for email in var.conn_dest_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.conn_dest_admins) + error_message = "Please enter a valid email address for the Connectivity and Destination Administrators." + } +} + +variable "hana_cloud_admins" { + type = list(string) + description = "Defines the colleagues who are added as admins to access the instance of SAP HANA Cloud." + default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.hana_cloud_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.hana_cloud_admins) + error_message = "Please enter a valid email address for the admins of SAP HANA Cloud instance." + } +} + + +variable "hana_system_password" { + type = string + description = "The password of the database 'superuser' DBADMIN." + sensitive = true + + # add validation to check if the password is at least 8 characters long + validation { + condition = length(var.hana_system_password) > 7 + error_message = "The hana_system_password must be at least 8 characters long." + } + + # add validation to check if the password contains at least one upper case + validation { + condition = can(regex("[A-Z]", var.hana_system_password)) + error_message = "The hana_system_password must contain at least one upper case." + } + + # add validation to check if the password contains at least two lower case characters that can occur on arbitrary places in the string (not necessarily in a row) + validation { + condition = length(regexall("[a-z]", var.hana_system_password)) > 1 + error_message = "The hana_system_password must contain at least two lower case characters." + } + + # add validation to check if the password contains at least one numeric character + validation { + condition = can(regex("[0-9]", var.hana_system_password)) + error_message = "The hana_system_password must contain at least one numeric character." + } +} + +# Cloudfoundry environment label +variable "cf_environment_label" { + type = string + description = "The Cloudfoundry environment label" + default = "cf-us10" +} + +variable "service_plan__sap_process_automation" { + type = string + description = "The plan for SAP Build Process Automation" + default = "standard" + validation { + condition = contains(["standard", "advanced-user"], var.service_plan__sap_process_automation) + error_message = "Invalid value for service_plan__sap_process_automation. Only 'standard' and 'advanced-user' are allowed." + } +} + + +variable "process_automation_admins" { + type = list(string) + description = "SAP Build Process Automation Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if SAP Build Process Automation Administrators contains a list of valid email addresses + validation { + condition = length([for email in var.process_automation_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.process_automation_admins) + error_message = "Please enter a valid email address for the SAP Build Process Automation Administrators." + } +} + +variable "process_automation_developers" { + type = list(string) + description = "SAP Build Process Automation Developers" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if SAP Build Process Automation Developers contains a list of valid email addresses + validation { + condition = length([for email in var.process_automation_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.process_automation_developers) + error_message = "Please enter a valid email address for the SAP Build Process Automation Developers." + } +} + +variable "process_automation_participants" { + type = list(string) + description = "SAP Build Process Automation Participants" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if SAP Build Process Automation Participants contains a list of valid email addresses + validation { + condition = length([for email in var.process_automation_participants : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.process_automation_participants) + error_message = "Please enter a valid email address for the SAP Build Process Automation Participants." + } +} + +variable "event_mesh_admins" { + type = list(string) + description = "Enterprise Messaging Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.event_mesh_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.event_mesh_admins) + error_message = "Please enter a valid email address for the Enterprise Messaging Administrators." + } +} + +variable "event_mesh_developers" { + type = list(string) + description = "Enterprise Messaging Developers" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Enterprise Messaging Developers contains a list of valid email addresses + validation { + condition = length([for email in var.event_mesh_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.event_mesh_developers) + error_message = "Please enter a valid email address for the Enterprise Messaging Developers." + } +} + + diff --git a/released/discovery_center/mission_4172/step2/main.tf b/released/discovery_center/mission_4172/step2/main.tf new file mode 100644 index 00000000..76c4de91 --- /dev/null +++ b/released/discovery_center/mission_4172/step2/main.tf @@ -0,0 +1,40 @@ +###################################################################### +# Create space using CF provider +###################################################################### +resource "cloudfoundry_space" "dev" { + name = "DEV" + org = var.cf_org_id +} + +###################################################################### +# add org and space users and managers +###################################################################### +resource "cloudfoundry_org_role" "organization_user" { + for_each = toset(var.cf_org_users) + username = each.value + type = "organization_user" + org = var.cf_org_id +} + +resource "cloudfoundry_org_role" "organization_manager" { + for_each = toset(var.cf_org_admins) + username = each.value + type = "organization_manager" + org = var.cf_org_id +} + +resource "cloudfoundry_space_role" "space_developer" { + for_each = toset(var.cf_space_developers) + username = each.value + type = "space_developer" + space = cloudfoundry_space.dev.id + depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] +} + +resource "cloudfoundry_space_role" "space_manager" { + for_each = toset(var.cf_space_managers) + username = each.value + type = "space_manager" + space = cloudfoundry_space.dev.id + depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] +} \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step2/output.tf b/released/discovery_center/mission_4172/step2/output.tf new file mode 100644 index 00000000..9425898f --- /dev/null +++ b/released/discovery_center/mission_4172/step2/output.tf @@ -0,0 +1,19 @@ +output "subaccount_id" { + value = var.subaccount_id +} + +output "cf_landscape_label" { + value = var.cf_landscape_label +} + +output "cf_org_id" { + value = var.cf_org_id +} + +output "cf_api_url" { + value = var.cf_api_url +} + +output "cf_space_name" { + value = cloudfoundry_space.dev.name +} \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step2/provider.tf b/released/discovery_center/mission_4172/step2/provider.tf new file mode 100644 index 00000000..a42145c5 --- /dev/null +++ b/released/discovery_center/mission_4172/step2/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + cloudfoundry = { + source = "SAP/cloudfoundry" + version = "0.2.1-beta" + } + } +} + +###################################################################### +# Configure CF provider +###################################################################### +provider "cloudfoundry" { + # resolve API URL from environment instance + api_url = var.cf_api_url +} \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step2/variables.tf b/released/discovery_center/mission_4172/step2/variables.tf new file mode 100644 index 00000000..501c2e63 --- /dev/null +++ b/released/discovery_center/mission_4172/step2/variables.tf @@ -0,0 +1,59 @@ +variable "cf_api_url" { + type = string +} + +variable "cf_landscape_label" { + type = string +} + +variable "cf_org_id" { + type = string +} + +variable "subaccount_id" { + type = string +} + +variable "cf_space_developers" { + type = list(string) + description = "CF Space developers" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if CF Space developers contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) + error_message = "Please enter a valid email address for the CF Space developers." + } +} + +variable "cf_space_managers" { + type = list(string) + description = "CF Space managers" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if CF Space managers contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) + error_message = "Please enter a valid email address for the Cloud Connector Administrators." + } +} + +variable "cf_org_admins" { + type = list(string) + description = "CF Org Admins" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if CF Org Admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) + error_message = "Please enter a valid email address for the CF Org Admins." + } +} + +variable "cf_org_users" { + type = list(string) + description = "CF Org Users" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if CF Org Users contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_users : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_users) + error_message = "Please enter a valid email address for the CF Org Users." + } +} diff --git a/released/discovery_center/mission_4172/variables.tf b/released/discovery_center/mission_4172/variables.tf deleted file mode 100644 index d69a99d6..00000000 --- a/released/discovery_center/mission_4172/variables.tf +++ /dev/null @@ -1,163 +0,0 @@ -###################################################################### -# Customer account setup -###################################################################### -# subaccount -variable "globalaccount" { - type = string - description = "The globalaccount subdomain." - default = "yourglobalaccount" -} -# subaccount -variable "subaccount_name" { - type = string - description = "The subaccount name." - default = "UC - Events to Business Actions" -} -# Region -variable "region" { - type = string - description = "The region where the project account shall be created in." - default = "us10" -} - -# hana password -variable "hana_cloud_system_password" { - type = string - description = "The system password for the hana_cloud service instance." - default = "Abcd1234" -} - -# CLI server -variable "cli_server_url" { - type = string - description = "The BTP CLI server URL." - default = "https://cpcli.cf.eu10.hana.ondemand.com" -} - -variable "subaccount_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "subaccount_service_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "advanced_event_mesh_admin" { - type = string - description = "Defines the colleagues who are Cloudfoundry org auditors" - default = "jane.doe@test.com" -} - -variable "appstudio_developers" { - type = list(string) - description = "Business Application Studio Developer" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "appstudio_admin" { - type = list(string) - description = "Business Application Studio Administrator" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "cloudconnector_admin" { - type = list(string) - description = "Cloud Connector Administrator" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "conn_dest_admin" { - type = list(string) - description = "Connectivity and Destination Administrator" - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -### -# Entitlements -### -variable "entitlements" { - type = list(object({ - service_name = string - plan_name = string - type = string - })) - description = "The list of entitlements that shall be added to the subaccount." - default = [ - { - service_name = "connectivity" - plan_name = "lite", - type = "service" - }, - { - service_name = "destination" - plan_name = "lite", - type = "service" - }, - { - service_name = "html5-apps-repo" - plan_name = "app-host", - type = "service" - }, - { - service_name = "sapappstudio" - plan_name = "standard-edition", - type = "app" - }, - { - service_name = "xsuaa" - plan_name = "application", - type = "service" - }, - { - service_name = "hana" - plan_name = "hdi-shared", - type = "service" - }, - { - service_name = "hana-cloud" - plan_name = "hana", - type = "service" - } - ] -} - -# variable "advanced_event_mesh" { -# service_name = "integration-suite-advanced-event-mesh" -# } - -variable "username" { - description = "BTP username" - type = string - sensitive = false - -} - -variable "password" { - description = "BTP user password" - type = string - sensitive = true -} - -variable "custom_idp" { - type = string - description = "Defines the custom IDP to be used for the subaccount" - default = "terraformint" - - validation { - condition = can(regex("^[a-z-]", var.custom_idp)) - error_message = "Please enter a valid entry for the custom-idp of the subaccount." - } -} - -# Cloudfoundry environment label -variable "cf_environment_label" { - type = string - description = "The Cloudfoundry environment label" - default = "cf-us10" -} - - From 6008b6f1194d8d5dbd9cd6b6a918363d9219767e Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Wed, 3 Jul 2024 23:21:01 +0530 Subject: [PATCH 23/25] 3501 changes --- .../discovery_center/mission_3501/README.md | 32 ++ .../discovery_center/mission_3501/apply.sh | 14 + .../discovery_center/mission_3501/destroy.sh | 12 + .../mission_3501/samples.tfvars | 28 ++ .../mission_3501/step1/locals.tf | 5 + .../mission_3501/step1/main.tf | 412 ++++++++++++++++++ .../mission_3501/step1/output.tf | 15 + .../mission_3501/step1/provider.tf | 16 + .../mission_3501/step1/variables.tf | 276 ++++++++++++ .../mission_3501/step2/main.tf | 40 ++ .../mission_3501/step2/output.tf | 19 + .../mission_3501/step2/provider.tf | 16 + .../mission_3501/step2/variables.tf | 59 +++ 13 files changed, 944 insertions(+) create mode 100644 released/discovery_center/mission_3501/README.md create mode 100755 released/discovery_center/mission_3501/apply.sh create mode 100755 released/discovery_center/mission_3501/destroy.sh create mode 100644 released/discovery_center/mission_3501/samples.tfvars create mode 100644 released/discovery_center/mission_3501/step1/locals.tf create mode 100644 released/discovery_center/mission_3501/step1/main.tf create mode 100644 released/discovery_center/mission_3501/step1/output.tf create mode 100644 released/discovery_center/mission_3501/step1/provider.tf create mode 100644 released/discovery_center/mission_3501/step1/variables.tf create mode 100644 released/discovery_center/mission_3501/step2/main.tf create mode 100644 released/discovery_center/mission_3501/step2/output.tf create mode 100644 released/discovery_center/mission_3501/step2/provider.tf create mode 100644 released/discovery_center/mission_3501/step2/variables.tf diff --git a/released/discovery_center/mission_3501/README.md b/released/discovery_center/mission_3501/README.md new file mode 100644 index 00000000..b39d69cb --- /dev/null +++ b/released/discovery_center/mission_3501/README.md @@ -0,0 +1,32 @@ +# Discovery Center Mission: Enhance core ERP business processes with resilient applications on SAP BTP (3501) + +## Overview + +This sample shows how to create a landscape for the Discovery Center Mission - [Enhance core ERP business processes with resilient applications on SAP BTP](https://discovery-center.cloud.sap/missiondetail/3501/) + +## Content of setup + +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Entitlements of services +- Subscriptions to applications +- Role collection assignments to users +- Creation of CF environments +- Management of users and roles on org and space level + +## Deploying the resources + +To deploy the resources you must: + +1. Export environment variables BTP_USERNAME, BTP_PASSWORD, CF_USER, and CF_PASSWORD with your username and password for the custom IdP of your global account. + +2. Change the variables in the `samples.tfvars` file in the main folder to meet your requirements + + > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. + +3. Execute the apply.sh script. + +4. Verify e.g., in BTP cockpit that a new subaccount with a integration suite, SAP Business Application Studio, CF environment instance and a CF space have been created. + +5. Clean up by running the destroy.sh script. \ No newline at end of file diff --git a/released/discovery_center/mission_3501/apply.sh b/released/discovery_center/mission_3501/apply.sh new file mode 100755 index 00000000..fb333585 --- /dev/null +++ b/released/discovery_center/mission_3501/apply.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +cd step1 + +terraform init +terraform apply -var-file='../samples.tfvars' -auto-approve +terraform output > ../step2/step1vars.tfvars + +cd ../step2 + +terraform init +terraform apply -var-file=step1vars.tfvars -var-file='../samples.tfvars' -auto-approve + +cd .. \ No newline at end of file diff --git a/released/discovery_center/mission_3501/destroy.sh b/released/discovery_center/mission_3501/destroy.sh new file mode 100755 index 00000000..c149b746 --- /dev/null +++ b/released/discovery_center/mission_3501/destroy.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +cd step2 + +terraform destroy -var-file=step1vars.tfvars -var-file='../samples.tfvars' -auto-approve +rm step1vars.tfvars + +cd ../step1 + +terraform destroy -var-file='../samples.tfvars' -auto-approve + +cd .. \ No newline at end of file diff --git a/released/discovery_center/mission_3501/samples.tfvars b/released/discovery_center/mission_3501/samples.tfvars new file mode 100644 index 00000000..b1105a69 --- /dev/null +++ b/released/discovery_center/mission_3501/samples.tfvars @@ -0,0 +1,28 @@ +globalaccount = "myglobalaccount" +region = "us10" +subaccount_name = "Discovery Center mission - 3501" +cf_org_name = "cf-environment" + +subaccount_admins = ["john.doe@sap.com"] +subaccount_service_admins = ["john.doe@sap.com"] + +appstudio_developers = ["john.doe@sap.com"] +appstudio_admins = ["john.doe@sap.com"] +cloudconnector_admins = ["john.doe@sap.com"] +conn_dest_admins = ["john.doe@sap.com"] + +cf_space_developers = ["john.doe@sap.com"] +cf_space_managers = ["john.doe@sap.com"] +cf_org_admins = ["john.doe@sap.com"] +cf_org_users = ["john.doe@sap.com"] + +hana_system_password = "Abc12345" +hana_cloud_admins = ["john.doe@sap.com"] + +event_mesh_admins = ["john.doe@sap.com"] +event_mesh_developers = ["john.doe@sap.com"] + +workzone_se_administrators = ["john.doe@sap.com"] +cicd_service_admins = ["john.doe@sap.com"] +tms_admins = ["john.doe@sap.com"] +tms_import_operators = ["john.doe@sap.com"] diff --git a/released/discovery_center/mission_3501/step1/locals.tf b/released/discovery_center/mission_3501/step1/locals.tf new file mode 100644 index 00000000..0aa5f6d8 --- /dev/null +++ b/released/discovery_center/mission_3501/step1/locals.tf @@ -0,0 +1,5 @@ +locals { + service__sap_business_app_studio = "sapappstudio" + service_name__hana_cloud_tools = "hana-cloud-tools" + service_name__build_workzone = "SAPLaunchpad" +} \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step1/main.tf b/released/discovery_center/mission_3501/step1/main.tf new file mode 100644 index 00000000..5d29712d --- /dev/null +++ b/released/discovery_center/mission_3501/step1/main.tf @@ -0,0 +1,412 @@ +############################################################################################### +# Setup of names in accordance to naming convention +############################################################################################### +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + project_subaccount_domain = lower(replace("mission-3501-${local.random_uuid}", "_", "-")) + project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) +} + +############################################################################################### +# Creation of subaccount +############################################################################################### +resource "btp_subaccount" "project" { + count = var.subaccount_id == "" ? 1 : 0 + + name = var.subaccount_name + subdomain = local.project_subaccount_domain + region = lower(var.region) + usage = "USED_FOR_PRODUCTION" +} + +data "btp_subaccount" "project" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.project[0].id +} + +############################################################################################### +# Assignment of users as sub account administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} + +############################################################################################### +# Assignment of users as sub account service administrators +############################################################################################### +resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { + for_each = toset("${var.subaccount_service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} + +###################################################################### +# Extract list of CF landscape labels from environments +###################################################################### +data "btp_subaccount_environments" "all" { + subaccount_id = data.btp_subaccount.project.id +} + +locals { + cf_landscape_labels = [ + for env in data.btp_subaccount_environments.all.values : env.landscape_label + if env.environment_type == "cloudfoundry" + ] +} + + +###################################################################### +# Creation of Cloud Foundry environment +###################################################################### +resource "btp_subaccount_environment_instance" "cloudfoundry" { + subaccount_id = data.btp_subaccount.project.id + name = var.cf_org_name + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = "standard" + landscape_label =local.cf_landscape_labels[0] + parameters = jsonencode({ + instance_name = local.project_subaccount_cf_org + }) +} + +###################################################################### +# Entitlement of all general services +###################################################################### +resource "btp_subaccount_entitlement" "genentitlements" { + for_each = { + for index, entitlement in var.entitlements : + index => entitlement + } + subaccount_id = data.btp_subaccount.project.id + service_name = each.value.service_name + plan_name = each.value.plan_name +} + +# ###################################################################### +# # Create app subscription to SAP Business APplication Studio +# ###################################################################### + +resource "btp_subaccount_entitlement" "bas" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service__sap_business_app_studio + plan_name = var.service_plan__sap_business_app_studio +} + +# Create app subscription to busineass applicaiton stuido +resource "btp_subaccount_subscription" "bas" { + subaccount_id = data.btp_subaccount.project.id + app_name = local.service__sap_business_app_studio + plan_name = var.service_plan__sap_business_app_studio + depends_on = [btp_subaccount_entitlement.bas] +} + +resource "btp_subaccount_role_collection_assignment" "bas_dev" { + depends_on = [btp_subaccount_subscription.bas] + for_each = toset(var.appstudio_developers) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Developer" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "bas_admn" { + depends_on = [btp_subaccount_subscription.bas] + for_each = toset(var.appstudio_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Administrator" + user_name = each.value +} + +###################################################################### +# Assign other Role Collection +###################################################################### + +resource "btp_subaccount_role_collection_assignment" "cloud_conn_admn" { + depends_on = [btp_subaccount_entitlement.genentitlements] + for_each = toset(var.cloudconnector_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Cloud Connector Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { + depends_on = [btp_subaccount_entitlement.genentitlements] + for_each = toset(var.conn_dest_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Connectivity and Destination Administrator" + user_name = each.value +} + +# ------------------------------------------------------------------------------------------------------ +# Entitle subaccount for usage of SAP HANA Cloud tools +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_entitlement" "hana_cloud_tools" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service_name__hana_cloud_tools + plan_name = "tools" +} + +resource "btp_subaccount_subscription" "hana_cloud_tools" { + subaccount_id = data.btp_subaccount.project.id + app_name = local.service_name__hana_cloud_tools + plan_name = "tools" + depends_on = [btp_subaccount_entitlement.hana_cloud_tools] +} + +# Assign users to Role Collection: SAP HANA Cloud Administrator +resource "btp_subaccount_role_collection_assignment" "hana_cloud_admin" { + for_each = toset(var.hana_cloud_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "SAP HANA Cloud Administrator" + user_name = each.value + depends_on = [btp_subaccount_subscription.hana_cloud_tools] +} + +# ------------------------------------------------------------------------------------------------------ +# Entitle subaccount for usage of SAP HANA Cloud +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_entitlement" "hana_cloud" { + subaccount_id = data.btp_subaccount.project.id + service_name = "hana-cloud" + plan_name = "hana" +} + +# Get plan for SAP HANA Cloud +data "btp_subaccount_service_plan" "hana_cloud" { + subaccount_id = data.btp_subaccount.project.id + offering_name = "hana-cloud" + name = "hana" + depends_on = [btp_subaccount_entitlement.hana_cloud] +} + +resource "btp_subaccount_service_instance" "hana_cloud" { + subaccount_id = data.btp_subaccount.project.id + serviceplan_id = data.btp_subaccount_service_plan.hana_cloud.id + name = "my-hana-cloud-instance" + depends_on = [btp_subaccount_entitlement.hana_cloud] + parameters = jsonencode( + { + "data" : { + "memory" : 32, + "edition" : "cloud", + "systempassword" : "${var.hana_system_password}", + "additionalWorkers" : 0, + "disasterRecoveryMode" : "no_disaster_recovery", + "enabledservices" : { + "docstore" : false, + "dpserver" : true, + "scriptserver" : false + }, + "requestedOperation" : {}, + "serviceStopped" : false, + "slaLevel" : "standard", + "storage" : 120, + "vcpu" : 2, + "whitelistIPs" : ["0.0.0.0/0"] + } + }) + + timeouts = { + create = "45m" + update = "45m" + delete = "45m" + } +} + +# Create service binding to SAP HANA Cloud service +resource "btp_subaccount_service_binding" "hana_cloud" { + subaccount_id = data.btp_subaccount.project.id + service_instance_id = btp_subaccount_service_instance.hana_cloud.id + name = "hana-cloud-key" +} + +###################################################################### +# Event Mesh +###################################################################### +resource "btp_subaccount_entitlement" "event_mesh" { + subaccount_id = data.btp_subaccount.project.id + service_name = "enterprise-messaging" + plan_name = "default" +} + +resource "btp_subaccount_entitlement" "event_mesh_application" { + subaccount_id = data.btp_subaccount.project.id + service_name = "enterprise-messaging-hub" + plan_name = "standard" +} + +resource "btp_subaccount_subscription" "event_mesh_application" { + subaccount_id = data.btp_subaccount.project.id + app_name = "enterprise-messaging-hub" + plan_name = "standard" + depends_on = [btp_subaccount_entitlement.event_mesh_application] +} + +resource "btp_subaccount_role_collection_assignment" "event_mesh_admin" { + depends_on = [btp_subaccount_entitlement.event_mesh_application] + for_each = toset(var.event_mesh_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Enterprise Messaging Administrator" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "event_mesh_developer" { + depends_on = [btp_subaccount_entitlement.event_mesh_application] + for_each = toset(var.event_mesh_developers) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Enterprise Messaging Developer" + user_name = each.value +} + +###################################################################### +# CI CD +###################################################################### +resource "btp_subaccount_entitlement" "cicd" { + subaccount_id = data.btp_subaccount.project.id + service_name = "cicd-app" + plan_name = "default" +} + +resource "btp_subaccount_subscription" "cicd" { + subaccount_id = data.btp_subaccount.project.id + app_name = "cicd-app" + plan_name = "default" + depends_on = [btp_subaccount_entitlement.cicd] +} + +# assign users to role collection - CICD Service Administrator +resource "btp_subaccount_role_collection_assignment" "cicd_service_admin" { + depends_on = [btp_subaccount_subscription.cicd] + for_each = toset(var.cicd_service_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "CICD Service Administrator" + user_name = each.value +} + +###################################################################### +# alm-ts +###################################################################### +resource "btp_subaccount_entitlement" "alm_ts" { + subaccount_id = data.btp_subaccount.project.id + service_name = "alm-ts" + plan_name = "standard" +} + +resource "btp_subaccount_subscription" "alm_ts" { + subaccount_id = data.btp_subaccount.project.id + app_name = "alm-ts" + plan_name = "standard" + depends_on = [btp_subaccount_entitlement.alm_ts] +} + +data "btp_subaccount_roles" "all" { + subaccount_id = data.btp_subaccount.project.id + depends_on = [btp_subaccount_subscription.alm_ts] +} + +# Create the role collection - admin +resource "btp_subaccount_role_collection" "alm_ts_admin" { + subaccount_id = data.btp_subaccount.project.id + name = "TMS Admin" + depends_on = [ data.btp_subaccount_roles.all ] + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["Administrator"], role.name) && contains(["alm-ts"], role.app_name) + ] +} +# Assign users to the role collection - admin +resource "btp_subaccount_role_collection_assignment" "alm_ts_admin" { + depends_on = [btp_subaccount_role_collection.alm_ts_admin] + for_each = toset(var.tms_admins) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "TMS Admin" + user_name = each.value +} + +# Create the role collection - import operator +resource "btp_subaccount_role_collection" "alm_ts_import_operator" { + subaccount_id = data.btp_subaccount.project.id + name = "TMS Import Operator" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["ImportOperator"], role.name) && contains(["alm-ts"], role.app_name) + ] +} + +# Assign users to the role collection - import operator +resource "btp_subaccount_role_collection_assignment" "alm_ts_import_operator" { + depends_on = [btp_subaccount_role_collection.alm_ts_import_operator] + for_each = toset(var.tms_import_operators) + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "TMS Import Operator" + user_name = each.value +} + +###################################################################### +# autoscaler +###################################################################### +resource "btp_subaccount_entitlement" "autoscaler" { + subaccount_id = data.btp_subaccount.project.id + service_name = "autoscaler" + plan_name = "standard" +} + +###################################################################### +# alert-notification +###################################################################### +resource "btp_subaccount_entitlement" "alert_notification" { + subaccount_id = data.btp_subaccount.project.id + service_name = "alert-notification" + plan_name = "standard" +} + + +###################################################################### +# application-logs +###################################################################### +resource "btp_subaccount_entitlement" "app_logs" { + subaccount_id = data.btp_subaccount.project.id + service_name = "application-logs" + plan_name = "lite" +} + +############################################################################################### +# Prepare and setup app: SAP Build Workzone, standard edition +############################################################################################### +# Entitle subaccount for usage of app destination SAP Build Workzone, standard edition +resource "btp_subaccount_entitlement" "build_workzone" { + subaccount_id = data.btp_subaccount.project.id + service_name = local.service_name__build_workzone + plan_name = var.service_plan__build_workzone + amount = var.service_plan__build_workzone == "free" ? 1 : null +} + +# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) +resource "btp_subaccount_subscription" "build_workzone" { + subaccount_id = data.btp_subaccount.project.id + app_name = local.service_name__build_workzone + plan_name = var.service_plan__build_workzone + depends_on = [btp_subaccount_entitlement.build_workzone] +} + +# Assign users to Role Collection: Launchpad_Admin (SAP Build Workzone, standard edition) +resource "btp_subaccount_role_collection_assignment" "launchpad_admin" { + for_each = toset("${var.workzone_se_administrators}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Launchpad_Admin" + user_name = each.value + depends_on = [btp_subaccount_subscription.build_workzone] +} + diff --git a/released/discovery_center/mission_3501/step1/output.tf b/released/discovery_center/mission_3501/step1/output.tf new file mode 100644 index 00000000..ddaaca36 --- /dev/null +++ b/released/discovery_center/mission_3501/step1/output.tf @@ -0,0 +1,15 @@ +output "cf_landscape_label" { + value = btp_subaccount_environment_instance.cloudfoundry.landscape_label +} + +output "cf_api_url" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] +} + +output "cf_org_id" { + value = btp_subaccount_environment_instance.cloudfoundry.platform_id +} + +output "subaccount_id" { + value = data.btp_subaccount.project.id +} \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step1/provider.tf b/released/discovery_center/mission_3501/step1/provider.tf new file mode 100644 index 00000000..f4e6f577 --- /dev/null +++ b/released/discovery_center/mission_3501/step1/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "1.4.0" + } + } +} + +###################################################################### +# Configure BTP provider +###################################################################### +provider "btp" { + cli_server_url = var.cli_server_url + globalaccount = var.globalaccount +} \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step1/variables.tf b/released/discovery_center/mission_3501/step1/variables.tf new file mode 100644 index 00000000..395d0f00 --- /dev/null +++ b/released/discovery_center/mission_3501/step1/variables.tf @@ -0,0 +1,276 @@ +###################################################################### +# Customer account setup +###################################################################### +# subaccount +variable "globalaccount" { + type = string + description = "The globalaccount subdomain." + default = "yourglobalaccount" +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} + +# subaccount +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "UC - Deliver Connected Experiences with a single view of Material Availability" +} + +# cf org name +variable "cf_org_name" { + type = string + description = "Cloud Foundry Org Name" + default = "cloud-foundry" +} + +# Region +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "us10" +} + +# CLI server +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cli.btp.cloud.sap" +} + +# subaccount variables +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins) + error_message = "Please enter a valid email address for the Subaccount Admins." + } +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_service_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_service_admins) + error_message = "Please enter a valid email address for the Subaccount service Admins." + } +} + +variable "service_plan__sap_business_app_studio" { + type = string + description = "The plan for SAP Business Application Studio" + default = "standard-edition" + validation { + condition = contains(["standard-edition"], var.service_plan__sap_business_app_studio) + error_message = "Invalid value for service_plan__sap_business_app_studio. Only 'standard-edition' is allowed." + } +} + +### +# Entitlements +### +variable "entitlements" { + type = list(object({ + service_name = string + plan_name = string + type = string + })) + description = "The list of entitlements that shall be added to the subaccount." + default = [ + { + service_name = "connectivity" + plan_name = "lite", + type = "service" + }, + { + service_name = "destination" + plan_name = "lite", + type = "service" + }, + { + service_name = "html5-apps-repo" + plan_name = "app-host", + type = "service" + }, + { + service_name = "xsuaa" + plan_name = "application", + type = "service" + } + ] +} + +variable "appstudio_developers" { + type = list(string) + description = "Business Application Studio Developers" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Business Application Studio Developers contains a list of valid email addresses + validation { + condition = length([for email in var.appstudio_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.appstudio_developers) + error_message = "Please enter a valid email address for the Business Application Studio Developers" + } +} + +variable "appstudio_admins" { + type = list(string) + description = "Business Application Studio Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Business Application Studio Administrators contains a list of valid email addresses + validation { + condition = length([for email in var.appstudio_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.appstudio_admins) + error_message = "Please enter a valid email address for the Business Application Studio Administrators." + } +} + +variable "cloudconnector_admins" { + type = list(string) + description = "Cloud Connector Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Cloud Connector Administrators contains a list of valid email addresses + validation { + condition = length([for email in var.cloudconnector_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cloudconnector_admins) + error_message = "Please enter a valid email address for the Cloud Connector Administrators." + } +} + +variable "conn_dest_admins" { + type = list(string) + description = "Connectivity and Destination Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Connectivity and Destination Administrators contains a list of valid email addresses + validation { + condition = length([for email in var.conn_dest_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.conn_dest_admins) + error_message = "Please enter a valid email address for the Connectivity and Destination Administrators." + } +} + +variable "hana_cloud_admins" { + type = list(string) + description = "Defines the colleagues who are added as admins to access the instance of SAP HANA Cloud." + default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.hana_cloud_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.hana_cloud_admins) + error_message = "Please enter a valid email address for the admins of SAP HANA Cloud instance." + } +} + + +variable "hana_system_password" { + type = string + description = "The password of the database 'superuser' DBADMIN." + sensitive = true + + # add validation to check if the password is at least 8 characters long + validation { + condition = length(var.hana_system_password) > 7 + error_message = "The hana_system_password must be at least 8 characters long." + } + + # add validation to check if the password contains at least one upper case + validation { + condition = can(regex("[A-Z]", var.hana_system_password)) + error_message = "The hana_system_password must contain at least one upper case." + } + + # add validation to check if the password contains at least two lower case characters that can occur on arbitrary places in the string (not necessarily in a row) + validation { + condition = length(regexall("[a-z]", var.hana_system_password)) > 1 + error_message = "The hana_system_password must contain at least two lower case characters." + } + + # add validation to check if the password contains at least one numeric character + validation { + condition = can(regex("[0-9]", var.hana_system_password)) + error_message = "The hana_system_password must contain at least one numeric character." + } +} + + +variable "event_mesh_admins" { + type = list(string) + description = "Enterprise Messaging Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.event_mesh_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.event_mesh_admins) + error_message = "Please enter a valid email address for the Enterprise Messaging Administrators." + } +} + +variable "event_mesh_developers" { + type = list(string) + description = "Enterprise Messaging Developers" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Enterprise Messaging Developers contains a list of valid email addresses + validation { + condition = length([for email in var.event_mesh_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.event_mesh_developers) + error_message = "Please enter a valid email address for the Enterprise Messaging Developers." + } +} + +variable "service_plan__build_workzone" { + type = string + description = "The plan for build_workzone subscription" + default = "free" + validation { + condition = contains(["free", "standard"], var.service_plan__build_workzone) + error_message = "Invalid value for service_plan__build_workzone. Only 'free' and 'standard' are allowed." + } +} + +variable "workzone_se_administrators" { + type = list(string) + description = "Workzone Standard Edition Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if Workzone Standard Edition Administrators contains a list of valid email addresses + validation { + condition = length([for email in var.workzone_se_administrators : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.workzone_se_administrators) + error_message = "Please enter a valid email address for the Workzone Standard Edition Administratorss." + } +} + +variable "tms_admins" { + type = list(string) + description = "TMS Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if TMS Administrators contains a list of valid email addresses + validation { + condition = length([for email in var.tms_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.tms_admins) + error_message = "Please enter a valid email address for the TMS Administrators." + } +} + +variable "tms_import_operators" { + type = list(string) + description = "TMS Import Operators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if TMS Import Operators contains a list of valid email addresses + validation { + condition = length([for email in var.tms_import_operators : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.tms_import_operators) + error_message = "Please enter a valid email address for the TMS Import Operators." + } +} + +variable "cicd_service_admins" { + type = list(string) + description = "CICD Service Administrators" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if CICD Service Administrators contains a list of valid email addresses + validation { + condition = length([for email in var.cicd_service_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cicd_service_admins) + error_message = "Please enter a valid email address for the CICD Service Administrators." + } +} + + diff --git a/released/discovery_center/mission_3501/step2/main.tf b/released/discovery_center/mission_3501/step2/main.tf new file mode 100644 index 00000000..76c4de91 --- /dev/null +++ b/released/discovery_center/mission_3501/step2/main.tf @@ -0,0 +1,40 @@ +###################################################################### +# Create space using CF provider +###################################################################### +resource "cloudfoundry_space" "dev" { + name = "DEV" + org = var.cf_org_id +} + +###################################################################### +# add org and space users and managers +###################################################################### +resource "cloudfoundry_org_role" "organization_user" { + for_each = toset(var.cf_org_users) + username = each.value + type = "organization_user" + org = var.cf_org_id +} + +resource "cloudfoundry_org_role" "organization_manager" { + for_each = toset(var.cf_org_admins) + username = each.value + type = "organization_manager" + org = var.cf_org_id +} + +resource "cloudfoundry_space_role" "space_developer" { + for_each = toset(var.cf_space_developers) + username = each.value + type = "space_developer" + space = cloudfoundry_space.dev.id + depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] +} + +resource "cloudfoundry_space_role" "space_manager" { + for_each = toset(var.cf_space_managers) + username = each.value + type = "space_manager" + space = cloudfoundry_space.dev.id + depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] +} \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step2/output.tf b/released/discovery_center/mission_3501/step2/output.tf new file mode 100644 index 00000000..9425898f --- /dev/null +++ b/released/discovery_center/mission_3501/step2/output.tf @@ -0,0 +1,19 @@ +output "subaccount_id" { + value = var.subaccount_id +} + +output "cf_landscape_label" { + value = var.cf_landscape_label +} + +output "cf_org_id" { + value = var.cf_org_id +} + +output "cf_api_url" { + value = var.cf_api_url +} + +output "cf_space_name" { + value = cloudfoundry_space.dev.name +} \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step2/provider.tf b/released/discovery_center/mission_3501/step2/provider.tf new file mode 100644 index 00000000..a42145c5 --- /dev/null +++ b/released/discovery_center/mission_3501/step2/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + cloudfoundry = { + source = "SAP/cloudfoundry" + version = "0.2.1-beta" + } + } +} + +###################################################################### +# Configure CF provider +###################################################################### +provider "cloudfoundry" { + # resolve API URL from environment instance + api_url = var.cf_api_url +} \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step2/variables.tf b/released/discovery_center/mission_3501/step2/variables.tf new file mode 100644 index 00000000..501c2e63 --- /dev/null +++ b/released/discovery_center/mission_3501/step2/variables.tf @@ -0,0 +1,59 @@ +variable "cf_api_url" { + type = string +} + +variable "cf_landscape_label" { + type = string +} + +variable "cf_org_id" { + type = string +} + +variable "subaccount_id" { + type = string +} + +variable "cf_space_developers" { + type = list(string) + description = "CF Space developers" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if CF Space developers contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) + error_message = "Please enter a valid email address for the CF Space developers." + } +} + +variable "cf_space_managers" { + type = list(string) + description = "CF Space managers" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if CF Space managers contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) + error_message = "Please enter a valid email address for the Cloud Connector Administrators." + } +} + +variable "cf_org_admins" { + type = list(string) + description = "CF Org Admins" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if CF Org Admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) + error_message = "Please enter a valid email address for the CF Org Admins." + } +} + +variable "cf_org_users" { + type = list(string) + description = "CF Org Users" + default = ["jane.doe@test.com", "john.doe@test.com"] + # add validation to check if CF Org Users contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_users : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_users) + error_message = "Please enter a valid email address for the CF Org Users." + } +} From 05e6378b4a3f5b2672d0adc485507b0d83c4a083 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Thu, 4 Jul 2024 23:30:40 +0530 Subject: [PATCH 24/25] fixes variables --- released/discovery_center/mission_4033/sample.tfvars | 1 - released/discovery_center/mission_4356/apply.sh | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/released/discovery_center/mission_4033/sample.tfvars b/released/discovery_center/mission_4033/sample.tfvars index 52011a29..c4843dfc 100644 --- a/released/discovery_center/mission_4033/sample.tfvars +++ b/released/discovery_center/mission_4033/sample.tfvars @@ -21,7 +21,6 @@ kyma_instance = { # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ - subaccount_admins = ["another.user@test.com"] subaccount_service_admins = ["another.user@test.com"] conn_dest_admins = ["another.user@test.com"] diff --git a/released/discovery_center/mission_4356/apply.sh b/released/discovery_center/mission_4356/apply.sh index 6e378ee1..fb333585 100755 --- a/released/discovery_center/mission_4356/apply.sh +++ b/released/discovery_center/mission_4356/apply.sh @@ -1,12 +1,12 @@ #!/bin/sh -cd step-1 +cd step1 terraform init terraform apply -var-file='../samples.tfvars' -auto-approve -terraform output > ../step-2/step1vars.tfvars +terraform output > ../step2/step1vars.tfvars -cd ../step-2 +cd ../step2 terraform init terraform apply -var-file=step1vars.tfvars -var-file='../samples.tfvars' -auto-approve From bcd9d19b026660828e697a318cd85ce59aa2d54b Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Thu, 4 Jul 2024 23:41:24 +0530 Subject: [PATCH 25/25] formatting --- .../mission_3501/samples.tfvars | 6 ++--- .../mission_3501/step1/locals.tf | 4 ++-- .../mission_3501/step1/main.tf | 6 ++--- .../mission_3501/step1/output.tf | 6 ++--- .../mission_3501/step2/main.tf | 24 +++++++++---------- .../mission_3501/step2/output.tf | 8 +++---- .../mission_3501/step2/provider.tf | 4 ++-- .../mission_3501/step2/variables.tf | 8 +++---- .../mission_4172/samples.tfvars | 2 +- .../mission_4172/step1/locals.tf | 4 ++-- .../mission_4172/step1/main.tf | 4 ++-- .../mission_4172/step1/output.tf | 6 ++--- .../mission_4172/step2/main.tf | 24 +++++++++---------- .../mission_4172/step2/output.tf | 8 +++---- .../mission_4172/step2/provider.tf | 4 ++-- .../mission_4172/step2/variables.tf | 8 +++---- .../mission_4356/samples.tfvars | 14 +++++------ .../mission_4356/step1/locals.tf | 2 +- .../mission_4356/step1/main.tf | 4 ++-- .../mission_4356/step1/output.tf | 6 ++--- .../mission_4356/step2/main.tf | 24 +++++++++---------- .../mission_4356/step2/output.tf | 8 +++---- .../mission_4356/step2/provider.tf | 4 ++-- .../mission_4356/step2/variables.tf | 8 +++---- 24 files changed, 98 insertions(+), 98 deletions(-) diff --git a/released/discovery_center/mission_3501/samples.tfvars b/released/discovery_center/mission_3501/samples.tfvars index b1105a69..66d600f8 100644 --- a/released/discovery_center/mission_3501/samples.tfvars +++ b/released/discovery_center/mission_3501/samples.tfvars @@ -6,7 +6,7 @@ cf_org_name = "cf-environment" subaccount_admins = ["john.doe@sap.com"] subaccount_service_admins = ["john.doe@sap.com"] -appstudio_developers = ["john.doe@sap.com"] +appstudio_developers = ["john.doe@sap.com"] appstudio_admins = ["john.doe@sap.com"] cloudconnector_admins = ["john.doe@sap.com"] conn_dest_admins = ["john.doe@sap.com"] @@ -24,5 +24,5 @@ event_mesh_developers = ["john.doe@sap.com"] workzone_se_administrators = ["john.doe@sap.com"] cicd_service_admins = ["john.doe@sap.com"] -tms_admins = ["john.doe@sap.com"] -tms_import_operators = ["john.doe@sap.com"] +tms_admins = ["john.doe@sap.com"] +tms_import_operators = ["john.doe@sap.com"] diff --git a/released/discovery_center/mission_3501/step1/locals.tf b/released/discovery_center/mission_3501/step1/locals.tf index 0aa5f6d8..90bebd94 100644 --- a/released/discovery_center/mission_3501/step1/locals.tf +++ b/released/discovery_center/mission_3501/step1/locals.tf @@ -1,5 +1,5 @@ locals { service__sap_business_app_studio = "sapappstudio" - service_name__hana_cloud_tools = "hana-cloud-tools" - service_name__build_workzone = "SAPLaunchpad" + service_name__hana_cloud_tools = "hana-cloud-tools" + service_name__build_workzone = "SAPLaunchpad" } \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step1/main.tf b/released/discovery_center/mission_3501/step1/main.tf index 5d29712d..569cf3e2 100644 --- a/released/discovery_center/mission_3501/step1/main.tf +++ b/released/discovery_center/mission_3501/step1/main.tf @@ -69,7 +69,7 @@ resource "btp_subaccount_environment_instance" "cloudfoundry" { environment_type = "cloudfoundry" service_name = "cloudfoundry" plan_name = "standard" - landscape_label =local.cf_landscape_labels[0] + landscape_label = local.cf_landscape_labels[0] parameters = jsonencode({ instance_name = local.project_subaccount_cf_org }) @@ -244,7 +244,7 @@ resource "btp_subaccount_subscription" "event_mesh_application" { subaccount_id = data.btp_subaccount.project.id app_name = "enterprise-messaging-hub" plan_name = "standard" - depends_on = [btp_subaccount_entitlement.event_mesh_application] + depends_on = [btp_subaccount_entitlement.event_mesh_application] } resource "btp_subaccount_role_collection_assignment" "event_mesh_admin" { @@ -313,7 +313,7 @@ data "btp_subaccount_roles" "all" { resource "btp_subaccount_role_collection" "alm_ts_admin" { subaccount_id = data.btp_subaccount.project.id name = "TMS Admin" - depends_on = [ data.btp_subaccount_roles.all ] + depends_on = [data.btp_subaccount_roles.all] roles = [ for role in data.btp_subaccount_roles.all.values : { name = role.name diff --git a/released/discovery_center/mission_3501/step1/output.tf b/released/discovery_center/mission_3501/step1/output.tf index ddaaca36..56f90f7b 100644 --- a/released/discovery_center/mission_3501/step1/output.tf +++ b/released/discovery_center/mission_3501/step1/output.tf @@ -3,13 +3,13 @@ output "cf_landscape_label" { } output "cf_api_url" { - value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] } output "cf_org_id" { - value = btp_subaccount_environment_instance.cloudfoundry.platform_id + value = btp_subaccount_environment_instance.cloudfoundry.platform_id } output "subaccount_id" { - value = data.btp_subaccount.project.id + value = data.btp_subaccount.project.id } \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step2/main.tf b/released/discovery_center/mission_3501/step2/main.tf index 76c4de91..b4812ee4 100644 --- a/released/discovery_center/mission_3501/step2/main.tf +++ b/released/discovery_center/mission_3501/step2/main.tf @@ -2,8 +2,8 @@ # Create space using CF provider ###################################################################### resource "cloudfoundry_space" "dev" { - name = "DEV" - org = var.cf_org_id + name = "DEV" + org = var.cf_org_id } ###################################################################### @@ -24,17 +24,17 @@ resource "cloudfoundry_org_role" "organization_manager" { } resource "cloudfoundry_space_role" "space_developer" { - for_each = toset(var.cf_space_developers) - username = each.value - type = "space_developer" - space = cloudfoundry_space.dev.id - depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] + for_each = toset(var.cf_space_developers) + username = each.value + type = "space_developer" + space = cloudfoundry_space.dev.id + depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] } resource "cloudfoundry_space_role" "space_manager" { - for_each = toset(var.cf_space_managers) - username = each.value - type = "space_manager" - space = cloudfoundry_space.dev.id - depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] + for_each = toset(var.cf_space_managers) + username = each.value + type = "space_manager" + space = cloudfoundry_space.dev.id + depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] } \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step2/output.tf b/released/discovery_center/mission_3501/step2/output.tf index 9425898f..ad4178cd 100644 --- a/released/discovery_center/mission_3501/step2/output.tf +++ b/released/discovery_center/mission_3501/step2/output.tf @@ -1,5 +1,5 @@ output "subaccount_id" { - value = var.subaccount_id + value = var.subaccount_id } output "cf_landscape_label" { @@ -7,13 +7,13 @@ output "cf_landscape_label" { } output "cf_org_id" { - value = var.cf_org_id + value = var.cf_org_id } output "cf_api_url" { - value = var.cf_api_url + value = var.cf_api_url } output "cf_space_name" { - value = cloudfoundry_space.dev.name + value = cloudfoundry_space.dev.name } \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step2/provider.tf b/released/discovery_center/mission_3501/step2/provider.tf index a42145c5..9337283b 100644 --- a/released/discovery_center/mission_3501/step2/provider.tf +++ b/released/discovery_center/mission_3501/step2/provider.tf @@ -11,6 +11,6 @@ terraform { # Configure CF provider ###################################################################### provider "cloudfoundry" { - # resolve API URL from environment instance - api_url = var.cf_api_url + # resolve API URL from environment instance + api_url = var.cf_api_url } \ No newline at end of file diff --git a/released/discovery_center/mission_3501/step2/variables.tf b/released/discovery_center/mission_3501/step2/variables.tf index 501c2e63..0b435101 100644 --- a/released/discovery_center/mission_3501/step2/variables.tf +++ b/released/discovery_center/mission_3501/step2/variables.tf @@ -1,17 +1,17 @@ variable "cf_api_url" { - type = string + type = string } variable "cf_landscape_label" { - type = string + type = string } variable "cf_org_id" { - type = string + type = string } variable "subaccount_id" { - type = string + type = string } variable "cf_space_developers" { diff --git a/released/discovery_center/mission_4172/samples.tfvars b/released/discovery_center/mission_4172/samples.tfvars index ba02fbf0..adf8e887 100644 --- a/released/discovery_center/mission_4172/samples.tfvars +++ b/released/discovery_center/mission_4172/samples.tfvars @@ -6,7 +6,7 @@ cf_org_name = "cf-environment" subaccount_admins = ["john.doe@sap.com"] subaccount_service_admins = ["john.doe@sap.com"] -appstudio_developers = ["john.doe@sap.com"] +appstudio_developers = ["john.doe@sap.com"] appstudio_admins = ["john.doe@sap.com"] cloudconnector_admins = ["john.doe@sap.com"] conn_dest_admins = ["john.doe@sap.com"] diff --git a/released/discovery_center/mission_4172/step1/locals.tf b/released/discovery_center/mission_4172/step1/locals.tf index 9ed60b68..00e26833 100644 --- a/released/discovery_center/mission_4172/step1/locals.tf +++ b/released/discovery_center/mission_4172/step1/locals.tf @@ -1,5 +1,5 @@ locals { - service__sap_business_app_studio = "sapappstudio" - service_name__hana_cloud_tools = "hana-cloud-tools" + service__sap_business_app_studio = "sapappstudio" + service_name__hana_cloud_tools = "hana-cloud-tools" service_name__sap_process_automation = "process-automation" } \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step1/main.tf b/released/discovery_center/mission_4172/step1/main.tf index 97797409..0f4216f3 100644 --- a/released/discovery_center/mission_4172/step1/main.tf +++ b/released/discovery_center/mission_4172/step1/main.tf @@ -69,7 +69,7 @@ resource "btp_subaccount_environment_instance" "cloudfoundry" { environment_type = "cloudfoundry" service_name = "cloudfoundry" plan_name = "standard" - landscape_label =local.cf_landscape_labels[0] + landscape_label = local.cf_landscape_labels[0] parameters = jsonencode({ instance_name = local.project_subaccount_cf_org }) @@ -286,7 +286,7 @@ resource "btp_subaccount_subscription" "event_mesh_application" { subaccount_id = data.btp_subaccount.project.id app_name = "enterprise-messaging-hub" plan_name = "standard" - depends_on = [btp_subaccount_entitlement.event_mesh_application] + depends_on = [btp_subaccount_entitlement.event_mesh_application] } resource "btp_subaccount_role_collection_assignment" "event_mesh_admin" { diff --git a/released/discovery_center/mission_4172/step1/output.tf b/released/discovery_center/mission_4172/step1/output.tf index ddaaca36..56f90f7b 100644 --- a/released/discovery_center/mission_4172/step1/output.tf +++ b/released/discovery_center/mission_4172/step1/output.tf @@ -3,13 +3,13 @@ output "cf_landscape_label" { } output "cf_api_url" { - value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] } output "cf_org_id" { - value = btp_subaccount_environment_instance.cloudfoundry.platform_id + value = btp_subaccount_environment_instance.cloudfoundry.platform_id } output "subaccount_id" { - value = data.btp_subaccount.project.id + value = data.btp_subaccount.project.id } \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step2/main.tf b/released/discovery_center/mission_4172/step2/main.tf index 76c4de91..b4812ee4 100644 --- a/released/discovery_center/mission_4172/step2/main.tf +++ b/released/discovery_center/mission_4172/step2/main.tf @@ -2,8 +2,8 @@ # Create space using CF provider ###################################################################### resource "cloudfoundry_space" "dev" { - name = "DEV" - org = var.cf_org_id + name = "DEV" + org = var.cf_org_id } ###################################################################### @@ -24,17 +24,17 @@ resource "cloudfoundry_org_role" "organization_manager" { } resource "cloudfoundry_space_role" "space_developer" { - for_each = toset(var.cf_space_developers) - username = each.value - type = "space_developer" - space = cloudfoundry_space.dev.id - depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] + for_each = toset(var.cf_space_developers) + username = each.value + type = "space_developer" + space = cloudfoundry_space.dev.id + depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] } resource "cloudfoundry_space_role" "space_manager" { - for_each = toset(var.cf_space_managers) - username = each.value - type = "space_manager" - space = cloudfoundry_space.dev.id - depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] + for_each = toset(var.cf_space_managers) + username = each.value + type = "space_manager" + space = cloudfoundry_space.dev.id + depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] } \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step2/output.tf b/released/discovery_center/mission_4172/step2/output.tf index 9425898f..ad4178cd 100644 --- a/released/discovery_center/mission_4172/step2/output.tf +++ b/released/discovery_center/mission_4172/step2/output.tf @@ -1,5 +1,5 @@ output "subaccount_id" { - value = var.subaccount_id + value = var.subaccount_id } output "cf_landscape_label" { @@ -7,13 +7,13 @@ output "cf_landscape_label" { } output "cf_org_id" { - value = var.cf_org_id + value = var.cf_org_id } output "cf_api_url" { - value = var.cf_api_url + value = var.cf_api_url } output "cf_space_name" { - value = cloudfoundry_space.dev.name + value = cloudfoundry_space.dev.name } \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step2/provider.tf b/released/discovery_center/mission_4172/step2/provider.tf index a42145c5..9337283b 100644 --- a/released/discovery_center/mission_4172/step2/provider.tf +++ b/released/discovery_center/mission_4172/step2/provider.tf @@ -11,6 +11,6 @@ terraform { # Configure CF provider ###################################################################### provider "cloudfoundry" { - # resolve API URL from environment instance - api_url = var.cf_api_url + # resolve API URL from environment instance + api_url = var.cf_api_url } \ No newline at end of file diff --git a/released/discovery_center/mission_4172/step2/variables.tf b/released/discovery_center/mission_4172/step2/variables.tf index 501c2e63..0b435101 100644 --- a/released/discovery_center/mission_4172/step2/variables.tf +++ b/released/discovery_center/mission_4172/step2/variables.tf @@ -1,17 +1,17 @@ variable "cf_api_url" { - type = string + type = string } variable "cf_landscape_label" { - type = string + type = string } variable "cf_org_id" { - type = string + type = string } variable "subaccount_id" { - type = string + type = string } variable "cf_space_developers" { diff --git a/released/discovery_center/mission_4356/samples.tfvars b/released/discovery_center/mission_4356/samples.tfvars index db6e9ab5..43b5f802 100644 --- a/released/discovery_center/mission_4356/samples.tfvars +++ b/released/discovery_center/mission_4356/samples.tfvars @@ -1,7 +1,7 @@ -globalaccount = "ticoo" -region = "us10" -subaccount_name = "Discovery Center mission - Deliver Connected Experiences with a single view of Material Availability" -cf_org_name = "cf-environment" +globalaccount = "ticoo" +region = "us10" +subaccount_name = "Discovery Center mission - Deliver Connected Experiences with a single view of Material Availability" +cf_org_name = "cf-environment" subaccount_admins = ["m.palavalli1@sap.com"] subaccount_service_admins = ["m.palavalli1@sap.com"] @@ -13,6 +13,6 @@ conn_dest_admin = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] int_provisioner = ["m.palavalli@sap.com", "m.palavalli1@sap.com"] cf_space_developers = ["m.palavalli1@sap.com"] -cf_space_managers = [ "m.palavalli1@sap.com"] -cf_org_admins = ["m.palavalli1@sap.com"] -cf_org_users = ["m.palavalli1@sap.com"] +cf_space_managers = ["m.palavalli1@sap.com"] +cf_org_admins = ["m.palavalli1@sap.com"] +cf_org_users = ["m.palavalli1@sap.com"] diff --git a/released/discovery_center/mission_4356/step1/locals.tf b/released/discovery_center/mission_4356/step1/locals.tf index bc48719d..0663eaea 100644 --- a/released/discovery_center/mission_4356/step1/locals.tf +++ b/released/discovery_center/mission_4356/step1/locals.tf @@ -1,4 +1,4 @@ locals { - service__sap_business_app_studio = "sapappstudio" + service__sap_business_app_studio = "sapappstudio" service_name__sap_integration_suite = "integrationsuite" } \ No newline at end of file diff --git a/released/discovery_center/mission_4356/step1/main.tf b/released/discovery_center/mission_4356/step1/main.tf index 6ab8a2e7..5facadde 100644 --- a/released/discovery_center/mission_4356/step1/main.tf +++ b/released/discovery_center/mission_4356/step1/main.tf @@ -69,7 +69,7 @@ resource "btp_subaccount_environment_instance" "cloudfoundry" { environment_type = "cloudfoundry" service_name = "cloudfoundry" plan_name = "standard" - landscape_label =local.cf_landscape_labels[0] + landscape_label = local.cf_landscape_labels[0] parameters = jsonencode({ instance_name = local.project_subaccount_cf_org }) @@ -99,7 +99,7 @@ resource "btp_subaccount_entitlement" "sap_integration_suite" { data "btp_subaccount_subscriptions" "all" { subaccount_id = data.btp_subaccount.project.id - depends_on = [ btp_subaccount_entitlement.sap_integration_suite ] + depends_on = [btp_subaccount_entitlement.sap_integration_suite] } resource "btp_subaccount_subscription" "sap_integration_suite" { diff --git a/released/discovery_center/mission_4356/step1/output.tf b/released/discovery_center/mission_4356/step1/output.tf index ddaaca36..56f90f7b 100644 --- a/released/discovery_center/mission_4356/step1/output.tf +++ b/released/discovery_center/mission_4356/step1/output.tf @@ -3,13 +3,13 @@ output "cf_landscape_label" { } output "cf_api_url" { - value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] } output "cf_org_id" { - value = btp_subaccount_environment_instance.cloudfoundry.platform_id + value = btp_subaccount_environment_instance.cloudfoundry.platform_id } output "subaccount_id" { - value = data.btp_subaccount.project.id + value = data.btp_subaccount.project.id } \ No newline at end of file diff --git a/released/discovery_center/mission_4356/step2/main.tf b/released/discovery_center/mission_4356/step2/main.tf index 76c4de91..b4812ee4 100644 --- a/released/discovery_center/mission_4356/step2/main.tf +++ b/released/discovery_center/mission_4356/step2/main.tf @@ -2,8 +2,8 @@ # Create space using CF provider ###################################################################### resource "cloudfoundry_space" "dev" { - name = "DEV" - org = var.cf_org_id + name = "DEV" + org = var.cf_org_id } ###################################################################### @@ -24,17 +24,17 @@ resource "cloudfoundry_org_role" "organization_manager" { } resource "cloudfoundry_space_role" "space_developer" { - for_each = toset(var.cf_space_developers) - username = each.value - type = "space_developer" - space = cloudfoundry_space.dev.id - depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] + for_each = toset(var.cf_space_developers) + username = each.value + type = "space_developer" + space = cloudfoundry_space.dev.id + depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] } resource "cloudfoundry_space_role" "space_manager" { - for_each = toset(var.cf_space_managers) - username = each.value - type = "space_manager" - space = cloudfoundry_space.dev.id - depends_on = [ cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager ] + for_each = toset(var.cf_space_managers) + username = each.value + type = "space_manager" + space = cloudfoundry_space.dev.id + depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] } \ No newline at end of file diff --git a/released/discovery_center/mission_4356/step2/output.tf b/released/discovery_center/mission_4356/step2/output.tf index 9425898f..ad4178cd 100644 --- a/released/discovery_center/mission_4356/step2/output.tf +++ b/released/discovery_center/mission_4356/step2/output.tf @@ -1,5 +1,5 @@ output "subaccount_id" { - value = var.subaccount_id + value = var.subaccount_id } output "cf_landscape_label" { @@ -7,13 +7,13 @@ output "cf_landscape_label" { } output "cf_org_id" { - value = var.cf_org_id + value = var.cf_org_id } output "cf_api_url" { - value = var.cf_api_url + value = var.cf_api_url } output "cf_space_name" { - value = cloudfoundry_space.dev.name + value = cloudfoundry_space.dev.name } \ No newline at end of file diff --git a/released/discovery_center/mission_4356/step2/provider.tf b/released/discovery_center/mission_4356/step2/provider.tf index a42145c5..9337283b 100644 --- a/released/discovery_center/mission_4356/step2/provider.tf +++ b/released/discovery_center/mission_4356/step2/provider.tf @@ -11,6 +11,6 @@ terraform { # Configure CF provider ###################################################################### provider "cloudfoundry" { - # resolve API URL from environment instance - api_url = var.cf_api_url + # resolve API URL from environment instance + api_url = var.cf_api_url } \ No newline at end of file diff --git a/released/discovery_center/mission_4356/step2/variables.tf b/released/discovery_center/mission_4356/step2/variables.tf index c75d61a9..438dc703 100644 --- a/released/discovery_center/mission_4356/step2/variables.tf +++ b/released/discovery_center/mission_4356/step2/variables.tf @@ -1,17 +1,17 @@ variable "cf_api_url" { - type = string + type = string } variable "cf_landscape_label" { - type = string + type = string } variable "cf_org_id" { - type = string + type = string } variable "subaccount_id" { - type = string + type = string } variable "cf_space_developers" {