From a260b3fd894c8db9c0f6bca9031ee5a96fd1f604 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Tue, 9 Jul 2024 08:57:45 +0000 Subject: [PATCH 1/5] clean-up code for usage in quick-account-setup --- .../discovery_center/mission_3260/main.tf | 72 +++++++++++++------ .../discovery_center/mission_3260/outputs.tf | 6 +- .../discovery_center/mission_3260/provider.tf | 17 +---- .../mission_3260/samples.tfvars | 13 ++-- .../mission_3260/variables.tf | 13 +++- 5 files changed, 70 insertions(+), 51 deletions(-) diff --git a/released/discovery_center/mission_3260/main.tf b/released/discovery_center/mission_3260/main.tf index 233a2f1f..997a29b6 100644 --- a/released/discovery_center/mission_3260/main.tf +++ b/released/discovery_center/mission_3260/main.tf @@ -4,26 +4,36 @@ resource "random_uuid" "uuid" {} locals { - random_uuid = random_uuid.uuid.result - project_subaccount_domain = "discoverycenter-tf-sap-ms-${local.random_uuid}" - project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) + random_uuid = random_uuid.uuid.result + subaccount_domain = lower(replace("mission-3260-${local.random_uuid}", "_", "-")) + subaccount_cf_org = substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) } # ------------------------------------------------------------------------------------------------------ # Creation of subaccount # ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount" "project" { +resource "btp_subaccount" "dc_mission" { name = var.subaccount_name - subdomain = local.project_subaccount_domain + subdomain = local.subaccount_domain region = lower(var.region) } +# ------------------------------------------------------------------------------------------------------ +# Assign custom IDP to sub account (if custom_idp is set) +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_trust_configuration" "fully_customized" { + # Only create trust configuration if custom_idp has been set + count = var.custom_idp == "" ? 0 : 1 + subaccount_id = btp_subaccount.dc_mission.id + identity_provider = var.custom_idp +} + # ------------------------------------------------------------------------------------------------------ # Assignment of users as sub account administrators # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { - for_each = toset("${var.subaccount_admins}") - subaccount_id = btp_subaccount.project.id + for_each = toset(var.subaccount_admins) + subaccount_id = btp_subaccount.dc_mission.id role_collection_name = "Subaccount Administrator" user_name = each.value } @@ -32,38 +42,54 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { # Assignment of users as sub account service administrators # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { - for_each = toset("${var.subaccount_service_admins}") - subaccount_id = btp_subaccount.project.id + for_each = toset(var.subaccount_service_admins) + subaccount_id = btp_subaccount.dc_mission.id role_collection_name = "Subaccount Service Administrator" user_name = each.value } + +# ------------------------------------------------------------------------------------------------------ +# CLOUDFOUNDRY PREPARATION +# ------------------------------------------------------------------------------------------------------ +# +# Fetch all available environments for the subaccount +data "btp_subaccount_environments" "all" { + subaccount_id = btp_subaccount.dc_mission.id +} +# ------------------------------------------------------------------------------------------------------ +# Take the landscape label from the first CF environment if no environment label is provided +# (this replaces the previous null_resource) +# ------------------------------------------------------------------------------------------------------ +resource "terraform_data" "replacement" { + input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label +} # ------------------------------------------------------------------------------------------------------ # Creation of Cloud Foundry environment # ------------------------------------------------------------------------------------------------------ -module "cloudfoundry_environment" { - source = "../../modules/environment/cloudfoundry/envinstance_cf" - subaccount_id = btp_subaccount.project.id - instance_name = local.project_subaccount_cf_org - plan_name = "standard" - cf_org_name = local.project_subaccount_cf_org - cf_org_auditors = [] - cf_org_billing_managers = [] - cf_org_managers = [] - +resource "btp_subaccount_environment_instance" "cloudfoundry" { + subaccount_id = btp_subaccount.dc_mission.id + name = local.subaccount_cf_org + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = "standard" + landscape_label = terraform_data.replacement.output + parameters = jsonencode({ + instance_name = local.subaccount_cf_org + }) } # ------------------------------------------------------------------------------------------------------ # Create service instance - SAP Build Process Automation service # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_entitlement" "bpa" { - subaccount_id = btp_subaccount.project.id + subaccount_id = btp_subaccount.dc_mission.id service_name = "process-automation" plan_name = "free" } resource "btp_subaccount_subscription" "bpa" { - subaccount_id = btp_subaccount.project.id + subaccount_id = btp_subaccount.dc_mission.id app_name = "process-automation" plan_name = "free" depends_on = [btp_subaccount_entitlement.bpa] @@ -71,8 +97,8 @@ resource "btp_subaccount_subscription" "bpa" { # Assign users to Role Collection: ProcessAutomationAdmin resource "btp_subaccount_role_collection_assignment" "bpa_admin" { - for_each = toset("${var.subaccount_service_admins}") - subaccount_id = btp_subaccount.project.id + for_each = toset(var.subaccount_service_admins) + subaccount_id = btp_subaccount.dc_mission.id role_collection_name = "ProcessAutomationAdmin" user_name = each.value depends_on = [btp_subaccount_subscription.bpa] diff --git a/released/discovery_center/mission_3260/outputs.tf b/released/discovery_center/mission_3260/outputs.tf index f51ebf85..6f8d709c 100644 --- a/released/discovery_center/mission_3260/outputs.tf +++ b/released/discovery_center/mission_3260/outputs.tf @@ -1,9 +1,9 @@ output "subaccount_id" { - value = btp_subaccount.project.id - description = "The ID of the project subaccount." + value = btp_subaccount.dc_mission.id + description = "The ID of the subaccount." } output "org_id" { - value = module.cloudfoundry_environment.cf_org_id + value = btp_subaccount_environment_instance.cloudfoundry description = "The Cloudfoundry org ID." } diff --git a/released/discovery_center/mission_3260/provider.tf b/released/discovery_center/mission_3260/provider.tf index 154f4705..3bbdfad3 100644 --- a/released/discovery_center/mission_3260/provider.tf +++ b/released/discovery_center/mission_3260/provider.tf @@ -5,10 +5,6 @@ terraform { source = "sap/btp" version = "~> 1.4.0" } - cloudfoundry = { - source = "cloudfoundry-community/cloudfoundry" - version = "~>0.53.1" - } } } @@ -16,15 +12,4 @@ terraform { # via the Terraform provider for SAP BTP provider "btp" { globalaccount = var.globalaccount -} - -# Get the Cloudfoundry API endpoint -module "cloudfoundry_api" { - source = "../../modules/environment/cloudfoundry/apiurl_cf" - environment_label = var.cf_environment_label -} - -// Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs -provider "cloudfoundry" { - api_url = module.cloudfoundry_api.api_url -} +} \ No newline at end of file diff --git a/released/discovery_center/mission_3260/samples.tfvars b/released/discovery_center/mission_3260/samples.tfvars index 0a36742c..ec2c8d0a 100644 --- a/released/discovery_center/mission_3260/samples.tfvars +++ b/released/discovery_center/mission_3260/samples.tfvars @@ -2,13 +2,14 @@ # Provider configuration # ------------------------------------------------------------------------------------------------------ # Your global account subdomain -globalaccount = "youraccount" -region = "us10" -subaccount_name = "Discovery Center mission - build Events-to-Business actions" -cf_environment_label = "cf-us10" +globalaccount = "youraccount" +region = "us10" +subaccount_name = "Discovery Center mission 3260 - build Events-to-Business actions" +#cf_landscape_label = "cf-us10" +#custom_idp = "xxxx" # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] -subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_admins = ["another.user@test.com"] +subaccount_service_admins = ["another.user@test.com"] \ No newline at end of file diff --git a/released/discovery_center/mission_3260/variables.tf b/released/discovery_center/mission_3260/variables.tf index 8770dad3..ed3a402e 100644 --- a/released/discovery_center/mission_3260/variables.tf +++ b/released/discovery_center/mission_3260/variables.tf @@ -13,6 +13,13 @@ variable "subaccount_name" { description = "The subaccount name." default = "UC - Build resilient BTP Apps" } + +variable "custom_idp" { + type = string + description = "Defines the custom IdP" + default = "" +} + # Region variable "region" { type = string @@ -20,10 +27,10 @@ variable "region" { default = "us10" } # Cloudfoundry environment label -variable "cf_environment_label" { +variable "cf_landscape_label" { type = string - description = "The Cloudfoundry environment label" - default = "cf-us10" + description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available." + default = "" } variable "subaccount_admins" { From 674a81917253602cc8e754a1349f3bfe3c1da946 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Tue, 9 Jul 2024 09:10:12 +0000 Subject: [PATCH 2/5] format files and change outputs.tf file --- released/discovery_center/mission_3260/outputs.tf | 2 +- released/discovery_center/mission_3260/samples.tfvars | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/released/discovery_center/mission_3260/outputs.tf b/released/discovery_center/mission_3260/outputs.tf index 6f8d709c..d246c452 100644 --- a/released/discovery_center/mission_3260/outputs.tf +++ b/released/discovery_center/mission_3260/outputs.tf @@ -4,6 +4,6 @@ output "subaccount_id" { } output "org_id" { - value = btp_subaccount_environment_instance.cloudfoundry + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"] description = "The Cloudfoundry org ID." } diff --git a/released/discovery_center/mission_3260/samples.tfvars b/released/discovery_center/mission_3260/samples.tfvars index ec2c8d0a..fe9f030d 100644 --- a/released/discovery_center/mission_3260/samples.tfvars +++ b/released/discovery_center/mission_3260/samples.tfvars @@ -2,9 +2,9 @@ # Provider configuration # ------------------------------------------------------------------------------------------------------ # Your global account subdomain -globalaccount = "youraccount" -region = "us10" -subaccount_name = "Discovery Center mission 3260 - build Events-to-Business actions" +globalaccount = "youraccount" +region = "us10" +subaccount_name = "Discovery Center mission 3260 - build Events-to-Business actions" #cf_landscape_label = "cf-us10" #custom_idp = "xxxx" From 1d4426fddf79d55772f3327d32a80c25260bf700 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Tue, 9 Jul 2024 09:27:21 +0000 Subject: [PATCH 3/5] update provider setup and add missing variables --- released/discovery_center/mission_3260/provider.tf | 5 +++-- released/discovery_center/mission_3260/variables.tf | 12 ++++++++++++ released/discovery_center/mission_4024/main.tf | 4 ++-- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/released/discovery_center/mission_3260/provider.tf b/released/discovery_center/mission_3260/provider.tf index 3bbdfad3..7170b3fb 100644 --- a/released/discovery_center/mission_3260/provider.tf +++ b/released/discovery_center/mission_3260/provider.tf @@ -11,5 +11,6 @@ terraform { # Please checkout documentation on how best to authenticate against SAP BTP # via the Terraform provider for SAP BTP provider "btp" { - globalaccount = var.globalaccount -} \ No newline at end of file + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url +} diff --git a/released/discovery_center/mission_3260/variables.tf b/released/discovery_center/mission_3260/variables.tf index ed3a402e..e7fb577f 100644 --- a/released/discovery_center/mission_3260/variables.tf +++ b/released/discovery_center/mission_3260/variables.tf @@ -14,6 +14,18 @@ variable "subaccount_name" { default = "UC - Build resilient BTP Apps" } +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} + +variable "cli_server_url" { + type = string + description = "Defines the CLI server URL" + default = "https://cli.btp.cloud.sap" +} + variable "custom_idp" { type = string description = "Defines the custom IdP" diff --git a/released/discovery_center/mission_4024/main.tf b/released/discovery_center/mission_4024/main.tf index 09bb037d..db79254b 100644 --- a/released/discovery_center/mission_4024/main.tf +++ b/released/discovery_center/mission_4024/main.tf @@ -29,7 +29,7 @@ data "btp_subaccount" "project" { # Assignment of emergency admins to the sub account as sub account administrators ############################################################################################### resource "btp_subaccount_role_collection_assignment" "subaccount_users" { - for_each = toset("${var.emergency_admins}") + for_each = toset(var.emergency_admins) subaccount_id = data.btp_subaccount.project.id role_collection_name = "Subaccount Administrator" user_name = each.value @@ -265,7 +265,7 @@ resource "btp_subaccount_entitlement" "destination" { # Assign users to Role Collection: Launchpad_Admin resource "btp_subaccount_role_collection_assignment" "launchpad_admin" { - for_each = toset("${var.emergency_admins}") + for_each = toset(var.emergency_admins) subaccount_id = data.btp_subaccount.project.id role_collection_name = "Launchpad_Admin" user_name = each.value From 2e01d67edb4d7f06351ab261f8544861e2a1ee69 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Tue, 9 Jul 2024 13:35:41 +0000 Subject: [PATCH 4/5] address review results from markus --- released/discovery_center/mission_3260/main.tf | 4 ++-- released/discovery_center/mission_3260/outputs.tf | 7 ++++++- .../discovery_center/mission_3260/samples.tfvars | 3 ++- released/discovery_center/mission_3260/variables.tf | 13 +++++++++++++ released/discovery_center/mission_4024/main.tf | 2 +- 5 files changed, 24 insertions(+), 5 deletions(-) diff --git a/released/discovery_center/mission_3260/main.tf b/released/discovery_center/mission_3260/main.tf index 997a29b6..bdcf3c83 100644 --- a/released/discovery_center/mission_3260/main.tf +++ b/released/discovery_center/mission_3260/main.tf @@ -6,7 +6,7 @@ resource "random_uuid" "uuid" {} locals { random_uuid = random_uuid.uuid.result subaccount_domain = lower(replace("mission-3260-${local.random_uuid}", "_", "-")) - subaccount_cf_org = substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) + subaccount_cf_org = length(var.cf_org_name) > 0 ? var.cf_org_name : substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) } # ------------------------------------------------------------------------------------------------------ @@ -97,7 +97,7 @@ resource "btp_subaccount_subscription" "bpa" { # Assign users to Role Collection: ProcessAutomationAdmin resource "btp_subaccount_role_collection_assignment" "bpa_admin" { - for_each = toset(var.subaccount_service_admins) + for_each = toset(var.business_process_automation_admins) subaccount_id = btp_subaccount.dc_mission.id role_collection_name = "ProcessAutomationAdmin" user_name = each.value diff --git a/released/discovery_center/mission_3260/outputs.tf b/released/discovery_center/mission_3260/outputs.tf index d246c452..750c1863 100644 --- a/released/discovery_center/mission_3260/outputs.tf +++ b/released/discovery_center/mission_3260/outputs.tf @@ -3,7 +3,12 @@ output "subaccount_id" { description = "The ID of the subaccount." } -output "org_id" { +output "cf_org_id" { value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"] description = "The Cloudfoundry org ID." } + +output "bpa_url" { + value = btp_subaccount_subscription.bpa.subscription_url + description = "Subscription URL for SAP Business Process Automation" +} \ No newline at end of file diff --git a/released/discovery_center/mission_3260/samples.tfvars b/released/discovery_center/mission_3260/samples.tfvars index fe9f030d..0db08bf8 100644 --- a/released/discovery_center/mission_3260/samples.tfvars +++ b/released/discovery_center/mission_3260/samples.tfvars @@ -12,4 +12,5 @@ subaccount_name = "Discovery Center mission 3260 - build Events-to-Business acti # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ subaccount_admins = ["another.user@test.com"] -subaccount_service_admins = ["another.user@test.com"] \ No newline at end of file +subaccount_service_admins = ["another.user@test.com"] +business_process_automation_admins = = ["another.user@test.com", "you@test.com"] \ No newline at end of file diff --git a/released/discovery_center/mission_3260/variables.tf b/released/discovery_center/mission_3260/variables.tf index e7fb577f..89c1a832 100644 --- a/released/discovery_center/mission_3260/variables.tf +++ b/released/discovery_center/mission_3260/variables.tf @@ -38,6 +38,13 @@ variable "region" { description = "The region where the project account shall be created in." default = "us10" } + +variable "cf_org_name" { + type = string + description = "The Cloud Foundry Org name from the Cloud Foundry environment instance." + default = "" +} + # Cloudfoundry environment label variable "cf_landscape_label" { type = string @@ -56,3 +63,9 @@ variable "subaccount_service_admins" { description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." default = ["jane.doe@test.com", "john.doe@test.com"] } + +variable "business_process_automation_admins" { + type = list(string) + description = "Defines the colleagues who are added as administrators for the SAP Business Process Automation." + default = ["jane.doe@test.com", "john.doe@test.com"] +} diff --git a/released/discovery_center/mission_4024/main.tf b/released/discovery_center/mission_4024/main.tf index db79254b..11af7c12 100644 --- a/released/discovery_center/mission_4024/main.tf +++ b/released/discovery_center/mission_4024/main.tf @@ -29,7 +29,7 @@ data "btp_subaccount" "project" { # Assignment of emergency admins to the sub account as sub account administrators ############################################################################################### resource "btp_subaccount_role_collection_assignment" "subaccount_users" { - for_each = toset(var.emergency_admins) + for_each = toset("${var.emergency_admins}") subaccount_id = data.btp_subaccount.project.id role_collection_name = "Subaccount Administrator" user_name = each.value From 592f26fed3afad77141c4a40a044b341c2d61fba Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Tue, 9 Jul 2024 13:36:31 +0000 Subject: [PATCH 5/5] updat format --- released/discovery_center/mission_3260/outputs.tf | 2 +- released/discovery_center/mission_3260/samples.tfvars | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/released/discovery_center/mission_3260/outputs.tf b/released/discovery_center/mission_3260/outputs.tf index 750c1863..8a8121ed 100644 --- a/released/discovery_center/mission_3260/outputs.tf +++ b/released/discovery_center/mission_3260/outputs.tf @@ -9,6 +9,6 @@ output "cf_org_id" { } output "bpa_url" { - value = btp_subaccount_subscription.bpa.subscription_url + value = btp_subaccount_subscription.bpa.subscription_url description = "Subscription URL for SAP Business Process Automation" } \ No newline at end of file diff --git a/released/discovery_center/mission_3260/samples.tfvars b/released/discovery_center/mission_3260/samples.tfvars index 0db08bf8..f6d9889d 100644 --- a/released/discovery_center/mission_3260/samples.tfvars +++ b/released/discovery_center/mission_3260/samples.tfvars @@ -11,6 +11,6 @@ subaccount_name = "Discovery Center mission 3260 - build Events-to-Business acti # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["another.user@test.com"] -subaccount_service_admins = ["another.user@test.com"] -business_process_automation_admins = = ["another.user@test.com", "you@test.com"] \ No newline at end of file +subaccount_admins = ["another.user@test.com"] +subaccount_service_admins = ["another.user@test.com"] +business_process_automation_admins = ["another.user@test.com", "you@test.com"] \ No newline at end of file