diff --git a/released/discovery_center/mission_3260/README.md b/released/discovery_center/mission_3260/README.md index 70d8f3e1..966e3f6b 100644 --- a/released/discovery_center/mission_3260/README.md +++ b/released/discovery_center/mission_3260/README.md @@ -17,23 +17,45 @@ This script simplifies the majority of tasks in the [Discovery Center Mission](h ## Execution -1. Copy the `samples.tfvars` to a file called `terraform.tfvars` and fill in the values for the variables. -2. To authenticate and enable interaction with your BTP environments, ensure you set the necessary environment variables BTP_USERNAME and BTP_PASSWORD +1. Set the environment variables BTP_USERNAME and BTP_PASSWORD to pass credentials to the BTP provider to authenticate and interact with your BTP environments. ```bash Mac & Linux export BTP_USERNAME= export BTP_PASSWORD= - export CF_USER= - export CF_PASSWORD= Windows(PS) $env:BTP_USERNAME= $env:BTP_PASSWORD= - $env:CF_USER= - $env:CF_PASSWORD= ``` -3. Execute a `terraform init` to initialize the terraform providers and modules. -4. Execute a `terraform plan` to see what resources will be created. -5. Execute a `terraform apply` to create the resources. \ No newline at end of file +2. Change the variables in the `samples.tfvars` file to meet your requirements + + > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. + + +3. Initialize your workspace: + + ```bash + terraform init + ``` + +4. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="samples.tfvars" + ``` + +5. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="samples.tfvars" + ``` + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy +``` \ No newline at end of file diff --git a/released/discovery_center/mission_3260/locals.tf b/released/discovery_center/mission_3260/locals.tf new file mode 100644 index 00000000..c704d5bc --- /dev/null +++ b/released/discovery_center/mission_3260/locals.tf @@ -0,0 +1,3 @@ +locals { + service_name__sap_process_automation = "process-automation" +} \ No newline at end of file diff --git a/released/discovery_center/mission_3260/main.tf b/released/discovery_center/mission_3260/main.tf index bdcf3c83..ca5daa2a 100644 --- a/released/discovery_center/mission_3260/main.tf +++ b/released/discovery_center/mission_3260/main.tf @@ -13,18 +13,23 @@ locals { # Creation of subaccount # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount" "dc_mission" { + count = var.subaccount_id == "" ? 1 : 0 name = var.subaccount_name subdomain = local.subaccount_domain region = lower(var.region) + usage = "USED_FOR_PRODUCTION" } +data "btp_subaccount" "dc_mission" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id +} # ------------------------------------------------------------------------------------------------------ # Assign custom IDP to sub account (if custom_idp is set) # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_trust_configuration" "fully_customized" { # Only create trust configuration if custom_idp has been set count = var.custom_idp == "" ? 0 : 1 - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id identity_provider = var.custom_idp } @@ -33,7 +38,7 @@ resource "btp_subaccount_trust_configuration" "fully_customized" { # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { for_each = toset(var.subaccount_admins) - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id role_collection_name = "Subaccount Administrator" user_name = each.value } @@ -43,7 +48,7 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { for_each = toset(var.subaccount_service_admins) - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id role_collection_name = "Subaccount Service Administrator" user_name = each.value } @@ -52,10 +57,9 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" # ------------------------------------------------------------------------------------------------------ # CLOUDFOUNDRY PREPARATION # ------------------------------------------------------------------------------------------------------ -# # Fetch all available environments for the subaccount data "btp_subaccount_environments" "all" { - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id } # ------------------------------------------------------------------------------------------------------ # Take the landscape label from the first CF environment if no environment label is provided @@ -64,11 +68,9 @@ data "btp_subaccount_environments" "all" { resource "terraform_data" "replacement" { input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label } -# ------------------------------------------------------------------------------------------------------ -# Creation of Cloud Foundry environment -# ------------------------------------------------------------------------------------------------------ + resource "btp_subaccount_environment_instance" "cloudfoundry" { - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id name = local.subaccount_cf_org environment_type = "cloudfoundry" service_name = "cloudfoundry" @@ -79,27 +81,59 @@ resource "btp_subaccount_environment_instance" "cloudfoundry" { }) } +# ------------------------------------------------------------------------------------------------------ +# Create service instance - SAP Build Process Automation service +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_entitlement" "build_process_automation" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_process_automation + plan_name = var.service_plan__sap_process_automation +} + +# Create app subscription to SAP Build Process Automation +resource "btp_subaccount_subscription" "build_process_automation" { + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = local.service_name__sap_process_automation + plan_name = var.service_plan__sap_process_automation + depends_on = [btp_subaccount_entitlement.build_process_automation] +} + +# Assign users to Role Collection: ProcessAutomationAdmin +resource "btp_subaccount_role_collection_assignment" "bpa_admin" { + for_each = toset(var.process_automation_admins) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "ProcessAutomationAdmin" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_participants" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.process_automation_participants) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "ProcessAutomationParticipant" + user_name = each.value +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_developers" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.process_automation_developers) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "ProcessAutomationDeveloper" + user_name = each.value +} + # ------------------------------------------------------------------------------------------------------ # Create service instance - SAP Build Process Automation service # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_entitlement" "bpa" { - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id service_name = "process-automation" plan_name = "free" } resource "btp_subaccount_subscription" "bpa" { - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id app_name = "process-automation" plan_name = "free" depends_on = [btp_subaccount_entitlement.bpa] } - -# Assign users to Role Collection: ProcessAutomationAdmin -resource "btp_subaccount_role_collection_assignment" "bpa_admin" { - for_each = toset(var.business_process_automation_admins) - subaccount_id = btp_subaccount.dc_mission.id - role_collection_name = "ProcessAutomationAdmin" - user_name = each.value - depends_on = [btp_subaccount_subscription.bpa] -} diff --git a/released/discovery_center/mission_3260/outputs.tf b/released/discovery_center/mission_3260/outputs.tf index 8a8121ed..dac77df7 100644 --- a/released/discovery_center/mission_3260/outputs.tf +++ b/released/discovery_center/mission_3260/outputs.tf @@ -1,5 +1,6 @@ output "subaccount_id" { - value = btp_subaccount.dc_mission.id + + value = data.btp_subaccount.dc_mission.id description = "The ID of the subaccount." } @@ -11,4 +12,4 @@ output "cf_org_id" { output "bpa_url" { value = btp_subaccount_subscription.bpa.subscription_url description = "Subscription URL for SAP Business Process Automation" -} \ No newline at end of file +} diff --git a/released/discovery_center/mission_3260/samples.tfvars b/released/discovery_center/mission_3260/samples.tfvars index f6d9889d..f056672d 100644 --- a/released/discovery_center/mission_3260/samples.tfvars +++ b/released/discovery_center/mission_3260/samples.tfvars @@ -4,13 +4,15 @@ # Your global account subdomain globalaccount = "youraccount" region = "us10" -subaccount_name = "Discovery Center mission 3260 - build Events-to-Business actions" -#cf_landscape_label = "cf-us10" -#custom_idp = "xxxx" +subaccount_name = "Discovery Center mission 3260 - Process and approve your invoices with SAP Build Process Automation" + +service_plan__sap_process_automation = "free" # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["another.user@test.com"] -subaccount_service_admins = ["another.user@test.com"] -business_process_automation_admins = ["another.user@test.com", "you@test.com"] \ No newline at end of file +# Don't add the user, that is executing the TF script to subaccount_admins or subaccount_service_admins! +subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] +business_process_automation_admins = ["jane.doe@test.com", "john.doe@test.com"] + diff --git a/released/discovery_center/mission_3260/variables.tf b/released/discovery_center/mission_3260/variables.tf index 89c1a832..ca541c29 100644 --- a/released/discovery_center/mission_3260/variables.tf +++ b/released/discovery_center/mission_3260/variables.tf @@ -11,9 +11,10 @@ variable "globalaccount" { variable "subaccount_name" { type = string description = "The subaccount name." - default = "UC - Build resilient BTP Apps" + default = "DC Mission 3260 - Process and approve your invoices with SAP Build Process Automation" } +# subaccount id variable "subaccount_id" { type = string description = "The subaccount ID." @@ -64,8 +65,39 @@ variable "subaccount_service_admins" { default = ["jane.doe@test.com", "john.doe@test.com"] } + +# Process automation Variables +variable "service_plan__sap_process_automation" { + type = string + description = "The plan for SAP Build Process Automation" + default = "standard" + + validation { + condition = contains(["standard", "free"], var.service_plan__sap_process_automation) + error_message = "Invalid value for service_plan__sap_process_automation. Only 'standard' and 'free' are allowed." + } +} + +variable "process_automation_admins" { + type = list(string) + description = "Defines the users who have the role of ProcessAutomationAdmin in SAP Build Process Automation" +} + +variable "process_automation_developers" { + type = list(string) + description = "Defines the users who have the role of ProcessAutomationDeveloper in SAP Build Process Automation" +} + +variable "process_automation_participants" { + type = list(string) + description = "Defines the users who have the role of ProcessAutomationParticipant in SAP Build Process Automation" + default = ["jane.doe@test.com", "john.doe@test.com"] +} + + variable "business_process_automation_admins" { type = list(string) description = "Defines the colleagues who are added as administrators for the SAP Business Process Automation." default = ["jane.doe@test.com", "john.doe@test.com"] } +