From 503befb775d9b8d1602f3c4cefd4ce6e69a247ac Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Wed, 10 Jul 2024 23:31:16 +0530 Subject: [PATCH 1/3] refactor --- .../discovery_center/mission_4038/main.tf | 61 +++++++++++-------- .../mission_4038/variables.tf | 27 ++++---- 2 files changed, 49 insertions(+), 39 deletions(-) diff --git a/released/discovery_center/mission_4038/main.tf b/released/discovery_center/mission_4038/main.tf index 4ad937db..252bb2d8 100644 --- a/released/discovery_center/mission_4038/main.tf +++ b/released/discovery_center/mission_4038/main.tf @@ -1,53 +1,62 @@ -############################################################################################### +# ------------------------------------------------------------------------------------------------------ # Setup of names in accordance to naming convention -############################################################################################### +# ------------------------------------------------------------------------------------------------------ resource "random_uuid" "uuid" {} locals { - random_uuid = random_uuid.uuid.result - project_subaccount_domain = "teched23-tf-sap-ms-${local.random_uuid}" - project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) + random_uuid = random_uuid.uuid.result + subaccount_domain = lower(replace("mission-4038-${local.random_uuid}", "_", "-")) } -############################################################################################### +# ------------------------------------------------------------------------------------------------------ # Creation of subaccount -############################################################################################### -resource "btp_subaccount" "project" { +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount" "dc_mission" { + count = var.subaccount_id == "" ? 1 : 0 name = var.subaccount_name - subdomain = local.project_subaccount_domain + subdomain = local.subaccount_domain region = lower(var.region) + usage = "USED_FOR_PRODUCTION" } -############################################################################################### +data "btp_subaccount" "dc_mission" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id +} + +# ------------------------------------------------------------------------------------------------------ +# Assign custom IDP to sub account (if custom_idp is set) +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_trust_configuration" "fully_customized" { + # Only create trust configuration if custom_idp has been set + count = var.custom_idp == "" ? 0 : 1 + subaccount_id = data.btp_subaccount.dc_mission.id + identity_provider = var.custom_idp +} + + +# ------------------------------------------------------------------------------------------------------ # Assignment of users as sub account administrators -############################################################################################### +# ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { - for_each = toset("${var.subaccount_admins}") + for_each = toset(var.subaccount_admins) subaccount_id = btp_subaccount.project.id role_collection_name = "Subaccount Administrator" user_name = each.value } -############################################################################################### +# ------------------------------------------------------------------------------------------------------ # Assignment of users as sub account service administrators -############################################################################################### +# ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { - for_each = toset("${var.subaccount_service_admins}") + for_each = toset(var.subaccount_service_admins) subaccount_id = btp_subaccount.project.id role_collection_name = "Subaccount Service Administrator" user_name = each.value } -###################################################################### -# Add "sleep" resource for generic purposes -###################################################################### -resource "time_sleep" "wait_a_few_seconds" { - create_duration = "30s" -} - -###################################################################### +# ------------------------------------------------------------------------------------------------------ # Entitlement of all services and apps -###################################################################### +# ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_entitlement" "integrationsuite" { depends_on = [time_sleep.wait_a_few_seconds] subaccount_id = btp_subaccount.project.id @@ -59,9 +68,9 @@ resource "btp_subaccount_entitlement" "integrationsuite" { plan_name = each.value.plan_name } -###################################################################### +# ------------------------------------------------------------------------------------------------------ # Create service subscriptions -###################################################################### +# ------------------------------------------------------------------------------------------------------ data "btp_subaccount_subscriptions" "all" { subaccount_id = btp_subaccount.project.id depends_on = [btp_subaccount_entitlement.integrationsuite] diff --git a/released/discovery_center/mission_4038/variables.tf b/released/discovery_center/mission_4038/variables.tf index 8529aa7e..983db00c 100644 --- a/released/discovery_center/mission_4038/variables.tf +++ b/released/discovery_center/mission_4038/variables.tf @@ -13,6 +13,14 @@ variable "subaccount_name" { description = "The subaccount name." default = "DC Mission 4038 - SAP Ariba Procurement Operations" } + +# subaccount id +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} + # Region variable "region" { type = string @@ -27,6 +35,12 @@ variable "cli_server_url" { default = "https://cpcli.cf.eu10.hana.ondemand.com" } +variable "custom_idp" { + type = string + description = "Defines the custom IdP" + default = "" +} + variable "subaccount_admins" { type = list(string) description = "Defines the colleagues who are added to each subaccount as subaccount administrators." @@ -39,19 +53,6 @@ variable "subaccount_service_admins" { default = ["jane.doe@test.com", "john.doe@test.com"] } -variable "username" { - description = "BTP username" - type = string - sensitive = true - -} - -variable "password" { - description = "BTP user password" - type = string - sensitive = true -} - ### # Entitlements ### From ab7226357ee0ee595bfe62d63d7bc541dadef6d7 Mon Sep 17 00:00:00 2001 From: Mahesh kumar Palavalli Date: Thu, 11 Jul 2024 09:39:11 +0530 Subject: [PATCH 2/3] dc misson 4038 refactor --- .../discovery_center/mission_4038/README.md | 34 ++++---- .../discovery_center/mission_4038/locals.tf | 4 + .../discovery_center/mission_4038/main.tf | 83 +++++++++++++------ .../discovery_center/mission_4038/outputs.tf | 9 ++ .../discovery_center/mission_4038/provider.tf | 6 -- .../mission_4038/sample.tfvars | 17 ++-- .../mission_4038/variables.tf | 73 ++++++++++++---- 7 files changed, 149 insertions(+), 77 deletions(-) create mode 100644 released/discovery_center/mission_4038/locals.tf create mode 100644 released/discovery_center/mission_4038/outputs.tf diff --git a/released/discovery_center/mission_4038/README.md b/released/discovery_center/mission_4038/README.md index cc51023f..f11c1914 100644 --- a/released/discovery_center/mission_4038/README.md +++ b/released/discovery_center/mission_4038/README.md @@ -2,29 +2,23 @@ ## Overview -This sample shows how to create a landscape for the Discovery Center Mission "Extract your Ariba Spend Data using SAP Integration Suite" +This sample shows how to create a landscape for the Discovery Center Mission "Extract your Ariba Spend Data using SAP Integration Suite" - [Discovery Center Mission](https://discovery-center.cloud.sap/missiondetail/4038/), -## Content of setup - -The setup comprises the following resources: - -- Creation of the SAP BTP subaccount -- Entitlements of services -- Subscriptions to applications -- Role collection assignments to users -- Creation of CF environments -- Management of users and roles on org and space level - -## Deploying the resources +## Setup To deploy the resources you must: -1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider +1. Set the environment variables BTP_USERNAME and BTP_PASSWORD to pass credentials to the BTP provider to authenticate and interact with your BTP environments. - ```hcl - username = "" - password = "" - ``` + ```bash + Mac & Linux + export BTP_USERNAME= + export BTP_PASSWORD= + + Windows(PS) + $env:BTP_USERNAME= + $env:BTP_PASSWORD= + ``` 2. Change the variables in the `samples.tfvars` file to meet your requirements @@ -40,13 +34,13 @@ To deploy the resources you must: 4. You can check what Terraform plans to apply based on your configuration: ```bash - terraform plan -var-file="sample.tfvars" + terraform plan -var-file="samples.tfvars" ``` 5. Apply your configuration to provision the resources: ```bash - terraform apply -var-file="sample.tfvars" + terraform apply -var-file="samples.tfvars" ``` ## In the end diff --git a/released/discovery_center/mission_4038/locals.tf b/released/discovery_center/mission_4038/locals.tf new file mode 100644 index 00000000..6c164094 --- /dev/null +++ b/released/discovery_center/mission_4038/locals.tf @@ -0,0 +1,4 @@ +locals { + service_name__sap_datasphere = "data-analytics-osb" + service_name__sap_integration_suite = "integrationsuite" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4038/main.tf b/released/discovery_center/mission_4038/main.tf index 252bb2d8..8ce368bf 100644 --- a/released/discovery_center/mission_4038/main.tf +++ b/released/discovery_center/mission_4038/main.tf @@ -39,7 +39,7 @@ resource "btp_subaccount_trust_configuration" "fully_customized" { # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { for_each = toset(var.subaccount_admins) - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.dc_mission.id role_collection_name = "Subaccount Administrator" user_name = each.value } @@ -49,46 +49,77 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { for_each = toset(var.subaccount_service_admins) - subaccount_id = btp_subaccount.project.id + subaccount_id = data.btp_subaccount.dc_mission.id role_collection_name = "Subaccount Service Administrator" user_name = each.value } # ------------------------------------------------------------------------------------------------------ -# Entitlement of all services and apps +# Setup data-analytics-osb (not running in CF environment) # ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_entitlement" "integrationsuite" { - depends_on = [time_sleep.wait_a_few_seconds] - subaccount_id = btp_subaccount.project.id - for_each = { - for index, entitlement in var.entitlements : - index => entitlement if contains(["app"], entitlement.type) +# Entitle +resource "btp_subaccount_entitlement" "datasphere" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_datasphere + plan_name = var.service_plan__sap_datasphere +} +# Get serviceplan_id for data-analytics-osb with plan_name "standard" +data "btp_subaccount_service_plan" "datasphere" { + subaccount_id = data.btp_subaccount.dc_mission.id + offering_name = local.service_name__sap_datasphere + name = var.service_plan__sap_datasphere + depends_on = [btp_subaccount_entitlement.datasphere] +} + +# Create service instance +resource "btp_subaccount_service_instance" "datasphere" { + subaccount_id = data.btp_subaccount.dc_mission.id + serviceplan_id = data.btp_subaccount_service_plan.datasphere.id + name = "datasphere_instance" + parameters = jsonencode( + { + "first_name" : "${var.datasphere_admin_first_name}", + "last_name" : "${var.datasphere_admin_last_name}", + "email" : "${var.datasphere_admin_email}", + "host_name" : "${var.datasphere_admin_host_name}", + } + ) + timeouts = { + create = "90m" + update = "90m" + delete = "90m" } - service_name = each.value.service_name - plan_name = each.value.plan_name } # ------------------------------------------------------------------------------------------------------ -# Create service subscriptions +# Create app subscription to SAP Integration Suite # ------------------------------------------------------------------------------------------------------ -data "btp_subaccount_subscriptions" "all" { - subaccount_id = btp_subaccount.project.id - depends_on = [btp_subaccount_entitlement.integrationsuite] +resource "btp_subaccount_entitlement" "sap_integration_suite" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_integration_suite + plan_name = var.service_plan__sap_integration_suite } -resource "btp_subaccount_subscription" "app" { - - subaccount_id = btp_subaccount.project.id - for_each = { - for index, entitlement in var.entitlements : - index => entitlement if contains(["app"], entitlement.type) - } +data "btp_subaccount_subscriptions" "all" { + subaccount_id = data.btp_subaccount.dc_mission.id + depends_on = [btp_subaccount_entitlement.sap_integration_suite] +} +resource "btp_subaccount_subscription" "sap_integration_suite" { + subaccount_id = data.btp_subaccount.dc_mission.id app_name = [ - for subscription in data.btp_subaccount_subscriptions.all.values : subscription - if subscription.commercial_app_name == each.value.service_name + for subscription in data.btp_subaccount_subscriptions.all.values : + subscription + if subscription.commercial_app_name == local.service_name__sap_integration_suite ][0].app_name + plan_name = var.service_plan__sap_integration_suite + depends_on = [data.btp_subaccount_subscriptions.all] +} - plan_name = each.value.plan_name - depends_on = [data.btp_subaccount_subscriptions.all, btp_subaccount_entitlement.integrationsuite] +resource "btp_subaccount_role_collection_assignment" "int_prov" { + depends_on = [btp_subaccount_subscription.sap_integration_suite] + for_each = toset(var.int_provisioners) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Integration_Provisioner" + user_name = each.value } diff --git a/released/discovery_center/mission_4038/outputs.tf b/released/discovery_center/mission_4038/outputs.tf new file mode 100644 index 00000000..444baba8 --- /dev/null +++ b/released/discovery_center/mission_4038/outputs.tf @@ -0,0 +1,9 @@ +output "subaccount_id" { + value = data.btp_subaccount.dc_mission.id + description = "The ID of the subaccount." +} + +output "integrationsuite_url" { + value = btp_subaccount_subscription.sap_integration_suite.subscription_url + description = "Subscription URL for SAP Business Process Automation" +} diff --git a/released/discovery_center/mission_4038/provider.tf b/released/discovery_center/mission_4038/provider.tf index 6cd44a69..7170b3fb 100644 --- a/released/discovery_center/mission_4038/provider.tf +++ b/released/discovery_center/mission_4038/provider.tf @@ -5,10 +5,6 @@ terraform { source = "sap/btp" version = "~> 1.4.0" } - cloudfoundry = { - source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" - } } } @@ -17,6 +13,4 @@ terraform { provider "btp" { globalaccount = var.globalaccount cli_server_url = var.cli_server_url - username = var.username - password = var.password } diff --git a/released/discovery_center/mission_4038/sample.tfvars b/released/discovery_center/mission_4038/sample.tfvars index 20fc915f..5fdc1c28 100644 --- a/released/discovery_center/mission_4038/sample.tfvars +++ b/released/discovery_center/mission_4038/sample.tfvars @@ -4,20 +4,23 @@ # Your global account subdomain globalaccount = "youraccount" region = "us10" -subaccount_name = "DC Mission 4038 - SAP Ariba Procurement Operations" +subaccount_name = "SAP Discovery Center Mission 4038" cf_environment_label = "cf-us10" cf_space_name = "dev" # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ +# Don't add the user, that is executing the TF script to subaccount_admins or subaccount_service_admins! + subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] -cf_space_managers = ["jane.doe@test.com", "john.doe@test.com"] -cf_space_developers = ["jane.doe@test.com", "john.doe@test.com"] -cf_space_auditors = ["jane.doe@test.com", "john.doe@test.com"] +int_provisioners = ["jane.doe@test.com", "john.doe@test.com"] +datasphere_admin_first_name = "First Name" +datasphere_admin_last_name = "Last Name" +datasphere_admin_email = "jane.doe@test.com" + +service_plan__sap_datasphere = "standard" +service_plan__sap_integration_suite = "enterprise_agreement" -cf_org_auditors = ["jane.doe@test.com", "john.doe@test.com"] -cf_org_managers = ["jane.doe@test.com", "john.doe@test.com"] -cf_org_billing_managers = ["jane.doe@test.com", "john.doe@test.com"] diff --git a/released/discovery_center/mission_4038/variables.tf b/released/discovery_center/mission_4038/variables.tf index 983db00c..648790dd 100644 --- a/released/discovery_center/mission_4038/variables.tf +++ b/released/discovery_center/mission_4038/variables.tf @@ -53,21 +53,58 @@ variable "subaccount_service_admins" { default = ["jane.doe@test.com", "john.doe@test.com"] } -### -# Entitlements -### -variable "entitlements" { - type = list(object({ - service_name = string - plan_name = string - type = string - })) - description = "The list of entitlements that shall be added to the subaccount." - default = [ - { - service_name = "integrationsuite" - plan_name = "enterprise_agreement", - type = "app" - } - ] -} \ No newline at end of file +# service plan datasphere +variable "service_plan__sap_datasphere" { + type = string + description = "The service plan for the SAP Datasphere." + default = "free" + validation { + condition = contains(["free", "standard"], var.service_plan__sap_datasphere) + error_message = "Invalid value for service_plan__sap_datasphere. Only 'free' & 'standard' are allowed." + } +} + +# Integration Suite +variable "service_plan__sap_integration_suite" { + type = string + description = "The plan for SAP Integration Suite" + default = "enterprise_agreement" + validation { + condition = contains(["enterprise_agreement"], var.service_plan__sap_integration_suite) + error_message = "Invalid value for service_plan__sap_integration_suite. Only 'enterprise_agreement' are allowed." + } +} + +variable "int_provisioners" { + type = list(string) + description = "Integration Provisioners" +} + +# Datasphere User Info + +# first name +variable "datasphere_admin_first_name" { + type = string + description = "Datasphere Admin First Name" + default = "first name" +} + +# last name +variable "datasphere_admin_last_name" { + type = string + description = "Datasphere Admin Last Name" + default = "last name" +} + +# email +variable "datasphere_admin_email" { + type = string + description = "Datasphere Admin Email" +} + +# host_name +variable "datasphere_admin_host_name" { + type = string + description = "Datasphere Admin Host Name" + default = "" +} From b0e678cc3cb2b70dc690b258e45210f28b324a3d Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Thu, 11 Jul 2024 09:51:59 +0200 Subject: [PATCH 3/3] Update variables.tf --- released/discovery_center/mission_4038/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/released/discovery_center/mission_4038/variables.tf b/released/discovery_center/mission_4038/variables.tf index 648790dd..98da5894 100644 --- a/released/discovery_center/mission_4038/variables.tf +++ b/released/discovery_center/mission_4038/variables.tf @@ -32,7 +32,7 @@ variable "region" { variable "cli_server_url" { type = string description = "The BTP CLI server URL." - default = "https://cpcli.cf.eu10.hana.ondemand.com" + default = "https://cli.btp.cloud.sap" } variable "custom_idp" {