SAP-samples · rui1610 · Jul 11, 2024 · Jul 10, 2024 · Jul 11, 2024 · Jul 11, 2024
diff --git a/released/discovery_center/mission_4038/README.md b/released/discovery_center/mission_4038/README.md
@@ -2,29 +2,23 @@
 
 ## Overview
 
-This sample shows how to create a landscape for the Discovery Center Mission "Extract your Ariba Spend Data using SAP Integration Suite"
+This sample shows how to create a landscape for the Discovery Center Mission "Extract your Ariba Spend Data using SAP Integration Suite" - [Discovery Center Mission](https://discovery-center.cloud.sap/missiondetail/4038/),
 
-## Content of setup
-
-The setup comprises the following resources:
-
-- Creation of the SAP BTP subaccount
-- Entitlements of services
-- Subscriptions to applications
-- Role collection assignments to users
-- Creation of CF environments
-- Management of users and roles on org and space level
-
-## Deploying the resources
+##  Setup
 
 To deploy the resources you must:
 
-1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP and CF provider
+1. Set the environment variables BTP_USERNAME and BTP_PASSWORD to pass credentials to the BTP provider to authenticate and interact with your BTP environments. 
 
-   ```hcl
-   username = "<Email address of your BTP user>"
-   password = "<Password of your BTP user>"
-   ```
+    ```bash
+    Mac & Linux 
+        export BTP_USERNAME=<your_username>
+        export BTP_PASSWORD=<your_password>
+
+    Windows(PS) 
+        $env:BTP_USERNAME=<your_username>
+        $env:BTP_PASSWORD=<your_password>
+    ```
 
 2. Change the variables in the `samples.tfvars` file to meet your requirements
 
@@ -40,13 +34,13 @@ To deploy the resources you must:
 4. You can check what Terraform plans to apply based on your configuration:
 
    ```bash
-   terraform plan -var-file="sample.tfvars"
+   terraform plan -var-file="samples.tfvars"
    ```
 
 5. Apply your configuration to provision the resources:
 
    ```bash
-   terraform apply -var-file="sample.tfvars"
+   terraform apply -var-file="samples.tfvars"
    ```
 
 ## In the end

diff --git a/released/discovery_center/mission_4038/locals.tf b/released/discovery_center/mission_4038/locals.tf
@@ -0,0 +1,4 @@
+locals {
+  service_name__sap_datasphere        = "data-analytics-osb"
+  service_name__sap_integration_suite = "integrationsuite"
+}
diff --git a/released/discovery_center/mission_4038/main.tf b/released/discovery_center/mission_4038/main.tf
@@ -1,85 +1,125 @@
-###############################################################################################
+# ------------------------------------------------------------------------------------------------------
 # Setup of names in accordance to naming convention
-###############################################################################################
+# ------------------------------------------------------------------------------------------------------
 resource "random_uuid" "uuid" {}
 
 locals {
-  random_uuid               = random_uuid.uuid.result
-  project_subaccount_domain = "teched23-tf-sap-ms-${local.random_uuid}"
-  project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32)
+  random_uuid       = random_uuid.uuid.result
+  subaccount_domain = lower(replace("mission-4038-${local.random_uuid}", "_", "-"))
 }
 
-###############################################################################################
+# ------------------------------------------------------------------------------------------------------
 # Creation of subaccount
-###############################################################################################
-resource "btp_subaccount" "project" {
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount" "dc_mission" {
+  count     = var.subaccount_id == "" ? 1 : 0
   name      = var.subaccount_name
-  subdomain = local.project_subaccount_domain
+  subdomain = local.subaccount_domain
   region    = lower(var.region)
+  usage     = "USED_FOR_PRODUCTION"
 }
 
-###############################################################################################
+data "btp_subaccount" "dc_mission" {
+  id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Assign custom IDP to sub account (if custom_idp is set)
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_trust_configuration" "fully_customized" {
+  # Only create trust configuration if custom_idp has been set 
+  count             = var.custom_idp == "" ? 0 : 1
+  subaccount_id     = data.btp_subaccount.dc_mission.id
+  identity_provider = var.custom_idp
+}
+
+
+# ------------------------------------------------------------------------------------------------------
 # Assignment of users as sub account administrators
-###############################################################################################
+# ------------------------------------------------------------------------------------------------------
 resource "btp_subaccount_role_collection_assignment" "subaccount-admins" {
-  for_each             = toset("${var.subaccount_admins}")
-  subaccount_id        = btp_subaccount.project.id
+  for_each             = toset(var.subaccount_admins)
+  subaccount_id        = data.btp_subaccount.dc_mission.id
   role_collection_name = "Subaccount Administrator"
   user_name            = each.value
 }
 
-###############################################################################################
+# ------------------------------------------------------------------------------------------------------
 # Assignment of users as sub account service administrators
-###############################################################################################
+# ------------------------------------------------------------------------------------------------------
 resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" {
-  for_each             = toset("${var.subaccount_service_admins}")
-  subaccount_id        = btp_subaccount.project.id
+  for_each             = toset(var.subaccount_service_admins)
+  subaccount_id        = data.btp_subaccount.dc_mission.id
   role_collection_name = "Subaccount Service Administrator"
   user_name            = each.value
 }
 
-######################################################################
-# Add "sleep" resource for generic purposes
-######################################################################
-resource "time_sleep" "wait_a_few_seconds" {
-  create_duration = "30s"
+# ------------------------------------------------------------------------------------------------------
+# Setup data-analytics-osb (not running in CF environment)
+# ------------------------------------------------------------------------------------------------------
+# Entitle 
+resource "btp_subaccount_entitlement" "datasphere" {
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  service_name  = local.service_name__sap_datasphere
+  plan_name     = var.service_plan__sap_datasphere
+}
+# Get serviceplan_id for data-analytics-osb with plan_name "standard"
+data "btp_subaccount_service_plan" "datasphere" {
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  offering_name = local.service_name__sap_datasphere
+  name          = var.service_plan__sap_datasphere
+  depends_on    = [btp_subaccount_entitlement.datasphere]
 }
 
-######################################################################
-# Entitlement of all services and apps
-######################################################################
-resource "btp_subaccount_entitlement" "integrationsuite" {
-  depends_on    = [time_sleep.wait_a_few_seconds]
-  subaccount_id = btp_subaccount.project.id
-  for_each = {
-    for index, entitlement in var.entitlements :
-    index => entitlement if contains(["app"], entitlement.type)
+# Create service instance
+resource "btp_subaccount_service_instance" "datasphere" {
+  subaccount_id  = data.btp_subaccount.dc_mission.id
+  serviceplan_id = data.btp_subaccount_service_plan.datasphere.id
+  name           = "datasphere_instance"
+  parameters = jsonencode(
+    {
+      "first_name" : "${var.datasphere_admin_first_name}",
+      "last_name" : "${var.datasphere_admin_last_name}",
+      "email" : "${var.datasphere_admin_email}",
+      "host_name" : "${var.datasphere_admin_host_name}",
+    }
+  )
+  timeouts = {
+    create = "90m"
+    update = "90m"
+    delete = "90m"
   }
-  service_name = each.value.service_name
-  plan_name    = each.value.plan_name
 }
 
-######################################################################
-# Create service subscriptions
-######################################################################
-data "btp_subaccount_subscriptions" "all" {
-  subaccount_id = btp_subaccount.project.id
-  depends_on    = [btp_subaccount_entitlement.integrationsuite]
+# ------------------------------------------------------------------------------------------------------
+# Create app subscription to SAP Integration Suite
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_entitlement" "sap_integration_suite" {
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  service_name  = local.service_name__sap_integration_suite
+  plan_name     = var.service_plan__sap_integration_suite
 }
 
-resource "btp_subaccount_subscription" "app" {
-
-  subaccount_id = btp_subaccount.project.id
-  for_each = {
-    for index, entitlement in var.entitlements :
-    index => entitlement if contains(["app"], entitlement.type)
-  }
+data "btp_subaccount_subscriptions" "all" {
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  depends_on    = [btp_subaccount_entitlement.sap_integration_suite]
+}
 
+resource "btp_subaccount_subscription" "sap_integration_suite" {
+  subaccount_id = data.btp_subaccount.dc_mission.id
   app_name = [
-    for subscription in data.btp_subaccount_subscriptions.all.values : subscription
-    if subscription.commercial_app_name == each.value.service_name
+    for subscription in data.btp_subaccount_subscriptions.all.values :
+    subscription
+    if subscription.commercial_app_name == local.service_name__sap_integration_suite
   ][0].app_name
+  plan_name  = var.service_plan__sap_integration_suite
+  depends_on = [data.btp_subaccount_subscriptions.all]
+}
 
-  plan_name  = each.value.plan_name
-  depends_on = [data.btp_subaccount_subscriptions.all, btp_subaccount_entitlement.integrationsuite]
+resource "btp_subaccount_role_collection_assignment" "int_prov" {
+  depends_on           = [btp_subaccount_subscription.sap_integration_suite]
+  for_each             = toset(var.int_provisioners)
+  subaccount_id        = data.btp_subaccount.dc_mission.id
+  role_collection_name = "Integration_Provisioner"
+  user_name            = each.value
 }
diff --git a/released/discovery_center/mission_4038/outputs.tf b/released/discovery_center/mission_4038/outputs.tf
@@ -0,0 +1,9 @@
+output "subaccount_id" {
+  value       = data.btp_subaccount.dc_mission.id
+  description = "The ID of the subaccount."
+}
+
+output "integrationsuite_url" {
+  value       = btp_subaccount_subscription.sap_integration_suite.subscription_url
+  description = "Subscription URL for SAP Business Process Automation"
+}
diff --git a/released/discovery_center/mission_4038/provider.tf b/released/discovery_center/mission_4038/provider.tf
@@ -5,10 +5,6 @@ terraform {
       source  = "sap/btp"
       version = "~> 1.4.0"
     }
-    cloudfoundry = {
-      source  = "cloudfoundry-community/cloudfoundry"
-      version = "0.53.1"
-    }
   }
 }
 
@@ -17,6 +13,4 @@ terraform {
 provider "btp" {
   globalaccount  = var.globalaccount
   cli_server_url = var.cli_server_url
-  username       = var.username
-  password       = var.password
 }
diff --git a/released/discovery_center/mission_4038/sample.tfvars b/released/discovery_center/mission_4038/sample.tfvars
@@ -4,20 +4,23 @@
 # Your global account subdomain
 globalaccount        = "youraccount"
 region               = "us10"
-subaccount_name      = "DC Mission 4038 - SAP Ariba Procurement Operations"
+subaccount_name      = "SAP Discovery Center Mission 4038"
 cf_environment_label = "cf-us10"
 cf_space_name        = "dev"
 
 # ------------------------------------------------------------------------------------------------------
 # Project specific configuration (please adapt!)
 # ------------------------------------------------------------------------------------------------------
+# Don't add the user, that is executing the TF script to subaccount_admins or subaccount_service_admins!
+
 subaccount_admins         = ["jane.doe@test.com", "john.doe@test.com"]
 subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"]
 
-cf_space_managers   = ["jane.doe@test.com", "john.doe@test.com"]
-cf_space_developers = ["jane.doe@test.com", "john.doe@test.com"]
-cf_space_auditors   = ["jane.doe@test.com", "john.doe@test.com"]
+int_provisioners            = ["jane.doe@test.com", "john.doe@test.com"]
+datasphere_admin_first_name = "First Name"
+datasphere_admin_last_name  = "Last Name"
+datasphere_admin_email      = "jane.doe@test.com"
+
+service_plan__sap_datasphere        = "standard"
+service_plan__sap_integration_suite = "enterprise_agreement"
 
-cf_org_auditors         = ["jane.doe@test.com", "john.doe@test.com"]
-cf_org_managers         = ["jane.doe@test.com", "john.doe@test.com"]
-cf_org_billing_managers = ["jane.doe@test.com", "john.doe@test.com"]