[NEW] dc mission 3680

released/discovery_center/mission_3680/step1/README.md

@@ -0,0 +1,53 @@
+# Discovery Center Mission: Create a custom mobile app to extend HR capabilities (3680)
+
+## Overview
+
+This sample shows how to create a landscape for the Discovery Center Mission - [Create a custom mobile app to extend HR capabilities](https://discovery-center.cloud.sap/missiondetail/3680/)
+
+## Content of setup
+
+The setup comprises the following resources:
+
+- Creation of the SAP BTP subaccount
+- Entitlements of services
+- Subscriptions to applications
+- Role collection assignments to users
+- Management of users and roles on org and space level
+
+## Deploying the resources
+
+To deploy the resources you must:
+
+1. Export environment variables BTP_USERNAME, BTP_PASSWORD, CF_USER, and CF_PASSWORD with your username and password for the custom IdP of your global account.
+
+2. Change the variables in the `samples.tfvars` file in the main folder to meet your requirements
+
+   > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`.
+
+3. Execute the apply.sh script.
+
+4. Verify e.g., in BTP cockpit that a new subaccount with a integration suite, SAP Business Application Studio, CF environment instance and a CF space have been created.
+
+   ```bash
+   terraform init
+   ```
+
+5. You can check what Terraform plans to apply based on your configuration:
+
+   ```bash
+   terraform plan -var-file="samples.tfvars"
+   ```
+
+6. Apply your configuration to provision the resources:
+
+   ```bash
+   terraform apply -var-file="samples.tfvars"
+   ```
+
+## In the end
+
+You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command:
+
+```bash
+terraform destroy -var-file="samples.tfvars"
+```

released/discovery_center/mission_3680/step1/locals.tf

@@ -0,0 +1,4 @@
+locals {
+  service_name__sap_build_apps = "sap-build-apps"
+  service_name__build_workzone = "SAPLaunchpad"
+}

released/discovery_center/mission_3680/step1/main.tf

@@ -0,0 +1,214 @@
+# ------------------------------------------------------------------------------------------------------
+# Setup of names in accordance to naming convention
+# ------------------------------------------------------------------------------------------------------
+resource "random_uuid" "uuid" {}
+
+locals {
+  random_uuid       = random_uuid.uuid.result
+  subaccount_domain = lower(replace("mission-4356-${local.random_uuid}", "_", "-"))
+  # If a cf_org_name was defined by the user, take that as a subaccount_cf_org. Otherwise create it.
+  subaccount_cf_org = length(var.cf_org_name) > 0 ? var.cf_org_name : substr(replace("${local.subaccount_domain}", "-", ""), 0, 32)
+}
+# ------------------------------------------------------------------------------------------------------
+# Creation of subaccount
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount" "dc_mission" {
+  name      = var.subaccount_name
+  subdomain = local.subaccount_domain
+  region    = lower(var.region)
+  usage     = "USED_FOR_PRODUCTION"
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Assignment of users as sub account administrators
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "subaccount-admins" {
+  for_each             = toset(var.subaccount_admins)
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "Subaccount Administrator"
+  user_name            = each.value
+}
+# ------------------------------------------------------------------------------------------------------
+# Assignment of users as sub account service administrators
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" {
+  for_each             = toset(var.subaccount_service_admins)
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "Subaccount Service Administrator"
+  user_name            = each.value
+}
+
+
+# ------------------------------------------------------------------------------------------------------
+# Entitle subaccount for usage of SAP HANA Cloud tools
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_entitlement" "hana_cloud_tools" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  service_name  = "hana-cloud-tools"
+  plan_name     = "tools"
+}
+
+resource "btp_subaccount_subscription" "hana_cloud_tools" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  app_name      = "hana-cloud-tools"
+  plan_name     = "tools"
+  depends_on    = [btp_subaccount_entitlement.hana_cloud_tools]
+}
+
+# Assign users to Role Collection: SAP HANA Cloud Administrator
+resource "btp_subaccount_role_collection_assignment" "hana_cloud_admin" {
+  for_each             = toset(var.hana_cloud_admins)
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "SAP HANA Cloud Administrator"
+  user_name            = each.value
+  depends_on           = [btp_subaccount_subscription.hana_cloud_tools]
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Entitle subaccount for usage of SAP HANA Cloud
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_entitlement" "hana_cloud" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  service_name  = "hana-cloud"
+  plan_name     = "hana"
+}
+
+# Get plan for SAP HANA Cloud
+data "btp_subaccount_service_plan" "hana_cloud" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  offering_name = "hana-cloud"
+  name          = "hana"
+  depends_on    = [btp_subaccount_entitlement.hana_cloud]
+}
+
+resource "btp_subaccount_service_instance" "hana_cloud" {
+  subaccount_id  = btp_subaccount.dc_mission.id
+  serviceplan_id = data.btp_subaccount_service_plan.hana_cloud.id
+  name           = "my-hana-cloud-instance"
+  depends_on     = [btp_subaccount_entitlement.hana_cloud]
+  parameters = jsonencode(
+    {
+      "data" : {
+        "memory" : 32,
+        "edition" : "cloud",
+        "systempassword" : "${var.hana_system_password}",
+        "additionalWorkers" : 0,
+        "disasterRecoveryMode" : "no_disaster_recovery",
+        "enabledservices" : {
+          "docstore" : false,
+          "dpserver" : true,
+          "scriptserver" : false
+        },
+        "requestedOperation" : {},
+        "serviceStopped" : false,
+        "slaLevel" : "standard",
+        "storage" : 120,
+        "vcpu" : 2,
+        "whitelistIPs" : ["0.0.0.0/0"]
+      }
+  })
+
+  timeouts = {
+    create = "45m"
+    update = "45m"
+    delete = "45m"
+  }
+}
+
+# Create service binding to SAP HANA Cloud service 
+resource "btp_subaccount_service_binding" "hana_cloud" {
+  subaccount_id       = btp_subaccount.dc_mission.id
+  service_instance_id = btp_subaccount_service_instance.hana_cloud.id
+  name                = "hana-cloud-key"
+}
+
+
+
+# ------------------------------------------------------------------------------------------------------
+# CLOUDFOUNDRY PREPARATION
+# ------------------------------------------------------------------------------------------------------
+#
+# Fetch all available environments for the subaccount
+data "btp_subaccount_environments" "all" {
+  subaccount_id = btp_subaccount.dc_mission.id
+}
+# ------------------------------------------------------------------------------------------------------
+# Take the landscape label from the first CF environment if no environment label is provided
+# (this replaces the previous null_resource)
+# ------------------------------------------------------------------------------------------------------
+resource "terraform_data" "replacement" {
+  input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label
+}
+# ------------------------------------------------------------------------------------------------------
+# Creation of Cloud Foundry environment
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_environment_instance" "cloudfoundry" {
+  subaccount_id    = btp_subaccount.dc_mission.id
+  name             = local.subaccount_cf_org
+  environment_type = "cloudfoundry"
+  service_name     = "cloudfoundry"
+  plan_name        = "standard"
+  landscape_label  = terraform_data.replacement.output
+  parameters = jsonencode({
+    instance_name = local.subaccount_cf_org
+  })
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Event Mesh
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_entitlement" "event_mesh" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  service_name  = "enterprise-messaging"
+  plan_name     = "default"
+}
+
+resource "btp_subaccount_entitlement" "event_mesh_application" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  service_name  = "enterprise-messaging-hub"
+  plan_name     = "standard"
+}
+
+resource "btp_subaccount_subscription" "event_mesh_application" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  app_name      = "enterprise-messaging-hub"
+  plan_name     = "standard"
+  depends_on    = [btp_subaccount_entitlement.event_mesh_application]
+}
+
+resource "btp_subaccount_role_collection_assignment" "event_mesh_admin" {
+  depends_on           = [btp_subaccount_subscription.event_mesh_application]
+  for_each             = toset(var.event_mesh_admins)
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "Enterprise Messaging Administrator"
+  user_name            = each.value
+}
+
+resource "btp_subaccount_role_collection_assignment" "event_mesh_developer" {
+  depends_on           = [btp_subaccount_subscription.event_mesh_application]
+  for_each             = toset(var.event_mesh_developers)
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "Enterprise Messaging Developer"
+  user_name            = each.value
+}
+
+
+# ------------------------------------------------------------------------------------------------------
+# Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true)
+# ------------------------------------------------------------------------------------------------------
+resource "local_file" "output_vars_step1" {
+  count    = var.create_tfvars_file_for_step2 ? 1 : 0
+  content  = <<-EOT
+      subaccount_id        = "${btp_subaccount.dc_mission.id}"
+      cf_api_url           = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}"
+      cf_org_id            = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]}"
+      origin               = "${var.origin}"
+      cf_space_name        = "${var.cf_space_name}"
+      cf_org_admins        = ${jsonencode(var.cf_org_admins)}
+      cf_org_users         = ${jsonencode(var.cf_org_users)}
+      cf_space_developers  = ${jsonencode(var.cf_space_developers)}
+      cf_space_managers    = ${jsonencode(var.cf_space_managers)}
+      event_mesh_url       = "${btp_subaccount_subscription.event_mesh_application.subscription_url}"
+      EOT
+  filename = "../step2/terraform.tfvars"
+}

released/discovery_center/mission_3680/step1/output.tf

@@ -0,0 +1,29 @@
+output "subaccount_id" {
+  value       = btp_subaccount.dc_mission.id
+  description = "The ID of the subaccount."
+}
+
+output "cf_api_url" {
+  value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]
+  description = "The Cloudfoundry API endpoint."
+}
+
+output "cf_landscape_label" {
+  value       = terraform_data.replacement.output
+  description = "The Cloudfoundry landscape label."
+}
+
+output "cf_org_id" {
+  value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]
+  description = "The Cloudfoundry org id."
+}
+
+output "event_mesh_url" {
+  value       = btp_subaccount_subscription.event_mesh_application.subscription_url
+  description = "Event Mesh URL"
+}
+
+# output "hana_tools_url" {
+#   value       = btp_subaccount_subscription.hana_cloud_tools.subscription_url
+#   description = "HANA Tools URL"
+# }

released/discovery_center/mission_3680/step1/provider.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    btp = {
+      source  = "SAP/btp"
+      version = "~> 1.4.0"
+    }
+  }
+}
+
+provider "btp" {
+  # Comment out the idp in case you need it to connect to your global account
+  # -------------------------------------------------------------------------
+  # idp            = var.custom_idp
+  cli_server_url = var.cli_server_url
+  globalaccount  = var.globalaccount
+}

released/discovery_center/mission_3680/step1/samples.tfvars

@@ -0,0 +1,24 @@
+# ------------------------------------------------------------------------------------------------------
+# Provider configuration
+# ------------------------------------------------------------------------------------------------------
+# Your global account subdomain
+globalaccount   = "yourglobalaccount"
+region          = "us10"
+subaccount_name = "SAP Discovery Center Mission 3680"
+
+# ------------------------------------------------------------------------------------------------------
+# Project specific configuration (please adapt!)
+# ------------------------------------------------------------------------------------------------------
+
+# Don't add the user, that is executing the TF script to subaccount_admins or subaccount_service_admins!
+subaccount_admins         = ["another.user@test.com"]
+subaccount_service_admins = ["another.user@test.com"]
+
+hana_cloud_admins    = ["another.user@test.com"]
+hana_system_password = "Abc12345"
+
+# Don't add the user, that is executing the TF script to cf_org_admins or cf_org_users!
+cf_org_admins       = ["another.user@test.com"]
+cf_org_users        = ["another.user@test.com"]
+cf_space_managers   = ["another.user@test.com", "you@test.com"]
+cf_space_developers = ["another.user@test.com", "you@test.com"]