Feature/build code mission

released/discovery_center/mission_4441/step1/outputs.tf → released/discovery_center/mission_4441/full_setup_enterprise/step1/outputs.tf

@@ -52,3 +52,8 @@ output "cf_space_managers" {
   value       = var.cf_space_managers
   description = "List of users to set as Cloudfoundry space managers."
 }
+
+output "build_code_subscription_url" {
+  value       = btp_subaccount_subscription.build_code.subscription_url
+  description = "SAP Build Code subscription URL."
+}

released/discovery_center/mission_4441/minimal_setup_enterprise/step1/README.md

@@ -0,0 +1,63 @@
+# Discovery Center Mission: Get Started with SAP Build Code and Joule using Generative AI (4441)
+
+## Overview
+
+This sample shows how to create a landscape for the Discovery Center Mission - [Get Started with SAP Build Code and Joule using Generative AI](https://discovery-center.cloud.sap/missiondetail/4441/)
+
+## Content of setup
+
+The setup comprises the following resources:
+
+- Creation of the SAP BTP subaccount
+- Entitlements of services
+- Subscriptions to applications
+- Role collection assignments to users
+- Management of users and roles on org and space level
+
+## Deploying the resources
+
+Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html)
+
+To deploy the resources you must:
+
+1. Set your credentials as environment variables
+
+   ```bash
+   export BTP_USERNAME ='<Email address of your BTP user>'
+   export BTP_PASSWORD ='<Password of your BTP user>'
+   export CF_USER ='<Email address of your BTP user>'
+   export CF_PASSWORD ='<Password of your BTP user>'   
+   ```
+
+2. Change the variables in the `sample.tfvars` file to meet your requirements
+
+   > The minimal set of parameters you should specify (besides user_email and password) is global account (i.e. its subdomain) and the used custom_idp and all user assignments
+
+   > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise, you might get error messages like, e.g., `Error: The user could not be found: jane.doe@test.com`.
+
+
+3. Initialize your workspace:
+
+   ```bash
+   terraform init
+   ```
+
+4. You can check what Terraform plans to apply based on your configuration:
+
+   ```bash
+   terraform plan -var-file="sample.tfvars"
+   ```
+
+5. Apply your configuration to provision the resources:
+
+   ```bash
+   terraform apply -var-file="sample.tfvars"
+   ```
+
+## In the end
+
+You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command:
+
+```bash
+terraform destroy -var-file="sample.tfvars"
+```

released/discovery_center/mission_4441/minimal_setup_enterprise/step1/main.tf

@@ -0,0 +1,218 @@
+# ------------------------------------------------------------------------------------------------------
+# SUBACCOUNT SETUP
+# ------------------------------------------------------------------------------------------------------
+# Setup subaccount domain (to ensure uniqueness in BTP global account)
+resource "random_uuid" "uuid" {}
+
+# ------------------------------------------------------------------------------------------------------
+# Creation of subaccount
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount" "dc_mission" {
+  name      = var.subaccount_name
+  subdomain = join("-", ["dc-mission-4441", random_uuid.uuid.result])
+  region    = lower(var.region)
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Assign custom IDP to sub account (if custom_idp is set)
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_trust_configuration" "fully_customized" {
+  # Only create trust configuration if custom_idp has been set 
+  count             = var.custom_idp == "" ? 0 : 1
+  subaccount_id     = btp_subaccount.dc_mission.id
+  identity_provider = var.custom_idp
+}
+# ------------------------------------------------------------------------------------------------------
+# CLOUDFOUNDRY PREPARATION
+# ------------------------------------------------------------------------------------------------------
+#
+# Fetch all available environments for the subaccount
+data "btp_subaccount_environments" "all" {
+  subaccount_id = btp_subaccount.dc_mission.id
+}
+# ------------------------------------------------------------------------------------------------------
+# Take the landscape label from the first CF environment if no environment label is provided
+# (this replaces the previous null_resource)
+# ------------------------------------------------------------------------------------------------------
+resource "terraform_data" "cf_landscape_label" {
+  input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label
+}
+# ------------------------------------------------------------------------------------------------------
+# Create the Cloud Foundry environment instance
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_entitlement" "cloudfoundry" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  service_name  = "cloudfoundry"
+  plan_name     = "build-code"
+  amount        = 1
+}
+
+resource "btp_subaccount_environment_instance" "cloudfoundry" {
+  subaccount_id    = btp_subaccount.dc_mission.id
+  name             = "cf-${random_uuid.uuid.result}"
+  environment_type = "cloudfoundry"
+  service_name     = "cloudfoundry"
+  plan_name        = "build-code"
+  landscape_label  = terraform_data.cf_landscape_label.output
+
+  parameters = jsonencode({
+    instance_name = "cf-${random_uuid.uuid.result}"
+  })
+}
+
+# ------------------------------------------------------------------------------------------------------
+# APP SUBSCRIPTIONS
+# ------------------------------------------------------------------------------------------------------
+#
+# ------------------------------------------------------------------------------------------------------
+# Setup build-code
+# ------------------------------------------------------------------------------------------------------
+# Entitle
+resource "btp_subaccount_entitlement" "build_code" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  service_name  = "build-code"
+  plan_name     = "standard"
+  amount        = 1
+}
+# Subscribe
+resource "btp_subaccount_subscription" "build_code" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  app_name      = "build-code"
+  plan_name     = "standard"
+  depends_on    = [btp_subaccount_entitlement.build_code]
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Setup sapappstudio
+# ------------------------------------------------------------------------------------------------------
+# Entitle
+resource "btp_subaccount_entitlement" "sapappstudio" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  service_name  = "sapappstudio"
+  plan_name     = "build-code"
+}
+# Subscribe (depends on subscription of build-code)
+resource "btp_subaccount_subscription" "sapappstudio" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  app_name      = "sapappstudio"
+  plan_name     = "build-code"
+  depends_on    = [btp_subaccount_subscription.build_code, btp_subaccount_entitlement.sapappstudio]
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Setup SAPLaunchpad (SAP Build Work Zone, standard edition)
+# ------------------------------------------------------------------------------------------------------
+# Entitle
+resource "btp_subaccount_entitlement" "sap_launchpad" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  service_name  = "SAPLaunchpad"
+  plan_name     = "foundation"
+}
+# Subscribe
+resource "btp_subaccount_subscription" "sap_launchpad" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  app_name      = "SAPLaunchpad"
+  plan_name     = "foundation"
+  depends_on    = [btp_subaccount_entitlement.sap_launchpad]
+}
+
+# ------------------------------------------------------------------------------------------------------
+#  USERS AND ROLES
+# ------------------------------------------------------------------------------------------------------
+#
+# Get all available subaccount roles
+data "btp_subaccount_roles" "all" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  depends_on    = [btp_subaccount_subscription.build_code, btp_subaccount_subscription.sapappstudio]
+}
+# ------------------------------------------------------------------------------------------------------
+# Assign role collection for Build Code Administrator
+# ------------------------------------------------------------------------------------------------------
+# Assign roles to the role collection "Build Code Administrator"
+resource "btp_subaccount_role_collection" "build_code_administrator" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  name          = "Build Code Administrator"
+  description   = "The role collection for an administrator on SAP Build Code"
+
+  roles = [
+    for role in data.btp_subaccount_roles.all.values : {
+      name                 = role.name
+      role_template_app_id = role.app_id
+      role_template_name   = role.role_template_name
+    } if contains(["Business_Application_Studio_Administrator", "Administrator", "RegistryAdmin"], role.role_template_name)
+  ]
+}
+# Assign users to the role collection "Build Code Administrator"
+resource "btp_subaccount_role_collection_assignment" "build_code_administrator" {
+  for_each             = toset("${var.build_code_admins}")
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "Build Code Administrator"
+  user_name            = each.value
+  depends_on           = [btp_subaccount_role_collection.build_code_administrator]
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Assign role collection "Build Code Developer"
+# ------------------------------------------------------------------------------------------------------
+# Create role collection "Build Code Developer"  
+resource "btp_subaccount_role_collection" "build_code_developer" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  name          = "Build Code Developer"
+  description   = "The role collection for a developer on SAP Build Code"
+
+  roles = [
+    for role in data.btp_subaccount_roles.all.values : {
+      name                 = role.name
+      role_template_app_id = role.app_id
+      role_template_name   = role.role_template_name
+    } if contains(["Business_Application_Studio_Developer", "Developer", "Workzone_User"], role.role_template_name)
+  ]
+}
+# Assign users to the role collection "Build Code Developer"
+resource "btp_subaccount_role_collection_assignment" "build_code_developer" {
+  for_each             = toset("${var.build_code_developers}")
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "Build Code Developer"
+  user_name            = each.value
+  depends_on           = [btp_subaccount_role_collection.build_code_developer]
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Assign role collection "Subaccount Administrator"
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "subaccount_admin" {
+  for_each             = toset("${var.subaccount_admins}")
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "Subaccount Administrator"
+  user_name            = each.value
+  depends_on           = [btp_subaccount.dc_mission]
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true)
+# ------------------------------------------------------------------------------------------------------
+resource "local_file" "output_vars_step1" {
+  count    = var.create_tfvars_file_for_step2 ? 1 : 0
+  content  = <<-EOT
+      globalaccount        = "${var.globalaccount}"
+      cli_server_url       = ${jsonencode(var.cli_server_url)}
+
+      subaccount_id        = "${btp_subaccount.dc_mission.id}"
+
+      cf_api_url           = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}"
+
+      cf_org_id            = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]}"
+      cf_org_name          = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"]}"
+
+      origin               = "${var.origin}"
+
+      cf_space_name        = "${var.cf_space_name}"
+
+      cf_org_admins        = ${jsonencode(var.cf_org_admins)}
+      cf_space_developers  = ${jsonencode(var.cf_space_developers)}
+      cf_space_managers    = ${jsonencode(var.cf_space_managers)}
+
+
+      EOT
+  filename = "../step2/terraform.tfvars"
+}

released/discovery_center/mission_4441/minimal_setup_enterprise/step1/outputs.tf

@@ -0,0 +1,59 @@
+output "globalaccount" {
+  value       = var.globalaccount
+  description = "The Global Account subdomain."
+}
+
+output "cli_server_url" {
+  value       = var.cli_server_url
+  description = "The BTP CLI server URL."
+}
+
+output "subaccount_id" {
+  value       = btp_subaccount.dc_mission.id
+  description = "The Global Account subdomain id."
+}
+
+output "cf_api_url" {
+  value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]
+  description = "The Cloudfoundry API URL."
+}
+
+output "cf_landscape_label" {
+  value       = btp_subaccount_environment_instance.cloudfoundry.landscape_label
+  description = "The Cloudfoundry landscape label."
+}
+
+output "cf_org_id" {
+  value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]
+  description = "The Cloudfoundry org id."
+}
+
+output "cf_org_name" {
+  value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"]
+  description = "The Cloudfoundry org name."
+}
+
+output "custom_idp" {
+  value       = var.custom_idp
+  description = "The custom identity provider."
+}
+
+output "cf_org_admins" {
+  value       = var.cf_org_admins
+  description = "List of users to set as Cloudfoundry org administrators."
+}
+
+output "cf_space_developers" {
+  value       = var.cf_space_developers
+  description = "List of users to set as Cloudfoundry space developers."
+}
+
+output "cf_space_managers" {
+  value       = var.cf_space_managers
+  description = "List of users to set as Cloudfoundry space managers."
+}
+
+output "build_code_subscription_url" {
+  value       = btp_subaccount_subscription.build_code.subscription_url
+  description = "SAP Build Code subscription URL."
+}

released/discovery_center/mission_4441/minimal_setup_enterprise/step1/provider.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    btp = {
+      source  = "SAP/btp"
+      version = "~> 1.4.0"
+    }
+  }
+}
+
+provider "btp" {
+  globalaccount  = var.globalaccount
+  cli_server_url = var.cli_server_url
+}

released/discovery_center/mission_4441/minimal_setup_enterprise/step1/sample.tfvars

@@ -0,0 +1,29 @@
+# ------------------------------------------------------------------------------------------------------
+# Provider configuration
+# ------------------------------------------------------------------------------------------------------
+# Your global account subdomain
+globalaccount = "xxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxxx-xxxxxx"
+
+# The CLI server URL (needs to be set to null if you are using the default CLI server)
+cli_server_url = null
+
+# Region for your subaccount
+region = "us10"
+
+# Name of your sub account
+subaccount_name = "SAP Discovery Center Mission 4441 (SAP Build Code)"
+
+# ------------------------------------------------------------------------------------------------------
+# Create tfvars file for the step 2
+# ------------------------------------------------------------------------------------------------------
+create_tfvars_file_for_step2 = true
+
+# ------------------------------------------------------------------------------------------------------
+# USER ROLES
+# ------------------------------------------------------------------------------------------------------
+subaccount_admins     = ["another.user@test.com"]
+cf_org_admins         = ["another.user@test.com"]
+cf_space_managers     = ["another.user@test.com", "you@test.com"]
+cf_space_developers   = ["another.user@test.com", "you@test.com"]
+build_code_admins     = ["another.user@test.com", "you@test.com"]
+build_code_developers = ["another.user@test.com", "you@test.com"]