From fe21470f8623af891d56866ede83a87dfef8a5cd Mon Sep 17 00:00:00 2001 From: Markus Balsam Date: Mon, 5 Aug 2024 09:52:41 +0200 Subject: [PATCH 1/4] compliance for mission 4327 --- .../mission_4327/step1/main.tf | 38 +++-- .../mission_4327/step1/outputs.tf | 15 ++ .../mission_4327/step1/provider.tf | 1 + .../mission_4327/step1/samples.tfvars | 27 ++-- .../mission_4327/step1/variables.tf | 132 ++++++++---------- .../mission_4327/step2_cf/main.tf | 4 + .../mission_4327/step2_cf/outputs.tf | 8 -- .../mission_4327/step2_cf/samples.tfvars | 23 +-- .../mission_4327/step2_cf/variables.tf | 38 ++--- 9 files changed, 148 insertions(+), 138 deletions(-) create mode 100644 released/discovery_center/mission_4327/step1/outputs.tf diff --git a/released/discovery_center/mission_4327/step1/main.tf b/released/discovery_center/mission_4327/step1/main.tf index bda45b69..985b00b0 100644 --- a/released/discovery_center/mission_4327/step1/main.tf +++ b/released/discovery_center/mission_4327/step1/main.tf @@ -2,12 +2,19 @@ # Generating random ID for subdomain ############################################################################################### resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + subaccount_domain = "btp-gp${local.random_uuid}" + subaccount_cf_org = length(var.cf_org_name) > 0 ? var.cf_org_name : substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) +} + ############################################################################################### # Creation of subaccount ############################################################################################### resource "btp_subaccount" "project" { name = var.subaccount_name - subdomain = "btp-gp${random_uuid.uuid.result}" + subdomain = local.subaccount_domain region = lower(var.region) } data "btp_whoami" "me" {} @@ -27,7 +34,7 @@ resource "terraform_data" "cf_landscape_label" { ############################################################################################### resource "btp_subaccount_environment_instance" "cloudfoundry" { subaccount_id = btp_subaccount.project.id - name = btp_subaccount.project.subdomain + name = local.subaccount_cf_org landscape_label = terraform_data.cf_landscape_label.output environment_type = "cloudfoundry" service_name = "cloudfoundry" @@ -36,7 +43,7 @@ resource "btp_subaccount_environment_instance" "cloudfoundry" { # the instance shall be created using the parameter landscape label. # available environments can be looked up using the btp_subaccount_environments datasource parameters = jsonencode({ - instance_name = btp_subaccount.project.subdomain + instance_name = local.subaccount_cf_org }) timeouts = { create = "1h" @@ -60,12 +67,12 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { resource "btp_subaccount_entitlement" "bas" { subaccount_id = btp_subaccount.project.id service_name = "sapappstudio" - plan_name = var.bas_plan_name + plan_name = var.service_plan__bas } resource "btp_subaccount_subscription" "bas-subscribe" { subaccount_id = btp_subaccount.project.id app_name = "sapappstudio" - plan_name = var.bas_plan_name + plan_name = var.service_plan__bas depends_on = [btp_subaccount_entitlement.bas] } resource "btp_subaccount_role_collection_assignment" "Business_Application_Studio_Administrator" { @@ -88,12 +95,12 @@ resource "btp_subaccount_role_collection_assignment" "Business_Application_Studi resource "btp_subaccount_entitlement" "build_workzone" { subaccount_id = btp_subaccount.project.id service_name = "SAPLaunchpad" - plan_name = var.build_workzone_plan_name + plan_name = var.service_plan__build_workzone } resource "btp_subaccount_subscription" "build_workzone_subscribe" { subaccount_id = btp_subaccount.project.id app_name = "SAPLaunchpad" - plan_name = var.build_workzone_plan_name + plan_name = var.service_plan__build_workzone depends_on = [btp_subaccount_entitlement.build_workzone] } resource "btp_subaccount_role_collection_assignment" "launchpad_admin" { @@ -108,7 +115,7 @@ resource "btp_subaccount_role_collection_assignment" "launchpad_admin" { resource "btp_subaccount_entitlement" "hana-cloud" { subaccount_id = btp_subaccount.project.id service_name = "hana-cloud" - plan_name = var.hana-cloud_plan_name + plan_name = var.service_plan__hana_cloud } # Enable HANA Cloud Tools resource "btp_subaccount_entitlement" "hana-cloud-tools" { @@ -127,3 +134,18 @@ resource "btp_subaccount_entitlement" "hana-hdi-shared" { service_name = "hana" plan_name = "hdi-shared" } + +resource "local_file" "output_vars_step1" { + count = var.create_tfvars_file_for_next_stage ? 1 : 0 + content = <<-EOT + cf_api_url = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}" + cf_org_id = "${btp_subaccount_environment_instance.cloudfoundry.platform_id}" + + cf_org_users = ${jsonencode(var.cf_org_users)} + cf_org_admins = ${jsonencode(var.cf_org_admins)} + cf_space_developers = ${jsonencode(var.cf_space_developers)} + cf_space_managers = ${jsonencode(var.cf_space_managers)} + + EOT + filename = "../step2_cf/terraform.tfvars" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4327/step1/outputs.tf b/released/discovery_center/mission_4327/step1/outputs.tf new file mode 100644 index 00000000..dbdfef71 --- /dev/null +++ b/released/discovery_center/mission_4327/step1/outputs.tf @@ -0,0 +1,15 @@ +output "subaccount_id" { + value = btp_subaccount.project.id +} + +output "cf_landscape_label" { + value = terraform_data.cf_landscape_label.output +} + +output "cf_org_id" { + value = btp_subaccount_environment_instance.cloudfoundry.platform_id +} + +output "cf_api_url" { + value = lookup(jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels), "API Endpoint", "not found") +} diff --git a/released/discovery_center/mission_4327/step1/provider.tf b/released/discovery_center/mission_4327/step1/provider.tf index 8408e02e..ad7aa9cc 100644 --- a/released/discovery_center/mission_4327/step1/provider.tf +++ b/released/discovery_center/mission_4327/step1/provider.tf @@ -12,4 +12,5 @@ terraform { provider "btp" { globalaccount = var.globalaccount cli_server_url = var.cli_server_url + idp = var.custom_idp } \ No newline at end of file diff --git a/released/discovery_center/mission_4327/step1/samples.tfvars b/released/discovery_center/mission_4327/step1/samples.tfvars index bd727f7d..23fe67be 100644 --- a/released/discovery_center/mission_4327/step1/samples.tfvars +++ b/released/discovery_center/mission_4327/step1/samples.tfvars @@ -2,24 +2,33 @@ # Provider configuration # ------------------------------------------------------------------------------------------------------ # Your global account subdomain -globalaccount = "myglobalaccount" -region = "us10" -subaccount_name = "DCM Goldenpath" -cf_org_name = "cf-environment" +globalaccount = "myglobalaccount" # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ +# Subaccount configuration +region = "us10" +subaccount_name = "DCM Goldenpath" # To add extra users to the subaccount, the user running the script becomes the admin, without inclusion in admins. subaccount_admins = ["joe.do@sap.com", "jane.do@sap.com"] -# To Create Cloudfoundry Org and add users with specific roles #------------------------------------------------------------------------------------------------------ # Entitlements plan update #------------------------------------------------------------------------------------------------------ # For production use of Business Application Studio, upgrade the plan from the `free-tier` to the appropriate plan e.g standard-edition -bas_plan_name = "standard-edition" +service_plan__bas = "standard-edition" #------------------------------------------------------------------------------------------------------- -#For production use of Build Workzone, upgrade the plan from the `free-tier` to the appropriate plan e.g standard -build_workzone_plan_name = "standard" +# For production use of Build Workzone, upgrade the plan from the `free-tier` to the appropriate plan e.g standard +service_plan__build_workzone = "standard" #-------------------------------------------------------------------------------------------------------- # For production use of HANA, upgrade the plan from the `free-tier` to the appropriate plan e.g hana -hana-cloud_plan_name = "hana" +service_plan__hana_cloud = "hana" +#------------------------------------------------------------------------------------------------------ +# Cloud Foundry +#------------------------------------------------------------------------------------------------------ +# Choose a unique organization name e.g., based on the global account subdomain and subaccount name +cf_org_name = "" +# Additional Cloud Foundry users +cf_space_developers = ["john.doe@sap.com"] +cf_space_managers = ["john.doe@sap.com"] +cf_org_admins = ["john.doe@sap.com"] +cf_org_users = ["john.doe@sap.com"] diff --git a/released/discovery_center/mission_4327/step1/variables.tf b/released/discovery_center/mission_4327/step1/variables.tf index 6211db02..a9deebf8 100644 --- a/released/discovery_center/mission_4327/step1/variables.tf +++ b/released/discovery_center/mission_4327/step1/variables.tf @@ -1,7 +1,7 @@ ###################################################################### # Customer account setup ###################################################################### -# subaccount +# global account variable "globalaccount" { type = string description = "The globalaccount subdomain." @@ -25,96 +25,84 @@ variable "cli_server_url" { default = "https://cpcli.cf.eu10.hana.ondemand.com" } +# Custom IdP +variable "custom_idp" { + type = string + description = "Custom IdP for provider login. Leave empty to use default SAP IdP." + default = "" +} + variable "subaccount_admins" { type = list(string) description = "Defines the colleagues who are added to each subaccount as subaccount administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] + default = [] } -#cf_landscape_label -variable "cf_landscape_label" { - type = string - description = "The region where the project account shall be created in." - default = "us10" -} ### # Entitlements ### -variable "entitlements" { - type = list(object({ - service_name = string - plan_name = string - type = string - })) - description = "The list of entitlements that shall be added to the subaccount." - default = [ - { - service_name = "connectivity" - plan_name = "lite", - type = "service" - }, - { - service_name = "destination" - plan_name = "lite", - type = "service" - }, - { - service_name = "html5-apps-repo" - plan_name = "app-host", - type = "service" - }, - { - service_name = "sapappstudio" - plan_name = "standard-edition", - type = "app" - }, - { - service_name = "enterprise-messaging" - plan_name = "default", - type = "service" - }, - { - service_name = "enterprise-messaging-hub" - plan_name = "standard", - type = "app" - }, - { - service_name = "privatelink" - plan_name = "standard", - type = "service" - }, - { - service_name = "xsuaa" - plan_name = "application", - type = "service" - }, - { - service_name = "hana" - plan_name = "hdi-shared", - type = "service" - }, - { - service_name = "hana-cloud" - plan_name = "hana", - type = "service" - } - ] -} + # Plan_name update -variable "bas_plan_name" { +variable "service_plan__bas" { description = "BAS plan" type = string default = "free-tier" } -variable "build_workzone_plan_name" { +variable "service_plan__build_workzone" { description = "Build Workzone plan" type = string default = "free-tier" } -variable "hana-cloud_plan_name" { +variable "service_plan__hana_cloud" { description = "hana-cloud plan" type = string default = "free" -} \ No newline at end of file +} + +### +# Cloud Foundry +### + +variable "cf_landscape_label" { + type = string + description = "The region where the project account shall be created in." + default = "" +} + +variable "cf_org_name" { + type = string + description = "The name for the Cloud Foundry Org." + default = "" +} + +variable "cf_space_developers" { + type = list(string) + description = "CF Space developers" + default = [] +} + +variable "cf_space_managers" { + type = list(string) + description = "CF Space managers" + default = [] +} + +variable "cf_org_admins" { + type = list(string) + description = "CF Org Admins" + default = [] +} + +variable "cf_org_users" { + type = list(string) + description = "CF Org Users" + default = [] +} + +variable "create_tfvars_file_for_next_stage" { + description = "Switch to enable the creation of the tfvars file for the next stage." + type = bool + default = false +} diff --git a/released/discovery_center/mission_4327/step2_cf/main.tf b/released/discovery_center/mission_4327/step2_cf/main.tf index b4812ee4..01c7ffa5 100644 --- a/released/discovery_center/mission_4327/step2_cf/main.tf +++ b/released/discovery_center/mission_4327/step2_cf/main.tf @@ -14,6 +14,7 @@ resource "cloudfoundry_org_role" "organization_user" { username = each.value type = "organization_user" org = var.cf_org_id + origin = var.cf_origin } resource "cloudfoundry_org_role" "organization_manager" { @@ -21,6 +22,7 @@ resource "cloudfoundry_org_role" "organization_manager" { username = each.value type = "organization_manager" org = var.cf_org_id + origin = var.cf_origin } resource "cloudfoundry_space_role" "space_developer" { @@ -28,6 +30,7 @@ resource "cloudfoundry_space_role" "space_developer" { username = each.value type = "space_developer" space = cloudfoundry_space.dev.id + origin = var.cf_origin depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] } @@ -36,5 +39,6 @@ resource "cloudfoundry_space_role" "space_manager" { username = each.value type = "space_manager" space = cloudfoundry_space.dev.id + origin = var.cf_origin depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] } \ No newline at end of file diff --git a/released/discovery_center/mission_4327/step2_cf/outputs.tf b/released/discovery_center/mission_4327/step2_cf/outputs.tf index ad4178cd..320082ba 100644 --- a/released/discovery_center/mission_4327/step2_cf/outputs.tf +++ b/released/discovery_center/mission_4327/step2_cf/outputs.tf @@ -1,11 +1,3 @@ -output "subaccount_id" { - value = var.subaccount_id -} - -output "cf_landscape_label" { - value = var.cf_landscape_label -} - output "cf_org_id" { value = var.cf_org_id } diff --git a/released/discovery_center/mission_4327/step2_cf/samples.tfvars b/released/discovery_center/mission_4327/step2_cf/samples.tfvars index 54f30b0b..39de7419 100644 --- a/released/discovery_center/mission_4327/step2_cf/samples.tfvars +++ b/released/discovery_center/mission_4327/step2_cf/samples.tfvars @@ -1,14 +1,15 @@ # ------------------------------------------------------------------------------------------------------ # Provider configuration # ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "myglobalaccount" -region = "us10" -subaccount_name = "DCM Goldenpath" -cf_org_name = "cf-environment" -subaccount_admins = ["john.doe@sap.com"] -subaccount_service_admins = ["john.doe@sap.com"] -cf_space_developers = ["john.doe@sap.com"] -cf_space_managers = ["john.doe@sap.com"] -cf_org_admins = ["john.doe@sap.com"] -cf_org_users = ["john.doe@sap.com"] \ No newline at end of file +# API URL of the Cloud Foundry environment instance created in step 1 +cf_api_url = "DCM Goldenpath" +# ------------------------------------------------------------------------------------------------------ +# Project specific configuration (please adapt!) +# ------------------------------------------------------------------------------------------------------ +# Please use the cf_org_id output of step 1 +cf_org_id = "cf-environment" +# Additional Cloud Foundry users +cf_space_developers = ["john.doe@sap.com"] +cf_space_managers = ["john.doe@sap.com"] +cf_org_admins = ["john.doe@sap.com"] +cf_org_users = ["john.doe@sap.com"] diff --git a/released/discovery_center/mission_4327/step2_cf/variables.tf b/released/discovery_center/mission_4327/step2_cf/variables.tf index 0b435101..d3681fb7 100644 --- a/released/discovery_center/mission_4327/step2_cf/variables.tf +++ b/released/discovery_center/mission_4327/step2_cf/variables.tf @@ -2,58 +2,36 @@ variable "cf_api_url" { type = string } -variable "cf_landscape_label" { - type = string -} - variable "cf_org_id" { type = string } -variable "subaccount_id" { - type = string +variable "cf_origin" { + description = "Origin used for Cloud Foundry organization and space role assignments" + type = string + default = "sap.ids" } variable "cf_space_developers" { type = list(string) description = "CF Space developers" - default = ["jane.doe@test.com", "john.doe@test.com"] - # add validation to check if CF Space developers contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) - error_message = "Please enter a valid email address for the CF Space developers." - } + default = [] } variable "cf_space_managers" { type = list(string) description = "CF Space managers" - default = ["jane.doe@test.com", "john.doe@test.com"] - # add validation to check if CF Space managers contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) - error_message = "Please enter a valid email address for the Cloud Connector Administrators." - } + default = [] } variable "cf_org_admins" { type = list(string) description = "CF Org Admins" - default = ["jane.doe@test.com", "john.doe@test.com"] - # add validation to check if CF Org Admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) - error_message = "Please enter a valid email address for the CF Org Admins." - } + default = [] } variable "cf_org_users" { type = list(string) description = "CF Org Users" - default = ["jane.doe@test.com", "john.doe@test.com"] - # add validation to check if CF Org Users contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_users : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_users) - error_message = "Please enter a valid email address for the CF Org Users." - } + default = [] } From 8eb7ab9fa2d7f98e8bb5ff1d3820276ad494df11 Mon Sep 17 00:00:00 2001 From: Markus Balsam Date: Mon, 5 Aug 2024 10:25:03 +0200 Subject: [PATCH 2/4] set amount to 1 for free plan --- released/discovery_center/mission_4327/step1/main.tf | 1 + released/discovery_center/mission_4327/step1/variables.tf | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/released/discovery_center/mission_4327/step1/main.tf b/released/discovery_center/mission_4327/step1/main.tf index 985b00b0..04c3317e 100644 --- a/released/discovery_center/mission_4327/step1/main.tf +++ b/released/discovery_center/mission_4327/step1/main.tf @@ -96,6 +96,7 @@ resource "btp_subaccount_entitlement" "build_workzone" { subaccount_id = btp_subaccount.project.id service_name = "SAPLaunchpad" plan_name = var.service_plan__build_workzone + amount = var.service_plan__build_workzone == "free" ? 1 : null } resource "btp_subaccount_subscription" "build_workzone_subscribe" { subaccount_id = btp_subaccount.project.id diff --git a/released/discovery_center/mission_4327/step1/variables.tf b/released/discovery_center/mission_4327/step1/variables.tf index a9deebf8..e7cb8ee3 100644 --- a/released/discovery_center/mission_4327/step1/variables.tf +++ b/released/discovery_center/mission_4327/step1/variables.tf @@ -46,19 +46,19 @@ variable "subaccount_admins" { variable "service_plan__bas" { description = "BAS plan" type = string - default = "free-tier" + default = "free" } variable "service_plan__build_workzone" { description = "Build Workzone plan" type = string - default = "free-tier" + default = "free" } variable "service_plan__hana_cloud" { description = "hana-cloud plan" type = string - default = "free" + default = "hana-free" } ### From c1758819b9700e52a1ff21d0d5e3aac6adc79c0f Mon Sep 17 00:00:00 2001 From: Markus Balsam Date: Mon, 5 Aug 2024 10:27:56 +0200 Subject: [PATCH 3/4] format --- released/discovery_center/mission_4327/step2_cf/main.tf | 4 ++-- .../discovery_center/mission_4327/step2_cf/samples.tfvars | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/released/discovery_center/mission_4327/step2_cf/main.tf b/released/discovery_center/mission_4327/step2_cf/main.tf index 01c7ffa5..21411a93 100644 --- a/released/discovery_center/mission_4327/step2_cf/main.tf +++ b/released/discovery_center/mission_4327/step2_cf/main.tf @@ -30,7 +30,7 @@ resource "cloudfoundry_space_role" "space_developer" { username = each.value type = "space_developer" space = cloudfoundry_space.dev.id - origin = var.cf_origin + origin = var.cf_origin depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] } @@ -39,6 +39,6 @@ resource "cloudfoundry_space_role" "space_manager" { username = each.value type = "space_manager" space = cloudfoundry_space.dev.id - origin = var.cf_origin + origin = var.cf_origin depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] } \ No newline at end of file diff --git a/released/discovery_center/mission_4327/step2_cf/samples.tfvars b/released/discovery_center/mission_4327/step2_cf/samples.tfvars index 39de7419..2f556991 100644 --- a/released/discovery_center/mission_4327/step2_cf/samples.tfvars +++ b/released/discovery_center/mission_4327/step2_cf/samples.tfvars @@ -2,12 +2,12 @@ # Provider configuration # ------------------------------------------------------------------------------------------------------ # API URL of the Cloud Foundry environment instance created in step 1 -cf_api_url = "DCM Goldenpath" +cf_api_url = "DCM Goldenpath" # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ # Please use the cf_org_id output of step 1 -cf_org_id = "cf-environment" +cf_org_id = "cf-environment" # Additional Cloud Foundry users cf_space_developers = ["john.doe@sap.com"] cf_space_managers = ["john.doe@sap.com"] From a1d612891fc33b5d49ac0f11e10743aaebdee390 Mon Sep 17 00:00:00 2001 From: Markus Balsam Date: Mon, 5 Aug 2024 10:29:11 +0200 Subject: [PATCH 4/4] trailing line breaks --- released/discovery_center/mission_4327/step1/main.tf | 2 +- released/discovery_center/mission_4327/step1/provider.tf | 2 +- released/discovery_center/mission_4327/step2_cf/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/released/discovery_center/mission_4327/step1/main.tf b/released/discovery_center/mission_4327/step1/main.tf index 04c3317e..93dbce12 100644 --- a/released/discovery_center/mission_4327/step1/main.tf +++ b/released/discovery_center/mission_4327/step1/main.tf @@ -149,4 +149,4 @@ resource "local_file" "output_vars_step1" { EOT filename = "../step2_cf/terraform.tfvars" -} \ No newline at end of file +} diff --git a/released/discovery_center/mission_4327/step1/provider.tf b/released/discovery_center/mission_4327/step1/provider.tf index ad7aa9cc..98c47dd5 100644 --- a/released/discovery_center/mission_4327/step1/provider.tf +++ b/released/discovery_center/mission_4327/step1/provider.tf @@ -13,4 +13,4 @@ provider "btp" { globalaccount = var.globalaccount cli_server_url = var.cli_server_url idp = var.custom_idp -} \ No newline at end of file +} diff --git a/released/discovery_center/mission_4327/step2_cf/main.tf b/released/discovery_center/mission_4327/step2_cf/main.tf index 21411a93..aafb793d 100644 --- a/released/discovery_center/mission_4327/step2_cf/main.tf +++ b/released/discovery_center/mission_4327/step2_cf/main.tf @@ -41,4 +41,4 @@ resource "cloudfoundry_space_role" "space_manager" { space = cloudfoundry_space.dev.id origin = var.cf_origin depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] -} \ No newline at end of file +}