Mission 4327 compliance

released/discovery_center/mission_4327/step1/main.tf

@@ -2,12 +2,19 @@
 # Generating random ID for subdomain
 ###############################################################################################
 resource "random_uuid" "uuid" {}
+
+locals {
+  random_uuid       = random_uuid.uuid.result
+  subaccount_domain = "btp-gp${local.random_uuid}"
+  subaccount_cf_org = length(var.cf_org_name) > 0 ? var.cf_org_name : substr(replace("${local.subaccount_domain}", "-", ""), 0, 32)
+}
+
 ###############################################################################################
 # Creation of subaccount
 ###############################################################################################
 resource "btp_subaccount" "project" {
   name      = var.subaccount_name
-  subdomain = "btp-gp${random_uuid.uuid.result}"
+  subdomain = local.subaccount_domain
   region    = lower(var.region)
 }
 data "btp_whoami" "me" {}
@@ -27,7 +34,7 @@ resource "terraform_data" "cf_landscape_label" {
 ###############################################################################################
 resource "btp_subaccount_environment_instance" "cloudfoundry" {
   subaccount_id    = btp_subaccount.project.id
-  name             = btp_subaccount.project.subdomain
+  name             = local.subaccount_cf_org
   landscape_label  = terraform_data.cf_landscape_label.output
   environment_type = "cloudfoundry"
   service_name     = "cloudfoundry"
@@ -36,7 +43,7 @@ resource "btp_subaccount_environment_instance" "cloudfoundry" {
   # the instance shall be created using the parameter landscape label. 
   # available environments can be looked up using the btp_subaccount_environments datasource
   parameters = jsonencode({
-    instance_name = btp_subaccount.project.subdomain
+    instance_name = local.subaccount_cf_org
   })
   timeouts = {
     create = "1h"
@@ -60,12 +67,12 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" {
 resource "btp_subaccount_entitlement" "bas" {
   subaccount_id = btp_subaccount.project.id
   service_name  = "sapappstudio"
-  plan_name     = var.bas_plan_name
+  plan_name     = var.service_plan__bas
 }
 resource "btp_subaccount_subscription" "bas-subscribe" {
   subaccount_id = btp_subaccount.project.id
   app_name      = "sapappstudio"
-  plan_name     = var.bas_plan_name
+  plan_name     = var.service_plan__bas
   depends_on    = [btp_subaccount_entitlement.bas]
 }
 resource "btp_subaccount_role_collection_assignment" "Business_Application_Studio_Administrator" {
@@ -88,12 +95,13 @@ resource "btp_subaccount_role_collection_assignment" "Business_Application_Studi
 resource "btp_subaccount_entitlement" "build_workzone" {
   subaccount_id = btp_subaccount.project.id
   service_name  = "SAPLaunchpad"
-  plan_name     = var.build_workzone_plan_name
+  plan_name     = var.service_plan__build_workzone
+  amount        = var.service_plan__build_workzone == "free" ? 1 : null
 }
 resource "btp_subaccount_subscription" "build_workzone_subscribe" {
   subaccount_id = btp_subaccount.project.id
   app_name      = "SAPLaunchpad"
-  plan_name     = var.build_workzone_plan_name
+  plan_name     = var.service_plan__build_workzone
   depends_on    = [btp_subaccount_entitlement.build_workzone]
 }
 resource "btp_subaccount_role_collection_assignment" "launchpad_admin" {
@@ -108,7 +116,7 @@ resource "btp_subaccount_role_collection_assignment" "launchpad_admin" {
 resource "btp_subaccount_entitlement" "hana-cloud" {
   subaccount_id = btp_subaccount.project.id
   service_name  = "hana-cloud"
-  plan_name     = var.hana-cloud_plan_name
+  plan_name     = var.service_plan__hana_cloud
 }
 # Enable HANA Cloud Tools
 resource "btp_subaccount_entitlement" "hana-cloud-tools" {
@@ -127,3 +135,18 @@ resource "btp_subaccount_entitlement" "hana-hdi-shared" {
   service_name  = "hana"
   plan_name     = "hdi-shared"
 }
+
+resource "local_file" "output_vars_step1" {
+  count    = var.create_tfvars_file_for_next_stage ? 1 : 0
+  content  = <<-EOT
+      cf_api_url          = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}"
+      cf_org_id           = "${btp_subaccount_environment_instance.cloudfoundry.platform_id}"
+
+      cf_org_users        = ${jsonencode(var.cf_org_users)}
+      cf_org_admins       = ${jsonencode(var.cf_org_admins)}
+      cf_space_developers = ${jsonencode(var.cf_space_developers)}
+      cf_space_managers   = ${jsonencode(var.cf_space_managers)}
+
+      EOT
+  filename = "../step2_cf/terraform.tfvars"
+}

released/discovery_center/mission_4327/step1/outputs.tf

@@ -0,0 +1,15 @@
+output "subaccount_id" {
+  value = btp_subaccount.project.id
+}
+
+output "cf_landscape_label" {
+  value = terraform_data.cf_landscape_label.output
+}
+
+output "cf_org_id" {
+  value = btp_subaccount_environment_instance.cloudfoundry.platform_id
+}
+
+output "cf_api_url" {
+  value = lookup(jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels), "API Endpoint", "not found")
+}

released/discovery_center/mission_4327/step1/provider.tf

@@ -12,4 +12,5 @@ terraform {
 provider "btp" {
   globalaccount  = var.globalaccount
   cli_server_url = var.cli_server_url
-}
+  idp            = var.custom_idp
+}

released/discovery_center/mission_4327/step1/samples.tfvars

@@ -2,24 +2,33 @@
 # Provider configuration
 # ------------------------------------------------------------------------------------------------------
 # Your global account subdomain
-globalaccount   = "myglobalaccount"
-region          = "us10"
-subaccount_name = "DCM Goldenpath"
-cf_org_name     = "cf-environment"
+globalaccount = "myglobalaccount"
 # ------------------------------------------------------------------------------------------------------
 # Project specific configuration (please adapt!)
 # ------------------------------------------------------------------------------------------------------
+# Subaccount configuration
+region          = "us10"
+subaccount_name = "DCM Goldenpath"
 # To add extra users to the subaccount, the user running the script becomes the admin, without inclusion in admins.
 subaccount_admins = ["joe.do@sap.com", "jane.do@sap.com"]
-# To Create Cloudfoundry Org and add users with specific roles
 #------------------------------------------------------------------------------------------------------
 # Entitlements plan update
 #------------------------------------------------------------------------------------------------------
 # For production use of Business Application Studio, upgrade the plan from the `free-tier` to the appropriate plan e.g standard-edition
-bas_plan_name = "standard-edition"
+service_plan__bas = "standard-edition"
 #-------------------------------------------------------------------------------------------------------
-#For production use of Build Workzone, upgrade the plan from the `free-tier` to the appropriate plan e.g standard
-build_workzone_plan_name = "standard"
+# For production use of Build Workzone, upgrade the plan from the `free-tier` to the appropriate plan e.g standard
+service_plan__build_workzone = "standard"
 #--------------------------------------------------------------------------------------------------------
 # For production use of HANA, upgrade the plan from the `free-tier` to the appropriate plan e.g hana
-hana-cloud_plan_name = "hana"
+service_plan__hana_cloud = "hana"
+#------------------------------------------------------------------------------------------------------
+# Cloud Foundry
+#------------------------------------------------------------------------------------------------------
+# Choose a unique organization name e.g., based on the global account subdomain and subaccount name
+cf_org_name = "<unique_org_name>"
+# Additional Cloud Foundry users
+cf_space_developers = ["john.doe@sap.com"]
+cf_space_managers   = ["john.doe@sap.com"]
+cf_org_admins       = ["john.doe@sap.com"]
+cf_org_users        = ["john.doe@sap.com"]

released/discovery_center/mission_4327/step1/variables.tf

@@ -1,7 +1,7 @@
 ######################################################################
 # Customer account setup
 ######################################################################
-# subaccount
+# global account
 variable "globalaccount" {
   type        = string
   description = "The globalaccount subdomain."
@@ -25,96 +25,84 @@ variable "cli_server_url" {
   default     = "https://cpcli.cf.eu10.hana.ondemand.com"
 }
 
+# Custom IdP
+variable "custom_idp" {
+  type        = string
+  description = "Custom IdP for provider login. Leave empty to use default SAP IdP."
+  default     = ""
+}
+
 variable "subaccount_admins" {
   type        = list(string)
   description = "Defines the colleagues who are added to each subaccount as subaccount administrators."
-  default     = ["jane.doe@test.com", "john.doe@test.com"]
+  default     = []
 }
 
-#cf_landscape_label
-variable "cf_landscape_label" {
-  type        = string
-  description = "The region where the project account shall be created in."
-  default     = "us10"
-}
 ###
 # Entitlements
 ###
-variable "entitlements" {
-  type = list(object({
-    service_name = string
-    plan_name    = string
-    type         = string
-  }))
-  description = "The list of entitlements that shall be added to the subaccount."
-  default = [
-    {
-      service_name = "connectivity"
-      plan_name    = "lite",
-      type         = "service"
-    },
-    {
-      service_name = "destination"
-      plan_name    = "lite",
-      type         = "service"
-    },
-    {
-      service_name = "html5-apps-repo"
-      plan_name    = "app-host",
-      type         = "service"
-    },
-    {
-      service_name = "sapappstudio"
-      plan_name    = "standard-edition",
-      type         = "app"
-    },
-    {
-      service_name = "enterprise-messaging"
-      plan_name    = "default",
-      type         = "service"
-    },
-    {
-      service_name = "enterprise-messaging-hub"
-      plan_name    = "standard",
-      type         = "app"
-    },
-    {
-      service_name = "privatelink"
-      plan_name    = "standard",
-      type         = "service"
-    },
-    {
-      service_name = "xsuaa"
-      plan_name    = "application",
-      type         = "service"
-    },
-    {
-      service_name = "hana"
-      plan_name    = "hdi-shared",
-      type         = "service"
-    },
-    {
-      service_name = "hana-cloud"
-      plan_name    = "hana",
-      type         = "service"
-    }
-  ]
-}
+
 # Plan_name update
-variable "bas_plan_name" {
+variable "service_plan__bas" {
   description = "BAS plan"
   type        = string
-  default     = "free-tier"
+  default     = "free"
 }
 
-variable "build_workzone_plan_name" {
+variable "service_plan__build_workzone" {
   description = "Build Workzone plan"
   type        = string
-  default     = "free-tier"
+  default     = "free"
 }
 
-variable "hana-cloud_plan_name" {
+variable "service_plan__hana_cloud" {
   description = "hana-cloud plan"
   type        = string
-  default     = "free"
-}
+  default     = "hana-free"
+}
+
+###
+# Cloud Foundry
+###
+
+variable "cf_landscape_label" {
+  type        = string
+  description = "The region where the project account shall be created in."
+  default     = ""
+}
+
+variable "cf_org_name" {
+  type        = string
+  description = "The name for the Cloud Foundry Org."
+  default     = ""
+}
+
+variable "cf_space_developers" {
+  type        = list(string)
+  description = "CF Space developers"
+  default     = []
+}
+
+variable "cf_space_managers" {
+  type        = list(string)
+  description = "CF Space managers"
+  default     = []
+}
+
+variable "cf_org_admins" {
+  type        = list(string)
+  description = "CF Org Admins"
+  default     = []
+}
+
+variable "cf_org_users" {
+  type        = list(string)
+  description = "CF Org Users"
+  default     = []
+}
+
+variable "create_tfvars_file_for_next_stage" {
+  description = "Switch to enable the creation of the tfvars file for the next stage."
+  type        = bool
+  default     = false
+}

released/discovery_center/mission_4327/step2_cf/main.tf

@@ -14,20 +14,23 @@ resource "cloudfoundry_org_role" "organization_user" {
   username = each.value
   type     = "organization_user"
   org      = var.cf_org_id
+  origin   = var.cf_origin
 }
 
 resource "cloudfoundry_org_role" "organization_manager" {
   for_each = toset(var.cf_org_admins)
   username = each.value
   type     = "organization_manager"
   org      = var.cf_org_id
+  origin   = var.cf_origin
 }
 
 resource "cloudfoundry_space_role" "space_developer" {
   for_each   = toset(var.cf_space_developers)
   username   = each.value
   type       = "space_developer"
   space      = cloudfoundry_space.dev.id
+  origin     = var.cf_origin
   depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager]
 }
 
@@ -36,5 +39,6 @@ resource "cloudfoundry_space_role" "space_manager" {
   username   = each.value
   type       = "space_manager"
   space      = cloudfoundry_space.dev.id
+  origin     = var.cf_origin
   depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager]
-}
+}

released/discovery_center/mission_4327/step2_cf/outputs.tf

@@ -1,11 +1,3 @@
-output "subaccount_id" {
-  value = var.subaccount_id
-}
-
-output "cf_landscape_label" {
-  value = var.cf_landscape_label
-}
-
 output "cf_org_id" {
   value = var.cf_org_id
 }