From 53860db151603ddc34894007c31ed16e256064b8 Mon Sep 17 00:00:00 2001 From: Jens Glander Date: Mon, 2 Sep 2024 13:42:34 +0200 Subject: [PATCH 1/2] mission 4024 for enterprise and trial enabled for quick account setup --- .../discovery_center/mission_4024/README.md | 61 +++- .../discovery_center/mission_4024/locals.tf | 4 - .../discovery_center/mission_4024/main.tf | 282 ----------------- .../mission_4024/sample.tfvars | 20 -- .../mission_4024/step1/main.tf | 289 ++++++++++++++++++ .../mission_4024/{ => step1}/outputs.tf | 6 +- .../mission_4024/{ => step1}/provider.tf | 3 - .../mission_4024/step1/sample.tfvars | 25 ++ .../mission_4024/step1/variables.tf | 134 ++++++++ .../mission_4024/step2/main.tf | 14 + .../mission_4024/step2/provider.tf | 13 + .../mission_4024/step2/sample.tfvars | 5 + .../mission_4024/step2/variables.tf | 21 ++ .../mission_4024/variables.tf | 93 ------ .../mission_4024_trial/README.md | 108 +++++++ .../mission_4024_trial/step1/main.tf | 289 ++++++++++++++++++ .../mission_4024_trial/step1/outputs.tf | 9 + .../mission_4024_trial/step1/provider.tf | 13 + .../mission_4024_trial/step1/sample.tfvars | 20 ++ .../mission_4024_trial/step1/variables.tf | 134 ++++++++ .../mission_4024_trial/step2/main.tf | 14 + .../mission_4024_trial/step2/provider.tf | 13 + .../mission_4024_trial/step2/sample.tfvars | 5 + .../mission_4024_trial/step2/variables.tf | 21 ++ 24 files changed, 1179 insertions(+), 417 deletions(-) delete mode 100644 released/discovery_center/mission_4024/locals.tf delete mode 100644 released/discovery_center/mission_4024/main.tf delete mode 100644 released/discovery_center/mission_4024/sample.tfvars create mode 100644 released/discovery_center/mission_4024/step1/main.tf rename released/discovery_center/mission_4024/{ => step1}/outputs.tf (55%) rename released/discovery_center/mission_4024/{ => step1}/provider.tf (51%) create mode 100644 released/discovery_center/mission_4024/step1/sample.tfvars create mode 100644 released/discovery_center/mission_4024/step1/variables.tf create mode 100644 released/discovery_center/mission_4024/step2/main.tf create mode 100644 released/discovery_center/mission_4024/step2/provider.tf create mode 100644 released/discovery_center/mission_4024/step2/sample.tfvars create mode 100644 released/discovery_center/mission_4024/step2/variables.tf delete mode 100644 released/discovery_center/mission_4024/variables.tf create mode 100644 released/discovery_center/mission_4024_trial/README.md create mode 100644 released/discovery_center/mission_4024_trial/step1/main.tf create mode 100644 released/discovery_center/mission_4024_trial/step1/outputs.tf create mode 100644 released/discovery_center/mission_4024_trial/step1/provider.tf create mode 100644 released/discovery_center/mission_4024_trial/step1/sample.tfvars create mode 100644 released/discovery_center/mission_4024_trial/step1/variables.tf create mode 100644 released/discovery_center/mission_4024_trial/step2/main.tf create mode 100644 released/discovery_center/mission_4024_trial/step2/provider.tf create mode 100644 released/discovery_center/mission_4024_trial/step2/sample.tfvars create mode 100644 released/discovery_center/mission_4024_trial/step2/variables.tf diff --git a/released/discovery_center/mission_4024/README.md b/released/discovery_center/mission_4024/README.md index 0df208d8..437d3331 100644 --- a/released/discovery_center/mission_4024/README.md +++ b/released/discovery_center/mission_4024/README.md @@ -1,10 +1,12 @@ -# Discovery Center mission - Keep the Core Clean Using SAP Build Apps with SAP S/4HANA +# Discovery Center Mission: # Discovery Center mission: Keep the Core Clean Using SAP Build Apps with SAP S/4HANA (4024) ## Overview -This sample shows how to setup your SAP BTP account for the Discovery Center Mission - [Keep the Core Clean Using SAP Build Apps with SAP S/4HANA](https://discovery-center.cloud.sap/index.html#/missiondetail/4024/) +This sample shows how to setup your SAP BTP account for the Discovery Center Mission - [Keep the Core Clean Using SAP Build Apps with SAP S/4HANA](https://discovery-center.cloud.sap/index.html#/missiondetail/4024/) for your Enterprise BTP Account. -## Content of setup +The respective setup of a trial account is described in [SAP-samples/btp-terraform-samples/tree/main/released/discovery_center/mission_4024_trial/README.md](https://github.com/SAP-samples/btp-terraform-samples/tree/main/released/discovery_center/mission_4024_trial/README.md) + +## Content of setup (step1) The setup comprises the following resources: @@ -13,27 +15,30 @@ The setup comprises the following resources: - Subscriptions to applications - Role collection assignments to users +After this a setup step2 you will configure trust to use only custom IdP for in step1 subscribed SAP Build Apps. + ## Deploying the resources Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html) To deploy the resources you must: -1. Set the environment variables BTP_USERNAME and BTP_PASSWORD to pass credentials to the BTP provider to authenticate and interact with your BTP environments. +### Setup Step1 +1. Set your credentials as environment variables + ```bash - export BTP_USERNAME= - export BTP_PASSWORD= + export BTP_USERNAME ='' + export BTP_PASSWORD ='' ``` -2. Change the variables in the `sample.tfvars` file to meet your requirements - - > The minimal set of parameters you should specify (beside user_email and password) is globalaccount (i.e. its subdomain) and the used custom_idp and all user assignments +2. Go into folder `step1` and change the variables in the `sample.tfvars` file to meet your requirements - > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. + > The minimal set of parameters you should specify (besides user_email and password) is global account (i.e. its subdomain) and the used custom_idp and all user assignments + + > Keep the setting `create_tfvars_file_for_step2 = true` so that a `terraform.tfvars` file is created which contains your needed variables to execute setup `step2` without specifying them again in sample.tfvars there. - -3. Initialize your workspace: +3. In folder `step1` you initialize your workspace: ```bash terraform init @@ -50,3 +55,35 @@ To deploy the resources you must: ```bash terraform apply -var-file="sample.tfvars" ``` + +6. Verify e.g., in BTP cockpit that a new subaccount with a SAP Build Apps and SAP Build Workzone subscriptions have been created. + +### Setup Step2 + +7. Navigate into step2 directory and initialize your workspace there as well: + + ```bash + terraform init + ``` +8. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="terraform.tfvars" + ``` + +9. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="terraform.tfvars" + ``` +10. Verify e.g., in BTP cockpit that after step2 the Security/Trust Configuration in your subaccount has defined only set a user login for Custom IAS tenant, so that SAP Build Apps opens the respective login page. + +With this you have completed the quick account setup as described in the Discovery Center Mission - [Keep the Core Clean Using SAP Build Apps with SAP S/4HANA](https://discovery-center.cloud.sap/index.html#/missiondetail/4024/). + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy -var-file="terraform.tfvars" +``` \ No newline at end of file diff --git a/released/discovery_center/mission_4024/locals.tf b/released/discovery_center/mission_4024/locals.tf deleted file mode 100644 index 0cad1df9..00000000 --- a/released/discovery_center/mission_4024/locals.tf +++ /dev/null @@ -1,4 +0,0 @@ -locals { - service_name__sap_build_apps = "sap-build-apps" - service_name__build_workzone = "SAPLaunchpad" -} \ No newline at end of file diff --git a/released/discovery_center/mission_4024/main.tf b/released/discovery_center/mission_4024/main.tf deleted file mode 100644 index f140d469..00000000 --- a/released/discovery_center/mission_4024/main.tf +++ /dev/null @@ -1,282 +0,0 @@ -############################################################################################### -# Setup subaccount domain and the CF org (to ensure uniqueness in BTP global account) -############################################################################################### -resource "random_uuid" "uuid" {} - -locals { - random_uuid = random_uuid.uuid.result - project_subaccount_domain = "buildapps${local.random_uuid}" - project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) -} - -############################################################################################### -# Creation of subaccount -############################################################################################### -resource "btp_subaccount" "dc_mission" { - count = var.subaccount_id == "" ? 1 : 0 - - name = var.subaccount_name - subdomain = local.project_subaccount_domain - region = lower(var.region) - usage = "USED_FOR_PRODUCTION" -} - -data "btp_subaccount" "dc_mission" { - id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id -} - -############################################################################################### -# Assignment of emergency admins to the sub account as sub account administrators -############################################################################################### -resource "btp_subaccount_role_collection_assignment" "subaccount_admins" { - for_each = toset(var.subaccount_admins) - subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "Subaccount Administrator" - user_name = each.value -} -# ------------------------------------------------------------------------------------------------------ -# Assignment of users as sub account service administrators -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { - for_each = toset(var.subaccount_service_admins) - subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "Subaccount Service Administrator" - user_name = each.value -} - -# ------------------------------------------------------------------------------------------------------ -# Assign custom IDP to sub account (if custom_idp is set) -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_trust_configuration" "customized" { - # Only create trust configuration if custom_idp has been set - subaccount_id = data.btp_subaccount.dc_mission.id - identity_provider = var.custom_idp != "" ? var.custom_idp : element(split("/", btp_subaccount_subscription.identity_instance[0].subscription_url), 2) -} - -resource "btp_subaccount_entitlement" "identity" { - count = var.custom_idp == "" ? 1 : 0 - - subaccount_id = data.btp_subaccount.dc_mission.id - service_name = "sap-identity-services-onboarding" - plan_name = "default" -} - -resource "btp_subaccount_subscription" "identity_instance" { - count = var.custom_idp == "" ? 1 : 0 - - subaccount_id = data.btp_subaccount.dc_mission.id - app_name = "sap-identity-services-onboarding" - plan_name = "default" - parameters = jsonencode({ - cloud_service = "TEST" - }) -} - -############################################################################################### -# Prepare and setup app: SAP Build Workzone, standard edition -############################################################################################### -# Entitle subaccount for usage of app destination SAP Build Workzone, standard edition -resource "btp_subaccount_entitlement" "build_workzone" { - subaccount_id = data.btp_subaccount.dc_mission.id - service_name = local.service_name__build_workzone - plan_name = var.service_plan__build_workzone - amount = var.service_plan__build_workzone == "free" ? 1 : null -} - -# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) -resource "btp_subaccount_subscription" "build_workzone" { - subaccount_id = data.btp_subaccount.dc_mission.id - app_name = local.service_name__build_workzone - plan_name = var.service_plan__build_workzone - depends_on = [btp_subaccount_entitlement.build_workzone] -} - -############################################################################################### -# Prepare and setup app: SAP Build Apps -############################################################################################### -# Entitle subaccount for usage of SAP Build Apps -resource "btp_subaccount_entitlement" "sap_build_apps" { - subaccount_id = data.btp_subaccount.dc_mission.id - service_name = local.service_name__sap_build_apps - plan_name = var.service_plan__sap_build_apps - amount = 1 - depends_on = [btp_subaccount_trust_configuration.customized] -} - -# Create a subscription to the SAP Build Apps -resource "btp_subaccount_subscription" "sap-build-apps_standard" { - subaccount_id = data.btp_subaccount.dc_mission.id - app_name = "sap-appgyver-ee" - plan_name = var.service_plan__sap_build_apps - depends_on = [btp_subaccount_entitlement.sap_build_apps] -} - -# Get all roles in the subaccount -data "btp_subaccount_roles" "all" { - subaccount_id = data.btp_subaccount.dc_mission.id - depends_on = [btp_subaccount_subscription.sap-build-apps_standard] -} - -############################################################################################### -# Setup for role collection BuildAppsAdmin -############################################################################################### -# Create the role collection -resource "btp_subaccount_role_collection" "build_apps_BuildAppsAdmin" { - subaccount_id = data.btp_subaccount.dc_mission.id - name = "BuildAppsAdmin" - - roles = [ - for role in data.btp_subaccount_roles.all.values : { - name = role.name - role_template_app_id = role.app_id - role_template_name = role.role_template_name - } if contains(["BuildAppsAdmin"], role.name) - ] -} -# Assign users to the role collection -resource "btp_subaccount_role_collection_assignment" "build_apps_BuildAppsAdmin" { - depends_on = [btp_subaccount_role_collection.build_apps_BuildAppsAdmin] - for_each = toset(var.users_BuildAppsAdmin) - subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "BuildAppsAdmin" - user_name = each.value - origin = btp_subaccount_trust_configuration.customized.origin -} - -############################################################################################### -# Setup for role collection BuildAppsDeveloper -############################################################################################### -# Create the role collection -resource "btp_subaccount_role_collection" "build_apps_BuildAppsDeveloper" { - subaccount_id = data.btp_subaccount.dc_mission.id - name = "BuildAppsDeveloper" - - roles = [ - for role in data.btp_subaccount_roles.all.values : { - name = role.name - role_template_app_id = role.app_id - role_template_name = role.role_template_name - } if contains(["BuildAppsDeveloper"], role.name) - ] -} -# Assign users to the role collection -resource "btp_subaccount_role_collection_assignment" "build_apps_BuildAppsDeveloper" { - depends_on = [btp_subaccount_role_collection.build_apps_BuildAppsDeveloper] - for_each = toset(var.users_BuildAppsDeveloper) - subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "BuildAppsDeveloper" - user_name = each.value - origin = btp_subaccount_trust_configuration.customized.origin -} - -############################################################################################### -# Setup for role collection RegistryAdmin -############################################################################################### -# Create the role collection -resource "btp_subaccount_role_collection" "build_apps_RegistryAdmin" { - subaccount_id = data.btp_subaccount.dc_mission.id - name = "RegistryAdmin" - - roles = [ - for role in data.btp_subaccount_roles.all.values : { - name = role.name - role_template_app_id = role.app_id - role_template_name = role.role_template_name - } if contains(["RegistryAdmin"], role.name) - ] -} -# Assign users to the role collection -resource "btp_subaccount_role_collection_assignment" "build_apps_RegistryAdmin" { - depends_on = [btp_subaccount_role_collection.build_apps_RegistryAdmin] - for_each = toset(var.users_RegistryAdmin) - subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "RegistryAdmin" - user_name = each.value - origin = btp_subaccount_trust_configuration.customized.origin -} - -############################################################################################### -# Setup for role collection RegistryDeveloper -############################################################################################### -# Create the role collection -resource "btp_subaccount_role_collection" "build_apps_RegistryDeveloper" { - subaccount_id = data.btp_subaccount.dc_mission.id - name = "RegistryDeveloper" - - roles = [ - for role in data.btp_subaccount_roles.all.values : { - name = role.name - role_template_app_id = role.app_id - role_template_name = role.role_template_name - } if contains(["RegistryDeveloper"], role.name) - ] -} -# Assign users to the role collection -resource "btp_subaccount_role_collection_assignment" "build_apps_RegistryDeveloper" { - depends_on = [btp_subaccount_role_collection.build_apps_RegistryDeveloper] - for_each = toset(var.users_RegistryDeveloper) - subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "RegistryDeveloper" - user_name = each.value - origin = btp_subaccount_trust_configuration.customized.origin -} -############################################################################################### -# Create destination for Visual Cloud Functions -############################################################################################### -# Get plan for destination service -data "btp_subaccount_service_plan" "by_name" { - subaccount_id = data.btp_subaccount.dc_mission.id - name = "lite" - offering_name = "destination" - depends_on = [btp_subaccount_subscription.build_workzone] -} - -# Get subaccount data -data "btp_subaccount" "subaccount" { - id = data.btp_subaccount.dc_mission.id -} - -# Create the destination -resource "btp_subaccount_service_instance" "vcf_destination" { - subaccount_id = data.btp_subaccount.dc_mission.id - serviceplan_id = data.btp_subaccount_service_plan.by_name.id - name = "SAP-Build-Apps-Runtime" - parameters = jsonencode({ - HTML5Runtime_enabled = true - init_data = { - subaccount = { - existing_destinations_policy = "update" - destinations = [ - { - Name = "SAP-Build-Apps-Runtime" - Type = "HTTP" - Description = "Endpoint to SAP Build Apps runtime" - URL = "https://${data.btp_subaccount.subaccount.subdomain}.cr1.${data.btp_subaccount.subaccount.region}.apps.build.cloud.sap/" - ProxyType = "Internet" - Authentication = "NoAuthentication" - "HTML5.ForwardAuthToken" = true - } - ] - } - } - }) -} - -############################################################################################### -# Prepare and setup service: destination -############################################################################################### -# Entitle subaccount for usage of service destination -resource "btp_subaccount_entitlement" "destination" { - subaccount_id = data.btp_subaccount.dc_mission.id - service_name = "destination" - plan_name = "lite" -} - -# Assign users to Role Collection: Launchpad_Admin -resource "btp_subaccount_role_collection_assignment" "build_workzone_admin" { - for_each = toset(var.build_workzone_admins) - subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "Launchpad_Admin" - user_name = each.value - depends_on = [btp_subaccount_subscription.build_workzone] -} diff --git a/released/discovery_center/mission_4024/sample.tfvars b/released/discovery_center/mission_4024/sample.tfvars deleted file mode 100644 index 692cca64..00000000 --- a/released/discovery_center/mission_4024/sample.tfvars +++ /dev/null @@ -1,20 +0,0 @@ -################################# -# Provider configuration -################################# -custom_idp = "<>.accounts.ondemand.com" - -################################# -# Account settings -################################# -globalaccount = "your-globalaccount-subdomain" -region = "us10" - -################################# -# Use case specific configuration -################################# -subaccount_admins = ["jane.doe@test.com"] -subaccount_service_admins = ["jane.doe@test.com"] -users_BuildAppsAdmin = ["jane.doe@test.com", "john.doe@test.com"] -users_BuildAppsDeveloper = ["jane.doe@test.com", "john.doe@test.com"] -users_RegistryAdmin = ["jane.doe@test.com", "john.doe@test.com"] -users_RegistryDeveloper = ["jane.doe@test.com", "john.doe@test.com"] diff --git a/released/discovery_center/mission_4024/step1/main.tf b/released/discovery_center/mission_4024/step1/main.tf new file mode 100644 index 00000000..7b6bd716 --- /dev/null +++ b/released/discovery_center/mission_4024/step1/main.tf @@ -0,0 +1,289 @@ +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + subaccount_domain = "dcmission4024${local.random_uuid}" + + # used (mandatory) services + service_name__sap_build_apps = "sap-build-apps" + service_name__sap_launchpad = "SAPLaunchpad" + service_name__destination = "destination" + # optional, if custom idp is used + service_name__sap_identity_services_onboarding = "sap-identity-services-onboarding" +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of subaccount +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount" "dc_mission" { + count = var.subaccount_id == "" ? 1 : 0 + + name = var.subaccount_name + subdomain = local.subaccount_domain + region = var.region +} + +data "btp_subaccount" "dc_mission" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id +} + +data "btp_subaccount" "subaccount" { + id = data.btp_subaccount.dc_mission.id +} +# ------------------------------------------------------------------------------------------------------ +# SERVICES/SUBSCRIPTIONS +# ------------------------------------------------------------------------------------------------------ +# ------------------------------------------------------------------------------------------------------ +# Setup sap-identity-services-onboarding (Cloud Identity Services) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "sap_identity_services_onboarding" { + count = var.custom_idp == "" ? 1 : 0 + + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_identity_services_onboarding + plan_name = var.service_plan__sap_identity_services_onboarding +} +# Subscribe +resource "btp_subaccount_subscription" "sap_identity_services_onboarding" { + count = var.custom_idp == "" ? 1 : 0 + + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = local.service_name__sap_identity_services_onboarding + plan_name = var.service_plan__sap_identity_services_onboarding +} +# IdP trust configuration +resource "btp_subaccount_trust_configuration" "fully_customized" { + subaccount_id = data.btp_subaccount.dc_mission.id + identity_provider = var.custom_idp != "" ? var.custom_idp : element(split("/", btp_subaccount_subscription.sap_identity_services_onboarding[0].subscription_url), 2) +} +# ------------------------------------------------------------------------------------------------------ +# Setup sap-build-apps (SAP Build Apps) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "sap_build_apps" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_build_apps + plan_name = var.service_plan__sap_build_apps + amount = 1 + depends_on = [btp_subaccount_trust_configuration.fully_customized] +} +# Subscribe +resource "btp_subaccount_subscription" "sap-build-apps" { + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = "sap-appgyver-ee" + plan_name = var.service_plan__sap_build_apps + depends_on = [btp_subaccount_entitlement.sap_build_apps] +} + +# ------------------------------------------------------------------------------------------------------ +# Setup SAPLaunchpad (SAP Build Work Zone, standard edition) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "sap_launchpad" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_launchpad + plan_name = var.service_plan__sap_launchpad + amount = var.service_plan__sap_launchpad == "free" ? 1 : null +} + +# Subscribe +resource "btp_subaccount_subscription" "sap_launchpad" { + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = local.service_name__sap_launchpad + plan_name = var.service_plan__sap_launchpad + depends_on = [btp_subaccount_entitlement.sap_launchpad] +} + +# ------------------------------------------------------------------------------------------------------ +# Setup destination (Destination Service) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "destination" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__destination + plan_name = var.service_plan__destination +} + +# Get plan for destination service +data "btp_subaccount_service_plan" "by_name" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = var.service_plan__destination + offering_name = local.service_name__destination + depends_on = [btp_subaccount_subscription.sap_launchpad] +} + +# Create destination for Visual Cloud Functions +resource "btp_subaccount_service_instance" "vcf_destination" { + subaccount_id = data.btp_subaccount.dc_mission.id + serviceplan_id = data.btp_subaccount_service_plan.by_name.id + name = "SAP-Build-Apps-Runtime" + parameters = jsonencode({ + HTML5Runtime_enabled = true + init_data = { + subaccount = { + existing_destinations_policy = "update" + destinations = [ + { + Name = "SAP-Build-Apps-Runtime" + Type = "HTTP" + Description = "Endpoint to SAP Build Apps runtime" + URL = "https://${data.btp_subaccount.subaccount.subdomain}.cr1.${data.btp_subaccount.subaccount.region}.apps.build.cloud.sap/" + ProxyType = "Internet" + Authentication = "NoAuthentication" + "HTML5.ForwardAuthToken" = true + } + ] + } + } + }) +} + +# ------------------------------------------------------------------------------------------------------ +# USERS AND ROLES +# ------------------------------------------------------------------------------------------------------ +# +# Get all roles in the subaccount +data "btp_subaccount_roles" "all" { + subaccount_id = data.btp_subaccount.dc_mission.id + depends_on = [btp_subaccount_subscription.sap-build-apps] +} +# ------------------------------------------------------------------------------------------------------ +# Assign role collection "Subaccount Administrator" +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Administrator" + user_name = each.value + depends_on = [btp_subaccount.dc_mission] +} + +# ------------------------------------------------------------------------------------------------------ +# Create/Assign role collection "BuildAppsAdmin" +# ------------------------------------------------------------------------------------------------------ +# Create +resource "btp_subaccount_role_collection" "build_apps_admin" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "BuildAppsAdmin" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["BuildAppsAdmin"], role.name) + ] +} +# Assign users +resource "btp_subaccount_role_collection_assignment" "build_apps_admin" { + for_each = toset(var.build_apps_admins) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "BuildAppsAdmin" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin + depends_on = [btp_subaccount_role_collection.build_apps_admin] +} + +# ------------------------------------------------------------------------------------------------------ +# Create/Assign role collection "BuildAppsDeveloper" +# ------------------------------------------------------------------------------------------------------ +# Create +resource "btp_subaccount_role_collection" "build_apps_developer" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "BuildAppsDeveloper" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["BuildAppsDeveloper"], role.name) + ] +} +# Assign users +resource "btp_subaccount_role_collection_assignment" "build_apps_developer" { + for_each = toset(var.build_apps_developers) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "BuildAppsDeveloper" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin + depends_on = [btp_subaccount_role_collection.build_apps_developer] +} + +# ------------------------------------------------------------------------------------------------------ +# Create/Assign role collection "RegistryAdmin" +# ------------------------------------------------------------------------------------------------------ +# Create +resource "btp_subaccount_role_collection" "build_apps_registry_admin" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "RegistryAdmin" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["RegistryAdmin"], role.name) + ] +} +# Assign users +resource "btp_subaccount_role_collection_assignment" "build_apps_registry_admin" { + for_each = toset(var.build_apps_registry_admin) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "RegistryAdmin" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin + depends_on = [btp_subaccount_role_collection.build_apps_registry_admin] +} + +# ------------------------------------------------------------------------------------------------------ +# Create/Assign role collection "RegistryDeveloper" +# ------------------------------------------------------------------------------------------------------ +# Create +resource "btp_subaccount_role_collection" "build_apps_registry_developer" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "RegistryDeveloper" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["RegistryDeveloper"], role.name) + ] +} +# Assign users to the role collection +resource "btp_subaccount_role_collection_assignment" "build_apps_registry_developer" { + for_each = toset(var.build_apps_registry_developer) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "RegistryDeveloper" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin + depends_on = [btp_subaccount_role_collection.build_apps_registry_developer] +} + +# Assign users +resource "btp_subaccount_role_collection_assignment" "launchpad_admin" { + for_each = toset("${var.launchpad_admins}") + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Launchpad_Admin" + user_name = each.value + depends_on = [btp_subaccount_subscription.sap_launchpad] +} + +# ------------------------------------------------------------------------------------------------------ +# Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true) +# ------------------------------------------------------------------------------------------------------ +resource "local_file" "output_vars_step1" { + count = var.create_tfvars_file_for_step2 ? 1 : 0 + content = <<-EOT + globalaccount = "${var.globalaccount}" + cli_server_url = ${jsonencode(var.cli_server_url)} + custom_idp = "${var.custom_idp}" + + subaccount_id = "${data.btp_subaccount.dc_mission.id}" + + EOT + filename = "../step2/terraform.tfvars" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024/outputs.tf b/released/discovery_center/mission_4024/step1/outputs.tf similarity index 55% rename from released/discovery_center/mission_4024/outputs.tf rename to released/discovery_center/mission_4024/step1/outputs.tf index 9b578032..d375243d 100644 --- a/released/discovery_center/mission_4024/outputs.tf +++ b/released/discovery_center/mission_4024/step1/outputs.tf @@ -4,6 +4,6 @@ output "subaccount_id" { } output "sap_build_apps_subscription_url" { - value = btp_subaccount_subscription.sap-build-apps_standard.subscription_url - description = "SAP Build Apps subscription URL." -} + value = btp_subaccount_subscription.sap-build-apps.subscription_url + description = "The subscription_url of build app." +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024/provider.tf b/released/discovery_center/mission_4024/step1/provider.tf similarity index 51% rename from released/discovery_center/mission_4024/provider.tf rename to released/discovery_center/mission_4024/step1/provider.tf index bfc8e8b7..96c49aa2 100644 --- a/released/discovery_center/mission_4024/provider.tf +++ b/released/discovery_center/mission_4024/step1/provider.tf @@ -8,9 +8,6 @@ terraform { } provider "btp" { - # Comment out the idp in case you need it to connect to your global account - # ------------------------------------------------------------------------- - # idp = var.custom_idp cli_server_url = var.cli_server_url globalaccount = var.globalaccount } diff --git a/released/discovery_center/mission_4024/step1/sample.tfvars b/released/discovery_center/mission_4024/step1/sample.tfvars new file mode 100644 index 00000000..a13cd559 --- /dev/null +++ b/released/discovery_center/mission_4024/step1/sample.tfvars @@ -0,0 +1,25 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ +custom_idp = "<>.accounts.ondemand.com" + +# ------------------------------------------------------------------------------------------------------ +# Account settings +# ------------------------------------------------------------------------------------------------------ +globalaccount = "your-globalaccount-subdomain" +region = "us10" + +# ------------------------------------------------------------------------------------------------------ +# Use case specific configuration +# ------------------------------------------------------------------------------------------------------ +subaccount_admins = ["jane.doe@test.com"] +launchpad_admins = ["jane.doe@test.com"] +build_apps_admins = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_developers = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_registry_admin = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_registry_developer = ["jane.doe@test.com", "john.doe@test.com"] + +# ------------------------------------------------------------------------------------------------------ +# Create tfvars file for the step 2 +# ------------------------------------------------------------------------------------------------------ +create_tfvars_file_for_step2 = true \ No newline at end of file diff --git a/released/discovery_center/mission_4024/step1/variables.tf b/released/discovery_center/mission_4024/step1/variables.tf new file mode 100644 index 00000000..4f784f0a --- /dev/null +++ b/released/discovery_center/mission_4024/step1/variables.tf @@ -0,0 +1,134 @@ +# ------------------------------------------------------------------------------------------------------ +# Account variables +# ------------------------------------------------------------------------------------------------------ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cpcli.cf.eu10.hana.ondemand.com" +} + +variable "custom_idp" { + type = string + description = "Defines the custom IDP to be used for the subaccount" + default = "" +} + +variable "region" { + type = string + description = "The region where the sub account shall be created in." + default = "us10" +} + +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "My SAP Build Apps subaccount" +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} + +# ------------------------------------------------------------------------------------------------------ +# service plans +# ------------------------------------------------------------------------------------------------------ +variable "service_plan__sap_build_apps" { + type = string + description = "The plan for SAP Build Apps subscription" + default = "free" + validation { + condition = contains(["free", "standard", "partner"], var.service_plan__sap_build_apps) + error_message = "Invalid value for service_plan__sap_build_apps. Only 'free', 'standard' and 'partner' are allowed." + } +} + +variable "service_plan__sap_launchpad" { + type = string + description = "The plan for service 'SAP Build Work Zone, standard edition' with technical name 'SAPLaunchpad'" + default = "free" + validation { + condition = contains(["free", "standard"], var.service_plan__sap_launchpad) + error_message = "Invalid value for service_plan__sap_launchpad. Only 'free' and 'standard' are allowed." + } +} + +variable "service_plan__destination" { + type = string + description = "The plan for service 'Destination Service' with technical name 'destination'" + default = "lite" + validation { + condition = contains(["lite"], var.service_plan__destination) + error_message = "Invalid value for service_plan__destination. Only 'lite' is allowed." + } +} + +variable "service_plan__sap_identity_services_onboarding" { + type = string + description = "The plan for service 'Cloud Identity Services' with technical name 'sap-identity-services-onboarding'" + default = "default" + validation { + condition = contains(["default"], var.service_plan__sap_identity_services_onboarding) + error_message = "Invalid value for service_plan__sap_identity_services_onboarding. Only 'default' is allowed." + } +} + +# ------------------------------------------------------------------------------------------------------ +# User lists +# ------------------------------------------------------------------------------------------------------ +variable "subaccount_admins" { + type = list(string) + description = "Defines the users who are added to subaccount as administrators." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "launchpad_admins" { + type = list(string) + description = "Defines the users who have the role of 'Launchpad_Admin'." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.launchpad_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.launchpad_admins) + error_message = "Please enter a valid email address for the launchpad admins." + } +} + +variable "build_apps_admins" { + type = list(string) + description = "Defines the users who have the role of 'BuildAppsAdmin' in SAP Build Apps." +} + +variable "build_apps_developers" { + type = list(string) + description = "Defines the users who have the role of 'BuildAppsDeveloper' in SAP Build Apps." +} + +variable "build_apps_registry_admin" { + type = list(string) + description = "Defines the users who have the role of 'RegistryAdmin' in SAP Build Apps." +} + +variable "build_apps_registry_developer" { + type = list(string) + description = "Defines the users who have the role of RegistryDeveloper' in SAP Build Apps." +} + +# ------------------------------------------------------------------------------------------------------ +# Switch for creating tfvars for step 2 +# ------------------------------------------------------------------------------------------------------ +variable "create_tfvars_file_for_step2" { + type = bool + description = "Switch to enable the creation of the tfvars file for step 2." + default = false +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024/step2/main.tf b/released/discovery_center/mission_4024/step2/main.tf new file mode 100644 index 00000000..d058c9b2 --- /dev/null +++ b/released/discovery_center/mission_4024/step2/main.tf @@ -0,0 +1,14 @@ +# ------------------------------------------------------------------------------------------------------ +# Import custom trust config and disable for user login +# ------------------------------------------------------------------------------------------------------ +import { + to = btp_subaccount_trust_configuration.default + id = "${var.subaccount_id},sap.default" +} + +resource "btp_subaccount_trust_configuration" "default" { + subaccount_id = var.subaccount_id + identity_provider = "" + auto_create_shadow_users = false + available_for_user_logon = false +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024/step2/provider.tf b/released/discovery_center/mission_4024/step2/provider.tf new file mode 100644 index 00000000..40d74773 --- /dev/null +++ b/released/discovery_center/mission_4024/step2/provider.tf @@ -0,0 +1,13 @@ +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "~> 1.5.0" + } + } +} + +provider "btp" { + cli_server_url = var.cli_server_url + globalaccount = var.globalaccount +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024/step2/sample.tfvars b/released/discovery_center/mission_4024/step2/sample.tfvars new file mode 100644 index 00000000..b16acea0 --- /dev/null +++ b/released/discovery_center/mission_4024/step2/sample.tfvars @@ -0,0 +1,5 @@ +# ------------------------------------------------------------------------------------------------------ +# Account settings +# ------------------------------------------------------------------------------------------------------ +globalaccount = "<>" +subaccount_id = "<>" diff --git a/released/discovery_center/mission_4024/step2/variables.tf b/released/discovery_center/mission_4024/step2/variables.tf new file mode 100644 index 00000000..e8f3bc5a --- /dev/null +++ b/released/discovery_center/mission_4024/step2/variables.tf @@ -0,0 +1,21 @@ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cpcli.cf.eu10.hana.ondemand.com" +} + +variable "custom_idp" { + type = string + description = "Defines the custom IDP to be used for the subaccount" + default = "" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024/variables.tf b/released/discovery_center/mission_4024/variables.tf deleted file mode 100644 index 88b85a03..00000000 --- a/released/discovery_center/mission_4024/variables.tf +++ /dev/null @@ -1,93 +0,0 @@ -variable "globalaccount" { - type = string - description = "The globalaccount subdomain where the sub account shall be created." -} - -variable "subaccount_name" { - type = string - description = "The subaccount name." - default = "My SAP Build Apps subaccount" -} - -variable "subaccount_id" { - type = string - description = "The subaccount ID." - default = "" -} - -variable "cli_server_url" { - type = string - description = "The BTP CLI server URL." - default = "https://cpcli.cf.eu10.hana.ondemand.com" -} - -variable "custom_idp" { - type = string - description = "Defines the custom IDP to be used for the subaccount" - default = "" -} - -variable "region" { - type = string - description = "The region where the sub account shall be created in." - default = "us10" -} - -variable "service_plan__sap_build_apps" { - type = string - description = "The plan for SAP Build Apps subscription" - default = "free" - validation { - condition = contains(["free", "standard", "partner"], var.service_plan__sap_build_apps) - error_message = "Invalid value for service_plan__sap_build_apps. Only 'free', 'standard' and 'partner' are allowed." - } -} - -variable "service_plan__build_workzone" { - type = string - description = "The plan for build_workzone subscription" - default = "free" - validation { - condition = contains(["free", "standard"], var.service_plan__build_workzone) - error_message = "Invalid value for service_plan__build_workzone. Only 'free' and 'standard' are allowed." - } -} - - -variable "subaccount_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "build_workzone_admins" { - type = list(string) - description = "Defines the administrators for SAP Build Workzone, standard edition." - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "subaccount_service_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "users_BuildAppsAdmin" { - type = list(string) - description = "Defines the colleagues who have the role of 'BuildAppsAdmin' in SAP Build Apps." -} - -variable "users_BuildAppsDeveloper" { - type = list(string) - description = "Defines the colleagues who have the role of 'BuildAppsDeveloper' in SAP Build Apps." -} - -variable "users_RegistryAdmin" { - type = list(string) - description = "Defines the colleagues who have the role of 'RegistryAdmin' in SAP Build Apps." -} - -variable "users_RegistryDeveloper" { - type = list(string) - description = "Defines the colleagues who have the role of RegistryDeveloper' in SAP Build Apps." -} \ No newline at end of file diff --git a/released/discovery_center/mission_4024_trial/README.md b/released/discovery_center/mission_4024_trial/README.md new file mode 100644 index 00000000..13767c9e --- /dev/null +++ b/released/discovery_center/mission_4024_trial/README.md @@ -0,0 +1,108 @@ +# Discovery Center Mission: # Discovery Center mission: Keep the Core Clean Using SAP Build Apps with SAP S/4HANA (4024) + +## Overview + +This sample shows how to setup your SAP BTP account for the Discovery Center Mission - [Keep the Core Clean Using SAP Build Apps with SAP S/4HANA](https://discovery-center.cloud.sap/index.html#/missiondetail/4024/) for your trial account. + +The respective setup of an Enterprise account is described in [SAP-samples/btp-terraform-samples/tree/main/released/discovery_center/mission_4024/README.md](https://github.com/SAP-samples/btp-terraform-samples/tree/main/released/discovery_center/mission_4024/README.md) + +## Important: Trial Account Prerequisites + +Contrary to an Enterprise account (where the setup will happen in a newly created subaccount, where entitlements are added), we make the assumption that in your trial account there is already a subaccount (by default named 'trial') with all the required service entitlements and not already in use! + +In a newly created trial account this is already true and you are good to go immediately with this setup. + +But if you have already used services and/or setup subscriptions in your trial account, you have to make sure that you free up these resources to start with this setup here (i.e. delete the corresponding services/subscriptions used for this Discover Center Mission setup). Otherwise the setup would fail! + +For this mission setup the following resources (services, subscriptions, etc.) are used: + +- SAP Build Apps (Subscription) +- SAP Build Work Zone, standard edition (Subscription) +- SAP-Build-Apps-Runtime (Instance) +- SAP-Build-Apps-Runtime (Destination) +- Custom IAS Tenant (Custom Identity Provider for Applications) + +You could delete these resources in your [BTP Trial Cockpit](https://cockpit.btp.cloud.sap/trial) on the corresponding trial subaccount pages +- Services > Instances and Subscriptions +- Connectivity > Destinations +- Security > Trust Configuration + +## Content of setup (step1) + +The setup comprises the following resources: + +- Subscriptions to applications +- Role collection assignments to users + +After this a setup step2 you will configure trust to use only custom IdP for in step1 subscribed SAP Build Apps. + +## Deploying the resources + +Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html) + +To deploy the resources you must: + +### Setup Step1 + +1. Set your credentials as environment variables + + ```bash + export BTP_USERNAME ='' + export BTP_PASSWORD ='' + ``` + +2. Go into folder `step1` and change the variables in the `sample.tfvars` file to meet your requirements + + > The minimal set of parameters you should specify (besides user_email and password) is global account (i.e. its subdomain) and all user assignments + + > Keep the setting `create_tfvars_file_for_step2 = true` so that a `terraform.tfvars` file is created which contains your needed variables to execute setup `step2` without specifying them again in sample.tfvars there. + +3. In folder `step1` you initialize your workspace: + + ```bash + terraform init + ``` + +4. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="sample.tfvars" + ``` + +5. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="sample.tfvars" + ``` + +6. Verify e.g., in BTP cockpit that a new subaccount with a SAP Build Apps and SAP Build Workzone subscriptions have been created. + +### Setup Step2 + +7. Navigate into step2 directory and initialize your workspace there as well: + + ```bash + terraform init + ``` +8. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="terraform.tfvars" + ``` + +9. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="terraform.tfvars" + ``` +10. Verify e.g., in BTP cockpit that after step2 the Security/Trust Configuration in your subaccount has defined only set a user login for Custom IAS tenant, so that SAP Build Apps opens the respective login page. + +With this you have completed the quick account setup as described in the Discovery Center Mission - [Keep the Core Clean Using SAP Build Apps with SAP S/4HANA](https://discovery-center.cloud.sap/index.html#/missiondetail/4024/). + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy -var-file="terraform.tfvars" +``` \ No newline at end of file diff --git a/released/discovery_center/mission_4024_trial/step1/main.tf b/released/discovery_center/mission_4024_trial/step1/main.tf new file mode 100644 index 00000000..8f6db10b --- /dev/null +++ b/released/discovery_center/mission_4024_trial/step1/main.tf @@ -0,0 +1,289 @@ +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + subaccount_domain = "dcmission4024${local.random_uuid}" + + # used (mandatory) services + service_name__sap_build_apps = "sap-build-apps" + service_name__sap_launchpad = "SAPLaunchpad" + service_name__destination = "destination" + # optional, if custom idp is used + service_name__sap_identity_services_onboarding = "sap-identity-services-onboarding" +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of subaccount +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount" "dc_mission" { + count = var.subaccount_id == "" ? 1 : 0 + + name = var.subaccount_name + subdomain = local.subaccount_domain + region = var.region +} + +data "btp_subaccount" "dc_mission" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id +} + +data "btp_subaccount" "subaccount" { + id = data.btp_subaccount.dc_mission.id +} +# ------------------------------------------------------------------------------------------------------ +# SERVICES/SUBSCRIPTIONS +# ------------------------------------------------------------------------------------------------------ +# ------------------------------------------------------------------------------------------------------ +# Setup sap-identity-services-onboarding (Cloud Identity Services) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "sap_identity_services_onboarding" { + count = var.custom_idp == "" ? 1 : 0 + + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_identity_services_onboarding + plan_name = var.service_plan__sap_identity_services_onboarding +} +# Subscribe +resource "btp_subaccount_subscription" "sap_identity_services_onboarding" { + count = var.custom_idp == "" ? 1 : 0 + + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = local.service_name__sap_identity_services_onboarding + plan_name = var.service_plan__sap_identity_services_onboarding +} +# IdP trust configuration +resource "btp_subaccount_trust_configuration" "fully_customized" { + subaccount_id = data.btp_subaccount.dc_mission.id + identity_provider = var.custom_idp != "" ? var.custom_idp : element(split("/", btp_subaccount_subscription.sap_identity_services_onboarding[0].subscription_url), 2) +} +# ------------------------------------------------------------------------------------------------------ +# Setup sap-build-apps (SAP Build Apps) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "sap_build_apps" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_build_apps + plan_name = var.service_plan__sap_build_apps + amount = 1 + depends_on = [btp_subaccount_trust_configuration.fully_customized] +} +# Subscribe +resource "btp_subaccount_subscription" "sap-build-apps" { + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = "sap-appgyver-ee" + plan_name = var.service_plan__sap_build_apps + depends_on = [btp_subaccount_entitlement.sap_build_apps] +} + +# ------------------------------------------------------------------------------------------------------ +# Setup SAPLaunchpad (SAP Build Work Zone, standard edition) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "sap_launchpad" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_launchpad + plan_name = var.service_plan__sap_launchpad + #amount = var.service_plan__sap_launchpad == "free" ? 1 : null +} + +# Subscribe +resource "btp_subaccount_subscription" "sap_launchpad" { + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = local.service_name__sap_launchpad + plan_name = var.service_plan__sap_launchpad + depends_on = [btp_subaccount_entitlement.sap_launchpad] +} + +# ------------------------------------------------------------------------------------------------------ +# Setup destination (Destination Service) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "destination" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__destination + plan_name = var.service_plan__destination +} + +# Get plan for destination service +data "btp_subaccount_service_plan" "by_name" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = var.service_plan__destination + offering_name = local.service_name__destination + depends_on = [btp_subaccount_subscription.sap_launchpad] +} + +# Create destination for Visual Cloud Functions +resource "btp_subaccount_service_instance" "vcf_destination" { + subaccount_id = data.btp_subaccount.dc_mission.id + serviceplan_id = data.btp_subaccount_service_plan.by_name.id + name = "SAP-Build-Apps-Runtime" + parameters = jsonencode({ + HTML5Runtime_enabled = true + init_data = { + subaccount = { + existing_destinations_policy = "update" + destinations = [ + { + Name = "SAP-Build-Apps-Runtime" + Type = "HTTP" + Description = "Endpoint to SAP Build Apps runtime" + URL = "https://${data.btp_subaccount.subaccount.subdomain}.cr1.${data.btp_subaccount.subaccount.region}.apps.build.cloud.sap/" + ProxyType = "Internet" + Authentication = "NoAuthentication" + "HTML5.ForwardAuthToken" = true + } + ] + } + } + }) +} + +# ------------------------------------------------------------------------------------------------------ +# USERS AND ROLES +# ------------------------------------------------------------------------------------------------------ +# +# Get all roles in the subaccount +data "btp_subaccount_roles" "all" { + subaccount_id = data.btp_subaccount.dc_mission.id + depends_on = [btp_subaccount_subscription.sap-build-apps] +} +# ------------------------------------------------------------------------------------------------------ +# Assign role collection "Subaccount Administrator" +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Administrator" + user_name = each.value + depends_on = [btp_subaccount.dc_mission] +} + +# ------------------------------------------------------------------------------------------------------ +# Create/Assign role collection "BuildAppsAdmin" +# ------------------------------------------------------------------------------------------------------ +# Create +resource "btp_subaccount_role_collection" "build_apps_admin" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "BuildAppsAdmin" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["BuildAppsAdmin"], role.name) + ] +} +# Assign users +resource "btp_subaccount_role_collection_assignment" "build_apps_admin" { + for_each = toset(var.build_apps_admins) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "BuildAppsAdmin" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin + depends_on = [btp_subaccount_role_collection.build_apps_admin] +} + +# ------------------------------------------------------------------------------------------------------ +# Create/Assign role collection "BuildAppsDeveloper" +# ------------------------------------------------------------------------------------------------------ +# Create +resource "btp_subaccount_role_collection" "build_apps_developer" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "BuildAppsDeveloper" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["BuildAppsDeveloper"], role.name) + ] +} +# Assign users +resource "btp_subaccount_role_collection_assignment" "build_apps_developer" { + for_each = toset(var.build_apps_developers) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "BuildAppsDeveloper" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin + depends_on = [btp_subaccount_role_collection.build_apps_developer] +} + +# ------------------------------------------------------------------------------------------------------ +# Create/Assign role collection "RegistryAdmin" +# ------------------------------------------------------------------------------------------------------ +# Create +resource "btp_subaccount_role_collection" "build_apps_registry_admin" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "RegistryAdmin" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["RegistryAdmin"], role.name) + ] +} +# Assign users +resource "btp_subaccount_role_collection_assignment" "build_apps_registry_admin" { + for_each = toset(var.build_apps_registry_admin) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "RegistryAdmin" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin + depends_on = [btp_subaccount_role_collection.build_apps_registry_admin] +} + +# ------------------------------------------------------------------------------------------------------ +# Create/Assign role collection "RegistryDeveloper" +# ------------------------------------------------------------------------------------------------------ +# Create +resource "btp_subaccount_role_collection" "build_apps_registry_developer" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "RegistryDeveloper" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["RegistryDeveloper"], role.name) + ] +} +# Assign users to the role collection +resource "btp_subaccount_role_collection_assignment" "build_apps_registry_developer" { + for_each = toset(var.build_apps_registry_developer) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "RegistryDeveloper" + user_name = each.value + origin = btp_subaccount_trust_configuration.fully_customized.origin + depends_on = [btp_subaccount_role_collection.build_apps_registry_developer] +} + +# Assign users +resource "btp_subaccount_role_collection_assignment" "launchpad_admin" { + for_each = toset("${var.launchpad_admins}") + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Launchpad_Admin" + user_name = each.value + depends_on = [btp_subaccount_subscription.sap_launchpad] +} + +# ------------------------------------------------------------------------------------------------------ +# Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true) +# ------------------------------------------------------------------------------------------------------ +resource "local_file" "output_vars_step1" { + count = var.create_tfvars_file_for_step2 ? 1 : 0 + content = <<-EOT + globalaccount = "${var.globalaccount}" + cli_server_url = ${jsonencode(var.cli_server_url)} + custom_idp = "${var.custom_idp}" + + subaccount_id = "${data.btp_subaccount.dc_mission.id}" + + EOT + filename = "../step2/terraform.tfvars" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024_trial/step1/outputs.tf b/released/discovery_center/mission_4024_trial/step1/outputs.tf new file mode 100644 index 00000000..d375243d --- /dev/null +++ b/released/discovery_center/mission_4024_trial/step1/outputs.tf @@ -0,0 +1,9 @@ +output "subaccount_id" { + value = data.btp_subaccount.dc_mission.id + description = "The ID of the project subaccount." +} + +output "sap_build_apps_subscription_url" { + value = btp_subaccount_subscription.sap-build-apps.subscription_url + description = "The subscription_url of build app." +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024_trial/step1/provider.tf b/released/discovery_center/mission_4024_trial/step1/provider.tf new file mode 100644 index 00000000..96c49aa2 --- /dev/null +++ b/released/discovery_center/mission_4024_trial/step1/provider.tf @@ -0,0 +1,13 @@ +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "~> 1.5.0" + } + } +} + +provider "btp" { + cli_server_url = var.cli_server_url + globalaccount = var.globalaccount +} diff --git a/released/discovery_center/mission_4024_trial/step1/sample.tfvars b/released/discovery_center/mission_4024_trial/step1/sample.tfvars new file mode 100644 index 00000000..4605e6fb --- /dev/null +++ b/released/discovery_center/mission_4024_trial/step1/sample.tfvars @@ -0,0 +1,20 @@ +# ------------------------------------------------------------------------------------------------------ +# Account settings +# ------------------------------------------------------------------------------------------------------ +globalaccount = "your-globalaccount-subdomain" +region = "us10" + +# ------------------------------------------------------------------------------------------------------ +# Use case specific configuration +# ------------------------------------------------------------------------------------------------------ +subaccount_admins = ["jane.doe@test.com"] +launchpad_admins = ["jane.doe@test.com"] +build_apps_admins = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_developers = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_registry_admin = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_registry_developer = ["jane.doe@test.com", "john.doe@test.com"] + +# ------------------------------------------------------------------------------------------------------ +# Create tfvars file for the step 2 +# ------------------------------------------------------------------------------------------------------ +create_tfvars_file_for_step2 = true \ No newline at end of file diff --git a/released/discovery_center/mission_4024_trial/step1/variables.tf b/released/discovery_center/mission_4024_trial/step1/variables.tf new file mode 100644 index 00000000..b4aa93b0 --- /dev/null +++ b/released/discovery_center/mission_4024_trial/step1/variables.tf @@ -0,0 +1,134 @@ +# ------------------------------------------------------------------------------------------------------ +# Account variables +# ------------------------------------------------------------------------------------------------------ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cpcli.cf.eu10.hana.ondemand.com" +} + +variable "custom_idp" { + type = string + description = "Defines the custom IDP to be used for the subaccount" + default = "" +} + +variable "region" { + type = string + description = "The region where the sub account shall be created in." + default = "us10" +} + +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "My SAP Build Apps subaccount" +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} + +# ------------------------------------------------------------------------------------------------------ +# service plans +# ------------------------------------------------------------------------------------------------------ +variable "service_plan__sap_build_apps" { + type = string + description = "The plan for SAP Build Apps subscription" + default = "free" + validation { + condition = contains(["free", "standard", "partner"], var.service_plan__sap_build_apps) + error_message = "Invalid value for service_plan__sap_build_apps. Only 'free', 'standard' and 'partner' are allowed." + } +} + +variable "service_plan__sap_launchpad" { + type = string + description = "The plan for service 'SAP Build Work Zone, standard edition' with technical name 'SAPLaunchpad'" + default = "standard" + validation { + condition = contains(["standard"], var.service_plan__sap_launchpad) + error_message = "Invalid value for service_plan__sap_launchpad. Only 'standard' is allowed." + } +} + +variable "service_plan__destination" { + type = string + description = "The plan for service 'Destination Service' with technical name 'destination'" + default = "lite" + validation { + condition = contains(["lite"], var.service_plan__destination) + error_message = "Invalid value for service_plan__destination. Only 'lite' is allowed." + } +} + +variable "service_plan__sap_identity_services_onboarding" { + type = string + description = "The plan for service 'Cloud Identity Services' with technical name 'sap-identity-services-onboarding'" + default = "default" + validation { + condition = contains(["default"], var.service_plan__sap_identity_services_onboarding) + error_message = "Invalid value for service_plan__sap_identity_services_onboarding. Only 'default' is allowed." + } +} + +# ------------------------------------------------------------------------------------------------------ +# User lists +# ------------------------------------------------------------------------------------------------------ +variable "subaccount_admins" { + type = list(string) + description = "Defines the users who are added to subaccount as administrators." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "launchpad_admins" { + type = list(string) + description = "Defines the users who have the role of 'Launchpad_Admin'." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.launchpad_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.launchpad_admins) + error_message = "Please enter a valid email address for the launchpad admins." + } +} + +variable "build_apps_admins" { + type = list(string) + description = "Defines the users who have the role of 'BuildAppsAdmin' in SAP Build Apps." +} + +variable "build_apps_developers" { + type = list(string) + description = "Defines the users who have the role of 'BuildAppsDeveloper' in SAP Build Apps." +} + +variable "build_apps_registry_admin" { + type = list(string) + description = "Defines the users who have the role of 'RegistryAdmin' in SAP Build Apps." +} + +variable "build_apps_registry_developer" { + type = list(string) + description = "Defines the users who have the role of RegistryDeveloper' in SAP Build Apps." +} + +# ------------------------------------------------------------------------------------------------------ +# Switch for creating tfvars for step 2 +# ------------------------------------------------------------------------------------------------------ +variable "create_tfvars_file_for_step2" { + type = bool + description = "Switch to enable the creation of the tfvars file for step 2." + default = false +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024_trial/step2/main.tf b/released/discovery_center/mission_4024_trial/step2/main.tf new file mode 100644 index 00000000..d058c9b2 --- /dev/null +++ b/released/discovery_center/mission_4024_trial/step2/main.tf @@ -0,0 +1,14 @@ +# ------------------------------------------------------------------------------------------------------ +# Import custom trust config and disable for user login +# ------------------------------------------------------------------------------------------------------ +import { + to = btp_subaccount_trust_configuration.default + id = "${var.subaccount_id},sap.default" +} + +resource "btp_subaccount_trust_configuration" "default" { + subaccount_id = var.subaccount_id + identity_provider = "" + auto_create_shadow_users = false + available_for_user_logon = false +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024_trial/step2/provider.tf b/released/discovery_center/mission_4024_trial/step2/provider.tf new file mode 100644 index 00000000..40d74773 --- /dev/null +++ b/released/discovery_center/mission_4024_trial/step2/provider.tf @@ -0,0 +1,13 @@ +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "~> 1.5.0" + } + } +} + +provider "btp" { + cli_server_url = var.cli_server_url + globalaccount = var.globalaccount +} \ No newline at end of file diff --git a/released/discovery_center/mission_4024_trial/step2/sample.tfvars b/released/discovery_center/mission_4024_trial/step2/sample.tfvars new file mode 100644 index 00000000..b16acea0 --- /dev/null +++ b/released/discovery_center/mission_4024_trial/step2/sample.tfvars @@ -0,0 +1,5 @@ +# ------------------------------------------------------------------------------------------------------ +# Account settings +# ------------------------------------------------------------------------------------------------------ +globalaccount = "<>" +subaccount_id = "<>" diff --git a/released/discovery_center/mission_4024_trial/step2/variables.tf b/released/discovery_center/mission_4024_trial/step2/variables.tf new file mode 100644 index 00000000..e8f3bc5a --- /dev/null +++ b/released/discovery_center/mission_4024_trial/step2/variables.tf @@ -0,0 +1,21 @@ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cpcli.cf.eu10.hana.ondemand.com" +} + +variable "custom_idp" { + type = string + description = "Defines the custom IDP to be used for the subaccount" + default = "" +} \ No newline at end of file From 2582055b53aaa207fd30fba2502bceaf074793b4 Mon Sep 17 00:00:00 2001 From: Jens Glander Date: Mon, 2 Sep 2024 14:34:26 +0200 Subject: [PATCH 2/2] fixed fmt formatting issues --- .../discovery_center/mission_4024/step1/main.tf | 10 +++++----- .../mission_4024/step1/sample.tfvars | 16 ++++++++-------- .../mission_4024/step2/provider.tf | 4 ++-- .../mission_4024_trial/step1/main.tf | 10 +++++----- .../mission_4024_trial/step1/sample.tfvars | 16 ++++++++-------- .../mission_4024_trial/step2/provider.tf | 4 ++-- 6 files changed, 30 insertions(+), 30 deletions(-) diff --git a/released/discovery_center/mission_4024/step1/main.tf b/released/discovery_center/mission_4024/step1/main.tf index 7b6bd716..9a307e52 100644 --- a/released/discovery_center/mission_4024/step1/main.tf +++ b/released/discovery_center/mission_4024/step1/main.tf @@ -5,11 +5,11 @@ locals { subaccount_domain = "dcmission4024${local.random_uuid}" # used (mandatory) services - service_name__sap_build_apps = "sap-build-apps" - service_name__sap_launchpad = "SAPLaunchpad" - service_name__destination = "destination" + service_name__sap_build_apps = "sap-build-apps" + service_name__sap_launchpad = "SAPLaunchpad" + service_name__destination = "destination" # optional, if custom idp is used - service_name__sap_identity_services_onboarding = "sap-identity-services-onboarding" + service_name__sap_identity_services_onboarding = "sap-identity-services-onboarding" } # ------------------------------------------------------------------------------------------------------ @@ -38,7 +38,7 @@ data "btp_subaccount" "subaccount" { # ------------------------------------------------------------------------------------------------------ # Entitle resource "btp_subaccount_entitlement" "sap_identity_services_onboarding" { - count = var.custom_idp == "" ? 1 : 0 + count = var.custom_idp == "" ? 1 : 0 subaccount_id = data.btp_subaccount.dc_mission.id service_name = local.service_name__sap_identity_services_onboarding diff --git a/released/discovery_center/mission_4024/step1/sample.tfvars b/released/discovery_center/mission_4024/step1/sample.tfvars index a13cd559..6c840b36 100644 --- a/released/discovery_center/mission_4024/step1/sample.tfvars +++ b/released/discovery_center/mission_4024/step1/sample.tfvars @@ -6,18 +6,18 @@ custom_idp = "<>.accounts.ondemand.com" # ------------------------------------------------------------------------------------------------------ # Account settings # ------------------------------------------------------------------------------------------------------ -globalaccount = "your-globalaccount-subdomain" -region = "us10" +globalaccount = "your-globalaccount-subdomain" +region = "us10" # ------------------------------------------------------------------------------------------------------ # Use case specific configuration # ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["jane.doe@test.com"] -launchpad_admins = ["jane.doe@test.com"] -build_apps_admins = ["jane.doe@test.com", "john.doe@test.com"] -build_apps_developers = ["jane.doe@test.com", "john.doe@test.com"] -build_apps_registry_admin = ["jane.doe@test.com", "john.doe@test.com"] -build_apps_registry_developer = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_admins = ["jane.doe@test.com"] +launchpad_admins = ["jane.doe@test.com"] +build_apps_admins = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_developers = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_registry_admin = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_registry_developer = ["jane.doe@test.com", "john.doe@test.com"] # ------------------------------------------------------------------------------------------------------ # Create tfvars file for the step 2 diff --git a/released/discovery_center/mission_4024/step2/provider.tf b/released/discovery_center/mission_4024/step2/provider.tf index 40d74773..a743a7a6 100644 --- a/released/discovery_center/mission_4024/step2/provider.tf +++ b/released/discovery_center/mission_4024/step2/provider.tf @@ -8,6 +8,6 @@ terraform { } provider "btp" { - cli_server_url = var.cli_server_url - globalaccount = var.globalaccount + cli_server_url = var.cli_server_url + globalaccount = var.globalaccount } \ No newline at end of file diff --git a/released/discovery_center/mission_4024_trial/step1/main.tf b/released/discovery_center/mission_4024_trial/step1/main.tf index 8f6db10b..8f4b9610 100644 --- a/released/discovery_center/mission_4024_trial/step1/main.tf +++ b/released/discovery_center/mission_4024_trial/step1/main.tf @@ -5,11 +5,11 @@ locals { subaccount_domain = "dcmission4024${local.random_uuid}" # used (mandatory) services - service_name__sap_build_apps = "sap-build-apps" - service_name__sap_launchpad = "SAPLaunchpad" - service_name__destination = "destination" + service_name__sap_build_apps = "sap-build-apps" + service_name__sap_launchpad = "SAPLaunchpad" + service_name__destination = "destination" # optional, if custom idp is used - service_name__sap_identity_services_onboarding = "sap-identity-services-onboarding" + service_name__sap_identity_services_onboarding = "sap-identity-services-onboarding" } # ------------------------------------------------------------------------------------------------------ @@ -38,7 +38,7 @@ data "btp_subaccount" "subaccount" { # ------------------------------------------------------------------------------------------------------ # Entitle resource "btp_subaccount_entitlement" "sap_identity_services_onboarding" { - count = var.custom_idp == "" ? 1 : 0 + count = var.custom_idp == "" ? 1 : 0 subaccount_id = data.btp_subaccount.dc_mission.id service_name = local.service_name__sap_identity_services_onboarding diff --git a/released/discovery_center/mission_4024_trial/step1/sample.tfvars b/released/discovery_center/mission_4024_trial/step1/sample.tfvars index 4605e6fb..496b60f9 100644 --- a/released/discovery_center/mission_4024_trial/step1/sample.tfvars +++ b/released/discovery_center/mission_4024_trial/step1/sample.tfvars @@ -1,18 +1,18 @@ # ------------------------------------------------------------------------------------------------------ # Account settings # ------------------------------------------------------------------------------------------------------ -globalaccount = "your-globalaccount-subdomain" -region = "us10" +globalaccount = "your-globalaccount-subdomain" +region = "us10" # ------------------------------------------------------------------------------------------------------ # Use case specific configuration # ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["jane.doe@test.com"] -launchpad_admins = ["jane.doe@test.com"] -build_apps_admins = ["jane.doe@test.com", "john.doe@test.com"] -build_apps_developers = ["jane.doe@test.com", "john.doe@test.com"] -build_apps_registry_admin = ["jane.doe@test.com", "john.doe@test.com"] -build_apps_registry_developer = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_admins = ["jane.doe@test.com"] +launchpad_admins = ["jane.doe@test.com"] +build_apps_admins = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_developers = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_registry_admin = ["jane.doe@test.com", "john.doe@test.com"] +build_apps_registry_developer = ["jane.doe@test.com", "john.doe@test.com"] # ------------------------------------------------------------------------------------------------------ # Create tfvars file for the step 2 diff --git a/released/discovery_center/mission_4024_trial/step2/provider.tf b/released/discovery_center/mission_4024_trial/step2/provider.tf index 40d74773..a743a7a6 100644 --- a/released/discovery_center/mission_4024_trial/step2/provider.tf +++ b/released/discovery_center/mission_4024_trial/step2/provider.tf @@ -8,6 +8,6 @@ terraform { } provider "btp" { - cli_server_url = var.cli_server_url - globalaccount = var.globalaccount + cli_server_url = var.cli_server_url + globalaccount = var.globalaccount } \ No newline at end of file