From fc1577085a564789c48bcf4778def152ac5a3de4 Mon Sep 17 00:00:00 2001 From: Jens Glander Date: Wed, 4 Sep 2024 12:27:48 +0200 Subject: [PATCH] 3260: Polishing the QAS enabled Mission - polished code to be consistent with other QAS missions (like 4024 or 3585) --- .../discovery_center/mission_3260/locals.tf | 3 - .../discovery_center/mission_3260/main.tf | 78 +++++++++++-------- .../discovery_center/mission_3260/outputs.tf | 6 +- .../discovery_center/mission_3260/provider.tf | 9 +-- .../{samples.tfvars => sample.tfvars} | 15 ++-- .../mission_3260/variables.tf | 70 ++++++++--------- 6 files changed, 90 insertions(+), 91 deletions(-) delete mode 100644 released/discovery_center/mission_3260/locals.tf rename released/discovery_center/mission_3260/{samples.tfvars => sample.tfvars} (72%) diff --git a/released/discovery_center/mission_3260/locals.tf b/released/discovery_center/mission_3260/locals.tf deleted file mode 100644 index c704d5bc..00000000 --- a/released/discovery_center/mission_3260/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - service_name__sap_process_automation = "process-automation" -} \ No newline at end of file diff --git a/released/discovery_center/mission_3260/main.tf b/released/discovery_center/mission_3260/main.tf index e5457382..d003cffc 100644 --- a/released/discovery_center/mission_3260/main.tf +++ b/released/discovery_center/mission_3260/main.tf @@ -1,6 +1,7 @@ # ------------------------------------------------------------------------------------------------------ -# Setup of names in accordance to naming convention +# Subaccount setup for DC mission 3260 # ------------------------------------------------------------------------------------------------------ +# Setup subaccount domain (to ensure uniqueness in BTP global account) resource "random_uuid" "uuid" {} locals { @@ -15,13 +16,13 @@ resource "btp_subaccount" "dc_mission" { count = var.subaccount_id == "" ? 1 : 0 name = var.subaccount_name subdomain = local.subaccount_domain - region = lower(var.region) - usage = "USED_FOR_PRODUCTION" + region = var.region } data "btp_subaccount" "dc_mission" { id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id } + # ------------------------------------------------------------------------------------------------------ # Assign custom IDP to sub account (if custom_idp is set) # ------------------------------------------------------------------------------------------------------ @@ -33,49 +34,54 @@ resource "btp_subaccount_trust_configuration" "fully_customized" { } # ------------------------------------------------------------------------------------------------------ -# Assignment of users as sub account administrators +# APP SUBSCRIPTIONS # ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { - for_each = toset(var.subaccount_admins) - subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "Subaccount Administrator" - user_name = each.value -} - -# ------------------------------------------------------------------------------------------------------ -# Assignment of users as sub account service administrators -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { - for_each = toset(var.subaccount_service_admins) - subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "Subaccount Service Administrator" - user_name = each.value +# +locals { + service_name__sap_process_automation = "process-automation" } - # ------------------------------------------------------------------------------------------------------ -# Add Entitlement & Create Subscription - SAP Build Process Automation service +# Setup process-automation (SAP Build Process Automation) # ------------------------------------------------------------------------------------------------------ - -# Add Entitlement +# Entitle resource "btp_subaccount_entitlement" "build_process_automation" { subaccount_id = data.btp_subaccount.dc_mission.id service_name = local.service_name__sap_process_automation plan_name = var.service_plan__sap_process_automation } - -# Create app subscription to SAP Build Process Automation +# Subscribe resource "btp_subaccount_subscription" "build_process_automation" { subaccount_id = data.btp_subaccount.dc_mission.id app_name = local.service_name__sap_process_automation plan_name = var.service_plan__sap_process_automation depends_on = [btp_subaccount_entitlement.build_process_automation] } +# ------------------------------------------------------------------------------------------------------ +# USERS AND ROLES +# ------------------------------------------------------------------------------------------------------ +# ------------------------------------------------------------------------------------------------------ +# Assign role collection "Subaccount Administrator" +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount_admins" { + for_each = toset(var.subaccount_admins) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} # ------------------------------------------------------------------------------------------------------ -# Assign Roles - SAP Build Process Automation service +# Assign role collection "Subaccount Service Administrator" # ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount_service_admins" { + for_each = toset(var.subaccount_service_admins) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} -# Assign users to Role Collection: ProcessAutomationAdmin +# ------------------------------------------------------------------------------------------------------ +# Assign role collection "ProcessAutomationAdmin" +# ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_role_collection_assignment" "bpa_admins" { depends_on = [btp_subaccount_subscription.build_process_automation] for_each = toset(var.process_automation_admins) @@ -84,18 +90,24 @@ resource "btp_subaccount_role_collection_assignment" "bpa_admins" { user_name = each.value } -resource "btp_subaccount_role_collection_assignment" "sbpa_participants" { +# ------------------------------------------------------------------------------------------------------ +# Assign role collection "ProcessAutomationDeveloper" +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "sbpa_developers" { depends_on = [btp_subaccount_subscription.build_process_automation] - for_each = toset(var.process_automation_participants) + for_each = toset(var.process_automation_developers) subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "ProcessAutomationParticipant" + role_collection_name = "ProcessAutomationDeveloper" user_name = each.value } -resource "btp_subaccount_role_collection_assignment" "sbpa_developers" { +# ------------------------------------------------------------------------------------------------------ +# Assign role collection "ProcessAutomationParticipant" +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "sbpa_participants" { depends_on = [btp_subaccount_subscription.build_process_automation] - for_each = toset(var.process_automation_developers) + for_each = toset(var.process_automation_participants) subaccount_id = data.btp_subaccount.dc_mission.id - role_collection_name = "ProcessAutomationDeveloper" + role_collection_name = "ProcessAutomationParticipant" user_name = each.value } \ No newline at end of file diff --git a/released/discovery_center/mission_3260/outputs.tf b/released/discovery_center/mission_3260/outputs.tf index 3d2c3c3c..c13effef 100644 --- a/released/discovery_center/mission_3260/outputs.tf +++ b/released/discovery_center/mission_3260/outputs.tf @@ -1,9 +1,9 @@ output "subaccount_id" { value = data.btp_subaccount.dc_mission.id - description = "The ID of the subaccount." + description = "The ID of the dc mission subaccount." } -output "bpa_url" { +output "process_automation_subscription_url" { value = btp_subaccount_subscription.build_process_automation.subscription_url - description = "Subscription URL for SAP Business Process Automation" + description = "Subscription URL for SAP Build Process Automation" } diff --git a/released/discovery_center/mission_3260/provider.tf b/released/discovery_center/mission_3260/provider.tf index fb9b04e0..a743a7a6 100644 --- a/released/discovery_center/mission_3260/provider.tf +++ b/released/discovery_center/mission_3260/provider.tf @@ -1,16 +1,13 @@ - terraform { required_providers { btp = { - source = "sap/btp" + source = "SAP/btp" version = "~> 1.5.0" } } } -# Please checkout documentation on how best to authenticate against SAP BTP -# via the Terraform provider for SAP BTP provider "btp" { - globalaccount = var.globalaccount cli_server_url = var.cli_server_url -} + globalaccount = var.globalaccount +} \ No newline at end of file diff --git a/released/discovery_center/mission_3260/samples.tfvars b/released/discovery_center/mission_3260/sample.tfvars similarity index 72% rename from released/discovery_center/mission_3260/samples.tfvars rename to released/discovery_center/mission_3260/sample.tfvars index fe585aeb..f1bad83e 100644 --- a/released/discovery_center/mission_3260/samples.tfvars +++ b/released/discovery_center/mission_3260/sample.tfvars @@ -1,15 +1,11 @@ # ------------------------------------------------------------------------------------------------------ -# Provider configuration +# Account settings # ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "youraccount" -region = "us10" -subaccount_name = "Discovery Center mission 3260 - Process and approve your invoices with SAP Build Process Automation" - -service_plan__sap_process_automation = "free" +globalaccount = "" +region = "us10" # ------------------------------------------------------------------------------------------------------ -# Project specific configuration (please adapt!) +# Use case specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ # Don't add the user, that is executing the TF script to subaccount_admins or subaccount_service_admins! subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] @@ -17,5 +13,4 @@ subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] process_automation_admins = ["jane.doe@test.com", "john.doe@test.com"] process_automation_developers = ["jane.doe@test.com", "john.doe@test.com"] -process_automation_participants = ["jane.doe@test.com", "john.doe@test.com"] - +process_automation_participants = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file diff --git a/released/discovery_center/mission_3260/variables.tf b/released/discovery_center/mission_3260/variables.tf index 148d7bc3..496fa07a 100644 --- a/released/discovery_center/mission_3260/variables.tf +++ b/released/discovery_center/mission_3260/variables.tf @@ -1,63 +1,48 @@ -###################################################################### -# Customer account setup -###################################################################### -# subaccount +# ------------------------------------------------------------------------------------------------------ +# Account variables +# ------------------------------------------------------------------------------------------------------ variable "globalaccount" { type = string - description = "The globalaccount subdomain." - default = "yourglobalaccount" -} -# subaccount -variable "subaccount_name" { - type = string - description = "The subaccount name." - default = "DC Mission 3260 - Process and approve your invoices with SAP Build Process Automation" -} - -# subaccount id -variable "subaccount_id" { - type = string - description = "The subaccount ID." - default = "" + description = "The globalaccount subdomain where the sub account shall be created." } variable "cli_server_url" { type = string - description = "Defines the CLI server URL" + description = "The BTP CLI server URL." default = "https://cli.btp.cloud.sap" } variable "custom_idp" { type = string - description = "Defines the custom IdP" + description = "The custom identity provider for the subaccount." default = "" } -# Region variable "region" { type = string - description = "The region where the project account shall be created in." + description = "The region where the subaccount shall be created in." default = "us10" } -variable "subaccount_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "My SAP DC mission subaccount." } -variable "subaccount_service_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" } - -# Process automation Variables +# ------------------------------------------------------------------------------------------------------ +# app subscription plans +# ------------------------------------------------------------------------------------------------------ variable "service_plan__sap_process_automation" { type = string - description = "The plan for SAP Build Process Automation" - default = "standard" + description = "The plan for service 'SAP Build Process Automation' with technical name 'process-automation'" + default = "free" validation { condition = contains(["standard", "free"], var.service_plan__sap_process_automation) @@ -65,9 +50,22 @@ variable "service_plan__sap_process_automation" { } } +# ------------------------------------------------------------------------------------------------------ +# User lists +# ------------------------------------------------------------------------------------------------------ +variable "subaccount_admins" { + type = list(string) + description = "Defines the users who are added to subaccount as administrators." +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the users who are added to subaccount as service administrators." +} + variable "process_automation_admins" { type = list(string) - description = "Defines the users who have the role of ProcessAutomationAdmin in SAP Build Process Automation" + description = "Defines the users who have the role of 'ProcessAutomationAdmin' in SAP Build Process Automation." } variable "process_automation_developers" {