3260: Polishing the QAS enabled Mission

released/discovery_center/mission_3260/main.tf

@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------------------------------------------
-# Setup of names in accordance to naming convention
+# Subaccount setup for DC mission 3260
 # ------------------------------------------------------------------------------------------------------
+# Setup subaccount domain (to ensure uniqueness in BTP global account)
 resource "random_uuid" "uuid" {}
 
 locals {
@@ -15,13 +16,13 @@ resource "btp_subaccount" "dc_mission" {
   count     = var.subaccount_id == "" ? 1 : 0
   name      = var.subaccount_name
   subdomain = local.subaccount_domain
-  region    = lower(var.region)
-  usage     = "USED_FOR_PRODUCTION"
+  region    = var.region
 }
 
 data "btp_subaccount" "dc_mission" {
   id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id
 }
+
 # ------------------------------------------------------------------------------------------------------
 # Assign custom IDP to sub account (if custom_idp is set)
 # ------------------------------------------------------------------------------------------------------
@@ -33,49 +34,54 @@ resource "btp_subaccount_trust_configuration" "fully_customized" {
 }
 
 # ------------------------------------------------------------------------------------------------------
-# Assignment of users as sub account administrators
+# APP SUBSCRIPTIONS
 # ------------------------------------------------------------------------------------------------------
-resource "btp_subaccount_role_collection_assignment" "subaccount-admins" {
-  for_each             = toset(var.subaccount_admins)
-  subaccount_id        = data.btp_subaccount.dc_mission.id
-  role_collection_name = "Subaccount Administrator"
-  user_name            = each.value
-}
-
-# ------------------------------------------------------------------------------------------------------
-# Assignment of users as sub account service administrators
-# ------------------------------------------------------------------------------------------------------
-resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" {
-  for_each             = toset(var.subaccount_service_admins)
-  subaccount_id        = data.btp_subaccount.dc_mission.id
-  role_collection_name = "Subaccount Service Administrator"
-  user_name            = each.value
+#
+locals {
+  service_name__sap_process_automation = "process-automation"
 }
-
 # ------------------------------------------------------------------------------------------------------
-# Add Entitlement & Create Subscription - SAP Build Process Automation service
+# Setup process-automation (SAP Build Process Automation)
 # ------------------------------------------------------------------------------------------------------
-
-# Add Entitlement
+# Entitle
 resource "btp_subaccount_entitlement" "build_process_automation" {
   subaccount_id = data.btp_subaccount.dc_mission.id
   service_name  = local.service_name__sap_process_automation
   plan_name     = var.service_plan__sap_process_automation
 }
-
-# Create app subscription to SAP Build Process Automation
+# Subscribe
 resource "btp_subaccount_subscription" "build_process_automation" {
   subaccount_id = data.btp_subaccount.dc_mission.id
   app_name      = local.service_name__sap_process_automation
   plan_name     = var.service_plan__sap_process_automation
   depends_on    = [btp_subaccount_entitlement.build_process_automation]
 }
+# ------------------------------------------------------------------------------------------------------
+#  USERS AND ROLES
+# ------------------------------------------------------------------------------------------------------
+# ------------------------------------------------------------------------------------------------------
+# Assign role collection "Subaccount Administrator"
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "subaccount_admins" {
+  for_each             = toset(var.subaccount_admins)
+  subaccount_id        = data.btp_subaccount.dc_mission.id
+  role_collection_name = "Subaccount Administrator"
+  user_name            = each.value
+}
 
 # ------------------------------------------------------------------------------------------------------
-# Assign Roles - SAP Build Process Automation service
+# Assign role collection "Subaccount Service Administrator"
 # ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "subaccount_service_admins" {
+  for_each             = toset(var.subaccount_service_admins)
+  subaccount_id        = data.btp_subaccount.dc_mission.id
+  role_collection_name = "Subaccount Service Administrator"
+  user_name            = each.value
+}
 
-# Assign users to Role Collection: ProcessAutomationAdmin
+# ------------------------------------------------------------------------------------------------------
+# Assign role collection "ProcessAutomationAdmin"
+# ------------------------------------------------------------------------------------------------------
 resource "btp_subaccount_role_collection_assignment" "bpa_admins" {
   depends_on           = [btp_subaccount_subscription.build_process_automation]
   for_each             = toset(var.process_automation_admins)
@@ -84,18 +90,24 @@ resource "btp_subaccount_role_collection_assignment" "bpa_admins" {
   user_name            = each.value
 }
 
-resource "btp_subaccount_role_collection_assignment" "sbpa_participants" {
+# ------------------------------------------------------------------------------------------------------
+# Assign role collection "ProcessAutomationDeveloper"
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "sbpa_developers" {
   depends_on           = [btp_subaccount_subscription.build_process_automation]
-  for_each             = toset(var.process_automation_participants)
+  for_each             = toset(var.process_automation_developers)
   subaccount_id        = data.btp_subaccount.dc_mission.id
-  role_collection_name = "ProcessAutomationParticipant"
+  role_collection_name = "ProcessAutomationDeveloper"
   user_name            = each.value
 }
 
-resource "btp_subaccount_role_collection_assignment" "sbpa_developers" {
+# ------------------------------------------------------------------------------------------------------
+# Assign role collection "ProcessAutomationParticipant"
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "sbpa_participants" {
   depends_on           = [btp_subaccount_subscription.build_process_automation]
-  for_each             = toset(var.process_automation_developers)
+  for_each             = toset(var.process_automation_participants)
   subaccount_id        = data.btp_subaccount.dc_mission.id
-  role_collection_name = "ProcessAutomationDeveloper"
+  role_collection_name = "ProcessAutomationParticipant"
   user_name            = each.value
 }

released/discovery_center/mission_3260/outputs.tf

@@ -1,9 +1,9 @@
 output "subaccount_id" {
   value       = data.btp_subaccount.dc_mission.id
-  description = "The ID of the subaccount."
+  description = "The ID of the dc mission subaccount."
 }
 
-output "bpa_url" {
+output "process_automation_subscription_url" {
   value       = btp_subaccount_subscription.build_process_automation.subscription_url
-  description = "Subscription URL for SAP Business Process Automation"
+  description = "Subscription URL for SAP Build Process Automation"
 }

released/discovery_center/mission_3260/provider.tf

@@ -1,16 +1,13 @@
-
 terraform {
   required_providers {
     btp = {
-      source  = "sap/btp"
+      source  = "SAP/btp"
       version = "~> 1.5.0"
     }
   }
 }
 
-# Please checkout documentation on how best to authenticate against SAP BTP
-# via the Terraform provider for SAP BTP
 provider "btp" {
-  globalaccount  = var.globalaccount
   cli_server_url = var.cli_server_url
-}
+  globalaccount  = var.globalaccount
+}

released/discovery_center/mission_3260/samples.tfvars → released/discovery_center/mission_3260/sample.tfvars

@@ -1,21 +1,16 @@
 # ------------------------------------------------------------------------------------------------------
-# Provider configuration
+# Account settings
 # ------------------------------------------------------------------------------------------------------
-# Your global account subdomain
-globalaccount   = "youraccount"
-region          = "us10"
-subaccount_name = "Discovery Center mission 3260 - Process and approve your invoices with SAP Build Process Automation"
-
-service_plan__sap_process_automation = "free"
+globalaccount = "<your-global-account-subdomain>"
+region        = "us10"
 
 # ------------------------------------------------------------------------------------------------------
-# Project specific configuration (please adapt!)
+# Use case specific configuration (please adapt!)
 # ------------------------------------------------------------------------------------------------------
 # Don't add the user, that is executing the TF script to subaccount_admins or subaccount_service_admins!
 subaccount_admins         = ["jane.doe@test.com", "john.doe@test.com"]
 subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"]
 
 process_automation_admins       = ["jane.doe@test.com", "john.doe@test.com"]
 process_automation_developers   = ["jane.doe@test.com", "john.doe@test.com"]
-process_automation_participants = ["jane.doe@test.com", "john.doe@test.com"]
-
+process_automation_participants = ["jane.doe@test.com", "john.doe@test.com"]

released/discovery_center/mission_3260/variables.tf

@@ -1,73 +1,71 @@
-######################################################################
-# Customer account setup
-######################################################################
-# subaccount
+# ------------------------------------------------------------------------------------------------------
+# Account variables
+# ------------------------------------------------------------------------------------------------------
 variable "globalaccount" {
   type        = string
-  description = "The globalaccount subdomain."
-  default     = "yourglobalaccount"
-}
-# subaccount
-variable "subaccount_name" {
-  type        = string
-  description = "The subaccount name."
-  default     = "DC Mission 3260 - Process and approve your invoices with SAP Build Process Automation"
-}
-
-# subaccount id
-variable "subaccount_id" {
-  type        = string
-  description = "The subaccount ID."
-  default     = ""
+  description = "The globalaccount subdomain where the sub account shall be created."
 }
 
 variable "cli_server_url" {
   type        = string
-  description = "Defines the CLI server URL"
+  description = "The BTP CLI server URL."
   default     = "https://cli.btp.cloud.sap"
 }
 
 variable "custom_idp" {
   type        = string
-  description = "Defines the custom IdP"
+  description = "The custom identity provider for the subaccount."
   default     = ""
 }
 
-# Region
 variable "region" {
   type        = string
-  description = "The region where the project account shall be created in."
+  description = "The region where the subaccount shall be created in."
   default     = "us10"
 }
 
-variable "subaccount_admins" {
-  type        = list(string)
-  description = "Defines the colleagues who are added to each subaccount as subaccount administrators."
-  default     = ["jane.doe@test.com", "john.doe@test.com"]
+variable "subaccount_name" {
+  type        = string
+  description = "The subaccount name."
+  default     = "My SAP DC mission subaccount."
 }
 
-variable "subaccount_service_admins" {
-  type        = list(string)
-  description = "Defines the colleagues who are added to each subaccount as subaccount service administrators."
-  default     = ["jane.doe@test.com", "john.doe@test.com"]
+variable "subaccount_id" {
+  type        = string
+  description = "The subaccount ID."
+  default     = ""
 }
 
-
-# Process automation Variables
+# ------------------------------------------------------------------------------------------------------
+# app subscription plans
+# ------------------------------------------------------------------------------------------------------
 variable "service_plan__sap_process_automation" {
   type        = string
-  description = "The plan for SAP Build Process Automation"
-  default     = "standard"
+  description = "The plan for service 'SAP Build Process Automation' with technical name 'process-automation'"
+  default     = "free"
 
   validation {
     condition     = contains(["standard", "free"], var.service_plan__sap_process_automation)
     error_message = "Invalid value for service_plan__sap_process_automation. Only 'standard' and 'free' are allowed."
   }
 }
 
+# ------------------------------------------------------------------------------------------------------
+# User lists
+# ------------------------------------------------------------------------------------------------------
+variable "subaccount_admins" {
+  type        = list(string)
+  description = "Defines the users who are added to subaccount as administrators."
+}
+
+variable "subaccount_service_admins" {
+  type        = list(string)
+  description = "Defines the users who are added to subaccount as service administrators."
+}
+
 variable "process_automation_admins" {
   type        = list(string)
-  description = "Defines the users who have the role of ProcessAutomationAdmin in SAP Build Process Automation"
+  description = "Defines the users who have the role of 'ProcessAutomationAdmin' in SAP Build Process Automation."
 }
 
 variable "process_automation_developers" {