From f4d13fe2765e4eb1b7bec977bbd3964d3fd03e20 Mon Sep 17 00:00:00 2001 From: Jens Glander Date: Mon, 9 Sep 2024 08:06:48 +0200 Subject: [PATCH 1/2] 4441: Polished QAS enabled Mission - polished code to be consistent with other QAS enabled missions (like 4024, 3585, ...) --- .../minimal_setup_enterprise/step1/main.tf | 152 ++++++++++------- .../minimal_setup_enterprise/step1/outputs.tf | 26 +-- .../step1/sample.tfvars | 33 ++-- .../step1/variables.tf | 154 +++++++++++------- .../minimal_setup_enterprise/step2/main.tf | 30 ++-- 5 files changed, 235 insertions(+), 160 deletions(-) diff --git a/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/main.tf b/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/main.tf index 7e80215e..25697871 100644 --- a/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/main.tf +++ b/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/main.tf @@ -1,16 +1,31 @@ # ------------------------------------------------------------------------------------------------------ -# SUBACCOUNT SETUP +# Subaccount setup for DC mission 4441 # ------------------------------------------------------------------------------------------------------ # Setup subaccount domain (to ensure uniqueness in BTP global account) resource "random_uuid" "uuid" {} +locals { + random_uuid = random_uuid.uuid.result + subaccount_domain = "dcmission4441${local.random_uuid}" +} + # ------------------------------------------------------------------------------------------------------ # Creation of subaccount # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount" "dc_mission" { + count = var.subaccount_id == "" ? 1 : 0 + name = var.subaccount_name - subdomain = join("-", ["dc-mission-4441", random_uuid.uuid.result]) - region = lower(var.region) + subdomain = local.subaccount_domain + region = var.region +} + +data "btp_subaccount" "dc_mission" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id +} + +data "btp_subaccount" "subaccount" { + id = data.btp_subaccount.dc_mission.id } # ------------------------------------------------------------------------------------------------------ @@ -19,41 +34,46 @@ resource "btp_subaccount" "dc_mission" { resource "btp_subaccount_trust_configuration" "fully_customized" { # Only create trust configuration if custom_idp has been set count = var.custom_idp == "" ? 0 : 1 - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id identity_provider = var.custom_idp } + # ------------------------------------------------------------------------------------------------------ -# CLOUDFOUNDRY PREPARATION +# SERVICES # ------------------------------------------------------------------------------------------------------ # -# Fetch all available environments for the subaccount -data "btp_subaccount_environments" "all" { - subaccount_id = btp_subaccount.dc_mission.id +locals { + service_name__cloudfoundry = "cloudfoundry" } + # ------------------------------------------------------------------------------------------------------ -# Take the landscape label from the first CF environment if no environment label is provided -# (this replaces the previous null_resource) +# Setup cloudfoundry (Cloud Foundry Environment) # ------------------------------------------------------------------------------------------------------ +# +# Fetch all available environments for the subaccount +data "btp_subaccount_environments" "all" { + subaccount_id = data.btp_subaccount.dc_mission.id +} +# Take the landscape label from the first CF environment if no environment label is provided (this replaces the previous null_resource) resource "terraform_data" "cf_landscape_label" { input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label } -# ------------------------------------------------------------------------------------------------------ -# Create the Cloud Foundry environment instance -# ------------------------------------------------------------------------------------------------------ +# Entitle resource "btp_subaccount_entitlement" "cloudfoundry" { - subaccount_id = btp_subaccount.dc_mission.id - service_name = "cloudfoundry" - plan_name = "build-code" + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__cloudfoundry + plan_name = var.service_plan__cloudfoundry amount = 1 } +# Create instance resource "btp_subaccount_environment_instance" "cloudfoundry" { depends_on = [btp_subaccount_entitlement.build_code] - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id name = "cf-${random_uuid.uuid.result}" environment_type = "cloudfoundry" - service_name = "cloudfoundry" - plan_name = "build-code" + service_name = local.service_name__cloudfoundry + plan_name = var.service_plan__cloudfoundry landscape_label = terraform_data.cf_landscape_label.output parameters = jsonencode({ @@ -65,38 +85,43 @@ resource "btp_subaccount_environment_instance" "cloudfoundry" { # APP SUBSCRIPTIONS # ------------------------------------------------------------------------------------------------------ # +locals { + service_name__build_code = "build-code" + service_name__sapappstudio = "sapappstudio" + service_name__sap_launchpad = "SAPLaunchpad" +} # ------------------------------------------------------------------------------------------------------ -# Setup build-code +# Setup build-code (SAP Build Code) # ------------------------------------------------------------------------------------------------------ # Entitle resource "btp_subaccount_entitlement" "build_code" { - subaccount_id = btp_subaccount.dc_mission.id - service_name = "build-code" - plan_name = "standard" + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__build_code + plan_name = var.service_plan__build_code amount = 1 } # Subscribe resource "btp_subaccount_subscription" "build_code" { - subaccount_id = btp_subaccount.dc_mission.id - app_name = "build-code" - plan_name = "standard" + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = local.service_name__build_code + plan_name = var.service_plan__build_code depends_on = [btp_subaccount_entitlement.build_code] } # ------------------------------------------------------------------------------------------------------ -# Setup sapappstudio +# Setup sapappstudio (SAP Business Application Studio) # ------------------------------------------------------------------------------------------------------ # Entitle resource "btp_subaccount_entitlement" "sapappstudio" { - subaccount_id = btp_subaccount.dc_mission.id - service_name = "sapappstudio" - plan_name = "build-code" + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sapappstudio + plan_name = var.service_plan__sapappstudio } -# Subscribe (depends on subscription of build-code) +# Subscribe resource "btp_subaccount_subscription" "sapappstudio" { - subaccount_id = btp_subaccount.dc_mission.id - app_name = "sapappstudio" - plan_name = "build-code" + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = local.service_name__sapappstudio + plan_name = var.service_plan__sapappstudio depends_on = [btp_subaccount_subscription.build_code, btp_subaccount_entitlement.sapappstudio] } @@ -105,15 +130,15 @@ resource "btp_subaccount_subscription" "sapappstudio" { # ------------------------------------------------------------------------------------------------------ # Entitle resource "btp_subaccount_entitlement" "sap_launchpad" { - subaccount_id = btp_subaccount.dc_mission.id - service_name = "SAPLaunchpad" - plan_name = "foundation" + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_launchpad + plan_name = var.service_plan__sap_launchpad } # Subscribe resource "btp_subaccount_subscription" "sap_launchpad" { - subaccount_id = btp_subaccount.dc_mission.id - app_name = "SAPLaunchpad" - plan_name = "foundation" + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = local.service_name__sap_launchpad + plan_name = var.service_plan__sap_launchpad depends_on = [btp_subaccount_entitlement.sap_launchpad] } @@ -121,17 +146,35 @@ resource "btp_subaccount_subscription" "sap_launchpad" { # USERS AND ROLES # ------------------------------------------------------------------------------------------------------ # -# Get all available subaccount roles +locals { + subaccount_admins = var.subaccount_admins + build_code_admins = var.build_code_admins + build_code_developers = var.build_code_developers +} + +# Get all roles in the subaccount data "btp_subaccount_roles" "all" { - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id depends_on = [btp_subaccount_subscription.build_code, btp_subaccount_subscription.sapappstudio] } + +# ------------------------------------------------------------------------------------------------------ +# Assign role collection "Subaccount Administrator" +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { + for_each = toset("${local.subaccount_admins}") + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Administrator" + user_name = each.value + depends_on = [btp_subaccount.dc_mission] +} + # ------------------------------------------------------------------------------------------------------ # Assign role collection for Build Code Administrator # ------------------------------------------------------------------------------------------------------ # Assign roles to the role collection "Build Code Administrator" resource "btp_subaccount_role_collection" "build_code_administrator" { - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id name = "Build Code Administrator" description = "The role collection for an administrator on SAP Build Code" @@ -145,8 +188,8 @@ resource "btp_subaccount_role_collection" "build_code_administrator" { } # Assign users to the role collection "Build Code Administrator" resource "btp_subaccount_role_collection_assignment" "build_code_administrator" { - for_each = toset("${var.build_code_admins}") - subaccount_id = btp_subaccount.dc_mission.id + for_each = toset("${local.build_code_admins}") + subaccount_id = data.btp_subaccount.dc_mission.id role_collection_name = "Build Code Administrator" user_name = each.value depends_on = [btp_subaccount_role_collection.build_code_administrator] @@ -157,7 +200,7 @@ resource "btp_subaccount_role_collection_assignment" "build_code_administrator" # ------------------------------------------------------------------------------------------------------ # Create role collection "Build Code Developer" resource "btp_subaccount_role_collection" "build_code_developer" { - subaccount_id = btp_subaccount.dc_mission.id + subaccount_id = data.btp_subaccount.dc_mission.id name = "Build Code Developer" description = "The role collection for a developer on SAP Build Code" @@ -171,24 +214,13 @@ resource "btp_subaccount_role_collection" "build_code_developer" { } # Assign users to the role collection "Build Code Developer" resource "btp_subaccount_role_collection_assignment" "build_code_developer" { - for_each = toset("${var.build_code_developers}") - subaccount_id = btp_subaccount.dc_mission.id + for_each = toset("${local.build_code_developers}") + subaccount_id = data.btp_subaccount.dc_mission.id role_collection_name = "Build Code Developer" user_name = each.value depends_on = [btp_subaccount_role_collection.build_code_developer] } -# ------------------------------------------------------------------------------------------------------ -# Assign role collection "Subaccount Administrator" -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { - for_each = toset("${var.subaccount_admins}") - subaccount_id = btp_subaccount.dc_mission.id - role_collection_name = "Subaccount Administrator" - user_name = each.value - depends_on = [btp_subaccount.dc_mission] -} - # ------------------------------------------------------------------------------------------------------ # Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true) # ------------------------------------------------------------------------------------------------------ @@ -198,7 +230,7 @@ resource "local_file" "output_vars_step1" { globalaccount = "${var.globalaccount}" cli_server_url = ${jsonencode(var.cli_server_url)} - subaccount_id = "${btp_subaccount.dc_mission.id}" + subaccount_id = "${data.btp_subaccount.dc_mission.id}" cf_api_url = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}" diff --git a/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/outputs.tf b/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/outputs.tf index 077651bc..24b2aa88 100644 --- a/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/outputs.tf +++ b/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/outputs.tf @@ -1,3 +1,4 @@ +/* output "globalaccount" { value = var.globalaccount description = "The Global Account subdomain." @@ -7,10 +8,21 @@ output "cli_server_url" { value = var.cli_server_url description = "The BTP CLI server URL." } +*/ output "subaccount_id" { - value = btp_subaccount.dc_mission.id - description = "The Global Account subdomain id." + value = data.btp_subaccount.dc_mission.id + description = "The ID of the subaccount." +} + +output "build_code_subscription_url" { + value = btp_subaccount_subscription.build_code.subscription_url + description = "SAP Build Code subscription URL." +} + +output "custom_idp" { + value = var.custom_idp + description = "The custom identity provider." } output "cf_api_url" { @@ -33,11 +45,6 @@ output "cf_org_name" { description = "The Cloudfoundry org name." } -output "custom_idp" { - value = var.custom_idp - description = "The custom identity provider." -} - output "cf_org_admins" { value = var.cf_org_admins description = "List of users to set as Cloudfoundry org administrators." @@ -52,8 +59,3 @@ output "cf_space_managers" { value = var.cf_space_managers description = "List of users to set as Cloudfoundry space managers." } - -output "build_code_subscription_url" { - value = btp_subaccount_subscription.build_code.subscription_url - description = "SAP Build Code subscription URL." -} diff --git a/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/sample.tfvars b/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/sample.tfvars index 47e68731..a2844f05 100644 --- a/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/sample.tfvars +++ b/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/sample.tfvars @@ -1,29 +1,26 @@ # ------------------------------------------------------------------------------------------------------ # Provider configuration # ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "xxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxxx-xxxxxx" +custom_idp = "<>.accounts.ondemand.com" -# The CLI server URL (needs to be set to null if you are using the default CLI server) -cli_server_url = null +# ------------------------------------------------------------------------------------------------------ +# Account settings +# ------------------------------------------------------------------------------------------------------ +globalaccount = "" +region = "us10" -# Region for your subaccount -region = "us10" +# ------------------------------------------------------------------------------------------------------ +# Use case specific configuration +# ------------------------------------------------------------------------------------------------------ +subaccount_admins = ["another.sap-ids-user@test.com"] +build_code_admins = ["another.sap-ids-user@test.com", "you@test.com"] +build_code_developers = ["another.sap-ids-user@test.com", "you@test.com"] -# Name of your sub account -subaccount_name = "SAP Discovery Center Mission 4441 (SAP Build Code)" +cf_org_admins = ["another.sap-ids-user@test.com"] +cf_space_managers = ["another.sap-ids-user@test.com", "you@test.com"] +cf_space_developers = ["another.sap-ids-user@test.com", "you@test.com"] # ------------------------------------------------------------------------------------------------------ # Create tfvars file for the step 2 # ------------------------------------------------------------------------------------------------------ create_tfvars_file_for_step2 = true - -# ------------------------------------------------------------------------------------------------------ -# USER ROLES -# ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["another.user@test.com"] -cf_org_admins = ["another.user@test.com"] -cf_space_managers = ["another.user@test.com", "you@test.com"] -cf_space_developers = ["another.user@test.com", "you@test.com"] -build_code_admins = ["another.user@test.com", "you@test.com"] -build_code_developers = ["another.user@test.com", "you@test.com"] diff --git a/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/variables.tf b/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/variables.tf index 5eb5efb6..b560c27d 100644 --- a/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/variables.tf +++ b/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/variables.tf @@ -1,33 +1,53 @@ +# ------------------------------------------------------------------------------------------------------ +# Account variables +# ------------------------------------------------------------------------------------------------------ variable "globalaccount" { type = string description = "The globalaccount subdomain where the sub account shall be created." } -variable "subaccount_id" { +variable "cli_server_url" { type = string - description = "The subaccount ID." + description = "The BTP CLI server URL." + default = "https://cli.btp.cloud.sap" +} + +variable "custom_idp" { + type = string + description = "The custom identity provider for the subaccount." default = "" } +variable "region" { + type = string + description = "The region where the subaccount shall be created in." + default = "us10" +} + variable "subaccount_name" { type = string description = "The subaccount name." default = "My SAP Build Code subaccount." } -variable "cli_server_url" { +variable "subaccount_id" { type = string - description = "The BTP CLI server URL." - default = "https://cli.btp.cloud.sap" + description = "The subaccount ID." + default = "" } -variable "custom_idp" { +# ------------------------------------------------------------------------------------------------------ +# cf related variables +# ------------------------------------------------------------------------------------------------------ +variable "origin" { type = string - description = "Defines the custom IdP" - default = "" + description = "Defines the origin key of the identity provider" + default = "sap.ids" + # The value for the origin_key can be defined + # but are normally set to "sap.ids", "sap.default" or "sap.custom" } -variable "origin" { +variable "origin_key" { type = string description = "Defines the origin key of the identity provider" default = "sap.ids" @@ -35,6 +55,11 @@ variable "origin" { # but are normally set to "sap.ids", "sap.default" or "sap.custom" } +variable "cf_landscape_label" { + type = string + description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available." + default = "" +} variable "cf_org_name" { type = string @@ -47,9 +72,6 @@ variable "cf_org_name" { } } - - - variable "cf_space_name" { type = string description = "Name of the Cloud Foundry space." @@ -61,12 +83,55 @@ variable "cf_space_name" { } } -variable "region" { +# ------------------------------------------------------------------------------------------------------ +# service plans +# ------------------------------------------------------------------------------------------------------ +variable "service_plan__cloudfoundry" { type = string - description = "The region where the subaccount shall be created in." - default = "us10" + description = "The plan for service 'Destination Service' with technical name 'destination'" + default = "build-code" + validation { + condition = contains(["build-code"], var.service_plan__cloudfoundry) + error_message = "Invalid value for service_plan__cloudfoundry. Only 'build-code' is allowed." + } +} + +# ------------------------------------------------------------------------------------------------------ +# app subscription plans +# ------------------------------------------------------------------------------------------------------ +variable "service_plan__build_code" { + type = string + description = "The plan for service 'SAP Build Code' with technical name 'build-code'" + default = "standard" + validation { + condition = contains(["free", "standard"], var.service_plan__build_code) + error_message = "Invalid value for service_plan__build_code. Only 'free' and 'standard' are allowed." + } +} + +variable "service_plan__sapappstudio" { + type = string + description = "The plan for service 'SAP Business Application Studio' with technical name 'sapappstudio'" + default = "build-code" + validation { + condition = contains(["build-code"], var.service_plan__sapappstudio) + error_message = "Invalid value for service_plan__sapappstudio. Only 'build-code' is allowed." + } +} + +variable "service_plan__sap_launchpad" { + type = string + description = "The plan for service 'SAP Build Work Zone, standard edition' with technical name 'SAPLaunchpad'" + default = "foundation" + validation { + condition = contains(["foundation", "free", "standard"], var.service_plan__sap_launchpad) + error_message = "Invalid value for service_plan__sap_launchpad. Only 'foundation', 'free' and 'standard' are allowed." + } } +# ------------------------------------------------------------------------------------------------------ +# User lists +# ------------------------------------------------------------------------------------------------------ variable "subaccount_admins" { type = list(string) description = "Defines the colleagues who are added to each subaccount as emergency administrators." @@ -78,15 +143,24 @@ variable "subaccount_admins" { } } -variable "subaccount_service_admins" { +variable "build_code_admins" { type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] + description = "Defines the colleagues who are admins for SAP Build Code." # add validation to check if admins contains a list of valid email addresses validation { - condition = length([for email in var.subaccount_service_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_service_admins) - error_message = "Please enter a valid email address for the CF space managers." + condition = length([for email in var.build_code_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.build_code_admins) + error_message = "Please enter a valid email address for the Build Code admins." + } +} +variable "build_code_developers" { + type = list(string) + description = "Defines the colleagues who are developers for SAP Build Code." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.build_code_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.build_code_developers) + error_message = "Please enter a valid email address for the Build Code developers." } } @@ -123,43 +197,9 @@ variable "cf_space_developers" { } } - - -variable "build_code_admins" { - type = list(string) - description = "Defines the colleagues who are admins for SAP Build Code." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.build_code_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.build_code_admins) - error_message = "Please enter a valid email address for the Build Code admins." - } -} -variable "build_code_developers" { - type = list(string) - description = "Defines the colleagues who are developers for SAP Build Code." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.build_code_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.build_code_developers) - error_message = "Please enter a valid email address for the Build Code developers." - } -} - -variable "cf_landscape_label" { - type = string - description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available." - default = "" -} - -variable "origin_key" { - type = string - description = "Defines the origin key of the identity provider" - default = "sap.ids" - # The value for the origin_key can be defined - # but are normally set to "sap.ids", "sap.default" or "sap.custom" -} - +# ------------------------------------------------------------------------------------------------------ +# Switch for creating tfvars for step 2 +# ------------------------------------------------------------------------------------------------------ variable "create_tfvars_file_for_step2" { type = bool description = "Switch to enable the creation of the tfvars file for step 2." diff --git a/released/discovery_center/mission_4441/minimal_setup_enterprise/step2/main.tf b/released/discovery_center/mission_4441/minimal_setup_enterprise/step2/main.tf index 7ea8a9e0..31aabf94 100644 --- a/released/discovery_center/mission_4441/minimal_setup_enterprise/step2/main.tf +++ b/released/discovery_center/mission_4441/minimal_setup_enterprise/step2/main.tf @@ -12,18 +12,19 @@ resource "cloudfoundry_space" "dev" { # ------------------------------------------------------------------------------------------------------ # USERS AND ROLES # ------------------------------------------------------------------------------------------------------ -# -# ------------------------------------------------------------------------------------------------------ -# Assign CF Org roles to the admin users -# ------------------------------------------------------------------------------------------------------ -# Remove current user from org roles data "btp_whoami" "me" {} locals { + # Remove current user cf_org_admins = setsubtract(toset(var.cf_org_admins), [data.btp_whoami.me.email]) + + cf_space_managers = var.cf_space_managers + cf_space_developers = var.cf_space_developers } -# Define Org User role +# ------------------------------------------------------------------------------------------------------ +# cf_org_admins: Assign organization_user role +# ------------------------------------------------------------------------------------------------------ resource "cloudfoundry_org_role" "organization_user" { for_each = toset(local.cf_org_admins) username = each.value @@ -32,7 +33,9 @@ resource "cloudfoundry_org_role" "organization_user" { origin = var.origin_key } -# Define Org Manager role +# ------------------------------------------------------------------------------------------------------ +# cf_org_admins: Assign organization_manager role +# ------------------------------------------------------------------------------------------------------ resource "cloudfoundry_org_role" "organization_manager" { for_each = toset(local.cf_org_admins) username = each.value @@ -43,22 +46,23 @@ resource "cloudfoundry_org_role" "organization_manager" { } # ------------------------------------------------------------------------------------------------------ -# Assign CF space roles to the users +# cf_space_managers: Assign space_manager role # ------------------------------------------------------------------------------------------------------ # Define Space Manager role resource "cloudfoundry_space_role" "space_manager" { - for_each = toset(var.cf_space_managers) - + for_each = toset(local.cf_space_managers) username = each.value type = "space_manager" space = cloudfoundry_space.dev.id origin = var.origin_key depends_on = [cloudfoundry_org_role.organization_manager] } -# Define Space Developer role -resource "cloudfoundry_space_role" "space_developer" { - for_each = toset(var.cf_space_managers) +# ------------------------------------------------------------------------------------------------------ +# cf_space_developers: Assign space_developer role +# ------------------------------------------------------------------------------------------------------ +resource "cloudfoundry_space_role" "space_developer" { + for_each = toset(local.cf_space_developers) username = each.value type = "space_developer" space = cloudfoundry_space.dev.id From 5740b7dff564daab697ca17539cd13ea1735e435 Mon Sep 17 00:00:00 2001 From: Jens Glander Date: Mon, 9 Sep 2024 15:27:02 +0200 Subject: [PATCH 2/2] 4441: removed all e-mail validations --- .../step1/variables.tf | 36 ------------------- .../step2/variables.tf | 18 ---------- 2 files changed, 54 deletions(-) diff --git a/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/variables.tf b/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/variables.tf index b560c27d..680ea7ae 100644 --- a/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/variables.tf +++ b/released/discovery_center/mission_4441/minimal_setup_enterprise/step1/variables.tf @@ -135,66 +135,30 @@ variable "service_plan__sap_launchpad" { variable "subaccount_admins" { type = list(string) description = "Defines the colleagues who are added to each subaccount as emergency administrators." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins) - error_message = "Please enter a valid email address for the subaccount admins." - } } variable "build_code_admins" { type = list(string) description = "Defines the colleagues who are admins for SAP Build Code." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.build_code_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.build_code_admins) - error_message = "Please enter a valid email address for the Build Code admins." - } } variable "build_code_developers" { type = list(string) description = "Defines the colleagues who are developers for SAP Build Code." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.build_code_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.build_code_developers) - error_message = "Please enter a valid email address for the Build Code developers." - } } variable "cf_org_admins" { type = list(string) description = "List of users to set as Cloudfoundry org administrators." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) - error_message = "Please enter a valid email address for the CF Org admins." - } } variable "cf_space_managers" { type = list(string) description = "Defines the colleagues who are added to a CF space as space manager." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) - error_message = "Please enter a valid email address for the CF space managers." - } } variable "cf_space_developers" { type = list(string) description = "Defines the colleagues who are added to a CF space as space developer." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) - error_message = "Please enter a valid email address for the CF space developers." - } } # ------------------------------------------------------------------------------------------------------ diff --git a/released/discovery_center/mission_4441/minimal_setup_enterprise/step2/variables.tf b/released/discovery_center/mission_4441/minimal_setup_enterprise/step2/variables.tf index 79a6f192..a02b8ca9 100644 --- a/released/discovery_center/mission_4441/minimal_setup_enterprise/step2/variables.tf +++ b/released/discovery_center/mission_4441/minimal_setup_enterprise/step2/variables.tf @@ -60,32 +60,14 @@ variable "cf_space_name" { variable "cf_org_admins" { type = list(string) description = "Defines the colleagues who are added to a CF org as administrators." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) - error_message = "Please enter a valid email address for the CF Org admins." - } } variable "cf_space_managers" { type = list(string) description = "Defines the colleagues who are added to a CF space as space manager." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) - error_message = "Please enter a valid email address for the CF space managers." - } } variable "cf_space_developers" { type = list(string) description = "Defines the colleagues who are added to a CF space as space developer." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) - error_message = "Please enter a valid email address for the admins." - } }