4441: Polished QAS enabled Mission

released/discovery_center/mission_4441/minimal_setup_enterprise/step1/main.tf

@@ -1,16 +1,31 @@
 # ------------------------------------------------------------------------------------------------------
-# SUBACCOUNT SETUP
+# Subaccount setup for DC mission 4441
 # ------------------------------------------------------------------------------------------------------
 # Setup subaccount domain (to ensure uniqueness in BTP global account)
 resource "random_uuid" "uuid" {}
 
+locals {
+  random_uuid       = random_uuid.uuid.result
+  subaccount_domain = "dcmission4441${local.random_uuid}"
+}
+
 # ------------------------------------------------------------------------------------------------------
 # Creation of subaccount
 # ------------------------------------------------------------------------------------------------------
 resource "btp_subaccount" "dc_mission" {
+  count = var.subaccount_id == "" ? 1 : 0
+
   name      = var.subaccount_name
-  subdomain = join("-", ["dc-mission-4441", random_uuid.uuid.result])
-  region    = lower(var.region)
+  subdomain = local.subaccount_domain
+  region    = var.region
+}
+
+data "btp_subaccount" "dc_mission" {
+  id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id
+}
+
+data "btp_subaccount" "subaccount" {
+  id = data.btp_subaccount.dc_mission.id
 }
 
 # ------------------------------------------------------------------------------------------------------
@@ -19,41 +34,46 @@ resource "btp_subaccount" "dc_mission" {
 resource "btp_subaccount_trust_configuration" "fully_customized" {
   # Only create trust configuration if custom_idp has been set 
   count             = var.custom_idp == "" ? 0 : 1
-  subaccount_id     = btp_subaccount.dc_mission.id
+  subaccount_id     = data.btp_subaccount.dc_mission.id
   identity_provider = var.custom_idp
 }
+
 # ------------------------------------------------------------------------------------------------------
-# CLOUDFOUNDRY PREPARATION
+# SERVICES
 # ------------------------------------------------------------------------------------------------------
 #
-# Fetch all available environments for the subaccount
-data "btp_subaccount_environments" "all" {
-  subaccount_id = btp_subaccount.dc_mission.id
+locals {
+  service_name__cloudfoundry = "cloudfoundry"
 }
+
 # ------------------------------------------------------------------------------------------------------
-# Take the landscape label from the first CF environment if no environment label is provided
-# (this replaces the previous null_resource)
+# Setup cloudfoundry (Cloud Foundry Environment)
 # ------------------------------------------------------------------------------------------------------
+#
+# Fetch all available environments for the subaccount
+data "btp_subaccount_environments" "all" {
+  subaccount_id = data.btp_subaccount.dc_mission.id
+}
+# Take the landscape label from the first CF environment if no environment label is provided (this replaces the previous null_resource)
 resource "terraform_data" "cf_landscape_label" {
   input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label
 }
-# ------------------------------------------------------------------------------------------------------
-# Create the Cloud Foundry environment instance
-# ------------------------------------------------------------------------------------------------------
+# Entitle
 resource "btp_subaccount_entitlement" "cloudfoundry" {
-  subaccount_id = btp_subaccount.dc_mission.id
-  service_name  = "cloudfoundry"
-  plan_name     = "build-code"
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  service_name  = local.service_name__cloudfoundry
+  plan_name     = var.service_plan__cloudfoundry
   amount        = 1
 }
 
+# Create instance
 resource "btp_subaccount_environment_instance" "cloudfoundry" {
   depends_on       = [btp_subaccount_entitlement.build_code]
-  subaccount_id    = btp_subaccount.dc_mission.id
+  subaccount_id    = data.btp_subaccount.dc_mission.id
   name             = "cf-${random_uuid.uuid.result}"
   environment_type = "cloudfoundry"
-  service_name     = "cloudfoundry"
-  plan_name        = "build-code"
+  service_name     = local.service_name__cloudfoundry
+  plan_name        = var.service_plan__cloudfoundry
   landscape_label  = terraform_data.cf_landscape_label.output
 
   parameters = jsonencode({
@@ -65,38 +85,43 @@ resource "btp_subaccount_environment_instance" "cloudfoundry" {
 # APP SUBSCRIPTIONS
 # ------------------------------------------------------------------------------------------------------
 #
+locals {
+  service_name__build_code    = "build-code"
+  service_name__sapappstudio  = "sapappstudio"
+  service_name__sap_launchpad = "SAPLaunchpad"
+}
 # ------------------------------------------------------------------------------------------------------
-# Setup build-code
+# Setup build-code (SAP Build Code)
 # ------------------------------------------------------------------------------------------------------
 # Entitle
 resource "btp_subaccount_entitlement" "build_code" {
-  subaccount_id = btp_subaccount.dc_mission.id
-  service_name  = "build-code"
-  plan_name     = "standard"
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  service_name  = local.service_name__build_code
+  plan_name     = var.service_plan__build_code
   amount        = 1
 }
 # Subscribe
 resource "btp_subaccount_subscription" "build_code" {
-  subaccount_id = btp_subaccount.dc_mission.id
-  app_name      = "build-code"
-  plan_name     = "standard"
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  app_name      = local.service_name__build_code
+  plan_name     = var.service_plan__build_code
   depends_on    = [btp_subaccount_entitlement.build_code]
 }
 
 # ------------------------------------------------------------------------------------------------------
-# Setup sapappstudio
+# Setup sapappstudio (SAP Business Application Studio)
 # ------------------------------------------------------------------------------------------------------
 # Entitle
 resource "btp_subaccount_entitlement" "sapappstudio" {
-  subaccount_id = btp_subaccount.dc_mission.id
-  service_name  = "sapappstudio"
-  plan_name     = "build-code"
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  service_name  = local.service_name__sapappstudio
+  plan_name     = var.service_plan__sapappstudio
 }
-# Subscribe (depends on subscription of build-code)
+# Subscribe
 resource "btp_subaccount_subscription" "sapappstudio" {
-  subaccount_id = btp_subaccount.dc_mission.id
-  app_name      = "sapappstudio"
-  plan_name     = "build-code"
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  app_name      = local.service_name__sapappstudio
+  plan_name     = var.service_plan__sapappstudio
   depends_on    = [btp_subaccount_subscription.build_code, btp_subaccount_entitlement.sapappstudio]
 }
 
@@ -105,33 +130,51 @@ resource "btp_subaccount_subscription" "sapappstudio" {
 # ------------------------------------------------------------------------------------------------------
 # Entitle
 resource "btp_subaccount_entitlement" "sap_launchpad" {
-  subaccount_id = btp_subaccount.dc_mission.id
-  service_name  = "SAPLaunchpad"
-  plan_name     = "foundation"
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  service_name  = local.service_name__sap_launchpad
+  plan_name     = var.service_plan__sap_launchpad
 }
 # Subscribe
 resource "btp_subaccount_subscription" "sap_launchpad" {
-  subaccount_id = btp_subaccount.dc_mission.id
-  app_name      = "SAPLaunchpad"
-  plan_name     = "foundation"
+  subaccount_id = data.btp_subaccount.dc_mission.id
+  app_name      = local.service_name__sap_launchpad
+  plan_name     = var.service_plan__sap_launchpad
   depends_on    = [btp_subaccount_entitlement.sap_launchpad]
 }
 
 # ------------------------------------------------------------------------------------------------------
 #  USERS AND ROLES
 # ------------------------------------------------------------------------------------------------------
 #
-# Get all available subaccount roles
+locals {
+  subaccount_admins     = var.subaccount_admins
+  build_code_admins     = var.build_code_admins
+  build_code_developers = var.build_code_developers
+}
+
+# Get all roles in the subaccount
 data "btp_subaccount_roles" "all" {
-  subaccount_id = btp_subaccount.dc_mission.id
+  subaccount_id = data.btp_subaccount.dc_mission.id
   depends_on    = [btp_subaccount_subscription.build_code, btp_subaccount_subscription.sapappstudio]
 }
+
+# ------------------------------------------------------------------------------------------------------
+# Assign role collection "Subaccount Administrator"
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "subaccount_admin" {
+  for_each             = toset("${local.subaccount_admins}")
+  subaccount_id        = data.btp_subaccount.dc_mission.id
+  role_collection_name = "Subaccount Administrator"
+  user_name            = each.value
+  depends_on           = [btp_subaccount.dc_mission]
+}
+
 # ------------------------------------------------------------------------------------------------------
 # Assign role collection for Build Code Administrator
 # ------------------------------------------------------------------------------------------------------
 # Assign roles to the role collection "Build Code Administrator"
 resource "btp_subaccount_role_collection" "build_code_administrator" {
-  subaccount_id = btp_subaccount.dc_mission.id
+  subaccount_id = data.btp_subaccount.dc_mission.id
   name          = "Build Code Administrator"
   description   = "The role collection for an administrator on SAP Build Code"
 
@@ -145,8 +188,8 @@ resource "btp_subaccount_role_collection" "build_code_administrator" {
 }
 # Assign users to the role collection "Build Code Administrator"
 resource "btp_subaccount_role_collection_assignment" "build_code_administrator" {
-  for_each             = toset("${var.build_code_admins}")
-  subaccount_id        = btp_subaccount.dc_mission.id
+  for_each             = toset("${local.build_code_admins}")
+  subaccount_id        = data.btp_subaccount.dc_mission.id
   role_collection_name = "Build Code Administrator"
   user_name            = each.value
   depends_on           = [btp_subaccount_role_collection.build_code_administrator]
@@ -157,7 +200,7 @@ resource "btp_subaccount_role_collection_assignment" "build_code_administrator"
 # ------------------------------------------------------------------------------------------------------
 # Create role collection "Build Code Developer"  
 resource "btp_subaccount_role_collection" "build_code_developer" {
-  subaccount_id = btp_subaccount.dc_mission.id
+  subaccount_id = data.btp_subaccount.dc_mission.id
   name          = "Build Code Developer"
   description   = "The role collection for a developer on SAP Build Code"
 
@@ -171,24 +214,13 @@ resource "btp_subaccount_role_collection" "build_code_developer" {
 }
 # Assign users to the role collection "Build Code Developer"
 resource "btp_subaccount_role_collection_assignment" "build_code_developer" {
-  for_each             = toset("${var.build_code_developers}")
-  subaccount_id        = btp_subaccount.dc_mission.id
+  for_each             = toset("${local.build_code_developers}")
+  subaccount_id        = data.btp_subaccount.dc_mission.id
   role_collection_name = "Build Code Developer"
   user_name            = each.value
   depends_on           = [btp_subaccount_role_collection.build_code_developer]
 }
 
-# ------------------------------------------------------------------------------------------------------
-# Assign role collection "Subaccount Administrator"
-# ------------------------------------------------------------------------------------------------------
-resource "btp_subaccount_role_collection_assignment" "subaccount_admin" {
-  for_each             = toset("${var.subaccount_admins}")
-  subaccount_id        = btp_subaccount.dc_mission.id
-  role_collection_name = "Subaccount Administrator"
-  user_name            = each.value
-  depends_on           = [btp_subaccount.dc_mission]
-}
-
 # ------------------------------------------------------------------------------------------------------
 # Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true)
 # ------------------------------------------------------------------------------------------------------
@@ -198,7 +230,7 @@ resource "local_file" "output_vars_step1" {
       globalaccount        = "${var.globalaccount}"
       cli_server_url       = ${jsonencode(var.cli_server_url)}
 
-      subaccount_id        = "${btp_subaccount.dc_mission.id}"
+      subaccount_id        = "${data.btp_subaccount.dc_mission.id}"
 
       cf_api_url           = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}"
 

released/discovery_center/mission_4441/minimal_setup_enterprise/step1/outputs.tf

@@ -1,3 +1,4 @@
+/*
 output "globalaccount" {
   value       = var.globalaccount
   description = "The Global Account subdomain."
@@ -7,10 +8,21 @@ output "cli_server_url" {
   value       = var.cli_server_url
   description = "The BTP CLI server URL."
 }
+*/
 
 output "subaccount_id" {
-  value       = btp_subaccount.dc_mission.id
-  description = "The Global Account subdomain id."
+  value       = data.btp_subaccount.dc_mission.id
+  description = "The ID of the subaccount."
+}
+
+output "build_code_subscription_url" {
+  value       = btp_subaccount_subscription.build_code.subscription_url
+  description = "SAP Build Code subscription URL."
+}
+
+output "custom_idp" {
+  value       = var.custom_idp
+  description = "The custom identity provider."
 }
 
 output "cf_api_url" {
@@ -33,11 +45,6 @@ output "cf_org_name" {
   description = "The Cloudfoundry org name."
 }
 
-output "custom_idp" {
-  value       = var.custom_idp
-  description = "The custom identity provider."
-}
-
 output "cf_org_admins" {
   value       = var.cf_org_admins
   description = "List of users to set as Cloudfoundry org administrators."
@@ -52,8 +59,3 @@ output "cf_space_managers" {
   value       = var.cf_space_managers
   description = "List of users to set as Cloudfoundry space managers."
 }
-
-output "build_code_subscription_url" {
-  value       = btp_subaccount_subscription.build_code.subscription_url
-  description = "SAP Build Code subscription URL."
-}

released/discovery_center/mission_4441/minimal_setup_enterprise/step1/sample.tfvars

@@ -1,29 +1,26 @@
 # ------------------------------------------------------------------------------------------------------
 # Provider configuration
 # ------------------------------------------------------------------------------------------------------
-# Your global account subdomain
-globalaccount = "xxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxxx-xxxxxx"
+custom_idp = "<<tenant-id>>.accounts.ondemand.com"
 
-# The CLI server URL (needs to be set to null if you are using the default CLI server)
-cli_server_url = null
+# ------------------------------------------------------------------------------------------------------
+# Account settings
+# ------------------------------------------------------------------------------------------------------
+globalaccount = "<your-global-account-subdomain>"
+region        = "us10"
 
-# Region for your subaccount
-region = "us10"
+# ------------------------------------------------------------------------------------------------------
+# Use case specific configuration
+# ------------------------------------------------------------------------------------------------------
+subaccount_admins     = ["another.sap-ids-user@test.com"]
+build_code_admins     = ["another.sap-ids-user@test.com", "you@test.com"]
+build_code_developers = ["another.sap-ids-user@test.com", "you@test.com"]
 
-# Name of your sub account
-subaccount_name = "SAP Discovery Center Mission 4441 (SAP Build Code)"
+cf_org_admins       = ["another.sap-ids-user@test.com"]
+cf_space_managers   = ["another.sap-ids-user@test.com", "you@test.com"]
+cf_space_developers = ["another.sap-ids-user@test.com", "you@test.com"]
 
 # ------------------------------------------------------------------------------------------------------
 # Create tfvars file for the step 2
 # ------------------------------------------------------------------------------------------------------
 create_tfvars_file_for_step2 = true
-
-# ------------------------------------------------------------------------------------------------------
-# USER ROLES
-# ------------------------------------------------------------------------------------------------------
-subaccount_admins     = ["another.user@test.com"]
-cf_org_admins         = ["another.user@test.com"]
-cf_space_managers     = ["another.user@test.com", "you@test.com"]
-cf_space_developers   = ["another.user@test.com", "you@test.com"]
-build_code_admins     = ["another.user@test.com", "you@test.com"]
-build_code_developers = ["another.user@test.com", "you@test.com"]