Apply naming convention for mission 3774 (#257)

* initial commit
* update local_file

Author: rui1610

released/discovery_center/mission_3774/step1/main.tf

@@ -6,7 +6,8 @@ resource "random_uuid" "uuid" {}
 locals {
   random_uuid       = random_uuid.uuid.result
   subaccount_domain = lower(replace("mission-3774-${local.random_uuid}", "_", "-"))
-  subaccount_cf_org = substr(replace("${local.subaccount_domain}", "-", ""), 0, 32)
+  # If a cf_org_name was defined by the user, take that as a subaccount_cf_org. Otherwise create it.
+  subaccount_cf_org = length(var.cf_org_name) > 0 ? var.cf_org_name : substr(replace("${local.subaccount_domain}", "-", ""), 0, 32)
 }
 
 # ------------------------------------------------------------------------------------------------------
@@ -60,7 +61,7 @@ data "btp_subaccount_environments" "all" {
 # Take the landscape label from the first CF environment if no environment label is provided
 # (this replaces the previous null_resource)
 # ------------------------------------------------------------------------------------------------------
-resource "terraform_data" "replacement" {
+resource "terraform_data" "cf_landscape_label" {
   input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label
 }
 # ------------------------------------------------------------------------------------------------------
@@ -72,7 +73,7 @@ resource "btp_subaccount_environment_instance" "cloudfoundry" {
   environment_type = "cloudfoundry"
   service_name     = "cloudfoundry"
   plan_name        = "standard"
-  landscape_label  = terraform_data.replacement.output
+  landscape_label  = terraform_data.cf_landscape_label.output
   parameters = jsonencode({
     instance_name = local.subaccount_cf_org
   })
@@ -124,18 +125,15 @@ resource "local_file" "output_vars_step1" {
   content  = <<-EOT
       globalaccount        = "${var.globalaccount}"
       cli_server_url       = ${jsonencode(var.cli_server_url)}
-
       subaccount_id        = "${btp_subaccount.dc_mission.id}"
 
       cf_api_url           = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}"
-
       cf_org_id            = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]}"
-      cf_org_name          = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"]}"
-
-      origin_key           = "${var.origin_key}"
-
       cf_space_name        = "${var.cf_space_name}"
 
+      origin               = "${var.origin}"
+
+      cf_org_users         = ${jsonencode(var.cf_org_users)}
       cf_org_admins        = ${jsonencode(var.cf_org_admins)}
       cf_space_developers  = ${jsonencode(var.cf_space_developers)}
       cf_space_managers    = ${jsonencode(var.cf_space_managers)}

released/discovery_center/mission_3774/step1/outputs.tf

@@ -8,11 +8,6 @@ output "cf_api_url" {
   description = "The Cloudfoundry API endpoint."
 }
 
-output "cf_landscape_label" {
-  value       = terraform_data.replacement.output
-  description = "The Cloudfoundry landscape label."
-}
-
 output "cf_org_id" {
   value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]
   description = "The Cloudfoundry org id."
@@ -22,3 +17,34 @@ output "cf_org_name" {
   value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"]
   description = "The Cloudfoundry org name."
 }
+
+output "cf_org_admins" {
+  value       = var.cf_org_admins
+  description = "The Cloudfoundry org admins."
+}
+
+output "cf_org_users" {
+  value       = var.cf_org_users
+  description = "The Cloudfoundry org users."
+}
+
+output "cf_space_developers" {
+  value       = var.cf_space_developers
+  description = "The Cloudfoundry space developers."
+}
+
+output "cf_space_managers" {
+  value       = var.cf_space_managers
+  description = "The Cloudfoundry space managers."
+
+}
+
+output "cf_space_name" {
+  value       = var.cf_space_name
+  description = "The Cloudfoundry space name."
+}
+
+output "origin" {
+  value       = var.origin
+  description = "The origin of the identity provider."
+}

released/discovery_center/mission_3774/step1/provider.tf

@@ -4,7 +4,7 @@
 terraform {
   required_providers {
     btp = {
-      source  = "sap/btp"
+      source  = "SAP/btp"
       version = "~> 1.4.0"
     }
   }

released/discovery_center/mission_3774/step1/sample.tfvars

@@ -11,11 +11,13 @@ service_plan__build_workzone = "free"
 # ------------------------------------------------------------------------------------------------------
 # Project specific configuration (please adapt!)
 # ------------------------------------------------------------------------------------------------------
-
+# Don't add the user, that is executing the TF script to subaccount_admins or subaccount_service_admins
 subaccount_admins         = ["[email protected]"]
 subaccount_service_admins = ["[email protected]"]
 
+# Don't add the user, that is executing the TF script to cf_org_admins or cf_org_users!
 cf_org_admins       = ["[email protected]"]
+cf_org_users        = ["[email protected]"]
 cf_space_managers   = ["[email protected]", "[email protected]"]
 cf_space_developers = ["[email protected]", "[email protected]"]
 

released/discovery_center/mission_3774/step1/variables.tf

@@ -35,36 +35,18 @@ variable "subaccount_admins" {
   type        = list(string)
   description = "Defines the colleagues who are added to each subaccount as subaccount administrators."
   default     = ["[email protected]", "[email protected]"]
-
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins)
-    error_message = "Please enter a valid email address for the CF space managers."
-  }
 }
 
 variable "subaccount_service_admins" {
   type        = list(string)
   description = "Defines the colleagues who are added to each subaccount as subaccount service administrators."
   default     = ["[email protected]", "[email protected]"]
-
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.subaccount_service_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_service_admins)
-    error_message = "Please enter a valid email address for the CF space managers."
-  }
 }
 
 variable "launchpad_admins" {
   type        = list(string)
   description = "Defines the colleagues who are added to each subaccount as subaccount service administrators."
   default     = ["[email protected]", "[email protected]"]
-
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.launchpad_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.launchpad_admins)
-    error_message = "Please enter a valid email address for the CF space managers."
-  }
 }
 
 variable "custom_idp" {
@@ -73,11 +55,11 @@ variable "custom_idp" {
   default     = ""
 }
 
-variable "origin_key" {
+variable "origin" {
   type        = string
-  description = "Defines the origin key of the identity provider"
+  description = "Defines the origin of the identity provider"
   default     = "sap.ids"
-  # The value for the origin_key can be defined
+  # The value for the origin can be defined
   # but are normally set to "sap.ids", "sap.default" or "sap.custom"
 }
 
@@ -101,12 +83,11 @@ variable "cf_org_name" {
 variable "cf_org_admins" {
   type        = list(string)
   description = "List of users to set as Cloudfoundry org administrators."
+}
 
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins)
-    error_message = "Please enter a valid email address for the CF Org admins."
-  }
+variable "cf_org_users" {
+  type        = list(string)
+  description = "List of users to set as Cloudfoundry org users (pre-requisite for assigning users to other cf_roles)."
 }
 
 variable "cf_space_name" {
@@ -118,29 +99,16 @@ variable "cf_space_name" {
     condition     = can(regex("^.{1,255}$", var.cf_space_name))
     error_message = "The Cloud Foundry space name must not be emtpy and not exceed 255 characters."
   }
-
 }
 
 variable "cf_space_managers" {
   type        = list(string)
   description = "Defines the colleagues who are added to a CF space as space manager."
-
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers)
-    error_message = "Please enter a valid email address for the CF space managers."
-  }
 }
 
 variable "cf_space_developers" {
   type        = list(string)
   description = "Defines the colleagues who are added to a CF space as space developer."
-
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers)
-    error_message = "Please enter a valid email address for the CF space developers."
-  }
 }
 
 variable "service_plan__build_workzone" {
@@ -153,6 +121,7 @@ variable "service_plan__build_workzone" {
   }
 }
 
+
 variable "create_tfvars_file_for_step2" {
   type        = bool
   description = "Switch to enable the creation of the tfvars file for step 2."

released/discovery_center/mission_3774/step2/main.tf

@@ -15,19 +15,20 @@ resource "cloudfoundry_space" "space" {
 # ------------------------------------------------------------------------------------------------------
 # Define Org User role
 resource "cloudfoundry_org_role" "organization_user" {
-  for_each = toset("${var.cf_org_admins}")
+  for_each = toset(var.cf_org_users)
   username = each.value
   type     = "organization_user"
   org      = var.cf_org_id
-  origin   = var.origin_key
+  origin   = var.origin
 }
+
 # Define Org Manager role
 resource "cloudfoundry_org_role" "organization_manager" {
-  for_each   = toset("${var.cf_org_admins}")
+  for_each   = toset(var.cf_org_admins)
   username   = each.value
   type       = "organization_manager"
   org        = var.cf_org_id
-  origin     = var.origin_key
+  origin     = var.origin
   depends_on = [cloudfoundry_org_role.organization_user]
 }
 
@@ -40,7 +41,7 @@ resource "cloudfoundry_space_role" "space_managers" {
   username   = each.value
   type       = "space_manager"
   space      = cloudfoundry_space.space.id
-  origin     = var.origin_key
+  origin     = var.origin
   depends_on = [cloudfoundry_org_role.organization_manager]
 }
 # Define Space Developer role
@@ -49,7 +50,7 @@ resource "cloudfoundry_space_role" "space_developers" {
   username   = each.value
   type       = "space_developer"
   space      = cloudfoundry_space.space.id
-  origin     = var.origin_key
+  origin     = var.origin
   depends_on = [cloudfoundry_org_role.organization_manager]
 }
 

released/discovery_center/mission_3774/step2/variables.tf

@@ -37,11 +37,11 @@ variable "subaccount_id" {
 }
 
 
-variable "origin_key" {
+variable "origin" {
   type        = string
-  description = "Defines the origin key of the identity provider"
+  description = "Defines the origin of the identity provider"
   default     = "sap.ids"
-  # The value for the origin_key can be defined
+  # The value for the origin can be defined
   # but are normally set to "sap.ids", "sap.default" or "sap.custom"
 }
 
@@ -50,35 +50,22 @@ variable "cf_org_id" {
   description = "The Cloud Foundry Org ID from the Cloud Foundry environment instance."
 }
 
+variable "cf_org_users" {
+  type        = list(string)
+  description = "List of users to set as Cloudfoundry org users (pre-requisite for assigning users to other cf_roles)."
+}
+
 variable "cf_org_admins" {
   type        = list(string)
   description = "List of users to set as Cloudfoundry org administrators."
-
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins)
-    error_message = "Please enter a valid email address for the CF Org admins."
-  }
 }
 
 variable "cf_space_managers" {
   type        = list(string)
   description = "Defines the colleagues who are added to a CF space as space manager."
-
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers)
-    error_message = "Please enter a valid email address for the CF space managers."
-  }
 }
 
 variable "cf_space_developers" {
   type        = list(string)
   description = "Defines the colleagues who are added to a CF space as space developer."
-
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers)
-    error_message = "Please enter a valid email address for the CF space developers."
-  }
 }