Ensure compliance for mission 4104 (#270)

Author: markusbalsam

released/discovery_center/mission_4104/main.tf

@@ -5,16 +5,16 @@
 resource "random_uuid" "subaccount_domain_suffix" {}
 
 locals {
-  random_uuid               = random_uuid.subaccount_domain_suffix.result
-  project_subaccount_domain = lower(replace("dcmission-4104-${local.random_uuid}", "_", "-"))
+  random_uuid          = random_uuid.subaccount_domain_suffix.result
+  subaccount_subdomain = lower(replace("dcmission-4104-${local.random_uuid}", "_", "-"))
 }
 
 # ------------------------------------------------------------------------------------------------------
 # Creation of subaccount
 # ------------------------------------------------------------------------------------------------------
 resource "btp_subaccount" "dc_mission" {
   name      = var.subaccount_name
-  subdomain = local.project_subaccount_domain
+  subdomain = local.subaccount_subdomain
   region    = lower(var.region)
 }
 
@@ -46,10 +46,10 @@ resource "btp_subaccount_service_instance" "datasphere" {
   name           = "standard_datasphere-service"
   parameters = jsonencode(
     {
-      "first_name" : "${var.qas_datasphere_first_name}",
-      "last_name" : "${var.qas_datasphere_last_name}",
-      "email" : "${var.qas_datasphere_email}",
-      "host_name" : "${var.qas_datasphere_host_name}",
+      "first_name" : "${var.datasphere_first_name}",
+      "last_name" : "${var.datasphere_last_name}",
+      "email" : "${var.datasphere_email}",
+      "host_name" : "${var.datasphere_host_name}",
     }
   )
   timeouts = {

released/discovery_center/mission_4104/outputs.tf

@@ -0,0 +1,4 @@
+output "subaccount_id" {
+  value       = btp_subaccount.dc_mission.id
+  description = "ID of the created subaccount"
+}

released/discovery_center/mission_4104/provider.tf

@@ -8,6 +8,7 @@ terraform {
 }
 
 provider "btp" {
+  idp            = var.custom_idp
   globalaccount  = var.globalaccount
   cli_server_url = var.cli_server_url
 }

released/discovery_center/mission_4104/sample.tfvars

@@ -7,14 +7,24 @@ globalaccount = "xxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxxx-xxxxxx"
 # The CLI server URL (needs to be set to null if you are using the default CLI server)
 cli_server_url = null
 
+# Custom IdP (needs to be set to null if you are using the default platform IdP)
+custom_idp = null
+
 # Region for your subaccount
 region = "us20"
 
 # Name of your sub account
 subaccount_name = "SAP Discovery Center Mission 4104"
 
 # ------------------------------------------------------------------------------------------------------
-# USER ROLES
+# User roles
 # ------------------------------------------------------------------------------------------------------
 subaccount_admins = ["[email protected]"]
 
+# ------------------------------------------------------------------------------------------------------
+# Datasphere configuration
+# ------------------------------------------------------------------------------------------------------
+datasphere_email      = "[email protected]"
+datasphere_first_name = "Your first name"
+datasphere_last_name  = "Your last name"
+datasphere_host_name  = "my-datasphere-tenant-123"

released/discovery_center/mission_4104/variables.tf

@@ -24,12 +24,6 @@ variable "region" {
 variable "subaccount_admins" {
   type        = list(string)
   description = "Defines the colleagues who are added to each subaccount as emergency administrators."
-
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins)
-    error_message = "Please enter a valid email address for the subaccount admins."
-  }
 }
 
 variable "custom_idp" {
@@ -38,22 +32,33 @@ variable "custom_idp" {
   default     = "sap.ids"
 }
 
-variable "qas_datasphere_first_name" {
+variable "datasphere_first_name" {
   type        = string
-  description = "The first name of the QAS datasphere user."
+  description = "The first name of the datasphere user."
 }
 
-variable "qas_datasphere_last_name" {
+variable "datasphere_last_name" {
   type        = string
-  description = "The last name of the QAS datasphere user."
+  description = "The last name of the datasphere user."
 }
 
-variable "qas_datasphere_email" {
+variable "datasphere_email" {
   type        = string
-  description = "The email of the QAS datasphere user."
+  description = "The email of the datasphere user."
+
+  validation {
+    condition     = can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", var.datasphere_email))
+    error_message = "Please enter a valid email address for the Datasphere user."
+  }
 }
 
-variable "qas_datasphere_host_name" {
+variable "datasphere_host_name" {
   type        = string
-  description = "The host name for the SAP Datasphere service instance."
+  description = "The host name for the SAP Datasphere service instance. The host name of the tenant can only contain numbers (0-9), lower case letters (a-z), and hyphens (-). The same host name can't be reused to create other instances."
+  default     = ""
+
+  validation {
+    condition     = length(var.datasphere_host_name) <= 100 && can(regex("^[a-z0-9-]*$", var.datasphere_host_name))
+    error_message = "Please include only lower case letters, numbers and hyphens. White spaces are not allowed."
+  }
 }