3680 QAS Polished and few fixes

Author: mahesh0431

released/discovery_center/mission_3680/step1/README.md

@@ -1,4 +1,4 @@
-# Discovery Center Mission: Create a custom mobile app to extend HR capabilities (3680)
+# Discovery Center Mission: Create a custom mobile app to extend HR capabilities (3680) - Step 1
 
 ## Overview
 
@@ -18,27 +18,31 @@ The setup comprises the following resources:
 
 To deploy the resources you must:
 
-1. Export environment variables BTP_USERNAME, BTP_PASSWORD, CF_USER, and CF_PASSWORD with your username and password for the custom IdP of your global account.
+1. Set the environment variables BTP_USERNAME and BTP_PASSWORD to pass credentials to the BTP provider to authenticate and interact with your BTP environments. 
 
-2. Change the variables in the `samples.tfvars` file in the main folder to meet your requirements
+   ```bash
+   export BTP_USERNAME=<your_username>
+   export BTP_PASSWORD=<your_password>
+   ```
+
+2. Change the variables in the `sample.tfvars` file to meet your requirements
 
    > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: [email protected]`.
 
-3. Execute the apply.sh script.
 
-4. Verify e.g., in BTP cockpit that a new subaccount with a integration suite, SAP Business Application Studio, CF environment instance and a CF space have been created.
+3. Initialize your workspace:
 
    ```bash
    terraform init
    ```
 
-5. You can check what Terraform plans to apply based on your configuration:
+4. You can check what Terraform plans to apply based on your configuration:
 
    ```bash
-   terraform plan -var-file="samples.tfvars"
+   terraform plan -var-file="sample.tfvars"
    ```
 
-6. Apply your configuration to provision the resources:
+5. Apply your configuration to provision the resources:
 
    ```bash
    terraform apply -var-file="samples.tfvars"
@@ -50,4 +54,4 @@ You probably want to remove the assets after trying them out to avoid unnecessar
 
 ```bash
 terraform destroy -var-file="samples.tfvars"
-```
+```

released/discovery_center/mission_3680/step1/locals.tf

@@ -1,5 +1,5 @@
 output "subaccount_id" {
-  value       = btp_subaccount.dc_mission.id
+  value       = data.btp_subaccount.dc_mission.id
   description = "The ID of the subaccount."
 }
 
@@ -27,38 +27,12 @@ output "hana_tools_url" {
   value       = btp_subaccount_subscription.hana_cloud_tools.subscription_url
   description = "HANA Tools URL"
 }
+output "build_apps_url" {
+  value       = btp_subaccount_subscription.sap-build-apps_standard.subscription_url
+  description = "SAP Build Apps URL"
+}
 
 output "cf_org_name" {
   value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"]
   description = "The Cloudfoundry org name."
 }
-
-output "cf_org_admins" {
-  value       = var.cf_org_admins
-  description = "The Cloudfoundry org admins."
-}
-
-output "cf_org_users" {
-  value       = var.cf_org_users
-  description = "The Cloudfoundry org users."
-}
-
-output "cf_space_developers" {
-  value       = var.cf_space_developers
-  description = "The Cloudfoundry space developers."
-}
-
-output "cf_space_managers" {
-  value       = var.cf_space_managers
-  description = "The Cloudfoundry space managers."
-}
-
-output "cf_space_name" {
-  value       = var.cf_space_name
-  description = "The Cloudfoundry space name."
-}
-
-output "origin" {
-  value       = var.origin
-  description = "The origin of the identity provider."
-}

released/discovery_center/mission_3680/step1/main.tf

@@ -5,6 +5,7 @@
 globalaccount   = "yourglobalaccount"
 region          = "us10"
 subaccount_name = "SAP Discovery Center Mission 3680"
+custom_idp      = "<your_idp>.accounts.ondemand.com"
 
 # ------------------------------------------------------------------------------------------------------
 # Project specific configuration (please adapt!)
@@ -14,15 +15,21 @@ subaccount_name = "SAP Discovery Center Mission 3680"
 subaccount_admins         = ["[email protected]"]
 subaccount_service_admins = ["[email protected]"]
 
-hana_cloud_admins    = ["[email protected]"]
+hana_system_admin    = "[email protected]"
 hana_system_password = "Abc12345"
 
 # Don't add the user, that is executing the TF script to cf_org_admins or cf_org_users!
 cf_org_admins       = ["[email protected]"]
 cf_org_users        = ["[email protected]"]
-cf_space_managers   = ["[email protected]", "[email protected]"]
-cf_space_developers = ["[email protected]", "[email protected]"]
+cf_space_managers   = ["[email protected]"]
+cf_space_developers = ["[email protected]"]
 
 # Event Mesh users
-event_mesh_admins     = ["[email protected]", "[email protected]"]
-event_mesh_developers = ["[email protected]", "[email protected]"]
+event_mesh_admins     = ["[email protected]"]
+event_mesh_developers = ["[email protected]"]
+
+# Build Apps
+users_buildApps_admins          = ["[email protected]"]
+users_registry_admins           = ["[email protected]"]
+users_buildApps_developers      = ["[email protected]"]
+users_registry_developers       = ["[email protected]"]

released/discovery_center/mission_3680/step1/outputs.tf

@@ -51,16 +51,9 @@ variable "region" {
 }
 
 
-variable "hana_cloud_admins" {
-  type        = list(string)
-  description = "Defines the colleagues who are added as admins to access the instance of SAP HANA Cloud."
-  default     = ["[email protected]", "[email protected]"]
-
-  # add validation to check if admins contains a list of valid email addresses
-  validation {
-    condition     = length([for email in var.hana_cloud_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.hana_cloud_admins)
-    error_message = "Please enter a valid email address for the admins of SAP HANA Cloud instance."
-  }
+variable "hana_system_admin" {
+  type        = string
+  description = "Defines the colleague who is added as admin to access the instance of SAP HANA Cloud."
 }
 
 variable "custom_idp" {
@@ -72,7 +65,7 @@ variable "custom_idp" {
 variable "create_tfvars_file_for_step2" {
   type        = bool
   description = "Switch to enable the creation of the tfvars file for step 2."
-  default     = false
+  default     = true
 }
 
 variable "hana_system_password" {
@@ -178,4 +171,49 @@ variable "event_mesh_developers" {
   default     = ["[email protected]", "[email protected]"]
 }
 
+variable "custom_idp_apps_origin_key" {
+  type        = string
+  description = "The custom identity provider for the subaccount."
+  default     = "sap.custom"
+}
+
+variable "service_plan__sap_identity_services_onboarding" {
+  type        = string
+  description = "The plan for service 'Cloud Identity Services' with technical name 'sap-identity-services-onboarding'"
+  default     = "default"
+  validation {
+    condition     = contains(["default"], var.service_plan__sap_identity_services_onboarding)
+    error_message = "Invalid value for service_plan__sap_identity_services_onboarding. Only 'default' is allowed."
+  }
+}
+
+variable "users_buildApps_admins" {
+  type        = list(string)
+  description = "Defines the colleagues who have the role of 'BuildAppsAdmin' in SAP Build Apps."
+}
+
+variable "users_buildApps_developers" {
+  type        = list(string)
+  description = "Defines the colleagues who have the role of 'BuildAppsDeveloper' in SAP Build Apps."
+}
+
+variable "users_registry_admins" {
+  type        = list(string)
+  description = "Defines the colleagues who have the role of 'RegistryAdmin' in SAP Build Apps."
+}
+
+variable "users_registry_developers" {
+  type        = list(string)
+  description = "Defines the colleagues who have the role of RegistryDeveloper' in SAP Build Apps."
+}
+
+variable "service_plan__sap_build_apps" {
+  type        = string
+  description = "The plan for SAP Build Apps subscription"
+  default     = "free"
+  validation {
+    condition     = contains(["free", "standard", "partner"], var.service_plan__sap_build_apps)
+    error_message = "Invalid value for service_plan__sap_build_apps. Only 'free', 'standard' and 'partner' are allowed."
+  }
+}
 

released/discovery_center/mission_3680/step1/samples.tfvars renamed to released/discovery_center/mission_3680/step1/sample.tfvars

@@ -0,0 +1,38 @@
+# Discovery Center mission - Create a custom mobile app to extend HR capabilities (3680) - Step 2
+
+## Overview
+
+This script shows how to create a SAP BTP subaccount for Discovery Center Mission: Create a custom mobile app to extend HR capabilities (3680). Step 2 comprises all activities that depend on the step 1 completion.
+
+## Deploying the resources
+
+To deploy the resources you must:
+
+
+1. If you did not create a `tfvars` file in step 1 (via the variable `create_tfvars_file_for_step2`) you must manually Take the output of step 1 and transfer it in a `tfvars` file e.g. `sample.tfvars` file to meet your requirements. Of course you can also further adjust the generated `tfvars` file from step 1.
+
+2. If not already done in step 1, initialize your workspace:
+
+   ```bash
+   terraform init
+   ```
+
+3. You can check what Terraform plans to apply based on your configuration. If you use the generated `tfvars` file from step 1 you do not need need to explicitly add the filename to the command:
+
+   ```bash
+   terraform plan -var-file="terraform.tfvars" 
+   ```
+
+4. According to the variants of step 3. apply your configuration to provision the resources either via:
+
+   ```bash
+   terraform apply -var-file="terraform.tfvars"
+   ```
+
+## In the end
+
+You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the command fitting your setup:
+
+```bash
+terraform destroy -var-file="terraform.tfvars" 
+```

released/discovery_center/mission_3680/step1/variables.tf

@@ -1,3 +1,18 @@
+# ------------------------------------------------------------------------------------------------------
+# Import custom trust config and disable for user login
+# ------------------------------------------------------------------------------------------------------
+import {
+  to = btp_subaccount_trust_configuration.default
+  id = "${var.subaccount_id},sap.default"
+}
+
+resource "btp_subaccount_trust_configuration" "default" {
+  subaccount_id            = var.subaccount_id
+  identity_provider        = ""
+  auto_create_shadow_users = false
+  available_for_user_logon = false
+}
+
 # ------------------------------------------------------------------------------------------------------
 # Create space using CF provider
 # ------------------------------------------------------------------------------------------------------
@@ -6,6 +21,24 @@ resource "cloudfoundry_space" "dev" {
   org  = var.cf_org_id
 }
 
+# ------------------------------------------------------------------------------------------------------
+# SETUP ALL SERVICES FOR CF USAGE
+# ------------------------------------------------------------------------------------------------------
+# ------------------------------------------------------------------------------------------------------
+#  USERS AND ROLES
+# ------------------------------------------------------------------------------------------------------
+data "btp_whoami" "me" {}
+
+locals {
+  # Remove current user if issuer (idp) of logged in user is not same as used custom idp 
+  cf_org_admins = data.btp_whoami.me.issuer != var.custom_idp ? var.cf_org_admins : setsubtract(toset(var.cf_org_admins), [data.btp_whoami.me.email])
+  cf_org_users  = data.btp_whoami.me.issuer != var.custom_idp ? var.cf_org_admins : setsubtract(toset(var.cf_org_users), [data.btp_whoami.me.email])
+
+  # get origin_key from custom.idp 
+  custom_idp_tenant = var.custom_idp != "" ? element(split(".", var.custom_idp), 0) : ""
+  origin_key        = local.custom_idp_tenant != "" ? "${local.custom_idp_tenant}-platform" : "sap.ids"
+}
+
 # ------------------------------------------------------------------------------------------------------
 # add org and space users and managers
 # ------------------------------------------------------------------------------------------------------
@@ -14,23 +47,23 @@ resource "cloudfoundry_org_role" "organization_user" {
   username = each.value
   type     = "organization_user"
   org      = var.cf_org_id
-  origin   = var.origin
+  origin   = local.origin_key
 }
 
 resource "cloudfoundry_org_role" "organization_manager" {
   for_each = toset(var.cf_org_admins)
   username = each.value
   type     = "organization_manager"
   org      = var.cf_org_id
-  origin   = var.origin
+  origin   = local.origin_key
 }
 
 resource "cloudfoundry_space_role" "space_developer" {
   for_each   = toset(var.cf_space_developers)
   username   = each.value
   type       = "space_developer"
   space      = cloudfoundry_space.dev.id
-  origin     = var.origin
+  origin     = local.origin_key
   depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager]
 }
 
@@ -39,6 +72,6 @@ resource "cloudfoundry_space_role" "space_manager" {
   username   = each.value
   type       = "space_manager"
   space      = cloudfoundry_space.dev.id
-  origin     = var.origin
+  origin     = local.origin_key
   depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager]
 }

released/discovery_center/mission_3680/step2/README.md

@@ -1,16 +1,22 @@
 terraform {
   required_providers {
     cloudfoundry = {
-      source  = "sap/cloudfoundry"
+      source  = "SAP/cloudfoundry"
       version = "1.0.0-rc1"
     }
+    btp = {
+      source  = "SAP/btp"
+      version = "~> 1.5.0"
+    }
   }
 }
 
-# ------------------------------------------------------------------------------------------------------
-# Configure CF provider
-# ------------------------------------------------------------------------------------------------------
+provider "btp" {
+  globalaccount  = var.globalaccount
+  cli_server_url = var.cli_server_url
+}
+
+
 provider "cloudfoundry" {
-  # resolve API URL from environment instance
   api_url = var.cf_api_url
 }