Skip to content

Commit eecc81d

Browse files
jglanderjglander
committed
fix custom idp cases
1 parent 72393b5 commit eecc81d

File tree

2 files changed

+27
-8
lines changed

2 files changed

+27
-8
lines changed

released/discovery_center/mission_4356/step1/main.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,7 @@ resource "btp_subaccount_subscription" "sapappstudio" {
171171
# ------------------------------------------------------------------------------------------------------
172172
# USERS AND ROLES
173173
# ------------------------------------------------------------------------------------------------------
174+
data "btp_whoami" "me" {}
174175
#
175176
locals {
176177
subaccount_admins = var.subaccount_admins
@@ -187,7 +188,6 @@ locals {
187188
origin_key = local.custom_idp_tenant != "" ? "${local.custom_idp_tenant}-platform" : ""
188189
}
189190

190-
data "btp_whoami" "me" {}
191191
# ------------------------------------------------------------------------------------------------------
192192
# Assign role collection "Subaccount Administrator"
193193
# ------------------------------------------------------------------------------------------------------
@@ -220,7 +220,7 @@ resource "btp_subaccount_role_collection_assignment" "integration_provisioner" {
220220
subaccount_id = data.btp_subaccount.dc_mission.id
221221
role_collection_name = "Integration_Provisioner"
222222
user_name = each.value
223-
origin = local.origin_key
223+
origin = var.custom_idp_apps_origin_key
224224
depends_on = [btp_subaccount_subscription.integrationsuite]
225225
}
226226

@@ -302,4 +302,4 @@ resource "local_file" "output_vars_step1" {
302302
303303
EOT
304304
filename = "../step2/terraform.tfvars"
305-
}
305+
}

released/discovery_center/mission_4356/step2/main.tf

Lines changed: 24 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,23 @@
1+
data "btp_whoami" "me" {}
2+
# ------------------------------------------------------------------------------------------------------
3+
# Import custom trust config and disable for user login
4+
# ------------------------------------------------------------------------------------------------------
5+
locals {
6+
available_for_user_logon = data.btp_whoami.me.issuer != var.custom_idp ? true : false
7+
}
8+
9+
import {
10+
to = btp_subaccount_trust_configuration.default
11+
id = "${var.subaccount_id},sap.default"
12+
}
13+
14+
resource "btp_subaccount_trust_configuration" "default" {
15+
subaccount_id = var.subaccount_id
16+
identity_provider = ""
17+
auto_create_shadow_users = false
18+
available_for_user_logon = local.available_for_user_logon
19+
}
20+
121
# ------------------------------------------------------------------------------------------------------
222
# Create the Cloud Foundry space
323
# ------------------------------------------------------------------------------------------------------
@@ -12,19 +32,18 @@ resource "cloudfoundry_space" "dev" {
1232
# ------------------------------------------------------------------------------------------------------
1333
# USERS AND ROLES
1434
# ------------------------------------------------------------------------------------------------------
15-
data "btp_whoami" "me" {}
1635

1736
locals {
1837
# Remove current user if issuer (idp) of logged in user is not same as used custom idp
19-
cf_org_admins = data.btp_whoami.me.issuer != var.custom_idp ? var.cf_org_admins : setsubtract(toset(var.cf_org_admins), [data.btp_whoami.me.email])
20-
cf_org_users = data.btp_whoami.me.issuer != var.custom_idp ? var.cf_org_admins : setsubtract(toset(var.cf_org_users), [data.btp_whoami.me.email])
38+
cf_org_admins = setsubtract(toset(var.cf_org_admins), [data.btp_whoami.me.email])
39+
cf_org_users = setsubtract(toset(var.cf_org_users), [data.btp_whoami.me.email])
2140

2241
cf_space_managers = var.cf_space_managers
2342
cf_space_developers = var.cf_space_developers
2443

25-
# get origin_key from custom.idp
44+
# origin_key is default (sap.ids) if issuer (idp) of logged in user is not same as used custom idp, otherwise calculated from custom.idp
2645
custom_idp_tenant = var.custom_idp != "" ? element(split(".", var.custom_idp), 0) : ""
27-
origin_key = local.custom_idp_tenant != "" ? "${local.custom_idp_tenant}-platform" : "sap.ids"
46+
origin_key = data.btp_whoami.me.issuer != var.custom_idp ? "sap.ids" : "${local.custom_idp_tenant}-platform"
2847
}
2948

3049
# ------------------------------------------------------------------------------------------------------

0 commit comments

Comments
 (0)