diff --git a/released/discovery_center/mission_4033/locals.tf b/released/discovery_center/mission_4033/locals.tf deleted file mode 100644 index b920c29a..00000000 --- a/released/discovery_center/mission_4033/locals.tf +++ /dev/null @@ -1,5 +0,0 @@ -locals { - service_name__sap_build_apps = "sap-build-apps" - service_name__sap_process_automation = "process-automation" - service_name__sap_integration_suite = "integrationsuite" -} \ No newline at end of file diff --git a/released/discovery_center/mission_4033/main.tf b/released/discovery_center/mission_4033/main.tf deleted file mode 100644 index 3a5c9f00..00000000 --- a/released/discovery_center/mission_4033/main.tf +++ /dev/null @@ -1,344 +0,0 @@ -############################################################################################### -# Setup of names in accordance to naming convention -############################################################################################### -resource "random_uuid" "uuid" {} - -locals { - random_uuid = random_uuid.uuid.result - project_subaccount_domain = lower(replace("mission-4033-${local.random_uuid}", "_", "-")) - project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) -} - -############################################################################################### -# Creation of subaccount -############################################################################################### -resource "btp_subaccount" "project" { - count = var.subaccount_id == "" ? 1 : 0 - - name = var.subaccount_name - subdomain = local.project_subaccount_domain - region = lower(var.region) - usage = "USED_FOR_PRODUCTION" -} - -data "btp_subaccount" "project" { - id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.project[0].id -} - - -############################################################################################### -# Assignment of emergency admins to the sub account as sub account administrators -############################################################################################### -resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { - for_each = toset(var.subaccount_admins) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "Subaccount Administrator" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "subaccount_service_admin" { - for_each = toset(var.subaccount_service_admins) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "Subaccount Service Administrator" - user_name = each.value -} - -###################################################################### -# Assign custom IDP to sub account -###################################################################### -resource "btp_subaccount_trust_configuration" "fully_customized" { - subaccount_id = data.btp_subaccount.project.id - identity_provider = var.custom_idp != "" ? var.custom_idp : element(split("/", btp_subaccount_subscription.identity_instance[0].subscription_url), 2) -} - -resource "btp_subaccount_entitlement" "identity" { - count = var.custom_idp == "" ? 1 : 0 - - subaccount_id = data.btp_subaccount.project.id - service_name = "sap-identity-services-onboarding" - plan_name = "default" -} - -resource "btp_subaccount_subscription" "identity_instance" { - count = var.custom_idp == "" ? 1 : 0 - - subaccount_id = data.btp_subaccount.project.id - app_name = "sap-identity-services-onboarding" - plan_name = "default" - parameters = jsonencode({ - cloud_service = "TEST" - }) -} - - -###################################################################### -# Setup Kyma -###################################################################### -data "btp_regions" "all" {} - -# data "btp_subaccount" "this" { -# id = data.btp_subaccount.project.id -# } - -locals { - subaccount_iaas_provider = [for region in data.btp_regions.all.values : region if region.region == data.btp_subaccount.project.region][0].iaas_provider -} - -resource "btp_subaccount_entitlement" "kymaruntime" { - subaccount_id = data.btp_subaccount.project.id - service_name = "kymaruntime" - plan_name = lower(local.subaccount_iaas_provider) - amount = 1 -} - - -resource "btp_subaccount_environment_instance" "kyma" { - subaccount_id = data.btp_subaccount.project.id - name = var.kyma_instance.name - environment_type = "kyma" - service_name = "kymaruntime" - plan_name = lower(local.subaccount_iaas_provider) - parameters = jsonencode({ - name = var.kyma_instance.name - region = var.kyma_instance.region - machine_type = var.kyma_instance.machine_type - auto_scaler_min = var.kyma_instance.auto_scaler_min - auto_scaler_max = var.kyma_instance.auto_scaler_max - }) - timeouts = { - create = var.kyma_instance.createtimeout - update = var.kyma_instance.updatetimeout - delete = var.kyma_instance.deletetimeout - } - depends_on = [btp_subaccount_entitlement.kymaruntime] -} - -###################################################################### -# Entitlement of all general services -###################################################################### -resource "btp_subaccount_entitlement" "genentitlements" { - for_each = { - for index, entitlement in var.entitlements : - index => entitlement - } - subaccount_id = data.btp_subaccount.project.id - service_name = each.value.service_name - plan_name = each.value.plan_name -} - -###################################################################### -# Assign Role Collection -###################################################################### - -resource "btp_subaccount_role_collection_assignment" "conn_dest_admn" { - depends_on = [btp_subaccount_entitlement.genentitlements] - for_each = toset(var.conn_dest_admins) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "Connectivity and Destination Administrator" - user_name = each.value -} - -###################################################################### -# Create app subscription to SAP Integration Suite -###################################################################### -resource "btp_subaccount_entitlement" "sap_integration_suite" { - subaccount_id = data.btp_subaccount.project.id - service_name = local.service_name__sap_integration_suite - plan_name = var.service_plan__sap_integration_suite -} - -data "btp_subaccount_subscriptions" "all" { - subaccount_id = data.btp_subaccount.project.id - depends_on = [btp_subaccount_entitlement.sap_integration_suite] -} - -resource "btp_subaccount_subscription" "sap_integration_suite" { - subaccount_id = data.btp_subaccount.project.id - app_name = [ - for subscription in data.btp_subaccount_subscriptions.all.values : - subscription - if subscription.commercial_app_name == local.service_name__sap_integration_suite - ][0].app_name - plan_name = var.service_plan__sap_integration_suite - depends_on = [data.btp_subaccount_subscriptions.all] -} - -resource "btp_subaccount_role_collection_assignment" "int_prov" { - depends_on = [btp_subaccount_subscription.sap_integration_suite] - for_each = toset(var.int_provisioners) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "Integration_Provisioner" - user_name = each.value -} - -# ###################################################################### -# # Create app subscription to SAP Build Process Automation -# ###################################################################### - -resource "btp_subaccount_entitlement" "build_process_automation" { - subaccount_id = data.btp_subaccount.project.id - service_name = local.service_name__sap_process_automation - plan_name = var.service_plan__sap_process_automation -} - -# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) -resource "btp_subaccount_subscription" "build_process_automation" { - subaccount_id = data.btp_subaccount.project.id - app_name = local.service_name__sap_process_automation - plan_name = var.service_plan__sap_process_automation - depends_on = [btp_subaccount_entitlement.build_process_automation] -} - -resource "btp_subaccount_role_collection_assignment" "sbpa_admin" { - depends_on = [btp_subaccount_subscription.build_process_automation] - for_each = toset(var.process_automation_admins) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "ProcessAutomationAdmin" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "sbpa_dev" { - depends_on = [btp_subaccount_subscription.build_process_automation] - for_each = toset(var.process_automation_developers) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "ProcessAutomationAdmin" - user_name = each.value -} - -resource "btp_subaccount_role_collection_assignment" "sbpa_part" { - depends_on = [btp_subaccount_subscription.build_process_automation] - for_each = toset(var.process_automation_participants) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "ProcessAutomationParticipant" - user_name = each.value -} - -############################################################################################### -# Prepare and setup app: SAP Build Apps -############################################################################################### -# Entitle subaccount for usage of SAP Build Apps -resource "btp_subaccount_entitlement" "sap_build_apps" { - subaccount_id = data.btp_subaccount.project.id - service_name = local.service_name__sap_build_apps - plan_name = var.service_plan__sap_build_apps - amount = 1 - depends_on = [btp_subaccount_trust_configuration.fully_customized] -} - -# Create a subscription to the SAP Build Apps -resource "btp_subaccount_subscription" "sap-build-apps_standard" { - subaccount_id = data.btp_subaccount.project.id - app_name = "sap-appgyver-ee" - plan_name = var.service_plan__sap_build_apps - depends_on = [btp_subaccount_entitlement.sap_build_apps] -} - -# Get all roles in the subaccount -data "btp_subaccount_roles" "all" { - subaccount_id = data.btp_subaccount.project.id - depends_on = [btp_subaccount_subscription.sap-build-apps_standard] -} - -############################################################################################### -# Setup for role collection BuildAppsAdmin -############################################################################################### -# Create the role collection -resource "btp_subaccount_role_collection" "build_apps_BuildAppsAdmin" { - subaccount_id = data.btp_subaccount.project.id - name = "BuildAppsAdmin" - - roles = [ - for role in data.btp_subaccount_roles.all.values : { - name = role.name - role_template_app_id = role.app_id - role_template_name = role.role_template_name - } if contains(["BuildAppsAdmin"], role.name) - ] -} -# Assign users to the role collection -resource "btp_subaccount_role_collection_assignment" "build_apps_BuildAppsAdmin" { - depends_on = [btp_subaccount_role_collection.build_apps_BuildAppsAdmin] - for_each = toset(var.users_buildApps_admins) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "BuildAppsAdmin" - user_name = each.value - origin = btp_subaccount_trust_configuration.fully_customized.origin -} - -############################################################################################### -# Setup for role collection BuildAppsDeveloper -############################################################################################### -# Create the role collection -resource "btp_subaccount_role_collection" "build_apps_BuildAppsDeveloper" { - subaccount_id = data.btp_subaccount.project.id - name = "BuildAppsDeveloper" - - roles = [ - for role in data.btp_subaccount_roles.all.values : { - name = role.name - role_template_app_id = role.app_id - role_template_name = role.role_template_name - } if contains(["BuildAppsDeveloper"], role.name) - ] -} -# Assign users to the role collection -resource "btp_subaccount_role_collection_assignment" "build_apps_BuildAppsDeveloper" { - depends_on = [btp_subaccount_role_collection.build_apps_BuildAppsDeveloper] - for_each = toset(var.users_buildApps_developers) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "BuildAppsDeveloper" - user_name = each.value - origin = btp_subaccount_trust_configuration.fully_customized.origin -} - -############################################################################################### -# Setup for role collection RegistryAdmin -############################################################################################### -# Create the role collection -resource "btp_subaccount_role_collection" "build_apps_RegistryAdmin" { - subaccount_id = data.btp_subaccount.project.id - name = "RegistryAdmin" - - roles = [ - for role in data.btp_subaccount_roles.all.values : { - name = role.name - role_template_app_id = role.app_id - role_template_name = role.role_template_name - } if contains(["RegistryAdmin"], role.name) - ] -} -# Assign users to the role collection -resource "btp_subaccount_role_collection_assignment" "build_apps_RegistryAdmin" { - depends_on = [btp_subaccount_role_collection.build_apps_RegistryAdmin] - for_each = toset(var.users_registry_admins) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "RegistryAdmin" - user_name = each.value - origin = btp_subaccount_trust_configuration.fully_customized.origin -} - -############################################################################################### -# Setup for role collection RegistryDeveloper -############################################################################################### -# Create the role collection -resource "btp_subaccount_role_collection" "build_apps_RegistryDeveloper" { - subaccount_id = data.btp_subaccount.project.id - name = "RegistryDeveloper" - - roles = [ - for role in data.btp_subaccount_roles.all.values : { - name = role.name - role_template_app_id = role.app_id - role_template_name = role.role_template_name - } if contains(["RegistryDeveloper"], role.name) - ] -} -# Assign users to the role collection -resource "btp_subaccount_role_collection_assignment" "build_apps_RegistryDeveloper" { - depends_on = [btp_subaccount_role_collection.build_apps_RegistryDeveloper] - for_each = toset(var.users_registry_developers) - subaccount_id = data.btp_subaccount.project.id - role_collection_name = "RegistryDeveloper" - user_name = each.value - origin = btp_subaccount_trust_configuration.fully_customized.origin -} diff --git a/released/discovery_center/mission_4033/outputs.tf b/released/discovery_center/mission_4033/outputs.tf deleted file mode 100644 index c12e4ba4..00000000 --- a/released/discovery_center/mission_4033/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "subaccount_id" { - value = data.btp_subaccount.project.id - description = "The ID of the project subaccount." -} \ No newline at end of file diff --git a/released/discovery_center/mission_4033/README.md b/released/discovery_center/mission_4033/step1/README.md similarity index 87% rename from released/discovery_center/mission_4033/README.md rename to released/discovery_center/mission_4033/step1/README.md index 4c42264b..e67a9db7 100644 --- a/released/discovery_center/mission_4033/README.md +++ b/released/discovery_center/mission_4033/step1/README.md @@ -1,4 +1,4 @@ -# Discovery Center mission - Create simple, connected digital experiences with API-based integration +# Discovery Center mission - Create simple, connected digital experiences with API-based integration - Step 1 ## Overview @@ -25,7 +25,7 @@ To deploy the resources you must: export BTP_PASSWORD= ``` -2. Change the variables in the `samples.tfvars` file to meet your requirements +2. Change the variables in the `sample.tfvars` file to meet your requirements > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. @@ -45,7 +45,7 @@ To deploy the resources you must: 5. Apply your configuration to provision the resources: ```bash - terraform apply -var-file="samples.tfvars" + terraform apply -var-file="sample.tfvars" ``` ## In the end @@ -53,5 +53,5 @@ To deploy the resources you must: You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: ```bash -terraform destroy +terraform destroy -var-file="sample.tfvars" ``` diff --git a/released/discovery_center/mission_4033/step1/main.tf b/released/discovery_center/mission_4033/step1/main.tf new file mode 100644 index 00000000..c4218583 --- /dev/null +++ b/released/discovery_center/mission_4033/step1/main.tf @@ -0,0 +1,426 @@ +# ------------------------------------------------------------------------------------------------------ +# Setup of names in accordance to naming convention +# ------------------------------------------------------------------------------------------------------ +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + subaccount_domain = lower(replace("mission-4033-${local.random_uuid}", "_", "-")) + subaccount_cf_org = substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) +} + +locals { + service_name__sap_build_apps = "sap-build-apps" + service_name__sap_process_automation = "process-automation" + service_name__sap_process_automation_service = "process-automation-service" + service_name__sap_integration_suite = "integrationsuite" +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of subaccount +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount" "dc_mission" { + count = var.subaccount_id == "" ? 1 : 0 + + name = var.subaccount_name + subdomain = local.subaccount_domain + region = lower(var.region) + usage = "USED_FOR_PRODUCTION" +} + +data "btp_subaccount" "dc_mission" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id +} + + +# ------------------------------------------------------------------------------------------------------ +# Assign custom IDP to sub account +# ------------------------------------------------------------------------------------------------------ +locals { + service_name__sap_identity_services_onboarding = "sap-identity-services-onboarding" +} + +# Entitle +resource "btp_subaccount_entitlement" "sap_identity_services_onboarding" { + count = var.custom_idp == "" ? 1 : 0 + + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_identity_services_onboarding + plan_name = var.service_plan__sap_identity_services_onboarding +} +# Subscribe +resource "btp_subaccount_subscription" "sap_identity_services_onboarding" { + count = var.custom_idp == "" ? 1 : 0 + + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = local.service_name__sap_identity_services_onboarding + plan_name = var.service_plan__sap_identity_services_onboarding + depends_on = [btp_subaccount_entitlement.sap_identity_services_onboarding] +} + +# IdP trust configuration +resource "btp_subaccount_trust_configuration" "fully_customized" { + subaccount_id = data.btp_subaccount.dc_mission.id + identity_provider = var.custom_idp != "" ? var.custom_idp : element(split("/", btp_subaccount_subscription.sap_identity_services_onboarding[0].subscription_url), 2) +} + +locals { + custom_idp_tenant = element(split(".", btp_subaccount_trust_configuration.fully_customized.identity_provider), 0) + origin_key = local.custom_idp_tenant != "" ? "${local.custom_idp_tenant}-platform" : "sap.default" + origin_key_app_users = var.custom_idp_apps_origin_key +} + + + +# ------------------------------------------------------------------------------------------------------ +# Assignment of emergency admins to the sub account as sub account administrators +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { + for_each = toset(var.subaccount_admins) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Administrator" + user_name = each.value + origin = local.origin_key +} + +resource "btp_subaccount_role_collection_assignment" "subaccount_service_admin" { + for_each = toset(var.subaccount_service_admins) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value + origin = local.origin_key +} + + +# ------------------------------------------------------------------------------------------------------ +# Setup Kyma +# ------------------------------------------------------------------------------------------------------ +data "btp_regions" "all" {} + +locals { + subaccount_iaas_provider = [for region in data.btp_regions.all.values : region if region.region == data.btp_subaccount.dc_mission.region][0].iaas_provider +} + +resource "btp_subaccount_entitlement" "kymaruntime" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = "kymaruntime" + plan_name = lower(local.subaccount_iaas_provider) + amount = 1 +} + + +resource "btp_subaccount_environment_instance" "kyma" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = var.kyma_instance.name + environment_type = "kyma" + service_name = "kymaruntime" + plan_name = lower(local.subaccount_iaas_provider) + parameters = jsonencode({ + name = var.kyma_instance.name + region = var.kyma_instance.region + machine_type = var.kyma_instance.machine_type + auto_scaler_min = var.kyma_instance.auto_scaler_min + auto_scaler_max = var.kyma_instance.auto_scaler_max + }) + timeouts = { + create = var.kyma_instance.createtimeout + update = var.kyma_instance.updatetimeout + delete = var.kyma_instance.deletetimeout + } + depends_on = [btp_subaccount_entitlement.kymaruntime] +} + +# ------------------------------------------------------------------------------------------------------ +# Extract list of CF landscape labels from environments +# ------------------------------------------------------------------------------------------------------ +data "btp_subaccount_environments" "all" { + subaccount_id = data.btp_subaccount.dc_mission.id +} + +# Take the landscape label from the first CF environment if no environment label is provided +resource "terraform_data" "cf_landscape_label" { + input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of Cloud Foundry environment +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_environment_instance" "cloudfoundry" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = var.cf_org_name + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = "standard" + landscape_label = terraform_data.cf_landscape_label.output + parameters = jsonencode({ + instance_name = local.subaccount_cf_org + }) +} + +# ------------------------------------------------------------------------------------------------------ +# Create app subscription to SAP Integration Suite +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_entitlement" "sap_integration_suite" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_integration_suite + plan_name = var.service_plan__sap_integration_suite +} + +data "btp_subaccount_subscriptions" "all" { + subaccount_id = data.btp_subaccount.dc_mission.id + depends_on = [btp_subaccount_entitlement.sap_integration_suite] +} + +resource "btp_subaccount_subscription" "sap_integration_suite" { + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = [ + for subscription in data.btp_subaccount_subscriptions.all.values : + subscription + if subscription.commercial_app_name == local.service_name__sap_integration_suite + ][0].app_name + plan_name = var.service_plan__sap_integration_suite + depends_on = [data.btp_subaccount_subscriptions.all] +} + +resource "btp_subaccount_role_collection_assignment" "int_prov" { + depends_on = [btp_subaccount_subscription.sap_integration_suite] + for_each = toset(var.int_provisioners) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Integration_Provisioner" + user_name = each.value + origin = local.origin_key_app_users +} + +resource "btp_subaccount_entitlement" "api_portal" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = "apimanagement-apiportal" + plan_name = var.service_plan__apimanagement_apiportal +} + +resource "btp_subaccount_entitlement" "dev_portal" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = "apimanagement-devportal" + plan_name = var.service_plan__apimanagement_devportal +} + +# # ------------------------------------------------------------------------------------------------------ +# # Create app subscription to SAP Build Process Automation +# # ------------------------------------------------------------------------------------------------------ + +resource "btp_subaccount_entitlement" "build_process_automation" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_process_automation + plan_name = var.service_plan__sap_process_automation +} + +# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) +resource "btp_subaccount_subscription" "build_process_automation" { + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = local.service_name__sap_process_automation + plan_name = var.service_plan__sap_process_automation + depends_on = [btp_subaccount_entitlement.build_process_automation] +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_admin" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.process_automation_admins) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "ProcessAutomationAdmin" + user_name = each.value + origin = local.origin_key_app_users +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_dev" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.process_automation_developers) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "ProcessAutomationDeveloper" + user_name = each.value + origin = local.origin_key_app_users +} + +resource "btp_subaccount_role_collection_assignment" "sbpa_part" { + depends_on = [btp_subaccount_subscription.build_process_automation] + for_each = toset(var.process_automation_participants) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "ProcessAutomationParticipant" + user_name = each.value + origin = local.origin_key_app_users +} + +# # ------------------------------------------------------------------------------------------------------ +# # Create service instance to SAP Build Process Automation +# # ------------------------------------------------------------------------------------------------------ + +resource "btp_subaccount_entitlement" "process_automation_service" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_process_automation_service + plan_name = var.service_plan__sap_process_automation_service + depends_on = [btp_subaccount_subscription.build_process_automation] +} + +# Get plan for SAP Build Process Automation service +data "btp_subaccount_service_plan" "process_automation_service" { + subaccount_id = data.btp_subaccount.dc_mission.id + offering_name = local.service_name__sap_process_automation_service + name = var.service_plan__sap_process_automation_service + depends_on = [btp_subaccount_entitlement.process_automation_service] +} + +# Create service instance for SAP Build Process Automation Service +resource "btp_subaccount_service_instance" "process_automation_service_instance" { + subaccount_id = data.btp_subaccount.dc_mission.id + serviceplan_id = data.btp_subaccount_service_plan.process_automation_service.id + name = "build-process-automation-service-instance" + depends_on = [btp_subaccount_entitlement.process_automation_service, btp_subaccount_environment_instance.cloudfoundry] +} + +# Create service binding to SAP Build Process Automation Service (exposed for a specific user group) +resource "btp_subaccount_service_binding" "process_automation_service_instance_binding" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_instance_id = btp_subaccount_service_instance.process_automation_service_instance.id + name = "build-process-automation-service-instance-key" +} + +# ------------------------------------------------------------------------------------------------------ +# Prepare and setup app: SAP Build Apps +# ------------------------------------------------------------------------------------------------------ +# Entitle subaccount for usage of SAP Build Apps +resource "btp_subaccount_entitlement" "sap_build_apps" { + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sap_build_apps + plan_name = var.service_plan__sap_build_apps + amount = 1 + depends_on = [btp_subaccount_trust_configuration.fully_customized] +} + +# Create a subscription to the SAP Build Apps +resource "btp_subaccount_subscription" "sap-build-apps_standard" { + subaccount_id = data.btp_subaccount.dc_mission.id + app_name = "sap-appgyver-ee" + plan_name = var.service_plan__sap_build_apps + depends_on = [btp_subaccount_entitlement.sap_build_apps] +} + +# Get all roles in the subaccount +data "btp_subaccount_roles" "all" { + subaccount_id = data.btp_subaccount.dc_mission.id + depends_on = [btp_subaccount_subscription.sap-build-apps_standard] +} + +# ------------------------------------------------------------------------------------------------------ +# Setup for role collection BuildAppsAdmin +# ------------------------------------------------------------------------------------------------------ +# Create the role collection +resource "btp_subaccount_role_collection" "build_apps_BuildAppsAdmin" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "BuildAppsAdmin" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["BuildAppsAdmin"], role.name) + ] +} +# Assign users to the role collection +resource "btp_subaccount_role_collection_assignment" "build_apps_BuildAppsAdmin" { + depends_on = [btp_subaccount_role_collection.build_apps_BuildAppsAdmin] + for_each = toset(var.users_buildApps_admins) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "BuildAppsAdmin" + user_name = each.value + origin = local.origin_key_app_users +} + +# ------------------------------------------------------------------------------------------------------ +# Setup for role collection BuildAppsDeveloper +# ------------------------------------------------------------------------------------------------------ +# Create the role collection +resource "btp_subaccount_role_collection" "build_apps_BuildAppsDeveloper" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "BuildAppsDeveloper" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["BuildAppsDeveloper"], role.name) + ] +} +# Assign users to the role collection +resource "btp_subaccount_role_collection_assignment" "build_apps_BuildAppsDeveloper" { + depends_on = [btp_subaccount_role_collection.build_apps_BuildAppsDeveloper] + for_each = toset(var.users_buildApps_developers) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "BuildAppsDeveloper" + user_name = each.value + origin = local.origin_key_app_users +} + +# ------------------------------------------------------------------------------------------------------ +# Setup for role collection RegistryAdmin +# ------------------------------------------------------------------------------------------------------ +# Create the role collection +resource "btp_subaccount_role_collection" "build_apps_RegistryAdmin" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "RegistryAdmin" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["RegistryAdmin"], role.name) + ] +} +# Assign users to the role collection +resource "btp_subaccount_role_collection_assignment" "build_apps_RegistryAdmin" { + depends_on = [btp_subaccount_role_collection.build_apps_RegistryAdmin] + for_each = toset(var.users_registry_admins) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "RegistryAdmin" + user_name = each.value + origin = local.origin_key_app_users +} + +# ------------------------------------------------------------------------------------------------------ +# Setup for role collection RegistryDeveloper +# ------------------------------------------------------------------------------------------------------ +# Create the role collection +resource "btp_subaccount_role_collection" "build_apps_RegistryDeveloper" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = "RegistryDeveloper" + + roles = [ + for role in data.btp_subaccount_roles.all.values : { + name = role.name + role_template_app_id = role.app_id + role_template_name = role.role_template_name + } if contains(["RegistryDeveloper"], role.name) + ] +} +# Assign users to the role collection +resource "btp_subaccount_role_collection_assignment" "build_apps_RegistryDeveloper" { + depends_on = [btp_subaccount_role_collection.build_apps_RegistryDeveloper] + for_each = toset(var.users_registry_developers) + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "RegistryDeveloper" + user_name = each.value + origin = local.origin_key_app_users +} + + +# ------------------------------------------------------------------------------------------------------ +# Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true) +# ------------------------------------------------------------------------------------------------------ +resource "local_file" "output_vars_step1" { + count = var.create_tfvars_file_for_step2 ? 1 : 0 + content = <<-EOT + globalaccount = "${var.globalaccount}" + subaccount_id = "${data.btp_subaccount.dc_mission.id}" + EOT + filename = "../step2/terraform.tfvars" +} diff --git a/released/discovery_center/mission_4033/step1/outputs.tf b/released/discovery_center/mission_4033/step1/outputs.tf new file mode 100644 index 00000000..9849b007 --- /dev/null +++ b/released/discovery_center/mission_4033/step1/outputs.tf @@ -0,0 +1,18 @@ +output "subaccount_id" { + value = data.btp_subaccount.dc_mission.id + description = "The ID of the project subaccount." +} + +output "integration_suite_url" { + value = btp_subaccount_subscription.sap_integration_suite.subscription_url +} + +output "process_automation_subscription_url" { + value = btp_subaccount_subscription.build_process_automation.subscription_url + description = "Subscription URL for SAP Build Process Automation" +} + +output "kyma_url" { + value = btp_subaccount_environment_instance.kyma.dashboard_url + description = "Subscription URL for SAP Build Process Automation" +} \ No newline at end of file diff --git a/released/discovery_center/mission_4033/provider.tf b/released/discovery_center/mission_4033/step1/provider.tf similarity index 91% rename from released/discovery_center/mission_4033/provider.tf rename to released/discovery_center/mission_4033/step1/provider.tf index b63f7df9..c55ef6c8 100644 --- a/released/discovery_center/mission_4033/provider.tf +++ b/released/discovery_center/mission_4033/step1/provider.tf @@ -3,7 +3,7 @@ terraform { required_providers { btp = { source = "sap/btp" - version = "~> 1.5.0" + version = "~> 1.6.0" } } } diff --git a/released/discovery_center/mission_4033/sample.tfvars b/released/discovery_center/mission_4033/step1/sample.tfvars similarity index 93% rename from released/discovery_center/mission_4033/sample.tfvars rename to released/discovery_center/mission_4033/step1/sample.tfvars index c4843dfc..c19d5780 100644 --- a/released/discovery_center/mission_4033/sample.tfvars +++ b/released/discovery_center/mission_4033/step1/sample.tfvars @@ -5,7 +5,7 @@ globalaccount = "yourglobalaccount" region = "us10" subaccount_name = "DC Mission 4033 - Create simple, connected digital experiences with API-based integration 1" -custom_idp = "xxxxxxxxxxxxx.accounts.ondemand.com" +custom_idp = ".accounts.ondemand.com" kyma_instance = { name = "my-kyma-environment" @@ -23,7 +23,6 @@ kyma_instance = { # ------------------------------------------------------------------------------------------------------ subaccount_admins = ["another.user@test.com"] subaccount_service_admins = ["another.user@test.com"] -conn_dest_admins = ["another.user@test.com"] int_provisioners = ["another.user@test.com"] users_buildApps_admins = ["another.user@test.com"] users_registry_admins = ["another.user@test.com"] diff --git a/released/discovery_center/mission_4033/variables.tf b/released/discovery_center/mission_4033/step1/variables.tf similarity index 50% rename from released/discovery_center/mission_4033/variables.tf rename to released/discovery_center/mission_4033/step1/variables.tf index c61cf79b..81034e84 100644 --- a/released/discovery_center/mission_4033/variables.tf +++ b/released/discovery_center/mission_4033/step1/variables.tf @@ -34,6 +34,20 @@ variable "cli_server_url" { default = "https://cli.btp.cloud.sap" } +# cf org name +variable "cf_org_name" { + type = string + description = "Cloud Foundry Org Name" + default = "cloud-foundry" +} + +# cf landscape label +variable "cf_landscape_label" { + type = string + description = "The Cloud Foundry landscape (format example eu10-004)." + default = "" +} + variable "subaccount_admins" { type = list(string) description = "Defines the colleagues who are added to each subaccount as Subaccount administrators." @@ -58,22 +72,37 @@ variable "service_plan__sap_process_automation" { type = string description = "The plan for SAP Build Process Automation" default = "standard" - validation { - condition = contains(["standard", "advanced-user"], var.service_plan__sap_process_automation) - error_message = "Invalid value for service_plan__sap_process_automation. Only 'standard' and 'advanced-user' are allowed." - } } +variable "service_plan__sap_process_automation_service" { + type = string + description = "The plan for SAP Build Process Automation Service" + default = "standard" +} + + variable "service_plan__sap_integration_suite" { type = string description = "The plan for SAP Integration Suite" default = "enterprise_agreement" validation { - condition = contains(["enterprise_agreement"], var.service_plan__sap_integration_suite) - error_message = "Invalid value for service_plan__sap_integration_suite. Only 'enterprise_agreement' are allowed." + condition = contains(["enterprise_agreement", "free"], var.service_plan__sap_integration_suite) + error_message = "Invalid value for service_plan__sap_integration_suite. Only 'enterprise_agreement' and 'free' are allowed." } } +variable "service_plan__apimanagement_apiportal" { + type = string + description = "The plan for SAP Build Process Automation" + default = "apiportal-apiaccess" +} + +variable "service_plan__apimanagement_devportal" { + type = string + description = "The plan for SAP Build Process Automation" + default = "devportal-apiaccess" +} + ### # Entitlements ### @@ -85,21 +114,6 @@ variable "entitlements" { })) description = "The list of entitlements that shall be added to the subaccount." default = [ - { - service_name = "destination" - plan_name = "lite", - type = "service" - }, - { - service_name = "xsuaa" - plan_name = "application", - type = "service" - }, - { - service_name = "process-automation-service" - plan_name = "standard", - type = "service" - }, { service_name = "apimanagement-apiportal" plan_name = "apiportal-apiaccess", @@ -124,114 +138,81 @@ variable "kyma_instance" { type = object({ deletetimeout = string }) } -variable "conn_dest_admins" { - type = list(string) - description = "Connectivity and Destination Administrator" - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.conn_dest_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.conn_dest_admins) - error_message = "Please enter a valid email address for the CF space managers." - } -} - variable "int_provisioners" { type = list(string) description = "Integration Provisioner" - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.int_provisioners : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.int_provisioners) - error_message = "Please enter a valid email address for the CF space managers." - } - } variable "custom_idp" { type = string description = "Defines the custom IDP to be used for the subaccount" - default = "terraformint" - - validation { - condition = can(regex("^[a-z-]", var.custom_idp)) - error_message = "Please enter a valid entry for the custom-idp of the subaccount." - } + default = "" } variable "users_buildApps_admins" { type = list(string) description = "Defines the colleagues who have the role of 'BuildAppsAdmin' in SAP Build Apps." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.users_buildApps_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.users_buildApps_admins) - error_message = "Please enter a valid email address for the CF space managers." - } } variable "users_buildApps_developers" { type = list(string) description = "Defines the colleagues who have the role of 'BuildAppsDeveloper' in SAP Build Apps." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.users_buildApps_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.users_buildApps_developers) - error_message = "Please enter a valid email address for the CF space managers." - } } variable "users_registry_admins" { type = list(string) description = "Defines the colleagues who have the role of 'RegistryAdmin' in SAP Build Apps." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.users_registry_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.users_registry_admins) - error_message = "Please enter a valid email address for the CF space managers." - } } variable "users_registry_developers" { type = list(string) description = "Defines the colleagues who have the role of RegistryDeveloper' in SAP Build Apps." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.users_registry_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.users_registry_developers) - error_message = "Please enter a valid email address for the CF space managers." - } } variable "process_automation_admins" { type = list(string) description = "Defines the users who have the role of ProcessAutomationAdmin in SAP Build Process Automation" - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.process_automation_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.process_automation_admins) - error_message = "Please enter a valid email address for the CF space managers." - } } variable "process_automation_developers" { type = list(string) description = "Defines the users who have the role of ProcessAutomationDeveloper in SAP Build Process Automation" - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.process_automation_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.process_automation_developers) - error_message = "Please enter a valid email address for the CF space managers." - } } variable "process_automation_participants" { type = list(string) description = "Defines the users who have the role of ProcessAutomationParticipant in SAP Build Process Automation" - default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "service_plan__sap_identity_services_onboarding" { + type = string + description = "The plan for service 'Cloud Identity Services' with technical name 'sap-identity-services-onboarding'" + default = "default" + validation { + condition = contains(["default"], var.service_plan__sap_identity_services_onboarding) + error_message = "Invalid value for service_plan__sap_identity_services_onboarding. Only 'default' is allowed." + } +} + +variable "custom_idp_apps_origin_key" { + type = string + description = "The custom identity provider for the subaccount." + default = "sap.custom" +} + +variable "create_tfvars_file_for_step2" { + type = bool + description = "Switch to enable the creation of the tfvars file for step 2." + default = true +} + +variable "cf_space_name" { + type = string + description = "Name of the Cloud Foundry space." + default = "dev" - # add validation to check if admins contains a list of valid email addresses validation { - condition = length([for email in var.process_automation_participants : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.process_automation_participants) - error_message = "Please enter a valid email address for the CF space managers." + condition = can(regex("^.{1,255}$", var.cf_space_name)) + error_message = "The Cloud Foundry space name must not be emtpy and not exceed 255 characters." } } \ No newline at end of file diff --git a/released/discovery_center/mission_4033/step2/README.md b/released/discovery_center/mission_4033/step2/README.md new file mode 100644 index 00000000..8532a323 --- /dev/null +++ b/released/discovery_center/mission_4033/step2/README.md @@ -0,0 +1,39 @@ +# Discovery Center mission - Create simple, connected digital experiences with API-based integration - Step 2 + +## Overview + +This script shows how to create a SAP BTP subaccount for Discovery Center Mission: Create simple, connected digital experiences with API-based integration. Step 2 comprises all activities that depend on the step 1 completion. + + +## Deploying the resources + +To deploy the resources you must: + + +1. If you did not create a `tfvars` file in step 1 (via the variable `create_tfvars_file_for_step2`) you must manually Take the output of step 1 and transfer it in a `tfvars` file e.g. `sample.tfvars` file to meet your requirements. Of course you can also further adjust the generated `tfvars` file from step 1. + +2. If not already done in step 1, initialize your workspace: + + ```bash + terraform init + ``` + +3. You can check what Terraform plans to apply based on your configuration. If you use the generated `tfvars` file from step 1 you do not need need to explicitly add the filename to the command: + + ```bash + terraform plan -var-file="terraform.tfvars" + ``` + +4. According to the variants of step 3. apply your configuration to provision the resources either via: + + ```bash + terraform apply -var-file="terraform.tfvars" + ``` + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the command fitting your setup: + +```bash +terraform destroy -var-file="terraform.tfvars" +``` diff --git a/released/discovery_center/mission_4033/step2/main.tf b/released/discovery_center/mission_4033/step2/main.tf new file mode 100644 index 00000000..4ad4c8c5 --- /dev/null +++ b/released/discovery_center/mission_4033/step2/main.tf @@ -0,0 +1,14 @@ +# ------------------------------------------------------------------------------------------------------ +# Import custom trust config and disable for user login +# ------------------------------------------------------------------------------------------------------ +import { + to = btp_subaccount_trust_configuration.default + id = "${var.subaccount_id},sap.default" +} + +resource "btp_subaccount_trust_configuration" "default" { + subaccount_id = var.subaccount_id + identity_provider = "" + auto_create_shadow_users = false + available_for_user_logon = false +} diff --git a/released/discovery_center/mission_4033/step2/provider.tf b/released/discovery_center/mission_4033/step2/provider.tf new file mode 100644 index 00000000..f10f869c --- /dev/null +++ b/released/discovery_center/mission_4033/step2/provider.tf @@ -0,0 +1,13 @@ +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "~> 1.6.0" + } + } +} + +provider "btp" { + cli_server_url = var.cli_server_url + globalaccount = var.globalaccount +} \ No newline at end of file diff --git a/released/discovery_center/mission_4033/step2/variables.tf b/released/discovery_center/mission_4033/step2/variables.tf new file mode 100644 index 00000000..9e3d7411 --- /dev/null +++ b/released/discovery_center/mission_4033/step2/variables.tf @@ -0,0 +1,15 @@ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cpcli.cf.eu10.hana.ondemand.com" +} \ No newline at end of file