diff --git a/released/SAP-Inside-Tracks/SITBLR2024/main.tf b/released/SAP-Inside-Tracks/SITBLR2024/main.tf new file mode 100644 index 00000000..41707cbe --- /dev/null +++ b/released/SAP-Inside-Tracks/SITBLR2024/main.tf @@ -0,0 +1,159 @@ + + +############################################################################################### +# This is the Terraform script for the SAP Insidetrack event. In this script you will create +# the infrastructure for the development of an SAP extension project +# The script will do the following +# - create a new subaccount (if the subaccount id is not set) +# - add users as subaccount administrators and viewers +# - create entitlements for the following services: +# * SAP Business Application Studio +# * SAP Continous & Integration Application +# * SAP Build Workzone - standard edition +# - create subscriptions +# - add user to service role collections +############################################################################################### + +############################################################################################### +# Creation of subaccount - if subaccount_id = "" +############################################################################################### +# Setup subaccount domain (to ensure uniqueness in BTP global account) +resource "random_uuid" "uuid" {} + +resource "btp_subaccount" "create_subaccount" { + count = var.subaccount_id == "" ? 1 : 0 + name = var.subaccount_name + subdomain = join("-", [var.subaccount_name, random_uuid.uuid.result]) + region = lower(var.region) +} + +# For the next resources we need the subaccount ID – either use the new one or one from the subaccount_id variable +data "btp_subaccount" "project" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.create_subaccount[0].id +} + +############################################################################################## +# Assign users to the subaccount role collections +############################################################################################## +# Assignment of admins to the sub account as sub account administrators +resource "btp_subaccount_role_collection_assignment" "subaccount_admins" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} + +# Assignment of developers to the sub account as sub account viewer +resource "btp_subaccount_role_collection_assignment" "subaccount_viewer" { + for_each = toset("${var.developers}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Viewer" + user_name = each.value +} +# Assignment of the subaccount service administrators +resource "btp_subaccount_role_collection_assignment" "subaccount_service_admin" { + for_each = toset("${var.service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} + +############################################################################################## +# Creating entitlements +############################################################################################## +# Entitle subaccount for usage of app destination SAP Build Workzone, standard edition +resource "btp_subaccount_entitlement" "build_workzone" { + subaccount_id = data.btp_subaccount.project.id + service_name = "SAPLaunchpad" + plan_name = var.build_workzone_service_plan + amount = 1 +} + +# Entitle subaccount for usage of app destination SAP Business Application Studio +resource "btp_subaccount_entitlement" "bas" { + subaccount_id = data.btp_subaccount.project.id + service_name = "sapappstudio" + plan_name = var.bas_service_plan +} +# Entitle subaccount for usage of app destination Continous Integration & Delivery +resource "btp_subaccount_entitlement" "cicd" { + subaccount_id = data.btp_subaccount.project.id + service_name = "cicd-app" + plan_name = var.cicd_service_plan +} + +############################################################################################## +# Creating subscriptions +############################################################################################## +# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) +resource "btp_subaccount_subscription" "build_workzone" { + subaccount_id = data.btp_subaccount.project.id + app_name = "SAPLaunchpad" + plan_name = var.build_workzone_service_plan + depends_on = [btp_subaccount_entitlement.build_workzone] +} + +# Create app subscription to SAP Business Application Studio (depends on entitlement) +resource "btp_subaccount_subscription" "bas" { + subaccount_id = data.btp_subaccount.project.id + app_name = "sapappstudio" + plan_name = var.bas_service_plan + depends_on = [btp_subaccount_entitlement.bas] +} +# Create app subscription to SAP Business Application Studio (depends on entitlement) +resource "btp_subaccount_subscription" "cicd" { + subaccount_id = data.btp_subaccount.project.id + app_name = "cicd-app" + plan_name = var.cicd_service_plan + depends_on = [btp_subaccount_entitlement.cicd] +} + +############################################################################################### +# Assign User to role collections +############################################################################################### + + +# Assign users to Role Collection: Launchpad_Admin +resource "btp_subaccount_role_collection_assignment" "launchpad_admin" { + for_each = toset("${var.service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Launchpad_Admin" + user_name = each.value + depends_on = [btp_subaccount_subscription.build_workzone] +} + +# Assign users to Role Collection: Business_Application_Studio_Administrator +resource "btp_subaccount_role_collection_assignment" "bas_admin" { + for_each = toset("${var.service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Administrator" + user_name = each.value + depends_on = [btp_subaccount_subscription.bas] +} + +# Assign users to Role Collection: Business_Application_Studio_Developer +resource "btp_subaccount_role_collection_assignment" "bas_dev" { + for_each = toset("${var.developers}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Developer" + user_name = each.value + depends_on = [btp_subaccount_subscription.bas] +} + +# Assign users to Role Collection: CICD Service Administrator +resource "btp_subaccount_role_collection_assignment" "cicd_admin" { + for_each = toset("${var.service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "CICD Service Administrator" + user_name = each.value + depends_on = [btp_subaccount_subscription.cicd] +} + +# Assign users to Role Collection: CICD Service Developer +resource "btp_subaccount_role_collection_assignment" "cicd_dev" { + for_each = toset("${var.developers}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "CICD Service Developer" + user_name = each.value + depends_on = [btp_subaccount_subscription.cicd] +} \ No newline at end of file diff --git a/released/SAP-Inside-Tracks/SITBLR2024/provider.tf b/released/SAP-Inside-Tracks/SITBLR2024/provider.tf new file mode 100644 index 00000000..5dcaa5cc --- /dev/null +++ b/released/SAP-Inside-Tracks/SITBLR2024/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + btp = { + source = "sap/btp" + version = "~> 1.5.0" + } + } +} + +# Please checkout documentation on how best to authenticate against SAP BTP +# via the Terraform provider for SAP BTP +provider "btp" { + globalaccount = var.globalaccount + username = var.btp_username + password = var.btp_password + idp = var.idp +} \ No newline at end of file diff --git a/released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars b/released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars new file mode 100644 index 00000000..c5fd6059 --- /dev/null +++ b/released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars @@ -0,0 +1,32 @@ +######################################################################## +# Account settings +######################################################################## +globalaccount = "inside-track-2023" +region = "us10" +subaccount_name = "learningjourney" +idp = "" + + +# Set the subaccount_id ro run the script in an existing subaccount, +# keep it empty to create a new one, for that you need the global account administration role +# subaccount_id = "" + +##################################################################################### +# Subaccount administrators - don't add your own user here, your ID is added automatically +##################################################################################### +subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] + + +##################################################################################### +# Service administrators and developers - add your ID here +##################################################################################### +service_admins = ["jane.doe@test.com", "john.doe@test.com"] +developers = ["carl.dev@test.com"] + +##################################################################################### +# Service plans - for testing the services you can set "free" as value, the free service plan +# is only supported for SAP BTP accounts with the CPEA, BTPEA or Pay-as-you-go commercial model +##################################################################################### +build_workzone_service_plan = "free" +bas_service_plan = "free" +cicd_service_plan = "default" \ No newline at end of file diff --git a/released/SAP-Inside-Tracks/SITBLR2024/variables.tf b/released/SAP-Inside-Tracks/SITBLR2024/variables.tf new file mode 100644 index 00000000..b9a58bab --- /dev/null +++ b/released/SAP-Inside-Tracks/SITBLR2024/variables.tf @@ -0,0 +1,85 @@ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} +variable "idp" { + type = string + description = "The custom identity provider for the subaccount." + default = "aviss4yru.accounts.ondemand.com" +} + +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "My SAP subaccount" +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} +variable "region" { + type = string + description = "The region where the subaccount shall be created in." + default = "us10" +} + +variable "build_workzone_service_plan" { + type = string + description = "The plan for the SAP Build Workzone subscription" + default = "free" + validation { + condition = contains(["free", "standard"], var.build_workzone_service_plan) + error_message = "Invalid value for build_workzone_service_plan. Only 'free' and 'standard' are allowed." + } +} + +variable "bas_service_plan" { + type = string + description = "The plan for SAP Business Application Studio subscription" + default = "free" + validation { + condition = contains(["free", "standard-edition"], var.bas_service_plan) + error_message = "Invalid value for SAP Business Application Studion. Only 'free' and 'standard-edition' are allowed." + } +} + +variable "cicd_service_plan" { + type = string + description = "The plan for Continous Integraion & Delivery subscription" + default = "free" + validation { + condition = contains(["free", "default"], var.cicd_service_plan) + error_message = "Invalid value for Continous Integraion & Delivery. Only 'free' and 'default' are allowed." + } +} + +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as emergency administrators." +} +variable "service_admins" { + type = list(string) + description = "Defines the users who are added to each subaccount as service administrators." +} +variable "developers" { + type = list(string) + description = "Defines the colleagues who are added to services as developers." +} + +variable "btp_username" { + type = string + description = "SAP BTP user name" + ## set default value to "" when using environment values for user and password + # default = "" +} + + +variable "btp_password" { + type = string + description = "Password for SAP BTP user" + sensitive = true + ## set default value to "" when using environment values for user and password + # default = "" +} \ No newline at end of file