From 22729cc8a8468829bd9a483c53ffc7e204299044 Mon Sep 17 00:00:00 2001 From: prajin-op Date: Fri, 4 Oct 2024 17:08:50 +0530 Subject: [PATCH 1/4] chore: Update for sap inside track --- released/inside-track-2024/main.tf | 159 ++++++++++++++++++++++ released/inside-track-2024/provider.tf | 17 +++ released/inside-track-2024/samples.tfvars | 31 +++++ released/inside-track-2024/variables.tf | 85 ++++++++++++ 4 files changed, 292 insertions(+) create mode 100644 released/inside-track-2024/main.tf create mode 100644 released/inside-track-2024/provider.tf create mode 100644 released/inside-track-2024/samples.tfvars create mode 100644 released/inside-track-2024/variables.tf diff --git a/released/inside-track-2024/main.tf b/released/inside-track-2024/main.tf new file mode 100644 index 00000000..ce77f65d --- /dev/null +++ b/released/inside-track-2024/main.tf @@ -0,0 +1,159 @@ + + +############################################################################################### +# This is the Terraform script for the BTP_200 Learning Journey. In this script you will create +# the infrastructure for the development of an SAP extension project +# The script will do the following +# - create a new subaccount (if the subaccount id is not set) +# - add users as subaccount administrators and viewers +# - create entitlements for the following services: +# * SAP Business Application Studio +# * SAP Continous & Integration Application +# * SAP Build Workzone - standard edition +# - create subscriptions +# - add user to service role collections +############################################################################################### + +############################################################################################### +# Creation of subaccount - if subaccount_id = "" +############################################################################################### +# Setup subaccount domain (to ensure uniqueness in BTP global account) +resource "random_uuid" "uuid" {} + +resource "btp_subaccount" "create_subaccount" { + count = var.subaccount_id == "" ? 1 : 0 + name = var.subaccount_name + subdomain = join("-", [var.subaccount_name, random_uuid.uuid.result]) + region = lower(var.region) +} + +# For the next resources we need the subaccount ID – either use the new one or one from the subaccount_id variable +data "btp_subaccount" "project" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.create_subaccount[0].id +} + +############################################################################################## +# Assign users to the subaccount role collections +############################################################################################## +# Assignment of admins to the sub account as sub account administrators +resource "btp_subaccount_role_collection_assignment" "subaccount_admins" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} + +# Assignment of developers to the sub account as sub account viewer +resource "btp_subaccount_role_collection_assignment" "subaccount_viewer" { + for_each = toset("${var.developers}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Viewer" + user_name = each.value +} +# Assignment of the subaccount service administrators +resource "btp_subaccount_role_collection_assignment" "subaccount_service_admin" { + for_each = toset("${var.service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} + +############################################################################################## +# Creating entitlements +############################################################################################## +# Entitle subaccount for usage of app destination SAP Build Workzone, standard edition +resource "btp_subaccount_entitlement" "build_workzone" { + subaccount_id = data.btp_subaccount.project.id + service_name = "SAPLaunchpad" + plan_name = var.build_workzone_service_plan + amount = 1 +} + +# Entitle subaccount for usage of app destination SAP Business Application Studio +resource "btp_subaccount_entitlement" "bas" { + subaccount_id = data.btp_subaccount.project.id + service_name = "sapappstudio" + plan_name = var.bas_service_plan +} +# Entitle subaccount for usage of app destination Continous Integration & Delivery +resource "btp_subaccount_entitlement" "cicd" { + subaccount_id = data.btp_subaccount.project.id + service_name = "cicd-app" + plan_name = var.cicd_service_plan +} + +############################################################################################## +# Creating subscriptions +############################################################################################## +# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) +resource "btp_subaccount_subscription" "build_workzone" { + subaccount_id = data.btp_subaccount.project.id + app_name = "SAPLaunchpad" + plan_name = var.build_workzone_service_plan + depends_on = [btp_subaccount_entitlement.build_workzone] +} + +# Create app subscription to SAP Business Application Studio (depends on entitlement) +resource "btp_subaccount_subscription" "bas" { + subaccount_id = data.btp_subaccount.project.id + app_name = "sapappstudio" + plan_name = var.bas_service_plan + depends_on = [btp_subaccount_entitlement.bas] +} +# Create app subscription to SAP Business Application Studio (depends on entitlement) +resource "btp_subaccount_subscription" "cicd" { + subaccount_id = data.btp_subaccount.project.id + app_name = "cicd-app" + plan_name = var.cicd_service_plan + depends_on = [btp_subaccount_entitlement.cicd] +} + +############################################################################################### +# Assign User to role collections +############################################################################################### + + +# Assign users to Role Collection: Launchpad_Admin +resource "btp_subaccount_role_collection_assignment" "launchpad_admin" { + for_each = toset("${var.service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Launchpad_Admin" + user_name = each.value + depends_on = [btp_subaccount_subscription.build_workzone] +} + +# Assign users to Role Collection: Business_Application_Studio_Administrator +resource "btp_subaccount_role_collection_assignment" "bas_admin" { + for_each = toset("${var.service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Administrator" + user_name = each.value + depends_on = [btp_subaccount_subscription.bas] +} + +# Assign users to Role Collection: Business_Application_Studio_Developer +resource "btp_subaccount_role_collection_assignment" "bas_dev" { + for_each = toset("${var.developers}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "Business_Application_Studio_Developer" + user_name = each.value + depends_on = [btp_subaccount_subscription.bas] +} + +# Assign users to Role Collection: CICD Service Administrator +resource "btp_subaccount_role_collection_assignment" "cicd_admin" { + for_each = toset("${var.service_admins}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "CICD Service Administrator" + user_name = each.value + depends_on = [btp_subaccount_subscription.cicd] +} + +# Assign users to Role Collection: CICD Service Developer +resource "btp_subaccount_role_collection_assignment" "cicd_dev" { + for_each = toset("${var.developers}") + subaccount_id = data.btp_subaccount.project.id + role_collection_name = "CICD Service Developer" + user_name = each.value + depends_on = [btp_subaccount_subscription.cicd] +} \ No newline at end of file diff --git a/released/inside-track-2024/provider.tf b/released/inside-track-2024/provider.tf new file mode 100644 index 00000000..aee6c243 --- /dev/null +++ b/released/inside-track-2024/provider.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + btp = { + source = "sap/btp" + version = "~> 1.5.0" + } + } +} + +# Please checkout documentation on how best to authenticate against SAP BTP +# via the Terraform provider for SAP BTP +provider "btp" { + globalaccount = var.globalaccount + username = var.btp_username + password = var.btp_password + idp = "" +} \ No newline at end of file diff --git a/released/inside-track-2024/samples.tfvars b/released/inside-track-2024/samples.tfvars new file mode 100644 index 00000000..6357a7e1 --- /dev/null +++ b/released/inside-track-2024/samples.tfvars @@ -0,0 +1,31 @@ +######################################################################## +# Account settings +######################################################################## +globalaccount = "myglobalaccount" +region = "us10" +subaccount_name = "learningjourney" + + +# Set the subaccount_id ro run the script in an existing subaccount, +# keep it empty to create a new one, for that you need the global account administration role +# subaccount_id = "" + +##################################################################################### +# Subaccount administrators - don't add your own user here, your ID is added automatically +##################################################################################### +subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] + + +##################################################################################### +# Service administrators and developers - add your ID here +##################################################################################### +service_admins = ["jane.doe@test.com", "john.doe@test.com"] +developers = ["carl.dev@test.com"] + +##################################################################################### +# Service plans - for testing the services you can set "free" as value, the free service plan +# is only supported for SAP BTP accounts with the CPEA, BTPEA or Pay-as-you-go commercial model +##################################################################################### +build_workzone_service_plan = "free" +bas_service_plan = "free" +cicd_service_plan = "default" \ No newline at end of file diff --git a/released/inside-track-2024/variables.tf b/released/inside-track-2024/variables.tf new file mode 100644 index 00000000..149c2cb1 --- /dev/null +++ b/released/inside-track-2024/variables.tf @@ -0,0 +1,85 @@ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} +variable "custom_idp" { + type = string + description = "The custom identity provider for the subaccount." + default = "aviss4yru-platform.accounts.ondemand.com" +} + +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "My SAP subaccount" +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} +variable "region" { + type = string + description = "The region where the subaccount shall be created in." + default = "us10" +} + +variable "build_workzone_service_plan" { + type = string + description = "The plan for the SAP Build Workzone subscription" + default = "free" + validation { + condition = contains(["free", "standard"], var.build_workzone_service_plan) + error_message = "Invalid value for build_workzone_service_plan. Only 'free' and 'standard' are allowed." + } +} + +variable "bas_service_plan" { + type = string + description = "The plan for SAP Business Application Studio subscription" + default = "free" + validation { + condition = contains(["free", "standard-edition"], var.bas_service_plan) + error_message = "Invalid value for SAP Business Application Studion. Only 'free' and 'standard-edition' are allowed." + } +} + +variable "cicd_service_plan" { + type = string + description = "The plan for Continous Integraion & Delivery subscription" + default = "free" + validation { + condition = contains(["free", "default"], var.cicd_service_plan) + error_message = "Invalid value for Continous Integraion & Delivery. Only 'free' and 'default' are allowed." + } +} + +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as emergency administrators." +} +variable "service_admins" { + type = list(string) + description = "Defines the users who are added to each subaccount as service administrators." +} +variable "developers" { + type = list(string) + description = "Defines the colleagues who are added to services as developers." +} + +variable "btp_username" { + type = string + description = "SAP BTP user name" + ## set default value to "" when using environment values for user and password +# default = "" +} + + +variable "btp_password" { + type = string + description = "Password for SAP BTP user" + sensitive = true + ## set default value to "" when using environment values for user and password +# default = "" +} \ No newline at end of file From af8dc81c66d3d77439ccdcd8bf9cd38b3f345650 Mon Sep 17 00:00:00 2001 From: prajin-op Date: Fri, 4 Oct 2024 17:10:51 +0530 Subject: [PATCH 2/4] chore: fixes --- released/inside-track-2024/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/released/inside-track-2024/variables.tf b/released/inside-track-2024/variables.tf index 149c2cb1..4b1af72a 100644 --- a/released/inside-track-2024/variables.tf +++ b/released/inside-track-2024/variables.tf @@ -72,7 +72,7 @@ variable "btp_username" { type = string description = "SAP BTP user name" ## set default value to "" when using environment values for user and password -# default = "" + # default = "" } @@ -81,5 +81,5 @@ variable "btp_password" { description = "Password for SAP BTP user" sensitive = true ## set default value to "" when using environment values for user and password -# default = "" + # default = "" } \ No newline at end of file From 50d8ef8bff058c1e8788db290f8b8ba2fd49dad5 Mon Sep 17 00:00:00 2001 From: prajin-op Date: Fri, 4 Oct 2024 18:01:37 +0530 Subject: [PATCH 3/4] chore: fixes --- .../SITBLR2024}/main.tf | 2 +- .../SITBLR2024}/provider.tf | 2 +- .../SITBLR2024}/samples.tfvars | 3 ++- .../SITBLR2024}/variables.tf | 4 ++-- 4 files changed, 6 insertions(+), 5 deletions(-) rename released/{inside-track-2024 => SAP-Inside-Tracks/SITBLR2024}/main.tf (98%) rename released/{inside-track-2024 => SAP-Inside-Tracks/SITBLR2024}/provider.tf (90%) rename released/{inside-track-2024 => SAP-Inside-Tracks/SITBLR2024}/samples.tfvars (93%) rename released/{inside-track-2024 => SAP-Inside-Tracks/SITBLR2024}/variables.tf (96%) diff --git a/released/inside-track-2024/main.tf b/released/SAP-Inside-Tracks/SITBLR2024/main.tf similarity index 98% rename from released/inside-track-2024/main.tf rename to released/SAP-Inside-Tracks/SITBLR2024/main.tf index ce77f65d..41707cbe 100644 --- a/released/inside-track-2024/main.tf +++ b/released/SAP-Inside-Tracks/SITBLR2024/main.tf @@ -1,7 +1,7 @@ ############################################################################################### -# This is the Terraform script for the BTP_200 Learning Journey. In this script you will create +# This is the Terraform script for the SAP Insidetrack event. In this script you will create # the infrastructure for the development of an SAP extension project # The script will do the following # - create a new subaccount (if the subaccount id is not set) diff --git a/released/inside-track-2024/provider.tf b/released/SAP-Inside-Tracks/SITBLR2024/provider.tf similarity index 90% rename from released/inside-track-2024/provider.tf rename to released/SAP-Inside-Tracks/SITBLR2024/provider.tf index aee6c243..5dcaa5cc 100644 --- a/released/inside-track-2024/provider.tf +++ b/released/SAP-Inside-Tracks/SITBLR2024/provider.tf @@ -13,5 +13,5 @@ provider "btp" { globalaccount = var.globalaccount username = var.btp_username password = var.btp_password - idp = "" + idp = var.idp } \ No newline at end of file diff --git a/released/inside-track-2024/samples.tfvars b/released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars similarity index 93% rename from released/inside-track-2024/samples.tfvars rename to released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars index 6357a7e1..c4da99a6 100644 --- a/released/inside-track-2024/samples.tfvars +++ b/released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars @@ -1,9 +1,10 @@ ######################################################################## # Account settings ######################################################################## -globalaccount = "myglobalaccount" +globalaccount = "inside-track-2023" region = "us10" subaccount_name = "learningjourney" +idp = "" # Set the subaccount_id ro run the script in an existing subaccount, diff --git a/released/inside-track-2024/variables.tf b/released/SAP-Inside-Tracks/SITBLR2024/variables.tf similarity index 96% rename from released/inside-track-2024/variables.tf rename to released/SAP-Inside-Tracks/SITBLR2024/variables.tf index 4b1af72a..b9a58bab 100644 --- a/released/inside-track-2024/variables.tf +++ b/released/SAP-Inside-Tracks/SITBLR2024/variables.tf @@ -2,10 +2,10 @@ variable "globalaccount" { type = string description = "The globalaccount subdomain where the sub account shall be created." } -variable "custom_idp" { +variable "idp" { type = string description = "The custom identity provider for the subaccount." - default = "aviss4yru-platform.accounts.ondemand.com" + default = "aviss4yru.accounts.ondemand.com" } variable "subaccount_name" { From b8775a73a20c8c9a176e43be5d6f3ba65ed215bd Mon Sep 17 00:00:00 2001 From: prajin-op Date: Fri, 4 Oct 2024 18:02:04 +0530 Subject: [PATCH 4/4] chore: fixes --- released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars b/released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars index c4da99a6..c5fd6059 100644 --- a/released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars +++ b/released/SAP-Inside-Tracks/SITBLR2024/samples.tfvars @@ -4,7 +4,7 @@ globalaccount = "inside-track-2023" region = "us10" subaccount_name = "learningjourney" -idp = "" +idp = "" # Set the subaccount_id ro run the script in an existing subaccount,