diff --git a/released/discovery_center/mission_3488/README.md b/released/discovery_center/mission_3488/README.md new file mode 100644 index 00000000..9af98983 --- /dev/null +++ b/released/discovery_center/mission_3488/README.md @@ -0,0 +1,88 @@ +# Discovery Center mission: Get started with Extended Planning and Analysis (xP&A) (3488) + +## Overview + +This sample shows how to setup your SAP BTP account for the Discovery Center Mission - [Get started with Extended Planning and Analysis (xP&A)](https://discovery-center.cloud.sap/index.html#/missiondetail/3488/) for your Enterprise BTP Account. + +## Content of setup (step1) + +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Entitlements of services +- Subscriptions to applications +- Role collection assignments to users +- Creation of CF environment and CF org + +After this a setup step2 will create CF space and a SAP Analytics Cloud CF service instance in the before created CF; org users and roles will be assigned on CF org and space level + +## Deploying the resources + +Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html) + +To deploy the resources you must: + +### Setup Step1 + +1. Set your credentials as environment variables + + ```bash + export BTP_USERNAME ='' + export BTP_PASSWORD ='' + ``` + +2. Go into folder `step1` and change the variables in the `sample.tfvars` file to meet your requirements + + > The minimal set of parameters you should specify (besides user_email and password) is global account (i.e. its subdomain) and the used custom_idp and all user assignments + + > Keep the setting `create_tfvars_file_for_step2 = true` so that a `terraform.tfvars` file is created which contains your needed variables to execute setup `step2` without specifying them again in sample.tfvars there. + +3. In folder `step1` you initialize your workspace: + + ```bash + terraform init + ``` + +4. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="sample.tfvars" + ``` + +5. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="sample.tfvars" + ``` + +6. Verify e.g., in BTP cockpit that a new subaccount with a SAP HANA Cloud and SAP Build Work Zone subscriptions have been created. + +### Setup Step2 + +7. Navigate into step2 directory and initialize your workspace there as well: + + ```bash + terraform init + ``` +8. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="terraform.tfvars" + ``` + +9. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="terraform.tfvars" + ``` +10. Verify e.g., in BTP cockpit that after step2 the specified users in sample.tfvars have been assigned with roles in the created cloundfoundry org and space. + +With this you have completed the quick account setup as described in the Discovery Center Mission - [Get started with Extended Planning and Analysis (xP&A)](https://discovery-center.cloud.sap/index.html#/missiondetail/3488/). + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy -var-file="terraform.tfvars" +``` \ No newline at end of file diff --git a/released/discovery_center/mission_3488/step1/README.md b/released/discovery_center/mission_3488/step1/README.md deleted file mode 100644 index 3c364e4a..00000000 --- a/released/discovery_center/mission_3488/step1/README.md +++ /dev/null @@ -1,51 +0,0 @@ -# Discovery Center mission - Get started with Extended Planning and Analysis (xP&A) - -## Overview - -This sample shows how to set up your SAP BTP account for the Discovery Center Mission - [Get started with Extended Planning and Analysis (xP&A)](https://discovery-center.cloud.sap/missiondetail/3488/) - -## Content of setup - -The setup comprises the following resources: - -- Creation of the SAP BTP subaccount -- Enablement of Cloudfoundry Environment - [see available regions and endpoints](https://help.sap.com/docs/btp/sap-business-technology-platform/regions-and-api-endpoints-available-for-cloud-foundry-environment) -- Entitlements of services -- Subscriptions to applications -- Role collection assignments to users - -## Deploying the resources - -Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html) - -To deploy the resources execute the following commands: - -1. Initialize your workspace: - - ```bash - terraform init - ``` - -1. Assign the variable values in a `*.tfvars` file e.g., the global account subdomain - -1. You can check what Terraform plans to apply based on your configuration: - - ```bash - terraform plan -var-file=".tfvars" - ``` - -1. Apply your configuration to provision the resources: - - ```bash - terraform apply -var-file=".tfvars" - ``` - -> **Note** - Some variables of the output of the first step are needed as input for the second step. - -## When finished - -You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: - -```bash -terraform destroy -var-file=".tfvars" -``` \ No newline at end of file diff --git a/released/discovery_center/mission_3488/step1/locals.tf b/released/discovery_center/mission_3488/step1/locals.tf deleted file mode 100644 index 09136428..00000000 --- a/released/discovery_center/mission_3488/step1/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - service_name__sac = "analytics-planning-osb" -} diff --git a/released/discovery_center/mission_3488/step1/main.tf b/released/discovery_center/mission_3488/step1/main.tf index 15e28aa0..5a9a0625 100644 --- a/released/discovery_center/mission_3488/step1/main.tf +++ b/released/discovery_center/mission_3488/step1/main.tf @@ -1,90 +1,164 @@ -# ------------------------------------------------------------------------------------------------------ -# Setup of names based on variables -# ------------------------------------------------------------------------------------------------------ -resource "random_uuid" "uuid" {} - -locals { - random_uuid = random_uuid.uuid.result - subaccount_domain = lower("${var.subaccount_name}-${local.random_uuid}") - subaccount_name = var.subaccount_name - subaccount_cf_org = substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) -} - -# ------------------------------------------------------------------------------------------------------ -# Creation of subaccount -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount" "dc_mission" { - name = var.subaccount_name - subdomain = join("-", ["dc-mission-3488", random_uuid.uuid.result]) - region = lower(var.region) -} - - -# ------------------------------------------------------------------------------------------------------ -# Assignment of basic entitlements for an SAC setup -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_entitlement" "sac__service_instance_plan" { - subaccount_id = btp_subaccount.dc_mission.id - service_name = local.service_name__sac - plan_name = var.service_plan__sac -} - - -# ------------------------------------------------------------------------------------------------------ -# Creation of Cloud Foundry environment -# ------------------------------------------------------------------------------------------------------ - -# Fetch all available environments for the subaccount -data "btp_subaccount_environments" "all" { - subaccount_id = btp_subaccount.dc_mission.id -} - -# Take the landscape label from the first CF environment if no environment label is provided -resource "terraform_data" "cf_landscape_label" { - input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label -} - -# Create the Cloud Foundry environment instance -resource "btp_subaccount_environment_instance" "cloudfoundry" { - subaccount_id = btp_subaccount.dc_mission.id - name = local.subaccount_cf_org - environment_type = "cloudfoundry" - service_name = "cloudfoundry" - plan_name = var.cf_plan_name - landscape_label = terraform_data.cf_landscape_label.output - - parameters = jsonencode({ - instance_name = local.subaccount_cf_org - }) -} - - -resource "local_file" "output_vars_step1" { - count = var.create_tfvars_file_for_next_stage ? 1 : 0 - content = <<-EOT - origin = "${var.origin}" - - cf_api_url = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}" - cf_org_id = "${btp_subaccount_environment_instance.cloudfoundry.platform_id}" - - cf_org_auditors = ${jsonencode(var.cf_org_auditors)} - cf_org_billing_managers = ${jsonencode(var.cf_org_billing_managers)} - cf_org_admins = ${jsonencode(var.cf_org_admins)} - cf_space_auditors = ${jsonencode(var.cf_space_auditors)} - cf_space_developers = ${jsonencode(var.cf_space_developers)} - cf_space_managers = ${jsonencode(var.cf_space_managers)} - - service_plan__sac = "${var.service_plan__sac}" - - sac_param_first_name = "${var.sac_param_first_name}" - sac_param_last_name = "${var.sac_param_last_name}" - sac_param_email = "${var.sac_param_email}" - sac_param_host_name = "${var.sac_param_host_name}" - - sac_param_number_of_business_intelligence_licenses = ${var.sac_param_number_of_business_intelligence_licenses} - sac_param_number_of_professional_licenses = ${var.sac_param_number_of_professional_licenses} - sac_param_number_of_business_standard_licenses = ${var.sac_param_number_of_business_standard_licenses} - - EOT - filename = "../step2/terraform.tfvars" -} +# ------------------------------------------------------------------------------------------------------ +# Subaccount setup for DC mission 3488 +# ------------------------------------------------------------------------------------------------------ +# Setup subaccount domain (to ensure uniqueness in BTP global account) +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + timestamp = formatdate("YYYYMMDDhhmmss", timestamp()) + subaccount_domain = "dcmission3488${local.random_uuid}" + subaccount_name = var.subaccount_name == "" ? "SAP Discovery Center Mission 3488 - ${local.timestamp}" : var.subaccount_name +} + +# Creation of subaccount +resource "btp_subaccount" "dc_mission" { + count = var.subaccount_id == "" ? 1 : 0 + + name = local.subaccount_name + subdomain = local.subaccount_domain + region = var.region +} + +data "btp_subaccount" "dc_mission" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id +} + +# Assign custom IDP to sub account (if custom_idp is set) +resource "btp_subaccount_trust_configuration" "fully_customized" { + # Only create trust configuration if custom_idp has been set + count = var.custom_idp == "" ? 0 : 1 + subaccount_id = data.btp_subaccount.dc_mission.id + identity_provider = var.custom_idp +} + +data "btp_whoami" "me" {} + +locals { + origin_key = data.btp_whoami.me.issuer != var.custom_idp ? "sap.default" : "${element(split(".", var.custom_idp), 0)}-platform" +} + +# Assign role collection "Subaccount Administrator" +resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Administrator" + user_name = each.value + origin = local.origin_key + depends_on = [btp_subaccount.dc_mission] +} + +# Assign role collection "Subaccount Service Administrator" +resource "btp_subaccount_role_collection_assignment" "subaccount_service_admin" { + for_each = toset("${var.subaccount_service_admins}") + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value + origin = local.origin_key + depends_on = [btp_subaccount.dc_mission] +} + +# ------------------------------------------------------------------------------------------------------ +# ENVIRONMENTS +# ------------------------------------------------------------------------------------------------------ +locals { + service_env_name__cloudfoundry = "cloudfoundry" +} + +# ------------------------------------------------------------------------------------------------------ +# Setup cloudfoundry (Cloud Foundry Environment) +# ------------------------------------------------------------------------------------------------------ +# +# Entitle +resource "btp_subaccount_entitlement" "cloudfoundry" { + count = var.service_env_plan__cloudfoundry == "free" ? 1 : 0 + subaccount_id = btp_subaccount.dc_mission[0].id + service_name = local.service_env_name__cloudfoundry + plan_name = var.service_env_plan__cloudfoundry + amount = 1 +} + +# Fetch all available environments for the subaccount +data "btp_subaccount_environments" "all" { + subaccount_id = data.btp_subaccount.dc_mission.id +} + +# Take the landscape label from the first CF environment if no environment label is provided (this replaces the previous null_resource) +resource "terraform_data" "cf_landscape_label" { + input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label +} + +# Create instance +locals { + cf_org_name = var.cf_org_name == "" ? "cf_org_name_dcmission_3488_${local.random_uuid}" : var.cf_org_name +} +resource "btp_subaccount_environment_instance" "cloudfoundry" { + subaccount_id = data.btp_subaccount.dc_mission.id + name = local.cf_org_name + environment_type = "cloudfoundry" + service_name = local.service_env_name__cloudfoundry + plan_name = var.service_env_plan__cloudfoundry + landscape_label = terraform_data.cf_landscape_label.output + + parameters = jsonencode({ + instance_name = local.cf_org_name + }) + depends_on = [btp_subaccount_entitlement.cloudfoundry] +} + +# ------------------------------------------------------------------------------------------------------ +# SERVICES +# ------------------------------------------------------------------------------------------------------ +# +locals { + service_name__sac = "analytics-planning-osb" +} + +# ------------------------------------------------------------------------------------------------------ +# Setup analytics-planning-osb (SAP Analytics Cloud), sac +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "sac" { + count = var.enable_service_setup__sac ? 1 : 0 + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__sac + plan_name = var.service_plan__sac +} + +# ------------------------------------------------------------------------------------------------------ +# Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true) +# ------------------------------------------------------------------------------------------------------ +resource "local_file" "output_vars_step1" { + count = var.create_tfvars_file_for_step2 ? 1 : 0 + content = <<-EOT + globalaccount = "${var.globalaccount}" + cli_server_url = ${jsonencode(var.cli_server_url)} + custom_idp = ${jsonencode(var.custom_idp)} + + subaccount_id = "${data.btp_subaccount.dc_mission.id}" + + cf_api_url = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}" + cf_org_id = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]}" + cf_space_name = "${var.cf_space_name}" + + cf_org_managers = ${jsonencode(var.cf_org_managers)} + cf_org_users = ${jsonencode(var.cf_org_users)} + cf_space_developers = ${jsonencode(var.cf_space_developers)} + cf_space_managers = ${jsonencode(var.cf_space_managers)} + + service_plan__sac = "${var.service_plan__sac}" + + sac_admin_email = "${var.sac_admin_email}" + sac_admin_first_name = "${var.sac_admin_first_name}" + sac_admin_last_name = "${var.sac_admin_last_name}" + sac_admin_host_name = "${var.sac_admin_host_name}" + + sac_number_of_business_intelligence_licenses = ${var.sac_number_of_business_intelligence_licenses} + sac_number_of_professional_licenses = ${var.sac_number_of_professional_licenses} + sac_number_of_business_standard_licenses = ${var.sac_number_of_business_standard_licenses} + + enable_service_setup__sac = "${var.enable_service_setup__sac}" + + EOT + filename = "../step2/terraform.tfvars" +} \ No newline at end of file diff --git a/released/discovery_center/mission_3488/step1/outputs.tf b/released/discovery_center/mission_3488/step1/outputs.tf index 543efa92..ba2c20ca 100644 --- a/released/discovery_center/mission_3488/step1/outputs.tf +++ b/released/discovery_center/mission_3488/step1/outputs.tf @@ -1,105 +1,104 @@ -output "subaccount_id" { - value = btp_subaccount.dc_mission.id - description = "The ID of the subaccount." -} - -output "cf_org_name" { - value = local.subaccount_cf_org - description = "The name of the Cloud Foundry org connected to the subaccount." -} - -output "cf_org_id" { - value = btp_subaccount_environment_instance.cloudfoundry.platform_id - description = "The ID of the Cloud Foundry org connected to the subaccount." -} - -output "cf_api_url" { - value = lookup(jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels), "API Endpoint", "not found") - description = "API endpoint of the Cloud Foundry environment." -} - -output "cf_landscape_label" { - value = btp_subaccount_environment_instance.cloudfoundry.landscape_label - description = "Landscape label of the Cloud Foundry environment." -} - -output "cf_space_name" { - value = var.cf_space_name - description = "The name of the Cloud Foundry space." -} - -output "origin" { - value = var.origin - description = "The identity provider for the UAA user." -} - -output "cf_org_admins" { - value = var.cf_org_admins - description = "List of Cloud Foundry org admins." -} - -output "cf_org_billing_managers" { - value = var.cf_org_billing_managers - description = "List of Cloud Foundry org billing managers." -} - -output "cf_org_auditors" { - value = var.cf_org_auditors - description = "List of Cloud Foundry org auditors." -} - -output "cf_space_managers" { - value = var.cf_space_managers - description = "List of managers for the Cloud Foundry space." -} - -output "cf_space_developers" { - value = var.cf_space_developers - description = "List of developers for the Cloud Foundry space." -} - -output "cf_space_auditors" { - value = var.cf_space_auditors - description = "The list of Cloud Foundry space auditors." -} - -output "service_plan__sac" { - value = var.service_plan__sac - description = "Plan for the service instance of SAC." -} - -output "sac_param_first_name" { - value = var.sac_param_first_name - description = "First name of the SAC responsible" -} - -output "sac_param_last_name" { - value = var.sac_param_last_name - description = "Last name of the SAC responsible" -} - -output "sac_param_email" { - value = var.sac_param_email - description = "Email of the SAC responsible" -} - -output "sac_param_host_name" { - value = var.sac_param_host_name - description = "Host name of the SAC" -} - -output "sac_param_number_of_business_intelligence_licenses" { - value = var.sac_param_number_of_business_intelligence_licenses - description = "Number of business intelligence licenses" -} - - -output "sac_param_number_of_professional_licenses" { - value = var.sac_param_number_of_professional_licenses - description = "Number of business professional licenses" -} - -output "sac_param_number_of_business_standard_licenses" { - value = var.sac_param_number_of_business_standard_licenses - description = "Number of business standard licenses" -} +# ------------------------------------------------------------------------------------------------------ +# account +# ------------------------------------------------------------------------------------------------------ +output "subaccount_id" { + value = data.btp_subaccount.dc_mission.id + description = "The ID of the subaccount." +} + +output "custom_idp" { + value = var.custom_idp + description = "The custom identity provider." +} + +# ------------------------------------------------------------------------------------------------------ +# service related params +# ------------------------------------------------------------------------------------------------------ +output "service_plan__sac" { + value = var.service_plan__sac + description = "Plan for the service instance of SAC." +} + +output "sac_admin_email" { + value = var.sac_admin_email + description = "SAC Admin Email" +} + +output "sac_admin_first_name" { + value = var.sac_admin_first_name + description = "SAC Admin First Name" +} + +output "sac_admin_last_name" { + value = var.sac_admin_last_name + description = "SAC Admin Last Name" +} + +output "sac_admin_host_name" { + value = var.sac_admin_host_name + description = "SAC Admin Host Name" +} + +output "sac_number_of_business_intelligence_licenses" { + value = var.sac_number_of_business_intelligence_licenses + description = "Number of business intelligence licenses" +} + + +output "sac_number_of_professional_licenses" { + value = var.sac_number_of_professional_licenses + description = "Number of business professional licenses" +} + +output "sac_number_of_business_standard_licenses" { + value = var.sac_number_of_business_standard_licenses + description = "Number of business standard licenses" +} + +output "enable_service_setup__sac" { + value = var.enable_service_setup__sac + description = "If true setup of service 'SAP Analytics Cloud' with technical name 'analytics-planning-osb' is enabled" +} + +# ------------------------------------------------------------------------------------------------------ +# environments +# ------------------------------------------------------------------------------------------------------ +output "cf_landscape_label" { + value = btp_subaccount_environment_instance.cloudfoundry.landscape_label + description = "The Cloudfoundry landscape label." +} + +output "cf_api_url" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] + description = "The Cloudfoundry API Url." +} + +output "cf_org_id" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"] + description = "The Cloudfoundry org id." +} + +output "cf_org_name" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"] + description = "The Cloudfoundry org name." +} + +output "cf_space_name" { + value = var.cf_space_name + description = "The name of the Cloud Foundry space." +} + +output "cf_org_managers" { + value = var.cf_org_managers + description = "List of users to set as Cloudfoundry org administrators." +} + +output "cf_space_developers" { + value = var.cf_space_developers + description = "List of users to set as Cloudfoundry space developers." +} + +output "cf_space_managers" { + value = var.cf_space_managers + description = "List of users to set as Cloudfoundry space managers." +} \ No newline at end of file diff --git a/released/discovery_center/mission_3488/step1/provider.tf b/released/discovery_center/mission_3488/step1/provider.tf index 955e259b..810dc107 100644 --- a/released/discovery_center/mission_3488/step1/provider.tf +++ b/released/discovery_center/mission_3488/step1/provider.tf @@ -1,20 +1,14 @@ - -terraform { - required_providers { - btp = { - source = "sap/btp" - version = "~> 1.5.0" - } - } - -} - -# Please checkout documentation on how best to authenticate against SAP BTP -# via the Terraform provider for SAP BTP -provider "btp" { - # Comment out the idp in case you need it to connect to your global account - # ------------------------------------------------------------------------- - # idp = var.custom_idp - globalaccount = var.globalaccount - cli_server_url = var.cli_server_url -} +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "~> 1.7.0" + } + } +} + +provider "btp" { + #idp = var.custom_idp + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url +} \ No newline at end of file diff --git a/released/discovery_center/mission_3488/step1/sample.tfvars b/released/discovery_center/mission_3488/step1/sample.tfvars index 74cbb709..ddeacf37 100644 --- a/released/discovery_center/mission_3488/step1/sample.tfvars +++ b/released/discovery_center/mission_3488/step1/sample.tfvars @@ -1,30 +1,29 @@ # ------------------------------------------------------------------------------------------------------ -# Provider configuration +# Account settings # ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "yourglobalaccount" -region = "datacenter" -subaccount_name = "SAP Discovery Center Mission 3488" +custom_idp = "<>.accounts.ondemand.com" +globalaccount = "<>" + +subaccount_admins = ["you@acme.com", "other.user@acme.com"] +subaccount_service_admins = ["you@acme.com", "other.user@acme.com"] # ------------------------------------------------------------------------------------------------------ -# Project specific configuration (please adapt!) +# Use case specific configuration # ------------------------------------------------------------------------------------------------------ +cf_org_managers = ["you@acme.com", "other.user@acme.com"] +cf_org_users = ["you@acme.com", "other.user@acme.com"] +cf_space_managers = ["you@acme.com", "other.user@acme.com"] +cf_space_developers = ["you@acme.com", "other.user@acme.com"] -subaccount_admins = ["another.user@test.com"] -subaccount_service_admins = ["another.user@test.com"] - -cf_org_admins = ["another.user@test.com"] -cf_space_managers = ["another.user@test.com", "you@test.com"] -cf_space_developers = ["another.user@test.com", "you@test.com"] - -custom_idp = "" - -create_tfvars_file_for_next_stage = true - -sac_param_first_name = "John" -sac_param_last_name = "Doe" -sac_param_email = "john.doe@test.com" -sac_param_host_name = "johndoetestsac" - +sac_admin_email = "<>" +sac_admin_first_name = "First Name" +sac_admin_last_name = "Last Name" +sac_admin_host_name = "<>" +# ------------------------------------------------------------------------------------------------------ +# additional configuration (dev & testing) +# ------------------------------------------------------------------------------------------------------ +create_tfvars_file_for_step2 = true +# (optional) test enable/disable service setups +#enable_service_setup__sac = false \ No newline at end of file diff --git a/released/discovery_center/mission_3488/step1/variables.tf b/released/discovery_center/mission_3488/step1/variables.tf index d973d782..e6d79a75 100644 --- a/released/discovery_center/mission_3488/step1/variables.tf +++ b/released/discovery_center/mission_3488/step1/variables.tf @@ -1,179 +1,180 @@ -variable "globalaccount" { - type = string - description = "The global account subdomain." -} - -variable "subaccount_name" { - type = string - description = "The name for the subaccount." - default = "" -} - -variable "cli_server_url" { - type = string - description = "The BTP CLI server URL." - default = "https://cli.btp.cloud.sap" -} - -variable "region" { - type = string - description = "The region where the project account shall be created in." - default = "eu11" -} - -variable "cf_plan_name" { - type = string - description = "Desired service plan for the Cloud Foundry environment instance." - default = "standard" -} - -variable "cf_landscape_label" { - type = string - description = "The Cloud Foundry landscape (format example eu10-004)." - default = "" -} - -variable "cf_space_name" { - type = string - description = "The name of the Cloud Foundry space." - default = "dev" -} - -variable "cf_org_admins" { - type = list(string) - description = "List of users to set as Cloudfoundry org administrators." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) - error_message = "Please enter a valid email address for the CF Org admins." - } -} - -variable "cf_org_billing_managers" { - type = list(string) - description = "List of Cloud Foundry org billing managers." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_billing_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_billing_managers) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_org_auditors" { - type = list(string) - description = "List of Cloud Foundry org auditors." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_auditors) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_space_managers" { - type = list(string) - description = "List of managers for the Cloud Foundry space." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_space_developers" { - type = list(string) - description = "List of developers for the Cloud Foundry space." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_space_auditors" { - type = list(string) - description = "The list of Cloud Foundry space auditors." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_auditors) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - - -variable "service_plan__sac" { - type = string - description = "Plan for the service instance of ABAP." - default = "free" -} - - -variable "origin" { - type = string - description = "The identity provider for the UAA user." - default = "sap.ids" -} - -variable "create_tfvars_file_for_next_stage" { - type = bool - description = "Switch to enable the creation of the tfvars file for the next step." - default = false -} - -variable "sac_param_first_name" { - type = string - description = "First name of the SAC responsible" -} - -variable "sac_param_last_name" { - type = string - description = "Last name of the SAC responsible" -} - -variable "sac_param_email" { - type = string - description = "Email of the SAC responsible" - - validation { - condition = can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", var.sac_param_email)) - error_message = "Please enter a valid email address for the SAC responsible." - } -} - -variable "sac_param_host_name" { - type = string - description = "Host name of the SAC" - validation { - condition = can(regex("^[a-zA-Z0-9]", var.sac_param_host_name)) - error_message = "Please enter a valid host name. Should only contain letters and numbers." - } -} - -variable "sac_param_number_of_business_intelligence_licenses" { - type = number - description = "Number of business intelligence licenses" - default = 6 -} - - -variable "sac_param_number_of_professional_licenses" { - type = number - description = "Number of business professional licenses" - default = 1 -} - -variable "sac_param_number_of_business_standard_licenses" { - type = number - description = "Number of business standard licenses" - default = 2 -} +# ------------------------------------------------------------------------------------------------------ +# Account variables +# ------------------------------------------------------------------------------------------------------ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cli.btp.cloud.sap" +} + +variable "custom_idp" { + type = string + description = "The custom identity provider for the subaccount." + default = "" +} + +variable "region" { + type = string + description = "The region where the subaccount shall be created in." + default = "us10" +} + +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "" +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} + +# user lists +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to subaccount as administrator" +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to subaccount as service administrator" +} + +# ------------------------------------------------------------------------------------------------------ +# Switch for creating tfvars for step 2 +# ------------------------------------------------------------------------------------------------------ +variable "create_tfvars_file_for_step2" { + type = bool + description = "Switch to enable the creation of the tfvars file for step 2." + default = false +} + +# ------------------------------------------------------------------------------------------------------ +# ENVIRONMENTS (plans, user lists and other vars) +# ------------------------------------------------------------------------------------------------------ +# cloudfoundry (Cloud Foundry Environment) +# ------------------------------------------------------------------------------------------------------ +# plans +variable "service_env_plan__cloudfoundry" { + type = string + description = "The plan for service environment 'Cloud Foundry Environment' with technical name 'cloudfoundry'" + default = "standard" + validation { + condition = contains(["free", "standard"], var.service_env_plan__cloudfoundry) + error_message = "Invalid value for service_env_plan__cloudfoundry. Only 'free' and 'standard' are allowed." + } +} + +# user lists +variable "cf_org_managers" { + type = list(string) + description = "List of managers for the Cloud Foundry org." +} + +variable "cf_org_users" { + type = list(string) + description = "List of users for the Cloud Foundry org." +} + +variable "cf_space_managers" { + type = list(string) + description = "List of managers for the Cloud Foundry space." +} + +variable "cf_space_developers" { + type = list(string) + description = "List of developers for the Cloud Foundry space." +} + +# cf landscape, org, space variables +variable "cf_landscape_label" { + type = string + description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available." + default = "" +} + +variable "cf_org_name" { + type = string + description = "Name of the Cloud Foundry org." + default = "" +} + +variable "cf_space_name" { + type = string + description = "Name of the Cloud Foundry space." + default = "dev" + + validation { + condition = can(regex("^.{1,255}$", var.cf_space_name)) + error_message = "The Cloud Foundry space name must not be emtpy and not exceed 255 characters." + } +} + +# ------------------------------------------------------------------------------------------------------ +# SERVICES (plans and other parameters) +# ------------------------------------------------------------------------------------------------------ +# analytics-planning-osb (SAP Analytics Cloud), sac +# ------------------------------------------------------------------------------------------------------ +# plans +variable "service_plan__sac" { + type = string + description = "The plan for service 'SAP Analytics Cloud' with technical name 'analytics-planning-osb'" + default = "free" + validation { + condition = contains(["free", "production"], var.service_plan__sac) + error_message = "Invalid value for service_plan__sac. Only 'free' and 'production' are allowed." + } +} + +# (sac) instance parameters +variable "sac_admin_email" { + type = string + description = "SAC Admin Email" +} + +variable "sac_admin_first_name" { + type = string + description = "SAC Admin First Name" +} + +variable "sac_admin_last_name" { + type = string + description = "SAC Admin Last Name" +} + +variable "sac_admin_host_name" { + type = string + description = "SAC Admin Host Name" +} + +variable "sac_number_of_business_intelligence_licenses" { + type = number + description = "Number of business intelligence licenses" + default = 6 +} + +variable "sac_number_of_professional_licenses" { + type = number + description = "Number of business professional licenses" + default = 1 +} + +variable "sac_number_of_business_standard_licenses" { + type = number + description = "Number of business standard licenses" + default = 2 +} + +# testing +variable "enable_service_setup__sac" { + type = bool + description = "If true setup of service 'SAP Analytics Cloud' with technical name 'analytics-planning-osb' is enabled" + default = true +} diff --git a/released/discovery_center/mission_3488/step2/locals.tf b/released/discovery_center/mission_3488/step2/locals.tf deleted file mode 100644 index 09136428..00000000 --- a/released/discovery_center/mission_3488/step2/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - service_name__sac = "analytics-planning-osb" -} diff --git a/released/discovery_center/mission_3488/step2/main.tf b/released/discovery_center/mission_3488/step2/main.tf index 0665c887..ffca4b5b 100644 --- a/released/discovery_center/mission_3488/step2/main.tf +++ b/released/discovery_center/mission_3488/step2/main.tf @@ -1,107 +1,122 @@ - -# ------------------------------------------------------------------------------------------------------ -# Assign CF Org roles to the admin users -# ------------------------------------------------------------------------------------------------------ -# Define Org User role -resource "cloudfoundry_org_role" "organization_user" { - for_each = toset("${var.cf_org_admins}") - username = each.value - type = "organization_user" - org = var.cf_org_id - origin = var.origin -} - -resource "cloudfoundry_org_role" "organization_manager" { - for_each = toset("${var.cf_org_admins}") - username = each.value - type = "organization_manager" - org = var.cf_org_id - origin = var.origin - depends_on = [cloudfoundry_org_role.organization_user] -} - -resource "cloudfoundry_org_role" "billing_managers" { - for_each = toset("${var.cf_org_billing_managers}") - username = each.value - type = "organization_billing_manager" - org = var.cf_org_id - origin = var.origin - depends_on = [cloudfoundry_org_role.organization_user] -} - -resource "cloudfoundry_org_role" "org_auditors" { - for_each = toset("${var.cf_org_auditors}") - username = each.value - type = "organization_auditor" - org = var.cf_org_id - origin = var.origin - depends_on = [cloudfoundry_org_role.organization_user] -} - -# ------------------------------------------------------------------------------------------------------ -# Creation of Cloud Foundry space -# ------------------------------------------------------------------------------------------------------ -resource "cloudfoundry_space" "sac_space" { - name = var.cf_space_name - org = var.cf_org_id -} - -# ------------------------------------------------------------------------------------------------------ -# Assignment of Cloud Foundry org roles -# ------------------------------------------------------------------------------------------------------ -resource "cloudfoundry_space_role" "space_managers" { - for_each = toset("${var.cf_space_managers}") - username = each.value - type = "space_manager" - space = cloudfoundry_space.sac_space.id - origin = var.origin - depends_on = [cloudfoundry_org_role.organization_user] -} - -resource "cloudfoundry_space_role" "space_developers" { - for_each = toset("${var.cf_space_developers}") - username = each.value - type = "space_developer" - space = cloudfoundry_space.sac_space.id - origin = var.origin - depends_on = [cloudfoundry_org_role.organization_user] -} - -resource "cloudfoundry_space_role" "space_auditors" { - for_each = toset("${var.cf_space_auditors}") - username = each.value - type = "space_auditor" - space = cloudfoundry_space.sac_space.id - origin = var.origin - depends_on = [cloudfoundry_org_role.organization_user] -} - -# ------------------------------------------------------------------------------------------------------ -# Creation of service instance for SAP Analytics Bloud -# ------------------------------------------------------------------------------------------------------ -data "cloudfoundry_service" "sac_service_plans" { - name = local.service_name__sac -} - -resource "cloudfoundry_service_instance" "sac_si" { - depends_on = [cloudfoundry_space_role.space_managers, cloudfoundry_space_role.space_developers] - name = "service-analytics-planning-osb" - space = cloudfoundry_space.sac_space.id - service_plan = data.cloudfoundry_service.sac_service_plans.service_plans[var.service_plan__sac] - type = "managed" - parameters = jsonencode({ - "first_name" : "${var.sac_param_first_name}", - "last_name" : "${var.sac_param_last_name}", - "email" : "${var.sac_param_email}", - "confirm_email" : "${var.sac_param_email}", - "host_name" : "${var.sac_param_host_name}", - "number_of_business_intelligence_licenses" : var.sac_param_number_of_business_intelligence_licenses, - "number_of_planning_professional_licenses" : var.sac_param_number_of_professional_licenses, - "number_of_planning_standard_licenses" : var.sac_param_number_of_business_standard_licenses - }) - timeouts = { - create = "2h" - delete = "2h" - update = "2h" - } -} +data "btp_whoami" "me" {} +# ------------------------------------------------------------------------------------------------------ +# Import custom trust config and disable for user login +# ------------------------------------------------------------------------------------------------------ +locals { + available_for_user_logon = data.btp_whoami.me.issuer != var.custom_idp ? true : false +} + +import { + to = btp_subaccount_trust_configuration.default + id = "${var.subaccount_id},sap.default" +} + +resource "btp_subaccount_trust_configuration" "default" { + subaccount_id = var.subaccount_id + identity_provider = "" + auto_create_shadow_users = false + available_for_user_logon = local.available_for_user_logon +} + +# ------------------------------------------------------------------------------------------------------ +# ENVIRONMENTS (plans, user lists and other vars) +# ------------------------------------------------------------------------------------------------------ +# cloudfoundry (Cloud Foundry Environment) +# ------------------------------------------------------------------------------------------------------ +# +# Create space +resource "cloudfoundry_space" "space_name" { + name = var.cf_space_name + org = var.cf_org_id +} + +locals { + # origin_key is default (sap.ids) if issuer (idp) of logged in user is not custom_idp, otherwise calculated from custom_idp (<>-platform) + custom_idp_tenant_id = var.custom_idp != "" ? element(split(".", var.custom_idp), 0) : "" + origin_key = data.btp_whoami.me.issuer != var.custom_idp ? "sap.ids" : "${local.custom_idp_tenant_id}-platform" + + # Remove logged in user (which was already added before when cf env was created) + cf_org_managers = setsubtract(toset(var.cf_org_managers), [data.btp_whoami.me.email]) + cf_org_users = setsubtract(toset(var.cf_org_users), [data.btp_whoami.me.email]) +} + +# cf_org_users: Assign organization_user role +resource "cloudfoundry_org_role" "organization_user" { + for_each = toset(local.cf_org_users) + username = each.value + type = "organization_user" + org = var.cf_org_id + origin = local.origin_key +} + +# cf_org_managers: Assign organization_manager role +resource "cloudfoundry_org_role" "organization_manager" { + for_each = toset(local.cf_org_managers) + username = each.value + type = "organization_manager" + org = var.cf_org_id + origin = local.origin_key + depends_on = [cloudfoundry_org_role.organization_user] +} + +# cf_space_managers: Assign space_manager role +resource "cloudfoundry_space_role" "space_manager" { + for_each = toset(var.cf_space_managers) + username = each.value + type = "space_manager" + space = cloudfoundry_space.space_name.id + origin = local.origin_key + depends_on = [cloudfoundry_org_role.organization_manager] +} + +# cf_space_developers: Assign space_developer role +resource "cloudfoundry_space_role" "space_developer" { + for_each = toset(var.cf_space_developers) + username = each.value + type = "space_developer" + space = cloudfoundry_space.space_name.id + origin = local.origin_key + depends_on = [cloudfoundry_org_role.organization_manager] +} + +# ------------------------------------------------------------------------------------------------------ +# SERVICES (CF) +# ------------------------------------------------------------------------------------------------------ +# +locals { + service_name__sac = "analytics-planning-osb" +} + +# ------------------------------------------------------------------------------------------------------ +# Setup analytics-planning-osb (SAP Analytics Cloud), sac +# ------------------------------------------------------------------------------------------------------ +# +data "cloudfoundry_service" "sac_service_plans" { + count = var.enable_service_setup__sac ? 1 : 0 + name = local.service_name__sac +} + +# Create cf service instance +resource "cloudfoundry_service_instance" "sac_si" { + count = var.enable_service_setup__sac ? 1 : 0 + name = "sac-cf-instance" + space = cloudfoundry_space.space_name.id + service_plan = data.cloudfoundry_service.sac_service_plans[0].service_plans[var.service_plan__sac] + type = "managed" + parameters = jsonencode({ + "email" : "${var.sac_admin_email}", + "confirm_email" : "${var.sac_admin_email}", + "first_name" : "${var.sac_admin_first_name}", + "last_name" : "${var.sac_admin_last_name}", + "host_name" : "${var.sac_admin_host_name}", + "number_of_business_intelligence_licenses" : var.sac_number_of_business_intelligence_licenses, + "number_of_planning_professional_licenses" : var.sac_number_of_professional_licenses, + "number_of_planning_standard_licenses" : var.sac_number_of_business_standard_licenses + }) + timeouts = { + create = "2h" + delete = "2h" + update = "2h" + } + depends_on = [cloudfoundry_space_role.space_manager, cloudfoundry_space_role.space_developer] +} \ No newline at end of file diff --git a/released/discovery_center/mission_3488/step2/provider.tf b/released/discovery_center/mission_3488/step2/provider.tf index df5829b5..75f1118b 100644 --- a/released/discovery_center/mission_3488/step2/provider.tf +++ b/released/discovery_center/mission_3488/step2/provider.tf @@ -1,16 +1,23 @@ -terraform { - required_providers { - cloudfoundry = { - source = "sap/cloudfoundry" - version = "1.0.0-rc1" - } - } -} - -# This will only work if we know the region in advance -provider "cloudfoundry" { - # Comment out the origin in case you need it to connect to your CF environment - # ---------------------------------------------------------------------------- - # origin = var.origin - api_url = var.cf_api_url -} +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "~> 1.7.0" + } + cloudfoundry = { + source = "SAP/cloudfoundry" + version = "1.0.0-rc1" + } + } +} + +provider "btp" { + #idp = var.custom_idp + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url +} + +provider "cloudfoundry" { + #origin = "${element(split(".", var.custom_idp), 0)}-platform" + api_url = var.cf_api_url +} \ No newline at end of file diff --git a/released/discovery_center/mission_3488/step2/variables.tf b/released/discovery_center/mission_3488/step2/variables.tf index 62fe9da5..1c6a88fb 100644 --- a/released/discovery_center/mission_3488/step2/variables.tf +++ b/released/discovery_center/mission_3488/step2/variables.tf @@ -1,149 +1,136 @@ -variable "cf_api_url" { - type = string - description = "The API endpoint of the Cloud Foundry environment." -} - -variable "cf_org_id" { - type = string - description = "The Cloud Foundry landscape (format example eu10-004)." -} - -variable "origin" { - type = string - description = "The identity provider for the UAA user." - default = "sap.ids" -} - -variable "cf_org_admins" { - type = list(string) - description = "List of users to set as Cloudfoundry org administrators." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) - error_message = "Please enter a valid email address for the CF Org admins." - } -} - - -variable "cf_org_billing_managers" { - type = list(string) - description = "List of Cloud Foundry org billing managers." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_billing_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_billing_managers) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_org_auditors" { - type = list(string) - description = "List of Cloud Foundry org auditors." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_auditors) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_space_managers" { - type = list(string) - description = "List of managers for the Cloud Foundry space." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_space_developers" { - type = list(string) - description = "List of developers for the Cloud Foundry space." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_space_auditors" { - type = list(string) - description = "The list of Cloud Foundry space auditors." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_auditors) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_space_name" { - type = string - description = "The name of the Cloud Foundry space." - default = "dev" -} - - -variable "service_plan__sac" { - type = string - description = "Plan for the service instance of ABAP." - default = "free" -} - -variable "sac_param_first_name" { - type = string - description = "First name of the SAC responsible" -} - -variable "sac_param_last_name" { - type = string - description = "Last name of the SAC responsible" -} - -variable "sac_param_email" { - type = string - description = "Email of the SAC responsible" - - validation { - condition = can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", var.sac_param_email)) - error_message = "Please enter a valid email address for the SAC responsible." - } -} - -variable "sac_param_host_name" { - type = string - description = "Host name of the SAC" - validation { - condition = can(regex("^[a-zA-Z0-9]", var.sac_param_host_name)) - error_message = "Please enter a valid host name. Should only contain letters and numbers." - } -} - - -variable "sac_param_number_of_business_intelligence_licenses" { - type = number - description = "Number of business intelligence licenses" - default = 6 -} - - -variable "sac_param_number_of_professional_licenses" { - type = number - description = "Number of business professional licenses" - default = 1 -} - -variable "sac_param_number_of_business_standard_licenses" { - type = number - description = "Number of business standard licenses" - default = 2 -} +# Description: This file contains the input variables for the mission 3488 step 2. +# +# ------------------------------------------------------------------------------------------------------ +# Account variables +# ------------------------------------------------------------------------------------------------------ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cli.btp.cloud.sap" +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." +} + +variable "custom_idp" { + type = string + description = "The custom identity provider for the subaccount." + default = "" +} + +# ------------------------------------------------------------------------------------------------------ +# ENVIRONMENTS variables +# ------------------------------------------------------------------------------------------------------ +# cloudfoundry (Cloud Foundry Environment) +# ------------------------------------------------------------------------------------------------------ +# +variable "cf_api_url" { + type = string + description = "The Cloud Foundry API endpoint from the Cloud Foundry environment instance." +} + +variable "cf_org_id" { + type = string + description = "The Cloud Foundry Org ID from the Cloud Foundry environment instance." +} + +variable "cf_space_name" { + type = string + description = "Name of the Cloud Foundry space." + default = "dev" + + validation { + condition = can(regex("^.{1,255}$", var.cf_space_name)) + error_message = "The Cloud Foundry space name must not be emtpy and not exceed 255 characters." + } +} + +# User lists +variable "cf_org_managers" { + type = list(string) + description = "Defines the colleagues who are added to a CF org as administrators." +} + +variable "cf_org_users" { + type = list(string) + description = "Defines the colleagues who are added to a CF org as users." +} + +variable "cf_space_managers" { + type = list(string) + description = "Defines the colleagues who are added to a CF space as space manager." +} + +variable "cf_space_developers" { + type = list(string) + description = "Defines the colleagues who are added to a CF space as space developer." +} + +# ------------------------------------------------------------------------------------------------------ +# SERVICES (plans and other parameters) +# ------------------------------------------------------------------------------------------------------ +# analytics-planning-osb (SAP Analytics Cloud), sac +# ------------------------------------------------------------------------------------------------------ +# plans +variable "service_plan__sac" { + type = string + description = "The plan for service 'SAP Analytics Cloud' with technical name 'analytics-planning-osb'" + default = "free" + validation { + condition = contains(["free", "production"], var.service_plan__sac) + error_message = "Invalid value for service_plan__sac. Only 'free' and 'production' are allowed." + } +} + +# (sac) instance parameters +variable "sac_admin_email" { + type = string + description = "SAC Admin Email" +} + +variable "sac_admin_first_name" { + type = string + description = "SAC Admin First Name" +} + +variable "sac_admin_last_name" { + type = string + description = "SAC Admin Last Name" +} + +variable "sac_admin_host_name" { + type = string + description = "SAC Admin Host Name" +} + +variable "sac_number_of_business_intelligence_licenses" { + type = number + description = "Number of business intelligence licenses" + default = 6 +} + +variable "sac_number_of_professional_licenses" { + type = number + description = "Number of business professional licenses" + default = 1 +} + +variable "sac_number_of_business_standard_licenses" { + type = number + description = "Number of business standard licenses" + default = 2 +} + +# testing +variable "enable_service_setup__sac" { + type = bool + description = "If true setup of service 'SAP Analytics Cloud' with technical name 'analytics-planning-osb' is enabled" + default = true +}