Update DC Mission 3252 (Kyma) for QAS (#265)

* auto-select kyma-region if params not provided + update Readme + add outputs.tf + add custom_idp + rename kyma variables + add validation * Update README.md * Update provider.tf --------- Co-authored-by: Rui Nogueira <rui1610@users.noreply.github.com>
SAP-samples · Jul 18, 2024 · 22d58c3 · 22d58c3
1 parent c89f480
commit 22d58c3
Show file tree

Hide file tree

Showing 6 changed files with 88 additions and 53 deletions.
diff --git a/released/discovery_center/mission_3252/README.md b/released/discovery_center/mission_3252/README.md
@@ -24,16 +24,20 @@ To deploy the resources you must:
  export BTP_USERNAME=<your_username>
  export BTP_PASSWORD=<your_password>
  ```
-Alternativelly set:
 
+Alternativelly set:
 
-  ```bash
-  export BTP_ENABLE_SSO=true
-  ```
+ ```bash
+ export BTP_ENABLE_SSO=true
+ ```
 
 2. Change the variables in the `sample.tfvars` file to meet your requirements
 
- > The minimal set of parameters you should specify (beside user_email and password) is globalaccount (i.e. its subdomain)
+ > You must at least set a value for `globalaccount` (i.e. the subdomain of the globalaccount to use).
+
+ > ⚠ NOTE: If you change the value of the `region` variable please ensure that you adjust the values for `kyma_instance_parameters` accordingly, or set it to `null` to use default values for the region. Please refer to the documentation about available service plans and cluster regions for Kyma environments, as well as the documentation for parameter values and defaults for the different service plans.
+ > * [Regions for the Kyma Environemnt](https://help.sap.com/docs/btp/sap-business-technology-platform/regions-for-kyma-environment)
+ > * [Provisioning and Updating Parameters in the Kyma Environment](https://help.sap.com/docs/btp/sap-business-technology-platform/provisioning-and-update-parameters-in-kyma-environment)
 
  > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`.
 

diff --git a/released/discovery_center/mission_3252/main.tf b/released/discovery_center/mission_3252/main.tf
@@ -11,7 +11,7 @@ locals {
 ###############################################################################################
 # Creation of subaccount
 ###############################################################################################
-resource "btp_subaccount" "project" {
+resource "btp_subaccount" "dc_mission" {
  name = var.subaccount_name
  subdomain = local.project_subaccount_domain
  region = lower(var.region)
@@ -22,7 +22,7 @@ resource "btp_subaccount" "project" {
 ###############################################################################################
 resource "btp_subaccount_role_collection_assignment" "subaccount-admins" {
  for_each = toset("${var.subaccount_admins}")
- subaccount_id = btp_subaccount.project.id
+ subaccount_id = btp_subaccount.dc_mission.id
  role_collection_name = "Subaccount Administrator"
  user_name = each.value
 }
@@ -32,7 +32,7 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" {
 ###############################################################################################
 resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" {
  for_each = toset("${var.subaccount_service_admins}")
- subaccount_id = btp_subaccount.project.id
+ subaccount_id = btp_subaccount.dc_mission.id
  role_collection_name = "Subaccount Service Administrator"
  user_name = each.value
 }
@@ -44,33 +44,46 @@ data "btp_regions" "all" {}
 
 #we take the iaas provider for the first region associated with the subaccount 
 locals {
- subaccount_iaas_provider = [for region in data.btp_regions.all.values : region if region.region == btp_subaccount.project.region][0].iaas_provider
+ subaccount_iaas_provider = [for region in data.btp_regions.all.values : region if region.region == btp_subaccount.dc_mission.region][0].iaas_provider
 }
 
 resource "btp_subaccount_entitlement" "kymaruntime" {
- subaccount_id = btp_subaccount.project.id
+ subaccount_id = btp_subaccount.dc_mission.id
  service_name = "kymaruntime"
  plan_name = lower(local.subaccount_iaas_provider)
  amount = 1
 }
 
+data "btp_subaccount_environments" "all" {
+ subaccount_id = btp_subaccount.dc_mission.id
+ depends_on = [btp_subaccount_entitlement.kymaruntime]
+}
+
+# Take the first kyma region from the first kyma environment if no kyma instance parameters are provided
+resource "null_resource" "cache_kyma_region" {
+ triggers = {
+ region = var.kyma_instance_parameters != null ? var.kyma_instance_parameters.region : jsondecode([for env in data.btp_subaccount_environments.all.values : env if env.service_name == "kymaruntime" && env.environment_type == "kyma" && env.plan_name == lower(local.subaccount_iaas_provider)][0].schema_create).parameters.properties.region.enum[0]
+ }
+
+ lifecycle {
+ ignore_changes = all
+ }
+}
+
+locals {
+ kyma_instance_parameters = var.kyma_instance_parameters != null ? var.kyma_instance_parameters : {
+ name = btp_subaccount.dc_mission.subdomain
+ region = null_resource.cache_kyma_region.triggers.region
+ }
+}
+
 resource "btp_subaccount_environment_instance" "kyma" {
- subaccount_id = btp_subaccount.project.id
- name = var.kyma_instance.name
+ subaccount_id = btp_subaccount.dc_mission.id
+ name = var.kyma_instance_parameters != null ? var.kyma_instance_parameters.name : btp_subaccount.dc_mission.subdomain
  environment_type = "kyma"
  service_name = "kymaruntime"
  plan_name = lower(local.subaccount_iaas_provider)
- parameters = jsonencode({
- name = var.kyma_instance.name
- region = var.kyma_instance.region
- machine_type = var.kyma_instance.machine_type
- auto_scaler_min = var.kyma_instance.auto_scaler_min
- auto_scaler_max = var.kyma_instance.auto_scaler_max
- })
- timeouts = {
- create = var.kyma_instance.createtimeout
- update = var.kyma_instance.updatetimeout
- delete = var.kyma_instance.deletetimeout
- }
- depends_on = [btp_subaccount_entitlement.kymaruntime]
+ parameters = jsonencode(local.kyma_instance_parameters)
+ timeouts = var.kyma_instance_timeouts
+ depends_on = [btp_subaccount_entitlement.kymaruntime]
 }
diff --git a/released/discovery_center/mission_3252/outputs.tf b/released/discovery_center/mission_3252/outputs.tf
@@ -0,0 +1,3 @@
+output "subaccount_id" {
+ value = btp_subaccount.dc_mission.id
+}
diff --git a/released/discovery_center/mission_3252/provider.tf b/released/discovery_center/mission_3252/provider.tf
@@ -7,7 +7,12 @@ terraform {
  }
 }
 
+# Please checkout documentation on how best to authenticate against SAP BTP
+# via the Terraform provider for SAP BTP
 provider "btp" {
+ # Uncomment the idp in case you need it to connect to your global account
+ # -------------------------------------------------------------------------
+ idp = var.custom_idp
  globalaccount = var.globalaccount
  cli_server_url = var.cli_server_url
 }
diff --git a/released/discovery_center/mission_3252/samples.tfvars b/released/discovery_center/mission_3252/samples.tfvars
@@ -1,25 +1,19 @@
 # ------------------------------------------------------------------------------------------------------
-# Provider configuration
+# Project specific configuration (please adapt!)
 # ------------------------------------------------------------------------------------------------------
 # Your global account subdomain
-globalaccount = "your global account id goes here eg. 0645xxxx-1xxx-4xxx-bxxx-4xxxxxxxxxxx"
-region = "eu10"
-subaccount_name = "DC Mission 3252 - Get Started with SAP BTP, Kyma runtime creating a Hello-World Function"
+globalaccount = "your global account id goes here eg. 0645xxxx-1xxx-4xxx-bxxx-4xxxxxxxxxxx"
+subaccount_name = "DC Mission 3252 - Get Started with SAP BTP, Kyma runtime creating a Hello-World Function"
+region = "eu10"
+subaccount_admins = ["your.admin.email.address@your.company.com"]
+subaccount_service_admins = ["your.admin.email.address@your.company.com"]
 
-kyma_instance = {
+# Kyma instance parameters. When set to null, the name will be set to the subaccount subdomain and the
+# first available cluster region for the subaccount will be selected.
+kyma_instance_parameters = {
  name = "my-kyma-environment"
  region = "eu-central-1"
  machine_type = "mx5.xlarge"
  auto_scaler_min = 3
  auto_scaler_max = 20
- createtimeout = "1h"
- updatetimeout = "35m"
- deletetimeout = "1h"
 }
-
-# ------------------------------------------------------------------------------------------------------
-# Project specific configuration (please adapt!)
-# ------------------------------------------------------------------------------------------------------
-subaccount_admins = ["your.admin.email.address@your.company.com"]
-subaccount_service_admins = ["your.admin.email.address@your.company.com"]
-
diff --git a/released/discovery_center/mission_3252/variables.tf b/released/discovery_center/mission_3252/variables.tf
@@ -26,6 +26,12 @@ variable "cli_server_url" {
  default = "https://cpcli.cf.eu10.hana.ondemand.com"
 }
 
+variable "custom_idp" {
+ type = string
+ description = "Defines the custom IDP to be used for the subaccount."
+ default = ""
+}
+
 variable "subaccount_admins" {
  type = list(string)
  description = "Defines the colleagues who are added to each subaccount as subaccount administrators."
@@ -36,26 +42,36 @@ variable "subaccount_service_admins" {
  description = "Defines the colleagues who are added to each subaccount as subaccount service administrators."
 }
 
-variable "kyma_instance" {
+variable "kyma_instance_parameters" {
  type = object({
  name = string
  region = string
  machine_type = string
  auto_scaler_min = number
  auto_scaler_max = number
- createtimeout = string
- updatetimeout = string
- deletetimeout = string
  })
- description = "Your Kyma environment configuration"
+ description = "Your Kyma environment configuration parameters. Name and region are mandatory. Please refer to the following documentation for more details: https://help.sap.com/docs/btp/sap-business-technology-platform/provisioning-and-update-parameters-in-kyma-environment."
+ default = null
+
+ validation {
+ condition = (
+ var.kyma_instance_parameters == null ? true : length(var.kyma_instance_parameters.name) > 0 && length(var.kyma_instance_parameters.region) > 0
+ )
+
+ error_message = "Value for kyma_instance_parameters must either be null or an object with values for at least name and region"
+ }
+}
+
+variable "kyma_instance_timeouts" {
+ type = object({
+ create = string
+ update = string
+ delete = string
+ })
+ description = "Timeouts for the creation, update, and deletion of the Kyma instance."
  default = {
- name = "my-kyma-environment"
- region = "eu-central-1"
- machine_type = "mx5.xlarge"
- auto_scaler_min = 3
- auto_scaler_max = 20
- createtimeout = "1h"
- updatetimeout = "35m"
- deletetimeout = "1h"
+ create = "1h"
+ update = "35m"
+ delete = "1h"
  }
 }