diff --git a/released/discovery_center/mission_4327/README.md b/released/discovery_center/mission_4327/README.md new file mode 100644 index 00000000..14a925fa --- /dev/null +++ b/released/discovery_center/mission_4327/README.md @@ -0,0 +1,88 @@ +# Discovery Center mission: Develop a Full-Stack CAP Application Following the SAP BTP Developer’s Guide (4327) + +## Overview + +This sample shows how to setup your SAP BTP account for the Discovery Center Mission - [Develop a Full-Stack CAP Application Following the SAP BTP Developer’s Guide](https://discovery-center.cloud.sap/index.html#/missiondetail/4327/) for your Enterprise BTP Account. + +## Content of setup (step1) + +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Entitlements of services +- Subscriptions to applications +- Role collection assignments to users +- Creation of CF environment and CF org + +After this a setup step2 will create a CF space in the before created CF org and users and roles will be assigned on CF org and space level + +## Deploying the resources + +Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html) + +To deploy the resources you must: + +### Setup Step1 + +1. Set your credentials as environment variables + + ```bash + export BTP_USERNAME ='' + export BTP_PASSWORD ='' + ``` + +2. Go into folder `step1` and change the variables in the `sample.tfvars` file to meet your requirements + + > The minimal set of parameters you should specify (besides user_email and password) is global account (i.e. its subdomain) and the used custom_idp and all user assignments + + > Keep the setting `create_tfvars_file_for_step2 = true` so that a `terraform.tfvars` file is created which contains your needed variables to execute setup `step2` without specifying them again in sample.tfvars there. + +3. In folder `step1` you initialize your workspace: + + ```bash + terraform init + ``` + +4. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="sample.tfvars" + ``` + +5. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="sample.tfvars" + ``` + +6. Verify e.g., in BTP cockpit that a new subaccount with a SAP HANA Cloud and SAP Build Work Zone subscriptions have been created. + +### Setup Step2 + +7. Navigate into step2_cf directory and initialize your workspace there as well: + + ```bash + terraform init + ``` +8. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file="terraform.tfvars" + ``` + +9. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="terraform.tfvars" + ``` +10. Verify e.g., in BTP cockpit that after step2 the specified users in sample.tfvars have been assigned with roles in the created cloundfoundry org and space. + +With this you have completed the quick account setup as described in the Discovery Center Mission - [Develop a Full-Stack CAP Application Following the SAP BTP Developer’s Guide](https://discovery-center.cloud.sap/index.html#/missiondetail/4327/). + +## In the end + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy -var-file="terraform.tfvars" +``` \ No newline at end of file diff --git a/released/discovery_center/mission_4327/step1/README.md b/released/discovery_center/mission_4327/step1/README.md deleted file mode 100644 index 5ca895f5..00000000 --- a/released/discovery_center/mission_4327/step1/README.md +++ /dev/null @@ -1,78 +0,0 @@ -# Set Up SAP BTP Account using Terraform – Cloud Foundry - -The Terraform provider for SAP Business Technology Platform (BTP) enables you to automate the provisioning, management, and configuration of resources on SAP BTP. By leveraging this provider, you can simplify and streamline the deployment and maintenance of SAP BTP services and applications. - -Currently, the SAP BTP provider is available in beta for non productive usage: [SAP BTP Terraform](https://registry.terraform.io/providers/SAP/btp/latest). - -The Terraform script documented here automates the setup of an SAP BTP subaccount based on a predefined template. The scripts can be used create SAP BTP subaccount with Cloud Foundry or Kyma runtime. The Terraform script does the below configuration after creating a SAP BTP subaccount: - -1. Configures the SAP BTP entitlements required to complete the mission. See [Setup SAP BTP Account using Terraform](https://github.com/SAP-samples/btp-terraform-samples/blob/main/released/discovery_center/mission_4327/step1/README.md#entitlements). -2. Enables the SAP BTP runtime (Cloud Foundry or Kyma). -3. Creates the neccessary subscription to applications: SAP Business Application Studio (BAS), SAP Build Work Zone, standard edition, etc. -4. Assigns users the neccessary roles required to access the applications, such as SAP Business Application Studio. -5. Adds additional users to the subaccount. -### [Entitlements ](https://github.tools.sap/refapps/incidents-mgmt/blob/main/documentation/administrate/Prepare-BTP/Configure-BTP-CF.md) - -| Service | Plan | Quota required | -| ------------- | :-----------: | ----: | -| Cloud Foundry Runtime | MEMORY | 1 | -| SAP Build Work Zone, standard edition | Standard | 1 | -| SAP HANA Cloud | hana | 1 | -| SAP HANA Cloud | tools | 1 | -| SAP HANA Schemas & HDI Containers | hdi-shared | 1 | - -## Deploy the resources - -To deploy the resources you must: -1. Clone repository `git clone https://github.com/SAP-samples/btp-terraform-samples.git` -2. Navigate to `released/discovery_center/mission_4327/setup_subaccount_cf` -3. You will be seeing these files named `main.tf`,`provider.tf`,`samples.tfvars`,`variables.tf`. -4. Create a file named `terraform.tfvars` and copy `samples.tfvars` content to `terraform.tfvars`. Update the variables to meet your requirements (By default free-tier plans are used, if you want to use it for production update in the `terraform.tfvars` accordingly) -Follow these steps to use the script: -5. Set `BTP_USERNAME`,`BTP_PASSWORD`,`CF_USER` and `CF_PASSWORD` as ENV variables. - -Windows PowerShell: -```Powershell - $env:BTP_USERNAME="" - $env:BTP_PASSWORD="" - $env:CF_USER="" - $env:CF_PASSWORD="" -``` -Linux, macOS: -```mac OS - export BTP_USERNAME="" - export BTP_PASSWORD="" - export CF_USER="" - export CF_PASSWORD="" -``` -6. **Install Terraform Plugins**: Open a terminal and navigate to the directory containing your Terraform configuration files. Run the following command to initialize and upgrade Terraform plugins: - - ```shell - terraform init - ``` - -7. **Review Changes**: Generate an execution plan to review the changes that will be made to your SAP BTP account. Run: - - ```shell - terraform plan - ``` - -8. **Apply Configuration**: Apply the Terraform configuration to create the SAP BTP subaccount and entitlements. Run: - - ```shell - terraform apply - ``` - - Confirm the changes by typing "yes." - -9. **Cleanup**: After your session or project is complete, you can delete the SAP BTP subaccount and associated resources to avoid charges: - - ```shell - terraform destroy - ``` - - Confirm the resource destruction by typing "yes." - -11. **Optional**: You can remove the Terraform state file (`terraform.tfstate`) manually if needed. - -Please exercise caution when using this script, especially in production environments, and ensure you understand the resources that will be created or modified. diff --git a/released/discovery_center/mission_4327/step1/main.tf b/released/discovery_center/mission_4327/step1/main.tf index f5e02711..edb99fff 100644 --- a/released/discovery_center/mission_4327/step1/main.tf +++ b/released/discovery_center/mission_4327/step1/main.tf @@ -1,135 +1,245 @@ -############################################################################################### -# Generating random ID for subdomain -############################################################################################### +# ------------------------------------------------------------------------------------------------------ +# Subaccount setup for DC mission 4327 +# ------------------------------------------------------------------------------------------------------ +# Setup subaccount domain (to ensure uniqueness in BTP global account) resource "random_uuid" "uuid" {} locals { random_uuid = random_uuid.uuid.result - subaccount_domain = "btp-gp${local.random_uuid}" - subaccount_cf_org = length(var.cf_org_name) > 0 ? var.cf_org_name : substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) + timestamp = formatdate("YYYYMMDDhhmmss", timestamp()) + subaccount_domain = "dcmission4327${local.random_uuid}" + subaccount_name = var.subaccount_name == "" ? "SAP Discovery Center Mission 4327 - ${local.timestamp}" : var.subaccount_name } -############################################################################################### # Creation of subaccount -############################################################################################### -resource "btp_subaccount" "project" { - name = var.subaccount_name +resource "btp_subaccount" "dc_mission" { + count = var.subaccount_id == "" ? 1 : 0 + + name = local.subaccount_name subdomain = local.subaccount_domain - region = lower(var.region) + region = var.region +} + +data "btp_subaccount" "dc_mission" { + id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.dc_mission[0].id +} + +# Assign custom IDP to sub account (if custom_idp is set) +resource "btp_subaccount_trust_configuration" "fully_customized" { + # Only create trust configuration if custom_idp has been set + count = var.custom_idp == "" ? 0 : 1 + subaccount_id = data.btp_subaccount.dc_mission.id + identity_provider = var.custom_idp } data "btp_whoami" "me" {} -data "btp_subaccount_environments" "all" { - subaccount_id = btp_subaccount.project.id +locals { + origin_key = data.btp_whoami.me.issuer != var.custom_idp ? "sap.default" : "${element(split(".", var.custom_idp), 0)}-platform" +} + +# Assign role collection "Subaccount Administrator" +resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Administrator" + user_name = each.value + origin = local.origin_key + depends_on = [btp_subaccount.dc_mission] +} + +# Assign role collection "Subaccount Service Administrator" +resource "btp_subaccount_role_collection_assignment" "subaccount_service_admin" { + for_each = toset("${var.subaccount_service_admins}") + subaccount_id = data.btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value + origin = local.origin_key + depends_on = [btp_subaccount.dc_mission] } + # ------------------------------------------------------------------------------------------------------ -# Take the landscape label from the first CF environment if no environment label is provided -# (this replaces the previous null_resource) +# ENVIRONMENTS # ------------------------------------------------------------------------------------------------------ +locals { + service_env_name__cloudfoundry = "cloudfoundry" +} + +# ------------------------------------------------------------------------------------------------------ +# Setup cloudfoundry (Cloud Foundry Environment) +# ------------------------------------------------------------------------------------------------------ +# +# Entitle +resource "btp_subaccount_entitlement" "cloudfoundry" { + count = var.service_env_plan__cloudfoundry == "free" ? 1 : 0 + subaccount_id = btp_subaccount.dc_mission[0].id + service_name = local.service_env_name__cloudfoundry + plan_name = var.service_env_plan__cloudfoundry + amount = 1 +} + +# Fetch all available environments for the subaccount +data "btp_subaccount_environments" "all" { + subaccount_id = data.btp_subaccount.dc_mission.id +} + +# Take the landscape label from the first CF environment if no environment label is provided (this replaces the previous null_resource) resource "terraform_data" "cf_landscape_label" { input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label } -############################################################################################### -# Creation of Cloud Foundry environment -############################################################################################### + +# Create instance +locals { + cf_org_name = var.cf_org_name == "" ? "cf_org_name_dcmission_4327_${local.random_uuid}" : var.cf_org_name +} resource "btp_subaccount_environment_instance" "cloudfoundry" { - subaccount_id = btp_subaccount.project.id - name = local.subaccount_cf_org - landscape_label = terraform_data.cf_landscape_label.output + subaccount_id = data.btp_subaccount.dc_mission.id + name = local.cf_org_name environment_type = "cloudfoundry" - service_name = "cloudfoundry" - plan_name = "standard" - # ATTENTION: some regions offer multiple environments of a kind and you must explicitly select the target environment in which - # the instance shall be created using the parameter landscape label. - # available environments can be looked up using the btp_subaccount_environments datasource + service_name = local.service_env_name__cloudfoundry + plan_name = var.service_env_plan__cloudfoundry + landscape_label = terraform_data.cf_landscape_label.output + parameters = jsonencode({ - instance_name = local.subaccount_cf_org + instance_name = local.cf_org_name }) - timeouts = { - create = "1h" - update = "35m" - delete = "30m" - } -} - -############################################################################################### -# Assignment of users as sub account administrators -############################################################################################### -resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { - for_each = toset(var.subaccount_admins) - subaccount_id = btp_subaccount.project.id - role_collection_name = "Subaccount Administrator" - user_name = each.value + depends_on = [btp_subaccount_entitlement.cloudfoundry] } -###################################################################### -# Add Build Workzone entitlement -###################################################################### -resource "btp_subaccount_entitlement" "build_workzone" { - subaccount_id = btp_subaccount.project.id - service_name = "SAPLaunchpad" - plan_name = var.service_plan__build_workzone - amount = var.service_plan__build_workzone == "free" ? 1 : null -} -###################################################################### -# Create HANA entitlement subscription -###################################################################### -resource "btp_subaccount_entitlement" "hana-cloud" { - subaccount_id = btp_subaccount.project.id - service_name = "hana-cloud" + +# ------------------------------------------------------------------------------------------------------ +# SERVICES +# ------------------------------------------------------------------------------------------------------ +# +locals { + service_name__hana_cloud = "hana-cloud" + service_name__hana = "hana" +} + +# ------------------------------------------------------------------------------------------------------ +# Setup hana-cloud (SAP HANA Cloud) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "hana_cloud" { + count = var.enable_service_setup__hana_cloud ? 1 : 0 + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__hana_cloud plan_name = var.service_plan__hana_cloud } -# Enable HANA Cloud Tools -resource "btp_subaccount_entitlement" "hana-cloud-tools" { - subaccount_id = btp_subaccount.project.id - service_name = "hana-cloud-tools" - plan_name = "tools" -} -resource "btp_subaccount_subscription" "hana-cloud-tools" { - subaccount_id = btp_subaccount.project.id - app_name = "hana-cloud-tools" - plan_name = "tools" - depends_on = [btp_subaccount_entitlement.hana-cloud-tools] -} -# Assign users to Role Collection: SAP HANA Cloud Administrator -resource "btp_subaccount_role_collection_assignment" "hana-cloud-admin" { - for_each = toset(var.hana_cloud_admins) - subaccount_id = btp_subaccount.project.id - role_collection_name = "SAP HANA Cloud Administrator" + +# ------------------------------------------------------------------------------------------------------ +# Setup hana (SAP HANA Schemas & HDI Containers) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "hana" { + count = var.enable_service_setup__hana ? 1 : 0 + subaccount_id = data.btp_subaccount.dc_mission.id + service_name = local.service_name__hana + plan_name = var.service_plan__hana +} + +# ------------------------------------------------------------------------------------------------------ +# APP SUBSCRIPTIONS +# ------------------------------------------------------------------------------------------------------ +# +locals { + app_subscription_serv_name__sap_launchpad = "SAPLaunchpad" + app_subscription_serv_name__hana_cloud_tools = "hana-cloud-tools" + app_subscription_serv_name__cicd_app = "cicd-app" +} + +# ------------------------------------------------------------------------------------------------------ +# Setup SAPLaunchpad (SAP Build Work Zone, standard edition) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "sap_launchpad" { + count = var.enable_app_subscription_setup__sap_launchpad ? 1 : 0 + subaccount_id = btp_subaccount.dc_mission[0].id + service_name = local.app_subscription_serv_name__sap_launchpad + plan_name = var.app_subscription_plan__sap_launchpad + amount = var.app_subscription_plan__sap_launchpad == "free" ? 1 : null +} + +# Subscribe +resource "btp_subaccount_subscription" "sap_launchpad" { + count = var.enable_app_subscription_setup__sap_launchpad ? 1 : 0 + subaccount_id = btp_subaccount.dc_mission[0].id + app_name = local.app_subscription_serv_name__sap_launchpad + plan_name = var.app_subscription_plan__sap_launchpad + depends_on = [btp_subaccount_entitlement.sap_launchpad] +} + +# Assign role collection "Launchpad_Admin" +resource "btp_subaccount_role_collection_assignment" "launchpad_admin" { + for_each = toset(var.enable_app_subscription_setup__sap_launchpad == true ? var.launchpad_admins : []) + subaccount_id = btp_subaccount.dc_mission[0].id + role_collection_name = "Launchpad_Admin" user_name = each.value - depends_on = [btp_subaccount_subscription.hana-cloud-tools] + origin = local.origin_key + depends_on = [btp_subaccount_subscription.sap_launchpad] } -resource "btp_subaccount_entitlement" "hana-hdi-shared" { - subaccount_id = btp_subaccount.project.id - service_name = "hana" - plan_name = "hdi-shared" + +# ------------------------------------------------------------------------------------------------------ +# Setup hana-cloud-tools (SAP HANA Cloud) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "hana_cloud_tools" { + count = var.enable_app_subscription_setup__hana_cloud_tools ? 1 : 0 + subaccount_id = btp_subaccount.dc_mission[0].id + service_name = local.app_subscription_serv_name__hana_cloud_tools + plan_name = var.app_subscription_plan__hana_cloud_tools } -############################################################################################### -# Prepare and setup app: Continuous Integration & Delivery -############################################################################################### -# Entitle subaccount for usage of app Continuous Integration & Delivery -resource "btp_subaccount_entitlement" "cicd_app" { - subaccount_id = btp_subaccount.project.id - service_name = "cicd-app" - plan_name = var.cicd_service_plan +# Subscribe +resource "btp_subaccount_subscription" "hana_cloud_tools" { + count = var.enable_app_subscription_setup__hana_cloud_tools ? 1 : 0 + subaccount_id = btp_subaccount.dc_mission[0].id + app_name = local.app_subscription_serv_name__hana_cloud_tools + plan_name = var.app_subscription_plan__hana_cloud_tools + depends_on = [btp_subaccount_entitlement.hana_cloud_tools] } -locals { - cf_org_users = setsubtract(toset(var.cf_org_users), [data.btp_whoami.me.email]) - cf_org_admins = setsubtract(toset(var.cf_org_admins), [data.btp_whoami.me.email]) +# Assign role collection "SAP HANA Cloud Administrator" +resource "btp_subaccount_role_collection_assignment" "hana_cloud_tools_admins" { + for_each = toset(var.enable_app_subscription_setup__hana_cloud_tools == true ? var.hana_cloud_admins : []) + subaccount_id = btp_subaccount.dc_mission[0].id + role_collection_name = "SAP HANA Cloud Administrator" + user_name = each.value + origin = local.origin_key + depends_on = [btp_subaccount_subscription.hana_cloud_tools] } +# ------------------------------------------------------------------------------------------------------ +# Setup cicd-app (Continuous Integration & Delivery) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "cicd_app" { + count = var.enable_app_subscription_setup__cicd_app ? 1 : 0 + subaccount_id = btp_subaccount.dc_mission[0].id + service_name = local.app_subscription_serv_name__cicd_app + plan_name = var.app_subscription_plan__cicd_app + amount = var.app_subscription_plan__cicd_app == "free" ? 1 : null +} + +# ------------------------------------------------------------------------------------------------------ +# Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true) +# ------------------------------------------------------------------------------------------------------ resource "local_file" "output_vars_step1" { - count = var.create_tfvars_file_for_next_stage ? 1 : 0 + count = var.create_tfvars_file_for_step2 ? 1 : 0 content = <<-EOT - cf_api_url = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}" - cf_org_id = "${btp_subaccount_environment_instance.cloudfoundry.platform_id}" - - cf_org_users = ${jsonencode(local.cf_org_users)} - cf_org_admins = ${jsonencode(local.cf_org_admins)} - cf_space_developers = ${jsonencode(var.cf_space_developers)} - cf_space_managers = ${jsonencode(var.cf_space_managers)} + globalaccount = "${var.globalaccount}" + cli_server_url = ${jsonencode(var.cli_server_url)} + custom_idp = ${jsonencode(var.custom_idp)} + + subaccount_id = "${data.btp_subaccount.dc_mission.id}" + + cf_api_url = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}" + cf_org_id = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]}" + cf_space_name = "${var.cf_space_name}" + + cf_org_managers = ${jsonencode(var.cf_org_managers)} + cf_org_users = ${jsonencode(var.cf_org_users)} + cf_space_developers = ${jsonencode(var.cf_space_developers)} + cf_space_managers = ${jsonencode(var.cf_space_managers)} EOT filename = "../step2_cf/terraform.tfvars" diff --git a/released/discovery_center/mission_4327/step1/outputs.tf b/released/discovery_center/mission_4327/step1/outputs.tf index 8afdb918..92f25080 100644 --- a/released/discovery_center/mission_4327/step1/outputs.tf +++ b/released/discovery_center/mission_4327/step1/outputs.tf @@ -1,27 +1,68 @@ +# ------------------------------------------------------------------------------------------------------ +# account +# ------------------------------------------------------------------------------------------------------ output "subaccount_id" { - value = btp_subaccount.project.id + value = data.btp_subaccount.dc_mission.id + description = "The ID of the subaccount." } +output "custom_idp" { + value = var.custom_idp + description = "The custom identity provider." +} + +# ------------------------------------------------------------------------------------------------------ +# environments +# ------------------------------------------------------------------------------------------------------ output "cf_landscape_label" { - value = terraform_data.cf_landscape_label.output + value = btp_subaccount_environment_instance.cloudfoundry.landscape_label + description = "The Cloudfoundry landscape label." +} + +output "cf_api_url" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] + description = "The Cloudfoundry API Url." } output "cf_org_id" { - value = btp_subaccount_environment_instance.cloudfoundry.platform_id + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"] + description = "The Cloudfoundry org id." } -output "cf_api_url" { - value = lookup(jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels), "API Endpoint", "not found") +output "cf_org_name" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"] + description = "The Cloudfoundry org name." } -output "cf_org_users" { - value = local.cf_org_users +output "cf_space_name" { + value = var.cf_space_name + description = "The name of the Cloud Foundry space." } -output "cf_org_admins" { - value = local.cf_org_admins +output "cf_org_managers" { + value = var.cf_org_managers + description = "List of users to set as Cloudfoundry org administrators." } -output "hana_cloud_tools_subscription_url" { - value = btp_subaccount_subscription.hana-cloud-tools.subscription_url -} \ No newline at end of file +output "cf_space_developers" { + value = var.cf_space_developers + description = "List of users to set as Cloudfoundry space developers." +} + +output "cf_space_managers" { + value = var.cf_space_managers + description = "List of users to set as Cloudfoundry space managers." +} + +# ------------------------------------------------------------------------------------------------------ +# services dashboard & application subscription urls +# ------------------------------------------------------------------------------------------------------ +output "sap_launchpad_apps_subscription_url" { + value = var.enable_app_subscription_setup__sap_launchpad ? btp_subaccount_subscription.sap_launchpad[0].subscription_url : null + description = "The URL of the subscribed SAP Build Work Zone, standard edition application" +} + +output "hana_cloud_tools_apps_subscription_url" { + value = var.enable_app_subscription_setup__hana_cloud_tools ? btp_subaccount_subscription.hana_cloud_tools[0].subscription_url : null + description = "The URL of the subscribed SAP HANA Cloud application" +} diff --git a/released/discovery_center/mission_4327/step1/provider.tf b/released/discovery_center/mission_4327/step1/provider.tf index 98c47dd5..2fb0e38f 100644 --- a/released/discovery_center/mission_4327/step1/provider.tf +++ b/released/discovery_center/mission_4327/step1/provider.tf @@ -1,16 +1,13 @@ terraform { required_providers { btp = { - source = "sap/btp" - version = "1.5.0" + source = "SAP/btp" + version = "~> 1.7.0" } } } -# Please checkout documentation on how best to authenticate against SAP BTP -# via the Terraform provider for SAP BTP provider "btp" { globalaccount = var.globalaccount cli_server_url = var.cli_server_url - idp = var.custom_idp -} +} \ No newline at end of file diff --git a/released/discovery_center/mission_4327/step1/sample.tfvars b/released/discovery_center/mission_4327/step1/sample.tfvars new file mode 100644 index 00000000..44b0c50e --- /dev/null +++ b/released/discovery_center/mission_4327/step1/sample.tfvars @@ -0,0 +1,34 @@ +# ------------------------------------------------------------------------------------------------------ +# Account settings +# ------------------------------------------------------------------------------------------------------ +custom_idp = "<>.accounts.ondemand.com" +globalaccount = "<>" + +subaccount_admins = ["you@acme.com", "other.user@acme.com"] +subaccount_service_admins = ["you@acme.com", "other.user@acme.com"] + +# ------------------------------------------------------------------------------------------------------ +# Use case specific configuration +# ------------------------------------------------------------------------------------------------------ +cf_org_managers = ["you@acme.com", "other.user@acme.com"] +cf_org_users = ["you@acme.com", "other.user@acme.com"] +cf_space_managers = ["you@acme.com", "other.user@acme.com"] +cf_space_developers = ["you@acme.com", "other.user@acme.com"] + +launchpad_admins = ["you@acme.com", "other.user@acme.com"] +hana_cloud_admins = ["you@acme.com", "other.user@acme.com"] + + +# ------------------------------------------------------------------------------------------------------ +# additional configuration (dev & testing) +# ------------------------------------------------------------------------------------------------------ +create_tfvars_file_for_step2 = true + +# (optional) test enable/disable service setups +#enable_service_setup__hana_cloud = false +#enable_service_setup__hana = false + +#enable_app_subscription_setup__sap_launchpad = false +#enable_app_subscription_setup__hana_cloud_tools = false +#enable_app_subscription_setup__cicd_app = false + diff --git a/released/discovery_center/mission_4327/step1/samples.tfvars b/released/discovery_center/mission_4327/step1/samples.tfvars deleted file mode 100644 index eea45fa9..00000000 --- a/released/discovery_center/mission_4327/step1/samples.tfvars +++ /dev/null @@ -1,38 +0,0 @@ -# ------------------------------------------------------------------------------------------------------ -# Provider configuration -# ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "myglobalaccount" -# ------------------------------------------------------------------------------------------------------ -# Project specific configuration (please adapt!) -# ------------------------------------------------------------------------------------------------------ -# Subaccount configuration -region = "us10" -subaccount_name = "DCM Goldenpath" -# To add extra users to the subaccount, the user running the script becomes the admin, without inclusion in admins. -subaccount_admins = ["joe.do@sap.com", "jane.do@sap.com"] -#------------------------------------------------------------------------------------------------------ -# Entitlements plan update -#------------------------------------------------------------------------------------------------------ -# For production use of Business Application Studio, upgrade the plan from the `free-tier` to the appropriate plan e.g standard-edition -# service_plan__bas = "standard-edition" -#------------------------------------------------------------------------------------------------------- -# For production use of Build Workzone, upgrade the plan from the `free-tier` to the appropriate plan e.g standard -service_plan__build_workzone = "standard" -#-------------------------------------------------------------------------------------------------------- -# For production use of HANA, upgrade the plan from the `free-tier` to the appropriate plan e.g hana -service_plan__hana_cloud = "hana" -# cicd service plan -cicd_service_plan = "default" -#------------------------------------------------------------------------------------------------------ -# Cloud Foundry -#------------------------------------------------------------------------------------------------------ -# Choose a unique organization name e.g., based on the global account subdomain and subaccount name -cf_org_name = "" -# hana cloud admin users -hana_cloud_admins = ["john.doe@sap.com"] -# Additional Cloud Foundry users -cf_space_developers = ["john.doe@sap.com"] -cf_space_managers = ["john.doe@sap.com"] -cf_org_admins = ["john.doe@sap.com"] -cf_org_users = ["john.doe@sap.com"] diff --git a/released/discovery_center/mission_4327/step1/variables.tf b/released/discovery_center/mission_4327/step1/variables.tf index ff7acfad..636cc1ea 100644 --- a/released/discovery_center/mission_4327/step1/variables.tf +++ b/released/discovery_center/mission_4327/step1/variables.tf @@ -1,117 +1,242 @@ -###################################################################### -# Customer account setup -###################################################################### -# global account +# ------------------------------------------------------------------------------------------------------ +# Account variables +# ------------------------------------------------------------------------------------------------------ variable "globalaccount" { type = string - description = "The globalaccount subdomain." + description = "The globalaccount subdomain where the sub account shall be created." } -# subaccount -variable "subaccount_name" { + +variable "cli_server_url" { type = string - description = "The subaccount name." + description = "The BTP CLI server URL." + default = "https://cli.btp.cloud.sap" +} + +variable "custom_idp" { + type = string + description = "The custom identity provider for the subaccount." + default = "" } -# Region + variable "region" { type = string - description = "The region where the project account shall be created in." + description = "The region where the subaccount shall be created in." default = "us10" } -# CLI server -variable "cli_server_url" { +variable "subaccount_name" { type = string - description = "The BTP CLI server URL." - default = "https://cpcli.cf.eu10.hana.ondemand.com" + description = "The subaccount name." + default = "" } -# Custom IdP -variable "custom_idp" { +variable "subaccount_id" { type = string - description = "Custom IdP for provider login. Leave empty to use default SAP IdP." + description = "The subaccount ID." default = "" } +# user lists variable "subaccount_admins" { type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount administrators." - default = [] + description = "Defines the colleagues who are added to subaccount as administrator" } -### -# Entitlements -### +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to subaccount as service administrator" +} + +# ------------------------------------------------------------------------------------------------------ +# Switch for creating tfvars for step 2 +# ------------------------------------------------------------------------------------------------------ +variable "create_tfvars_file_for_step2" { + type = bool + description = "Switch to enable the creation of the tfvars file for step 2." + default = false +} -# Plan_name update +# ------------------------------------------------------------------------------------------------------ +# use case specific variables +# ------------------------------------------------------------------------------------------------------ -variable "service_plan__build_workzone" { - description = "Build Workzone plan" +# ------------------------------------------------------------------------------------------------------ +# ENVIRONMENTS (plans, user lists and other vars) +# ------------------------------------------------------------------------------------------------------ +# cloudfoundry (Cloud Foundry Environment) +# ------------------------------------------------------------------------------------------------------ +# plans +variable "service_env_plan__cloudfoundry" { type = string + description = "The plan for service environment 'Cloud Foundry Environment' with technical name 'cloudfoundry'" default = "free" + validation { + condition = contains(["free", "standard"], var.service_env_plan__cloudfoundry) + error_message = "Invalid value for service_env_plan__cloudfoundry. Only 'free' and 'standard' are allowed." + } } -variable "service_plan__hana_cloud" { - description = "hana-cloud plan" - type = string - default = "hana-free" +# user lists +variable "cf_org_managers" { + type = list(string) + description = "List of managers for the Cloud Foundry org." } -variable "hana_cloud_admins" { +variable "cf_org_users" { type = list(string) - description = "Defines the colleagues who are added as admins to access the instance of SAP HANA Cloud." + description = "List of users for the Cloud Foundry org." } -# CICD service plan -variable "cicd_service_plan" { - type = string - description = "The plan for Continous Integration & Delivery subscription" - default = "free" - validation { - condition = contains(["free", "default"], var.cicd_service_plan) - error_message = "Invalid value for Continous Integraion & Delivery. Only 'free' and 'default' are allowed." - } + +variable "cf_space_managers" { + type = list(string) + description = "List of managers for the Cloud Foundry space." } -### -# Cloud Foundry -### +variable "cf_space_developers" { + type = list(string) + description = "List of developers for the Cloud Foundry space." +} + +# cf landscape, org, space variables variable "cf_landscape_label" { type = string - description = "The region where the project account shall be created in." + description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available." default = "" } variable "cf_org_name" { type = string - description = "The name for the Cloud Foundry Org." + description = "Name of the Cloud Foundry org." default = "" } -variable "cf_space_developers" { - type = list(string) - description = "CF Space developers" - default = [] +variable "cf_space_name" { + type = string + description = "Name of the Cloud Foundry space." + default = "dev" + + validation { + condition = can(regex("^.{1,255}$", var.cf_space_name)) + error_message = "The Cloud Foundry space name must not be emtpy and not exceed 255 characters." + } } -variable "cf_space_managers" { - type = list(string) - description = "CF Space managers" - default = [] +# ------------------------------------------------------------------------------------------------------ +# SERVICES (plans and other parameters) +# ------------------------------------------------------------------------------------------------------ +# hana-cloud (SAP HANA Cloud) +# ------------------------------------------------------------------------------------------------------ +# plans +variable "service_plan__hana_cloud" { + type = string + description = "The plan for service 'SAP HANA Cloud' with technical name 'hana-cloud'" + default = "hana-free" + validation { + condition = contains(["hana-free"], var.service_plan__hana_cloud) + error_message = "Invalid value for service_plan__hana_cloud. Only 'free' is allowed." + } } -variable "cf_org_admins" { +# testing +variable "enable_service_setup__hana_cloud" { + type = bool + description = "If true setup of service 'SAP HANA Cloud' with technical name 'hana-cloud' is enabled" + default = true +} +# ------------------------------------------------------------------------------------------------------ +# hana (SAP HANA Schemas & HDI Containers) +# ------------------------------------------------------------------------------------------------------ +# plans +variable "service_plan__hana" { + type = string + description = "The plan for service 'SAP HANA Schemas & HDI Containers' with technical name 'hana'" + default = "hdi-shared" + validation { + condition = contains(["hdi-shared"], var.service_plan__hana) + error_message = "Invalid value for service_plan__hana. Only 'hdi-shared' is allowed." + } +} + +# testing +variable "enable_service_setup__hana" { + type = bool + description = "If true setup of service 'SAP HANA Schemas & HDI Containers' with technical name 'hana' is enabled" + default = true +} + +# ------------------------------------------------------------------------------------------------------ +# APP SUBSCRIPTIONS (plans and user lists) +# ------------------------------------------------------------------------------------------------------ +# SAPLaunchpad (SAP Build Work Zone, standard edition) +# ------------------------------------------------------------------------------------------------------ +# plans +variable "app_subscription_plan__sap_launchpad" { + type = string + description = "The plan for app subscription 'SAP Build Work Zone, standard edition' with technical name 'SAPLaunchpad'" + default = "free" + validation { + condition = contains(["free", "standard"], var.app_subscription_plan__sap_launchpad) + error_message = "Invalid value for app_subscription_plan__sap_launchpad. Only 'free' and 'standard' are allowed." + } +} + +# user lists +variable "launchpad_admins" { type = list(string) - description = "CF Org Admins" - default = [] + description = "Defines the colleagues who are Launchpad Admins." } -variable "cf_org_users" { +# testing +variable "enable_app_subscription_setup__sap_launchpad" { + type = bool + description = "If true setup of app subscription 'SAP Build Work Zone, standard edition' with technical name 'SAPLaunchpad' is enabled" + default = true +} + +# ------------------------------------------------------------------------------------------------------ +# hana-cloud-tools (SAP HANA Cloud) +# ------------------------------------------------------------------------------------------------------ +# plans +variable "app_subscription_plan__hana_cloud_tools" { + type = string + description = "The plan for app subscription 'SAP HANA Cloud' with technical name 'hana-cloud-tools'" + default = "tools" + validation { + condition = contains(["tools"], var.app_subscription_plan__hana_cloud_tools) + error_message = "Invalid value for app_subscription_plan__hana_cloud_tools. Only 'tools' is allowed." + } +} + +# user lists +variable "hana_cloud_admins" { type = list(string) - description = "CF Org Users" - default = [] + description = "Defines the colleagues who are HANA Cloud Admins." } -variable "create_tfvars_file_for_next_stage" { - description = "Switch to enable the creation of the tfvars file for the next stage." +# testing +variable "enable_app_subscription_setup__hana_cloud_tools" { type = bool - default = false + description = "If true setup of app subscription 'SAP HANA Cloud' with technical name 'hana-cloud-tools' is enabled" + default = true +} + +# ------------------------------------------------------------------------------------------------------ +# cicd-app (Continuous Integration & Delivery) +# ------------------------------------------------------------------------------------------------------ +# plans +variable "app_subscription_plan__cicd_app" { + type = string + description = "The plan for app subscription 'Continuous Integration & Delivery' with technical name 'cicd-app'" + default = "free" + validation { + condition = contains(["free", "default"], var.app_subscription_plan__cicd_app) + error_message = "Invalid value for app_subscription_plan__cicd_app. Only 'free' and 'default' are allowed." + } +} + +# testing +variable "enable_app_subscription_setup__cicd_app" { + type = bool + description = "If true setup of app subscription 'Continuous Integration & Delivery' with technical name 'cicd-app' is enabled" + default = true } \ No newline at end of file diff --git a/released/discovery_center/mission_4327/step2_cf/README.md b/released/discovery_center/mission_4327/step2_cf/README.md deleted file mode 100644 index 2a7c9354..00000000 --- a/released/discovery_center/mission_4327/step2_cf/README.md +++ /dev/null @@ -1,78 +0,0 @@ -# Set Up SAP BTP Account using Terraform – Cloud Foundry - -The Terraform provider for SAP Business Technology Platform (BTP) enables you to automate the provisioning, management, and configuration of resources on SAP BTP. By leveraging this provider, you can simplify and streamline the deployment and maintenance of SAP BTP services and applications. - -Currently, the SAP BTP provider is available in beta for non productive usage: [SAP BTP Terraform](https://registry.terraform.io/providers/SAP/btp/latest). - -The Terraform script documented here automates the setup of an SAP BTP subaccount based on a predefined template. The scripts can be used create SAP BTP subaccount with Cloud Foundry or Kyma runtime. The Terraform script does the below configuration after creating a SAP BTP subaccount: - -1. Configures the SAP BTP entitlements required to complete the mission. See [Setup SAP BTP Account using Terraform](https://github.com/SAP-samples/btp-terraform-samples/blob/main/released/discovery_center/mission_4327/step2_cf/README.md#entitlements). -2. Enables the SAP BTP runtime (Cloud Foundry or Kyma). -3. Creates the neccessary subscription to applications: SAP Business Application Studio (BAS), SAP Build Work Zone, standard edition, etc. -4. Assigns users the neccessary roles required to access the applications, such as SAP Business Application Studio. -5. Adds additional users to the subaccount. -### [Entitlements ](https://github.tools.sap/refapps/incidents-mgmt/blob/main/documentation/administrate/Prepare-BTP/Configure-BTP-CF.md) - -| Service | Plan | Quota required | -| ------------- | :-----------: | ----: | -| Cloud Foundry Runtime | MEMORY | 1 | -| SAP Build Work Zone, standard edition | Standard | 1 | -| SAP HANA Cloud | hana | 1 | -| SAP HANA Cloud | tools | 1 | -| SAP HANA Schemas & HDI Containers | hdi-shared | 1 | - -## Deploy the resources - -To deploy the resources you must: -1. Clone repository `git clone https://github.com/SAP-samples/btp-terraform-samples.git` -2. Navigate to `released/discovery_center/mission_4327/setup_subaccount_cf` -3. You will be seeing these files named `main.tf`,`provider.tf`,`samples.tfvars`,`variables.tf`. -4. Create a file named `terraform.tfvars` and copy `samples.tfvars` content to `terraform.tfvars`. Update the variables to meet your requirements (By default free-tier plans are used, if you want to use it for production update in the `terraform.tfvars` accordingly) -Follow these steps to use the script: -5. Set `BTP_USERNAME`,`BTP_PASSWORD`,`CF_USER` and `CF_PASSWORD` as ENV variables. - -Windows PowerShell: -```Powershell - $env:BTP_USERNAME="" - $env:BTP_PASSWORD="" - $env:CF_USER="" - $env:CF_PASSWORD="" -``` -Linux, macOS: -```mac OS - export BTP_USERNAME="" - export BTP_PASSWORD="" - export CF_USER="" - export CF_PASSWORD="" -``` -6. **Install Terraform Plugins**: Open a terminal and navigate to the directory containing your Terraform configuration files. Run the following command to initialize and upgrade Terraform plugins: - - ```shell - terraform init - ``` - -7. **Review Changes**: Generate an execution plan to review the changes that will be made to your SAP BTP account. Run: - - ```shell - terraform plan - ``` - -8. **Apply Configuration**: Apply the Terraform configuration to create the SAP BTP subaccount and entitlements. Run: - - ```shell - terraform apply - ``` - - Confirm the changes by typing "yes." - -9. **Cleanup**: After your session or project is complete, you can delete the SAP BTP subaccount and associated resources to avoid charges: - - ```shell - terraform destroy - ``` - - Confirm the resource destruction by typing "yes." - -11. **Optional**: You can remove the Terraform state file (`terraform.tfstate`) manually if needed. - -Please exercise caution when using this script, especially in production environments, and ensure you understand the resources that will be created or modified. diff --git a/released/discovery_center/mission_4327/step2_cf/main.tf b/released/discovery_center/mission_4327/step2_cf/main.tf index aafb793d..57a3153c 100644 --- a/released/discovery_center/mission_4327/step2_cf/main.tf +++ b/released/discovery_center/mission_4327/step2_cf/main.tf @@ -1,44 +1,81 @@ -###################################################################### -# Create space using CF provider -###################################################################### +data "btp_whoami" "me" {} +# ------------------------------------------------------------------------------------------------------ +# Import custom trust config and disable for user login +# ------------------------------------------------------------------------------------------------------ +locals { + available_for_user_logon = data.btp_whoami.me.issuer != var.custom_idp ? true : false +} + +import { + to = btp_subaccount_trust_configuration.default + id = "${var.subaccount_id},sap.default" +} + +resource "btp_subaccount_trust_configuration" "default" { + subaccount_id = var.subaccount_id + identity_provider = "" + auto_create_shadow_users = false + available_for_user_logon = local.available_for_user_logon +} + +# ------------------------------------------------------------------------------------------------------ +# ENVIRONMENTS (plans, user lists and other vars) +# ------------------------------------------------------------------------------------------------------ +# cloudfoundry (Cloud Foundry Environment) +# ------------------------------------------------------------------------------------------------------ +# +# Create space resource "cloudfoundry_space" "dev" { - name = "DEV" + name = var.cf_space_name org = var.cf_org_id } -###################################################################### -# add org and space users and managers -###################################################################### +locals { + # origin_key is default (sap.ids) if issuer (idp) of logged in user is not custom_idp, otherwise calculated from custom_idp (<>-platform) + custom_idp_tenant_id = var.custom_idp != "" ? element(split(".", var.custom_idp), 0) : "" + origin_key = data.btp_whoami.me.issuer != var.custom_idp ? "sap.ids" : "${local.custom_idp_tenant_id}-platform" + + # Remove logged in user (which was already added before when cf env was created) + cf_org_managers = setsubtract(toset(var.cf_org_managers), [data.btp_whoami.me.email]) + cf_org_users = setsubtract(toset(var.cf_org_users), [data.btp_whoami.me.email]) +} + +# cf_org_users: Assign organization_user role resource "cloudfoundry_org_role" "organization_user" { - for_each = toset(var.cf_org_users) + for_each = toset(local.cf_org_users) username = each.value type = "organization_user" org = var.cf_org_id - origin = var.cf_origin + origin = local.origin_key } +# cf_org_managers: Assign organization_manager role resource "cloudfoundry_org_role" "organization_manager" { - for_each = toset(var.cf_org_admins) - username = each.value - type = "organization_manager" - org = var.cf_org_id - origin = var.cf_origin -} - -resource "cloudfoundry_space_role" "space_developer" { - for_each = toset(var.cf_space_developers) + for_each = toset(local.cf_org_managers) username = each.value - type = "space_developer" - space = cloudfoundry_space.dev.id - origin = var.cf_origin - depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] + type = "organization_manager" + org = var.cf_org_id + origin = local.origin_key + depends_on = [cloudfoundry_org_role.organization_user] } +# cf_space_managers: Assign space_manager role resource "cloudfoundry_space_role" "space_manager" { for_each = toset(var.cf_space_managers) username = each.value type = "space_manager" space = cloudfoundry_space.dev.id - origin = var.cf_origin - depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager] + origin = local.origin_key + depends_on = [cloudfoundry_org_role.organization_manager] +} + +# cf_space_developers: Assign space_developer role +resource "cloudfoundry_space_role" "space_developer" { + for_each = toset(var.cf_space_developers) + username = each.value + type = "space_developer" + space = cloudfoundry_space.dev.id + origin = local.origin_key + depends_on = [cloudfoundry_org_role.organization_manager] } + diff --git a/released/discovery_center/mission_4327/step2_cf/outputs.tf b/released/discovery_center/mission_4327/step2_cf/outputs.tf deleted file mode 100644 index 578d7a90..00000000 --- a/released/discovery_center/mission_4327/step2_cf/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "cf_org_id" { - value = var.cf_org_id -} - -output "cf_api_url" { - value = var.cf_api_url -} - -output "cf_space_name" { - value = cloudfoundry_space.dev.name -} diff --git a/released/discovery_center/mission_4327/step2_cf/provider.tf b/released/discovery_center/mission_4327/step2_cf/provider.tf index 1802fe7a..a1645b26 100644 --- a/released/discovery_center/mission_4327/step2_cf/provider.tf +++ b/released/discovery_center/mission_4327/step2_cf/provider.tf @@ -1,15 +1,21 @@ terraform { required_providers { + btp = { + source = "SAP/btp" + version = "~> 1.7.0" + } cloudfoundry = { source = "SAP/cloudfoundry" version = "1.0.0-rc1" } } } -###################################################################### -# Configure CF provider -###################################################################### + +provider "btp" { + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url +} + provider "cloudfoundry" { - # resolve API URL from environment instance api_url = var.cf_api_url } \ No newline at end of file diff --git a/released/discovery_center/mission_4327/step2_cf/samples.tfvars b/released/discovery_center/mission_4327/step2_cf/samples.tfvars deleted file mode 100644 index 2f556991..00000000 --- a/released/discovery_center/mission_4327/step2_cf/samples.tfvars +++ /dev/null @@ -1,15 +0,0 @@ -# ------------------------------------------------------------------------------------------------------ -# Provider configuration -# ------------------------------------------------------------------------------------------------------ -# API URL of the Cloud Foundry environment instance created in step 1 -cf_api_url = "DCM Goldenpath" -# ------------------------------------------------------------------------------------------------------ -# Project specific configuration (please adapt!) -# ------------------------------------------------------------------------------------------------------ -# Please use the cf_org_id output of step 1 -cf_org_id = "cf-environment" -# Additional Cloud Foundry users -cf_space_developers = ["john.doe@sap.com"] -cf_space_managers = ["john.doe@sap.com"] -cf_org_admins = ["john.doe@sap.com"] -cf_org_users = ["john.doe@sap.com"] diff --git a/released/discovery_center/mission_4327/step2_cf/variables.tf b/released/discovery_center/mission_4327/step2_cf/variables.tf index d3681fb7..590b3d77 100644 --- a/released/discovery_center/mission_4327/step2_cf/variables.tf +++ b/released/discovery_center/mission_4327/step2_cf/variables.tf @@ -1,37 +1,104 @@ +# Description: This file contains the input variables for the mission 4327 step 2. +# +# ------------------------------------------------------------------------------------------------------ +# Account variables +# ------------------------------------------------------------------------------------------------------ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cli.btp.cloud.sap" +} + +variable "subaccount_id" { + type = string + description = "The subaccount ID." +} + +variable "custom_idp" { + type = string + description = "The custom identity provider for the subaccount." + default = "" +} + +# ------------------------------------------------------------------------------------------------------ +# ENVIRONMENTS variables +# ------------------------------------------------------------------------------------------------------ +# cloudfoundry (Cloud Foundry Environment) +# ------------------------------------------------------------------------------------------------------ +# +/* --- +variable "origin" { + type = string + description = "Defines the origin of the identity provider" + default = "sap.ids" + # The value for the origin can be defined + # but are normally set to "sap.ids", "sap.default" or "sap.custom" +} + +variable "origin_key" { + type = string + description = "Defines the origin key of the identity provider" + default = "sap.ids" + # The value for the origin_key can be defined + # but are normally set to "sap.ids", "sap.default" or "sap.custom" +} +--- */ + variable "cf_api_url" { - type = string + type = string + description = "The Cloud Foundry API endpoint from the Cloud Foundry environment instance." } variable "cf_org_id" { - type = string + type = string + description = "The Cloud Foundry Org ID from the Cloud Foundry environment instance." } -variable "cf_origin" { - description = "Origin used for Cloud Foundry organization and space role assignments" +/* --- +variable "cf_org_name" { type = string - default = "sap.ids" + description = "Name of the Cloud Foundry org." + + validation { + condition = can(regex("^.{1,255}$", var.cf_org_name)) + error_message = "The Cloud Foundry org name must not be emtpy and not exceed 255 characters." + } } +--- */ -variable "cf_space_developers" { +variable "cf_space_name" { + type = string + description = "Name of the Cloud Foundry space." + default = "dev" + + validation { + condition = can(regex("^.{1,255}$", var.cf_space_name)) + error_message = "The Cloud Foundry space name must not be emtpy and not exceed 255 characters." + } +} + +# User lists +variable "cf_org_managers" { type = list(string) - description = "CF Space developers" - default = [] + description = "Defines the colleagues who are added to a CF org as administrators." } -variable "cf_space_managers" { +variable "cf_org_users" { type = list(string) - description = "CF Space managers" - default = [] + description = "Defines the colleagues who are added to a CF org as users." } -variable "cf_org_admins" { +variable "cf_space_managers" { type = list(string) - description = "CF Org Admins" - default = [] + description = "Defines the colleagues who are added to a CF space as space manager." } -variable "cf_org_users" { +variable "cf_space_developers" { type = list(string) - description = "CF Org Users" - default = [] + description = "Defines the colleagues who are added to a CF space as space developer." }