feat: setup of integration suite on SAP BTP trial (#404)

Author: lechnerc77

.gitignore

@@ -6,6 +6,7 @@
 *.log
 secret.auto.tfvars
 terraform.tfvars
+*.out
 
 
 # Any kind of invironment variables

released/usecases/trial_integration_suite/01_base_setup_directory/main.tf

@@ -0,0 +1,39 @@
+locals {
+  flattened_role_collection_assignments = flatten([
+    for index, role_collection_assignment in var.role_collection_assignments : [
+      for index, user in role_collection_assignment.users : {
+        role_collection_name = role_collection_assignment.role_collection_name
+        user                 = user
+      }
+    ]
+  ])
+}
+
+resource "btp_directory" "self" {
+  name        = var.directory_name
+  description = var.directory_description
+  features    = toset(var.features)
+  labels = {
+    "managed_by" = ["terraform"]
+    "scope"      = ["integration"]
+    "costcenter" = [var.project_costcenter]
+  }
+}
+
+resource "btp_directory_entitlement" "dir_entitlement_assignment" {
+  for_each     = { for e in var.entitlement_assignments : e.name => e }
+  directory_id = btp_directory.self.id
+  service_name = each.value.name
+  plan_name    = each.value.plan
+  amount       = each.value.amount != 0 ? each.value.amount : null
+  distribute   = each.value.distribute
+  auto_assign  = each.value.auto_assign
+}
+
+
+resource "btp_directory_role_collection_assignment" "dir_role_collection_assignment" {
+  for_each             = { for index, role_collection_assignment in local.flattened_role_collection_assignments : index => role_collection_assignment }
+  directory_id         = btp_directory.self.id
+  role_collection_name = each.value.role_collection_name
+  user_name            = each.value.user
+}

released/usecases/trial_integration_suite/01_base_setup_directory/outputs.tf

@@ -0,0 +1,4 @@
+output "directory_id" {
+  description = "The ID of the directory"
+  value       = btp_directory.self.id
+}

released/usecases/trial_integration_suite/01_base_setup_directory/provider.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    btp = {
+      source  = "SAP/btp"
+      version = "~> 1.10.0"
+    }
+  }
+}
+
+provider "btp" {
+  globalaccount = var.globalaccount
+}

released/usecases/trial_integration_suite/01_base_setup_directory/terraform.tfvars.sample

@@ -0,0 +1,31 @@
+globalaccount      = "<Subdomain of your Global Account>"
+features           = ["DEFAULT", "ENTITLEMENTS", "AUTHORIZATIONS"]
+project_costcenter = "54321"
+entitlement_assignments = [
+  {
+    name        = "integrationsuite-trial"
+    plan        = "trial"
+    amount      = 1
+    distribute  = false
+    auto_assign = false
+  },
+  // can be added only after fix of https://github.com/SAP/terraform-provider-btp/issues/930
+  /*  {
+    name        = "APPLICATION_RUNTIME"
+    plan        = "MEMORY"
+    amount      = 2
+    distribute  = false
+    auto_assign = false
+  },*/
+]
+// The user executing the script gets automatically added to the directory
+role_collection_assignments = [
+  {
+    role_collection_name = "Directory Administrator"
+    users                = ["[email protected]"]
+  },
+  {
+    role_collection_name = "Directory Viewer"
+    users                = ["[email protected]"]
+  }
+]

released/usecases/trial_integration_suite/01_base_setup_directory/variables.tf

@@ -0,0 +1,56 @@
+variable "globalaccount" {
+  description = "Subdomain of the global account"
+  type        = string
+}
+
+variable "directory_name" {
+  description = "Name of the directory"
+  type        = string
+  default     = "Integration Directory"
+}
+
+variable "directory_description" {
+  description = "Description of the directory"
+  type        = string
+  default     = "Directory for all integration subaccounts"
+}
+
+variable "features" {
+  description = "Directory features to be activated"
+  type        = list(string)
+  default     = ["DEFAULT"]
+  validation {
+    condition     = alltrue([for feature in var.features : contains(["DEFAULT", "ENTITLEMENTS", "AUTHORIZATIONS"], feature)])
+    error_message = "The only supported features are DEFAULT, ENTITLEMENTS and AUTHORIZATIONS"
+  }
+}
+
+variable "project_costcenter" {
+  description = "Cost center of the project"
+  type        = string
+  validation {
+    condition     = can(regex("^[0-9]{5}$", var.project_costcenter))
+    error_message = "Cost center must be a 5 digit number"
+  }
+}
+
+variable "entitlement_assignments" {
+  description = "list of entitlements to be assigned ot the directory"
+  type = list(object({
+    name        = string
+    plan        = string
+    amount      = number
+    distribute  = bool
+    auto_assign = bool
+  }))
+  default = []
+}
+
+variable "role_collection_assignments" {
+  description = "List of role collections to assign to a user"
+  type = list(object({
+    role_collection_name = string
+    users                = set(string)
+  }))
+  default = []
+}

released/usecases/trial_integration_suite/02_base_setup_subaccount/main.tf

@@ -0,0 +1,106 @@
+resource "random_uuid" "uuid" {}
+
+locals {
+  subaccount_name        = "${var.subaccount_stage} ${var.project_name}"
+  subaccount_description = "Subaccount for Project ${var.project_name} (stage ${var.subaccount_stage})"
+  subaccount_subdomain   = join("-", [lower(replace("${var.subaccount_stage}-${var.project_name}", " ", "-")), random_uuid.uuid.result])
+  service_name_prefix    = lower(replace("${var.subaccount_stage}-${var.project_name}", " ", "-"))
+  subaccount_cf_org      = local.subaccount_subdomain
+  cf_space_name          = lower(replace("${var.subaccount_stage}-${var.project_name}", " ", "-"))
+  beta_enabled           = var.subaccount_stage == "DEV" ? true : false
+  usage                  = var.subaccount_stage == "PROD" ? "USED_FOR_PRODUCTION" : "NOT_USED_FOR_PRODUCTION"
+}
+
+resource "btp_subaccount" "project_subaccount" {
+  parent_id    = var.parent_id
+  name         = local.subaccount_name
+  subdomain    = local.subaccount_subdomain
+  description  = var.project_name
+  region       = var.subaccount_region
+  beta_enabled = local.beta_enabled
+  usage        = local.usage
+  labels = {
+    "stage"      = [var.subaccount_stage]
+    "costcenter" = [var.project_costcenter]
+    "managed_by" = ["terraform"]
+    "scope"      = ["integration"]
+  }
+}
+
+resource "btp_subaccount_role_collection_assignment" "emergency_admins" {
+  for_each             = toset(var.emergency_admins)
+  subaccount_id        = btp_subaccount.project_subaccount.id
+  role_collection_name = "Subaccount Administrator"
+  user_name            = each.value
+}
+
+
+resource "btp_subaccount_entitlement" "integrationsuite_app_trial" {
+  subaccount_id = btp_subaccount.project_subaccount.id
+  service_name  = "integrationsuite-trial"
+  plan_name     = "trial"
+  amount        = 1
+}
+
+resource "btp_subaccount_entitlement" "cf_memory" {
+  subaccount_id = btp_subaccount.project_subaccount.id
+  service_name  = "APPLICATION_RUNTIME"
+  plan_name     = "MEMORY"
+  amount        = 1
+}
+
+resource "btp_subaccount_environment_instance" "cloudfoundry" {
+  subaccount_id    = btp_subaccount.project_subaccount.id
+  name             = local.subaccount_cf_org
+  environment_type = "cloudfoundry"
+  service_name     = "cloudfoundry"
+  plan_name        = "trial"
+  landscape_label  = "cf-${var.cf_landscape_label}"
+  parameters = jsonencode({
+    instance_name = local.subaccount_cf_org
+  })
+  depends_on = [btp_subaccount_entitlement.cf_memory]
+}
+
+locals {
+  cf_org_id = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]
+}
+
+resource "cloudfoundry_org_role" "org_manager" {
+  for_each = toset(var.emergency_admins)
+  username = each.value
+  type     = "organization_user"
+  org      = local.cf_org_id
+}
+
+resource "cloudfoundry_space" "project_space" {
+  name = local.cf_space_name
+  org  = local.cf_org_id
+}
+
+resource "cloudfoundry_space_role" "emergency_space_manager" {
+  for_each   = toset(var.emergency_admins)
+  username   = each.value
+  type       = "space_manager"
+  space      = cloudfoundry_space.project_space.id
+  origin     = "sap.ids"
+  depends_on = [cloudfoundry_org_role.org_manager]
+}
+
+resource "cloudfoundry_space_role" "space_manager" {
+  for_each   = toset(var.space_managers)
+  username   = each.value
+  type       = "space_manager"
+  space      = cloudfoundry_space.project_space.id
+  origin     = "sap.ids"
+  depends_on = [cloudfoundry_org_role.org_manager]
+}
+
+resource "cloudfoundry_space_role" "space_developer" {
+  for_each   = toset(var.space_managers)
+  username   = each.value
+  type       = "space_developer"
+  space      = cloudfoundry_space.project_space.id
+  origin     = "sap.ids"
+  depends_on = [cloudfoundry_org_role.org_manager]
+}

released/usecases/trial_integration_suite/02_base_setup_subaccount/outputs.tf

@@ -0,0 +1,9 @@
+output "subaccount_id" {
+  description = "The ID of the subaccount"
+  value       = btp_subaccount.project_subaccount.id
+}
+
+output "cf_space_id" {
+  description = "The ID of the Cloud Foundry space"
+  value       = cloudfoundry_space.project_space.id
+}

released/usecases/trial_integration_suite/02_base_setup_subaccount/provider.tf

@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    btp = {
+      source  = "SAP/btp"
+      version = "~> 1.10.0"
+    }
+    cloudfoundry = {
+      source  = "cloudfoundry/cloudfoundry"
+      version = "~> 1.3.0"
+    }
+  }
+}
+
+provider "btp" {
+  globalaccount = var.globalaccount
+}
+
+// Interpolation of the API endpoint only works on trial accounts
+provider "cloudfoundry" {
+  api_url = "https://api.cf.${var.cf_landscape_label}.hana.ondemand.com"
+}

released/usecases/trial_integration_suite/02_base_setup_subaccount/terraform.tfvars.sample

@@ -0,0 +1,6 @@
+globalaccount      = "<Subdomain of your Global Account>"
+parent_id          = "outout directory_id of step 1"
+project_costcenter = "54321"
+emergency_admins   = ["[email protected]"]
+space_managers     = ["[email protected]"]
+space_developers   = ["[email protected]"]

released/usecases/trial_integration_suite/02_base_setup_subaccount/variables.tf

@@ -0,0 +1,73 @@
+variable "globalaccount" {
+  description = "Subdomain of the global account"
+  type        = string
+}
+
+variable "parent_id" {
+  description = "The parent ID for the subaccount"
+  type        = string
+  default     = ""
+}
+
+variable "project_name" {
+  description = "Name of the project"
+  type        = string
+  default     = "Integration Account"
+}
+
+variable "subaccount_stage" {
+  description = "Stage of the subaccount"
+  type        = string
+  default     = "DEV"
+  validation {
+    condition     = contains(["DEV", "TEST", "PROD"], var.subaccount_stage)
+    error_message = "Stage must be one of DEV, TEST or PROD"
+  }
+}
+
+variable "subaccount_region" {
+  description = "Region of the subaccount"
+  type        = string
+  default     = "us10"
+  validation {
+    condition     = contains(["us10", "ap21"], var.subaccount_region)
+    error_message = "Region must be one of us10 or ap21"
+  }
+}
+
+variable "cf_landscape_label" {
+  description = "Label of the Cloud Foundry landscape"
+  type        = string
+  default     = "us10-001"
+  validation {
+    condition     = contains(["us10-001", "ap21"], var.cf_landscape_label)
+    error_message = "Trial landscape must be one of us10-001 or ap21"
+  }
+}
+
+variable "project_costcenter" {
+  description = "Cost center of the project"
+  type        = string
+  validation {
+    condition     = can(regex("^[0-9]{5}$", var.project_costcenter))
+    error_message = "Cost center must be a 5 digit number"
+  }
+}
+
+variable "emergency_admins" {
+  description = "List of emergency admins"
+  type        = list(string)
+  default     = []
+}
+
+variable "space_managers" {
+  description = "List of space managers"
+  type        = list(string)
+  default     = []
+}
+
+variable "space_developers" {
+  description = "List of space developers"
+  type        = list(string)
+  default     = []
+}