generated from kyma-project/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
291 additions
and
108 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,55 +1,14 @@ | ||
> **NOTE:** This is a general template that you can use for a project README.md. Except for the mandatory sections, use only those sections that suit your use case but keep the proposed section order. | ||
> | ||
> Mandatory sections: | ||
> - `Overview` | ||
> - `Prerequisites`, if there are any requirements regarding hard- or software | ||
> - `Installation` | ||
> - `Contributing` - do not change this! | ||
> - `Code of Conduct` - do not change this! | ||
> - `Licensing` - do not change this! | ||
> **TIP:** Apart from the {Module Name} heading, you can use your own titles for the remaining sections. You can also add more module-specific sections. | ||
# {Project Title} | ||
<!--- mandatory ---> | ||
> Modify the title and insert the name of your project. Use Heading 1 (H1). | ||
# {Module Name} | ||
> Modify the title and insert the name of your module. Use Heading 1 (H1). | ||
## Overview | ||
<!--- mandatory section ---> | ||
> Provide a description of your module and its components. Describe its features and functionalities. | ||
> You can divide this section to the relevant subsections. | ||
> Provide a description of the project's functionality. | ||
> | ||
> If it is an example README.md, describe what the example illustrates. | ||
## Useful Links (Optional) | ||
> Provide links to the most relevant module documentation (tutorials, technical references, resources, etc.). | ||
## Prerequisites | ||
|
||
> List the requirements to run the project or example. | ||
## Installation | ||
|
||
> Explain the steps to install your project. If there are multiple installation options, mention the recommended one and include others in a separate document. Create an ordered list for each installation task. | ||
> | ||
> If it is an example README.md, describe how to build, run locally, and deploy the example. Format the example as code blocks and specify the language, highlighting where possible. Explain how you can validate that the example ran successfully. For example, define the expected output or commands to run which check a successful deployment. | ||
> | ||
> Add subsections (H3) for better readability. | ||
## Usage | ||
|
||
> Explain how to use the project. You can create multiple subsections (H3). Include the instructions or provide links to the related documentation. | ||
## Development | ||
|
||
> Add instructions on how to develop the project or example. It must be clear what to do and, for example, how to trigger the tests so that other contributors know how to make their pull requests acceptable. Include the instructions or provide links to related documentation. | ||
## Contributing | ||
<!--- mandatory section - do not change this! ---> | ||
|
||
See the [Contributing Rules](CONTRIBUTING.md). | ||
|
||
## Code of Conduct | ||
<!--- mandatory section - do not change this! ---> | ||
|
||
See the [Code of Conduct](CODE_OF_CONDUCT.md) document. | ||
|
||
## Licensing | ||
<!--- mandatory section - do not change this! ---> | ||
|
||
See the [license](./LICENSE) file. | ||
## Feedback (Optional) | ||
> Describe how users can provide feedback. |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,199 @@ | ||
# "kyma.tf" | ||
|
||
resource "btp_subaccount_entitlement" "kyma" { | ||
subaccount_id = btp_subaccount.subaccount.id | ||
service_name = "kymaruntime" | ||
plan_name = var.BTP_KYMA_PLAN | ||
amount = 1 | ||
} | ||
|
||
resource "btp_subaccount_environment_instance" "kyma" { | ||
subaccount_id = btp_subaccount.subaccount.id | ||
name = "${var.BTP_SUBACCOUNT}-kyma" | ||
environment_type = "kyma" | ||
service_name = btp_subaccount_entitlement.kyma.service_name | ||
plan_name = btp_subaccount_entitlement.kyma.plan_name | ||
parameters = jsonencode({ | ||
modules = { | ||
list = [ | ||
{ | ||
name = "api-gateway" | ||
channel = "fast" | ||
}, | ||
{ | ||
name = "istio" | ||
channel = "fast" | ||
}, | ||
{ | ||
name = "btp-operator" | ||
channel = "fast" | ||
} | ||
] | ||
} | ||
oidc = { | ||
groupsClaim = "groups" | ||
signingAlgs = ["RS256"] | ||
usernameClaim = "sub" | ||
usernamePrefix = "-" | ||
clientID = jsondecode(btp_subaccount_service_binding.identity_application_binding.credentials).clientid | ||
issuerURL = "https://${var.BTP_CUSTOM_IAS_TENANT}.${var.BTP_CUSTOM_IAS_DOMAIN}" | ||
} | ||
name = "${var.BTP_SUBACCOUNT}-kyma" | ||
region = var.BTP_KYMA_REGION | ||
administrators = [ | ||
var.BTP_BOT_USER | ||
] | ||
}) | ||
timeouts = { | ||
create = "60m" | ||
update = "30m" | ||
delete = "60m" | ||
} | ||
} | ||
|
||
data "http" "kubeconfig" { | ||
url = jsondecode(btp_subaccount_environment_instance.kyma.labels).KubeconfigURL | ||
retry { | ||
attempts = 2 | ||
max_delay_ms = 2000 | ||
min_delay_ms = 1000 | ||
} | ||
lifecycle { | ||
postcondition { | ||
condition = can(regex("kind: Config",self.response_body)) | ||
error_message = "Invalid content of downloaded kubeconfig" | ||
} | ||
} | ||
} | ||
|
||
locals { | ||
id_token = jsondecode(data.http.token.response_body).id_token | ||
kubeconfig_oidc = yamldecode(data.http.kubeconfig.response_body) | ||
} | ||
|
||
data "jq_query" "kubeconfig" { | ||
data = jsonencode(yamldecode(data.http.kubeconfig.response_body)) | ||
query = "del(.users[] | .user | .exec) | .users[] |= . + { user: { token: ${jsonencode(local.id_token)} } }" | ||
} | ||
|
||
resource "local_sensitive_file" "kubeconfig-yaml" { | ||
filename = "kubeconfig.yaml" | ||
content = yamlencode(jsondecode(data.jq_query.kubeconfig.result) ) | ||
} | ||
|
||
#"oidc.tf" | ||
|
||
resource "btp_subaccount_entitlement" "identity" { | ||
subaccount_id = btp_subaccount.subaccount.id | ||
service_name = "identity" | ||
plan_name = "application" | ||
} | ||
|
||
# custom idp | ||
resource "btp_subaccount_trust_configuration" "custom_idp" { | ||
subaccount_id = btp_subaccount.subaccount.id | ||
identity_provider = "${var.BTP_CUSTOM_IAS_TENANT}.${var.BTP_CUSTOM_IAS_DOMAIN}" | ||
name = "${var.BTP_SUBACCOUNT}-${var.BTP_CUSTOM_IAS_TENANT}" | ||
depends_on = [btp_subaccount_entitlement.identity] | ||
} | ||
|
||
data "btp_subaccount_service_plan" "identity_application" { | ||
depends_on = [btp_subaccount_entitlement.identity] | ||
subaccount_id = btp_subaccount.subaccount.id | ||
offering_name = "identity" | ||
name = "application" | ||
} | ||
|
||
resource "btp_subaccount_service_instance" "identity_application" { | ||
depends_on = [btp_subaccount_trust_configuration.custom_idp] | ||
subaccount_id = btp_subaccount.subaccount.id | ||
name = "${var.BTP_SUBACCOUNT}-${var.BTP_CUSTOM_IAS_TENANT}-oidc-app" | ||
serviceplan_id = data.btp_subaccount_service_plan.identity_application.id | ||
parameters = jsonencode({ | ||
user-access = "public" | ||
oauth2-configuration = { | ||
grant-types = [ | ||
"authorization_code", | ||
"authorization_code_pkce_s256", | ||
"password", | ||
"refresh_token" | ||
], | ||
token-policy = { | ||
token-validity = 3600, | ||
refresh-validity = 15552000, | ||
refresh-usage-after-renewal = "off", | ||
refresh-parallel = 3, | ||
access-token-format = "default" | ||
}, | ||
public-client = true, | ||
redirect-uris = [ | ||
"https://dashboard.kyma.cloud.sap", | ||
"https://dashboard.dev.kyma.cloud.sap", | ||
"https://dashboard.stage.kyma.cloud.sap", | ||
"http://localhost:8000" | ||
] | ||
}, | ||
subject-name-identifier = { | ||
attribute = "mail", | ||
fallback-attribute = "none" | ||
}, | ||
default-attributes = null, | ||
assertion-attributes = { | ||
email = "mail", | ||
groups = "companyGroups", | ||
first_name = "firstName", | ||
last_name = "lastName", | ||
login_name = "loginName", | ||
mail = "mail", | ||
scope = "companyGroups", | ||
user_uuid = "userUuid", | ||
locale = "language" | ||
}, | ||
name = "${var.BTP_SUBACCOUNT}-${var.BTP_CUSTOM_IAS_TENANT}-oidc-app", | ||
display-name = "${var.BTP_SUBACCOUNT}-${var.BTP_CUSTOM_IAS_TENANT}-oidc-app" | ||
}) | ||
} | ||
|
||
resource "btp_subaccount_service_binding" "identity_application_binding" { | ||
subaccount_id = btp_subaccount.subaccount.id | ||
name = "${var.BTP_SUBACCOUNT}-${var.BTP_CUSTOM_IAS_TENANT}-oidc-app-binding" | ||
service_instance_id = btp_subaccount_service_instance.identity_application.id | ||
parameters = jsonencode({ | ||
credential-type = "X509_GENERATED" | ||
key-length = 4096 | ||
validity = 1 | ||
validity-type = "DAYS" | ||
app-identifier = "kymaruntime" | ||
}) | ||
} | ||
|
||
locals { | ||
idp = jsondecode(btp_subaccount_service_binding.identity_application_binding.credentials) | ||
} | ||
|
||
data "http" "token" { | ||
url = "${local.idp.url}/oauth2/token" | ||
method = "POST" | ||
request_headers = { | ||
Content-Type = "application/x-www-form-urlencoded" | ||
} | ||
request_body = "grant_type=password&username=${var.BTP_BOT_USER}&password=${var.BTP_BOT_PASSWORD}&client_id=${local.idp.clientid}&scope=groups,email" | ||
} | ||
|
||
#"provider-sm.tf" | ||
|
||
data "btp_subaccount_service_binding" "provider_sm" { | ||
count = var.BTP_PROVIDER_SUBACCOUNT_ID == null ? 0 : 1 | ||
# count = try(var.BTP_PROVIDER_SUBACCOUNT_ID, false) ? 1 : 0 | ||
subaccount_id = var.BTP_PROVIDER_SUBACCOUNT_ID | ||
name = "provider-sm-binding" | ||
} | ||
|
||
#"subaccount.tf" | ||
|
||
resource "btp_subaccount" "subaccount" { | ||
name = var.BTP_SUBACCOUNT | ||
region = var.BTP_SA_REGION | ||
subdomain = var.BTP_SUBACCOUNT | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
output "custom_service_manager_credentials" { | ||
value = var.BTP_PROVIDER_SUBACCOUNT_ID == null ? null : jsondecode(one(data.btp_subaccount_service_binding.provider_sm).credentials) | ||
} | ||
|
||
output "kubeconfig" { | ||
value = yamlencode(jsondecode(data.jq_query.kubeconfig.result) ) | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
terraform { | ||
required_providers { | ||
btp = { | ||
source = "SAP/btp" | ||
version = "1.5.0" | ||
} | ||
jq = { | ||
source = "massdriver-cloud/jq" | ||
} | ||
http = { | ||
source = "hashicorp/http" | ||
version = "3.4.4" | ||
} | ||
} | ||
} |
Oops, something went wrong.