stackit-dev-tools/terraform-provider-stackitprivatepreview
2
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat(scf): Add STACKIT Cloud Foundry (#991)

Browse source 
* onboard STACKIT Cloud Foundry resources/datasource
This commit is contained in:
Fabian Spottog 2025-10-08 11:42:33 +02:00 committed by GitHub
parent fcc7a99488
commit a8e874699f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
32 changed files with 3700 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

43
docs/data-sources/scf_organization.md Normal file
View file

@ -0,0 +1,43 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_scf_organization Data Source - stackit"
subcategory: ""
description: |-
STACKIT Cloud Foundry organization datasource schema. Must have a region specified in the provider configuration.
---
# stackit_scf_organization (Data Source)
STACKIT Cloud Foundry organization datasource schema. Must have a `region` specified in the provider configuration.
## Example Usage
```terraform
data "stackit_scf_organization" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
org_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `org_id` (String) The ID of the Cloud Foundry Organization
- `project_id` (String) The ID of the project associated with the organization
### Optional
- `region` (String) The resource region. If not defined, the provider region is used
### Read-Only
- `created_at` (String) The time when the organization was created
- `id` (String) Terraform's internal resource ID, structured as "`project_id`,`region`,`org_id`".
- `name` (String) The name of the organization
- `platform_id` (String) The ID of the platform associated with the organization
- `quota_id` (String) The ID of the quota associated with the organization
- `status` (String) The status of the organization (e.g., deleting, delete_failed)
- `suspended` (Boolean) A boolean indicating whether the organization is suspended
- `updated_at` (String) The time when the organization was last updated

41
docs/data-sources/scf_organization_manager.md Normal file
View file

@ -0,0 +1,41 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_scf_organization_manager Data Source - stackit"
subcategory: ""
description: |-
STACKIT Cloud Foundry organization manager datasource schema.
---
# stackit_scf_organization_manager (Data Source)
STACKIT Cloud Foundry organization manager datasource schema.
## Example Usage
```terraform
data "stackit_scf_organization_manager" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
org_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `org_id` (String) The ID of the Cloud Foundry Organization
- `project_id` (String) The ID of the project associated with the organization of the organization manager
### Optional
- `region` (String) The region where the organization of the organization manager is located. If not defined, the provider region is used
### Read-Only
- `created_at` (String) The time when the organization manager was created
- `id` (String) Terraform's internal resource ID, structured as "`project_id`,`region`,`org_id`,`user_id`".
- `platform_id` (String) The ID of the platform associated with the organization of the organization manager
- `updated_at` (String) The time when the organization manager was last updated
- `user_id` (String) The ID of the organization manager user
- `username` (String) An auto-generated organization manager user name

40
docs/data-sources/scf_platform.md Normal file
View file

@ -0,0 +1,40 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_scf_platform Data Source - stackit"
subcategory: ""
description: |-
STACKIT Cloud Foundry Platform datasource schema.
---
# stackit_scf_platform (Data Source)
STACKIT Cloud Foundry Platform datasource schema.
## Example Usage
```terraform
data "stackit_scf_platform" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
platform_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `platform_id` (String) The unique id of the platform
- `project_id` (String) The ID of the project associated with the platform
### Optional
- `region` (String) The region where the platform is located. If not defined, the provider region is used
### Read-Only
- `api_url` (String) The CF API Url of the platform
- `console_url` (String) The Stratos URL of the platform
- `display_name` (String) The name of the platform
- `id` (String) Terraform's internal resource ID, structured as "`project_id`,`region`,`platform_id`".
- `system_id` (String) The ID of the platform System

248
docs/guides/scf_cloudfoundry.md Normal file
View file

@ -0,0 +1,248 @@
# How to Provisioning Cloud Foundry using Terrform
## Objective
This tutorial demonstrates how to provision Cloud Foundry resources by
integrating the STACKIT Terraform provider with the Cloud Foundry Terraform
provider. The STACKIT Terraform provider will create a managed Cloud Foundry
organization and set up a technical "org manager" user with
`organization_manager` permissions. These credentials, along with the Cloud
Foundry API URL (retrieved dynamically from a platform data resource), are
passed to the Cloud Foundry Terraform provider to manage resources within the
new organization.
### Output
This configuration creates a Cloud Foundry organization, mirroring the structure
created via the portal. It sets up three distinct spaces: `dev`, `qa`, and
`prod`. The configuration assigns, a specified user the `organization_manager`
and `organization_user` roles at the organization level, and the
`space_developer` role in each space.
### Scope
This tutorial covers the interaction between the STACKIT Terraform provider and
the Cloud Foundry Terraform provider. It assumes you are familiar with:
- Setting up a STACKIT project and configuring the STACKIT Terraform provider
with a service account (see the general STACKIT documentation for details).
- Basic Terraform concepts, such as variables and locals.
This document does not cover foundational topics or every feature of the Cloud
Foundry Terraform provider.
### Example configuration
The following Terraform configuration provisions a Cloud Foundry organization
and related resources using the STACKIT Terraform provider and the Cloud Foundry
Terraform provider:
```
terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
}
cloudfoundry = {
source = "cloudfoundry/cloudfoundry"
}
}
}
variable "project_id" {
type = string
description = "Id of the Project"
}
variable "org_name" {
type = string
description = "Name of the Organization"
}
variable "admin_email" {
type = string
description = "Users who are granted permissions"
}
provider "stackit" {
default_region = "eu01"
}
resource "stackit_scf_organization" "scf_org" {
name = var.org_name
project_id = var.project_id
}
data "stackit_scf_platform" "scf_platform" {
project_id = var.project_id
platform_id = stackit_scf_organization.scf_org.platform_id
}
resource "stackit_scf_organization_manager" "scf_manager" {
project_id = var.project_id
org_id = stackit_scf_organization.scf_org.org_id
}
provider "cloudfoundry" {
api_url = data.stackit_scf_platform.scf_platform.api_url
user = stackit_scf_organization_manager.scf_manager.username
password = stackit_scf_organization_manager.scf_manager.password
}
locals {
spaces = ["dev", "qa", "prod"]
}
resource "cloudfoundry_org_role" "org_user" {
username = var.admin_email
type = "organization_user"
org = stackit_scf_organization.scf_org.org_id
}
resource "cloudfoundry_org_role" "org_manager" {
username = var.admin_email
type = "organization_manager"
org = stackit_scf_organization.scf_org.org_id
}
resource "cloudfoundry_space" "spaces" {
for_each = toset(local.spaces)
name = each.key
org = stackit_scf_organization.scf_org.org_id
}
resource "cloudfoundry_space_role" "space_developer" {
for_each = toset(local.spaces)
username = var.admin_email
type = "space_developer"
depends_on = [ cloudfoundry_org_role.org_user ]
space = cloudfoundry_space.spaces[each.key].id
}
```
## Explanation of configuration
### STACKIT provider configuration
```
provider "stackit" {
default_region = "eu01"
}
```
The STACKIT Cloud Foundry Application Programming Interface (SCF API) is
regionalized. Each region operates independently. Set `default_region` in the
provider configuration, to specify the region for all resources, unless you
override it for individual resources. You must also provide access data for the
relevant STACKIT project for the provider to function.
For more details, see
the:[STACKIT Terraform Provider documentation.](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs)
### stackit_scf_organization.scf_org resource
```
resource "stackit_scf_organization" "scf_org" {
name = var.org_name
project_id = var.project_id
}
```
This resource provisions a Cloud Foundry organization, which acts as the
foundational container in the Cloud Foundry environment. Each Cloud Foundry
provider configuration is scoped to a specific organization. The organizations
name, defined by a variable, must be unique across the platform. The
organization is created within a designated STACKIT project, which requires the
STACKIT provider to be configured with the necessary permissions for that
project.
### stackit_scf_organization_manager.scf_manager resource
```
resource "stackit_scf_organization_manager" "scf_manager" {
project_id = var.project_id
org_id = stackit_scf_organization.scf_org.org_id
}
```
This resource creates a technical user in the Cloud Foundry organization with
the organization_manager permission. The user is linked to the organization and
is automatically deleted when the organization is removed.
### stackit_scf_platform.scf_platform data source
```
data "stackit_scf_platform" "scf_platform" {
project_id = var.project_id
platform_id = stackit_scf_organization.scf_org.platform_id
}
```
This data source retrieves properties of the Cloud Foundry platform where the
organization is provisioned. It does not create resources, but provides
information about the existing platform.
### Cloud Foundry provider configuration
```
provider "cloudfoundry" {
api_url = data.stackit_scf_platform.scf_platform.api_url
user = stackit_scf_organization_manager.scf_manager.username
password = stackit_scf_organization_manager.scf_manager.password
}
```
The Cloud Foundry provider is configured to manage resources in the new
organization. The provider uses the API URL from the `stackit_scf_platform` data
source and authenticates using the credentials of the technical user created by
the `stackit_scf_organization_manager` resource.
For more information, see the:
[Cloud Foundry Terraform Provider documentation.](https://registry.terraform.io/providers/cloudfoundry/cloudfoundry/latest/docs)
## Deploy resources
Follow these steps to initialize your environment and provision Cloud Foundry
resources using Terraform.
### Initialize Terraform
Run the following command to initialize the working directory and download the
required provider plugins:
```
terraform init
```
### Create the organization manager user
Run this command to provision the organization and technical user needed to
initialize the Cloud Foundry Terraform provider. This step is required only
during the initial setup. For later changes, you do not need the -target flag.
```
terraform apply -target stackit_scf_organization_manager.scf_manager
```
### Apply the full configuration
Run this command to provision all resources defined in your Terraform
configuration within the Cloud Foundry organization:
```
terraform apply
```
## Verify the deployment
Verify that your Cloud Foundry resources are provisioned correctly. Use the
following Cloud Foundry CLI commands to check applications, services, and
routes:
- `cf apps`
- `cf services`
- `cf routes`
For more information, see the
[Cloud Foundry documentation](https://docs.cloudfoundry.org/) and the
[Cloud Foundry CLI Reference Guide](https://cli.cloudfoundry.org/).

1
docs/index.md
View file

@ -177,6 +177,7 @@ Note: AWS specific checks must be skipped as they do not work on STACKIT. For de
- `redis_custom_endpoint` (String) Custom endpoint for the Redis service
- `region` (String, Deprecated) Region will be used as the default location for regional services. Not all services require a region, some are global
- `resourcemanager_custom_endpoint` (String) Custom endpoint for the Resource Manager service
- `scf_custom_endpoint` (String) Custom endpoint for the Cloud Foundry (SCF) service
- `secretsmanager_custom_endpoint` (String) Custom endpoint for the Secrets Manager service
- `server_backup_custom_endpoint` (String) Custom endpoint for the Server Backup service
- `server_update_custom_endpoint` (String) Custom endpoint for the Server Update service

57
docs/resources/scf_organization.md Normal file
View file

@ -0,0 +1,57 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_scf_organization Resource - stackit"
subcategory: ""
description: |-
STACKIT Cloud Foundry organization resource schema. Must have a region specified in the provider configuration.
---
# stackit_scf_organization (Resource)
STACKIT Cloud Foundry organization resource schema. Must have a `region` specified in the provider configuration.
## Example Usage
```terraform
resource "stackit_scf_organization" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example"
}
resource "stackit_scf_organization" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example"
platform_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
quota_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
suspended = false
}
# Only use the import statement, if you want to import an existing scf organization
import {
to = stackit_scf_organization.import-example
id = "${var.project_id},${var.region},${var.org_id}"
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `name` (String) The name of the organization
- `project_id` (String) The ID of the project associated with the organization
### Optional
- `platform_id` (String) The ID of the platform associated with the organization
- `quota_id` (String) The ID of the quota associated with the organization
- `region` (String) The resource region. If not defined, the provider region is used
- `suspended` (Boolean) A boolean indicating whether the organization is suspended
### Read-Only
- `created_at` (String) The time when the organization was created
- `id` (String) Terraform's internal resource ID, structured as "`project_id`,`region`,`org_id`".
- `org_id` (String) The ID of the Cloud Foundry Organization
- `status` (String) The status of the organization (e.g., deleting, delete_failed)
- `updated_at` (String) The time when the organization was last updated

49
docs/resources/scf_organization_manager.md Normal file
View file

@ -0,0 +1,49 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_scf_organization_manager Resource - stackit"
subcategory: ""
description: |-
STACKIT Cloud Foundry organization manager resource schema.
---
# stackit_scf_organization_manager (Resource)
STACKIT Cloud Foundry organization manager resource schema.
## Example Usage
```terraform
resource "stackit_scf_organization_manager" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
org_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
# Only use the import statement, if you want to import an existing scf org user
# The password field is still null after import and must be entered manually in the state.
import {
to = stackit_scf_organization_manager.import-example
id = "${var.project_id},${var.region},${var.org_id},${var.user_id}"
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `org_id` (String) The ID of the Cloud Foundry Organization
- `project_id` (String) The ID of the project associated with the organization of the organization manager
### Optional
- `region` (String) The region where the organization of the organization manager is located. If not defined, the provider region is used
### Read-Only
- `created_at` (String) The time when the organization manager was created
- `id` (String) Terraform's internal resource ID, structured as "`project_id`,`region`,`org_id`,`user_id`".
- `password` (String, Sensitive) An auto-generated password
- `platform_id` (String) The ID of the platform associated with the organization of the organization manager
- `updated_at` (String) The time when the organization manager was last updated
- `user_id` (String) The ID of the organization manager user
- `username` (String) An auto-generated organization manager user name