chore: adding stackit to collie-hub

chore: adding stackit to collie-hub

chore: adding stackit to collie-hub

chore: adding stackit to collie-hub

Author: florianow

kit/stackit/bootstrap/README.md

@@ -0,0 +1,61 @@
+# STACKIT Cloud Custom Platform
+
+## Overview
+This Terraform project enables seamless self-service provisioning and management of STACKIT Projects for development teams. The platform is based on the STACKIT Cloud and is designed to provide a secure and compliant environment for development teams to deploy and manage their applications.
+
+## Documentation
+For more information, check our [Guide for STACKIT](/likvid-cloudfoundation/meshstack/guides/guide_stackit.html).
+
+## Usage
+1. Initialize the Terraform configuration:
+   ```sh
+   terraform init
+   ```
+2. Apply the Terraform configuration:
+   ```sh
+   terraform apply
+   ```
+
+## Requirements
+- Terraform 0.12 or later
+- STACKIT Cloud account
+
+## Providers
+- `stackitcloud/stackit` version `0.37.1`
+- `hashicorp/null` version `3.2.2`
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_null"></a> [null](#requirement\_null) | 3.2.2 |
+| <a name="requirement_stackit"></a> [stackit](#requirement\_stackit) | 0.37.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [null_resource.platform_admin](https://registry.terraform.io/providers/hashicorp/null/3.2.2/docs/resources/resource) | resource |
+| [null_resource.platform_users](https://registry.terraform.io/providers/hashicorp/null/3.2.2/docs/resources/resource) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_api_url"></a> [api\_url](#input\_api\_url) | Base API URL | `string` | `"https://authorization.api.stackit.cloud"` | no |
+| <a name="input_organization_id"></a> [organization\_id](#input\_organization\_id) | Organization ID of your stackit cloud account | `string` | n/a | yes |
+| <a name="input_platform_admins"></a> [platform\_admins](#input\_platform\_admins) | List of members to add with their roles and subjects | <pre>list(object({<br>    role    = string<br>    subject = string<br>  }))</pre> | n/a | yes |
+| <a name="input_platform_users"></a> [platform\_users](#input\_platform\_users) | List of members to add with their roles and subjects | <pre>list(object({<br>    role    = string<br>    subject = string<br>  }))</pre> | n/a | yes |
+| <a name="input_token"></a> [token](#input\_token) | Bearer token for authentication | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_documentation_md"></a> [documentation\_md](#output\_documentation\_md) | n/a |
+<!-- END_TF_DOCS -->

kit/stackit/bootstrap/documentation.tf

@@ -0,0 +1,14 @@
+output "documentation_md" {
+  value = <<EOF
+
+# STACKIT Cloud Custom Platform
+
+## Self-Service Project Provioning
+
+At Likvid Bank, the Platform Team enables seamless self-service provisioning and management of STACKIT Projects for development teams. The platform is based on the STACKIT Cloud and is designed to i
+provide a secure and compliant environment for development teams to deploy and manage their applications.
+
+for more infos check our [Guide for STACKIT ](/likvid-cloudfoundation/meshstack/guides/guide_stackit.html)
+
+EOF
+}

kit/stackit/bootstrap/main.tf

@@ -0,0 +1,76 @@
+resource "null_resource" "platform_admin" {
+
+  # Trigger creation and destruction of resources based on the lifecycle
+  triggers = {
+    members         = jsonencode(var.platform_admins)
+    url             = var.api_url
+    token           = var.token
+    organization_id = var.organization_id
+  }
+
+  # Provisioner for the 'create' action
+  provisioner "local-exec" {
+    when    = create
+    command = <<EOT
+curl -X PATCH "${self.triggers.url}/v2/${self.triggers.organization_id}/members" \
+-H "Authorization: Bearer ${self.triggers.token}" \
+-H "Content-Type: application/json" \
+-d '{
+  "members": ${self.triggers.members},
+  "resourceType": "organization"
+}'
+EOT
+  }
+  # Provisioner for the 'destroy' action
+  provisioner "local-exec" {
+    when    = destroy
+    command = <<EOT
+curl -X POST "${self.triggers.url}/v2/${self.triggers.organization_id}/members/remove" \
+-H "Authorization: Bearer ${self.triggers.token}" \
+-H "Content-Type: application/json" \
+-d '{
+ "forceRemove": true,
+  "members": ${self.triggers.members},
+  "resourceType": "organization"
+}'
+EOT
+  }
+}
+
+resource "null_resource" "platform_users" {
+  # Trigger creation and destruction of resources based on the lifecycle
+  triggers = {
+    members         = jsonencode(var.platform_users)
+    url             = var.api_url
+    token           = var.token
+    organization_id = var.organization_id
+  }
+
+  # Provisioner for the 'create' action
+  provisioner "local-exec" {
+    when    = create
+    command = <<EOT
+curl -X PATCH "${self.triggers.url}/v2/${self.triggers.organization_id}/members" \
+-H "Authorization: Bearer ${self.triggers.token}" \
+-H "Content-Type: application/json" \
+-d '{
+  "members": ${self.triggers.members},
+  "resourceType": "organization"
+}'
+EOT
+  }
+  # Provisioner for the 'destroy' action
+  provisioner "local-exec" {
+    when    = destroy
+    command = <<EOT
+curl -X POST "${self.triggers.url}/v2/${self.triggers.organization_id}/members/remove" \
+-H "Authorization: Bearer ${self.triggers.token}" \
+-H "Content-Type: application/json" \
+-d '{
+ "forceRemove": true,
+  "members": ${self.triggers.members},
+  "resourceType": "organization"
+}'
+EOT
+  }
+}

kit/stackit/bootstrap/outputs.tf

@@ -0,0 +1,32 @@
+variable "platform_admins" {
+  description = "List of members to add with their roles and subjects"
+  type = list(object({
+    role    = string
+    subject = string
+  }))
+}
+
+variable "platform_users" {
+  description = "List of members to add with their roles and subjects"
+  type = list(object({
+    role    = string
+    subject = string
+  }))
+}
+
+variable "token" {
+  description = "Bearer token for authentication"
+  type        = string
+  sensitive   = true
+}
+
+variable "api_url" {
+  description = "Base API URL"
+  type        = string
+  default     = "https://authorization.api.stackit.cloud"
+}
+
+variable "organization_id" {
+  description = "Organization ID of your stackit cloud account"
+  type        = string
+}

kit/stackit/bootstrap/variables.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "0.37.1"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = "3.2.2"
+    }
+  }
+}

kit/stackit/bootstrap/versions.tf

@@ -0,0 +1,72 @@
+# Terraform OVH Project
+
+This Terraform project is used to manage resources in the Stackit cloud platform. It provisions projects, manages users, and configures necessary providers.
+
+## Prerequisites
+
+- Terraform v1.0.0 or later
+- AWS credentials configured for the backend
+- Stackit service account token
+
+## Providers
+
+This project uses the following providers:
+
+- `stackit`: Manages resources in the Stackit cloud platform.
+- `aws`: Manages resources in AWS.
+- `null`: Provides null resources for triggering local-exec provisioners.
+
+## Usage
+
+1. Clone the repository.
+2. Initialize Terraform:
+   ```sh
+   terraform init
+   ```
+3. Apply the Terraform configuration:
+   ```sh
+   terraform apply
+   ```
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.65.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | 3.2.2 |
+| <a name="requirement_stackit"></a> [stackit](#requirement\_stackit) | 0.37.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [null_resource.create_user](https://registry.terraform.io/providers/hashicorp/null/3.2.2/docs/resources/resource) | resource |
+| [null_resource.project_admin](https://registry.terraform.io/providers/hashicorp/null/3.2.2/docs/resources/resource) | resource |
+| [null_resource.project_editor](https://registry.terraform.io/providers/hashicorp/null/3.2.2/docs/resources/resource) | resource |
+| [null_resource.project_reader](https://registry.terraform.io/providers/hashicorp/null/3.2.2/docs/resources/resource) | resource |
+| [stackit_resourcemanager_project.projects](https://registry.terraform.io/providers/stackitcloud/stackit/0.37.1/docs/resources/resourcemanager_project) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_api_url"></a> [api\_url](#input\_api\_url) | Base API URL | `string` | `"https://authorization.api.stackit.cloud"` | no |
+| <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | this is for the tfstates Backend. in our case AWS. | `string` | n/a | yes |
+| <a name="input_organization_id"></a> [organization\_id](#input\_organization\_id) | id of the organization | `string` | n/a | yes |
+| <a name="input_parent_container_id"></a> [parent\_container\_id](#input\_parent\_container\_id) | The stackit Cloud parent container id for the project | `string` | n/a | yes |
+| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | Projects last block in name | `string` | n/a | yes |
+| <a name="input_token"></a> [token](#input\_token) | Bearer token for authentication | `string` | n/a | yes |
+| <a name="input_users"></a> [users](#input\_users) | Users and their roles provided by meshStack (Note that users must exist in stackit) | <pre>list(object(<br>    {<br>      meshIdentifier = string<br>      username       = string<br>      firstName      = string<br>      lastName       = string<br>      email          = string<br>      euid           = string<br>      roles          = list(string)<br>    }<br>  ))</pre> | n/a | yes |
+| <a name="input_workspace_id"></a> [workspace\_id](#input\_workspace\_id) | Projects first block in name | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_stackit_login_link"></a> [stackit\_login\_link](#output\_stackit\_login\_link) | n/a |
+| <a name="output_tenant_id"></a> [tenant\_id](#output\_tenant\_id) | n/a |
+<!-- END_TF_DOCS -->