fix: common prefix for resource names (#442)

terraform-ibm-modules · Jul 10, 2024 · 55ce226 · 55ce226
1 parent 79a3540
commit 55ce226
Show file tree

Hide file tree

Showing 11 changed files with 126 additions and 141 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-07-02T10:48:53Z",
+  "generated_at": "2024-07-09T15:33:13Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

diff --git a/README.md b/README.md
@@ -548,9 +548,9 @@ statement instead the previous block.
 | <a name="input_create_cos_api_key"></a> [create\_cos\_api\_key](#input\_create\_cos\_api\_key) | Set to `true` to create and add a `cos-api-key` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_ibmcloud_api_key"></a> [create\_ibmcloud\_api\_key](#input\_create\_ibmcloud\_api\_key) | Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_icr_namespace"></a> [create\_icr\_namespace](#input\_create\_icr\_namespace) | Set to `true` to create the namespace. | `bool` | `false` | no |
+| <a name="input_create_secret_group"></a> [create\_secret\_group](#input\_create\_secret\_group) | Set to `true` to create the specified Secrets Manager secret group. | `bool` | `false` | no |
 | <a name="input_create_signing_certificate"></a> [create\_signing\_certificate](#input\_create\_signing\_certificate) | Set to `true` to create and add the `signing-certificate` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_signing_key"></a> [create\_signing\_key](#input\_create\_signing\_key) | Set to `true` to create and add a `signing_key`to the Secrets Provider. | `bool` | `false` | no |
-| <a name="input_create_sm_secret_group"></a> [create\_sm\_secret\_group](#input\_create\_sm\_secret\_group) | Set to `true` to create a secrets group in Secrets Manager. | `bool` | `false` | no |
 | <a name="input_deployment_repo_url"></a> [deployment\_repo\_url](#input\_deployment\_repo\_url) | This is the repository to clone deployment for DevSecOps toolchain template. | `string` | `""` | no |
 | <a name="input_enable_key_protect"></a> [enable\_key\_protect](#input\_enable\_key\_protect) | Set to enable Key Protect Integrations. | `bool` | `false` | no |
 | <a name="input_enable_secrets_manager"></a> [enable\_secrets\_manager](#input\_enable\_secrets\_manager) | Enable the Secrets Manager integrations. | `bool` | `true` | no |
@@ -598,6 +598,7 @@ statement instead the previous block.
 | <a name="input_pr_cra_deploy_analysis"></a> [pr\_cra\_deploy\_analysis](#input\_pr\_cra\_deploy\_analysis) | Set this flag to `1` for cra deployment analysis to be done in PR pipeline. | `string` | `"1"` | no |
 | <a name="input_pr_cra_vulnerability_scan"></a> [pr\_cra\_vulnerability\_scan](#input\_pr\_cra\_vulnerability\_scan) | Set this flag to `1` and `pr-cra-bom-generate` to `1` for cra vulnerability scan in PR pipeline. If this value is set to `1` and `pr-cra-bom-generate` is set to `0`, the scan will be marked as `failure` | `string` | `"1"` | no |
 | <a name="input_pr_pipeline_git_tag"></a> [pr\_pipeline\_git\_tag](#input\_pr\_pipeline\_git\_tag) | The GIT tag within the pipeline definitions repository for the Compliance PR Pipeline. | `string` | `""` | no |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | A prefix that is added to the toolchain resources. | `string` | `""` | no |
 | <a name="input_registry_namespace"></a> [registry\_namespace](#input\_registry\_namespace) | A unique namespace within the IBM Cloud Container Registry region where the application image is stored. | `string` | `""` | no |
 | <a name="input_repo_git_token_secret_crn"></a> [repo\_git\_token\_secret\_crn](#input\_repo\_git\_token\_secret\_crn) | The CRN for the repositories Git Token. | `string` | `""` | no |
 | <a name="input_repo_git_token_secret_name"></a> [repo\_git\_token\_secret\_name](#input\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. Specifying a secret name for the Git Token automatically sets the authentication type to `pat`. | `string` | `""` | no |
@@ -626,7 +627,6 @@ statement instead the previous block.
 | <a name="input_sm_secret_group"></a> [sm\_secret\_group](#input\_sm\_secret\_group) | Group in Secrets Manager for organizing/grouping secrets. This applies to the CI, CD and CC Secret Manager integrations. See `ci_sm_secret_group`, `cd_sm_secret_group`, and `cc_sm_secret_group` to set separately. | `string` | `"Default"` | no |
 | <a name="input_sonarqube_secret_crn"></a> [sonarqube\_secret\_crn](#input\_sonarqube\_secret\_crn) | The CRN for the SonarQube secret. | `string` | `""` | no |
 | <a name="input_toolchain_name"></a> [toolchain\_name](#input\_toolchain\_name) | Common element of the toolchain name. The toolchain names will be appended with `CI Toolchain` or `CD Toolchain` or `CC Toolchain` followed by a timestamp. Can explicitly be set using `ci_toolchain_name`, `cd_toolchain_name`, and `cc_toolchain_name`. | `string` | `"DevSecOps"` | no |
-| <a name="input_toolchain_name_prefix"></a> [toolchain\_name\_prefix](#input\_toolchain\_name\_prefix) | A prefix that is added to the toolchain names. | `string` | `""` | no |
 | <a name="input_toolchain_region"></a> [toolchain\_region](#input\_toolchain\_region) | The region identifier that will be used, by default, for all resource creation and service instance lookup. This can be overridden on a per resource/service basis. See `ci_toolchain_region`,`cd_toolchain_region`,`cc_toolchain_region`, `ci_cluster_region`, `cd_cluster_region`, `ci_registry_region`. | `string` | `"us-south"` | no |
 | <a name="input_toolchain_resource_group"></a> [toolchain\_resource\_group](#input\_toolchain\_resource\_group) | The resource group that will be used, by default, for all resource creation and service instance lookups. This can be overridden on a per resource/service basis. See `ci_toolchain_resource_group`,`cd_toolchain_resource_group`,`cc_toolchain_resource_group`, `ci_cluster_resource_group`. | `string` | `"Default"` | no |
 

diff --git a/code-engine/README.md b/code-engine/README.md
@@ -56,6 +56,7 @@ statement instead the previous block.
 | [ibm_cd_tekton_pipeline_property.cc_pipeline_opt_in_cra_auto_remediation_force](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_property) | resource |
 | [ibm_cd_tekton_pipeline_trigger.ci_pipeline_webhook](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_trigger) | resource |
 | [ibm_cd_tekton_pipeline_trigger_property.ci_pipeline_webhook_branch_property](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_trigger_property) | resource |
+| [ibm_resource_instance.cd_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
 | [null_resource.ci_pipeline_run](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 
@@ -224,7 +225,6 @@ statement instead the previous block.
 | <a name="input_cd_code_engine_job_retrylimit"></a> [cd\_code\_engine\_job\_retrylimit](#input\_cd\_code\_engine\_job\_retrylimit) | The number of times to rerun an instance of the job before the job is marked as failed. | `string` | `"3"` | no |
 | <a name="input_cd_code_engine_memory"></a> [cd\_code\_engine\_memory](#input\_cd\_code\_engine\_memory) | The amount of memory set for the instance of the application or job. Use M for megabytes or G for gigabytes. | `string` | `"0.5G"` | no |
 | <a name="input_cd_code_engine_project"></a> [cd\_code\_engine\_project](#input\_cd\_code\_engine\_project) | The name of the Code Engine project to use for the CD pipeline promoted code. The project is created if it does not already exist. | `string` | `"Sample_CD_Project"` | no |
-| <a name="input_cd_code_engine_project_prefix"></a> [cd\_code\_engine\_project\_prefix](#input\_cd\_code\_engine\_project\_prefix) | A string that will be prefixed to `cd_code_engine_project`. This takes precedence over values set in `code_engine_project_prefix`. | `string` | `""` | no |
 | <a name="input_cd_code_engine_region"></a> [cd\_code\_engine\_region](#input\_cd\_code\_engine\_region) | The region to create/lookup for the Code Engine project. | `string` | `""` | no |
 | <a name="input_cd_code_engine_remove_refs"></a> [cd\_code\_engine\_remove\_refs](#input\_cd\_code\_engine\_remove\_refs) | Remove references to unspecified configuration resources (configmap/secret) references (pulled from env-from-configmaps, env-from-secrets along with auto-managed by CD). | `string` | `"false"` | no |
 | <a name="input_cd_code_engine_resource_group"></a> [cd\_code\_engine\_resource\_group](#input\_cd\_code\_engine\_resource\_group) | The resource group of the Code Engine project. | `string` | `""` | no |
@@ -400,7 +400,6 @@ statement instead the previous block.
 | <a name="input_ci_code_engine_job_retrylimit"></a> [ci\_code\_engine\_job\_retrylimit](#input\_ci\_code\_engine\_job\_retrylimit) | The number of times to rerun an instance of the job before the job is marked as failed. | `string` | `"3"` | no |
 | <a name="input_ci_code_engine_memory"></a> [ci\_code\_engine\_memory](#input\_ci\_code\_engine\_memory) | The amount of memory set for the instance of the application or job. Use M for megabytes or G for gigabytes. | `string` | `"0.5G"` | no |
 | <a name="input_ci_code_engine_project"></a> [ci\_code\_engine\_project](#input\_ci\_code\_engine\_project) | The name of the Code Engine project to use for the CI pipeline build. The project is created if it does not already exist. | `string` | `"Sample_CI_Project"` | no |
-| <a name="input_ci_code_engine_project_prefix"></a> [ci\_code\_engine\_project\_prefix](#input\_ci\_code\_engine\_project\_prefix) | A string that will be prefixed to `ci_code_engine_project`. This takes precedence over values set in `code_engine_project_prefix`. | `string` | `""` | no |
 | <a name="input_ci_code_engine_region"></a> [ci\_code\_engine\_region](#input\_ci\_code\_engine\_region) | The region to create/lookup for the Code Engine project. | `string` | `""` | no |
 | <a name="input_ci_code_engine_registry_domain"></a> [ci\_code\_engine\_registry\_domain](#input\_ci\_code\_engine\_registry\_domain) | The container registry URL domain that is used to build and tag the image. Useful when using private-endpoint container registry. | `string` | `""` | no |
 | <a name="input_ci_code_engine_remove_refs"></a> [ci\_code\_engine\_remove\_refs](#input\_ci\_code\_engine\_remove\_refs) | Remove references to unspecified configuration resources (configmap/secret) references (pulled from env-from-configmaps, env-from-secrets along with auto-managed by CD). | `string` | `"false"` | no |
@@ -542,7 +541,6 @@ statement instead the previous block.
 | <a name="input_ci_trigger_timed_pruner_enable"></a> [ci\_trigger\_timed\_pruner\_enable](#input\_ci\_trigger\_timed\_pruner\_enable) | Set to `true` to enable the timed Pruner trigger. | `bool` | `false` | no |
 | <a name="input_ci_trigger_timed_pruner_name"></a> [ci\_trigger\_timed\_pruner\_name](#input\_ci\_trigger\_timed\_pruner\_name) | The name of the timed Pruner trigger. | `string` | `"Evidence Pruner Timed Trigger"` | no |
 | <a name="input_code_engine_project"></a> [code\_engine\_project](#input\_code\_engine\_project) | The name of the Code Engine project to use. Created if it does not exist. Applies to both the CI and CD toolchains. To set individually use `ci_code_engine_project` and `cd_code_engine_project`. | `string` | `""` | no |
-| <a name="input_code_engine_project_prefix"></a> [code\_engine\_project\_prefix](#input\_code\_engine\_project\_prefix) | A string that will be prefixed to`ci_code_engine_project` and `cd_code_engine_project`. | `string` | `""` | no |
 | <a name="input_compliance_base_image"></a> [compliance\_base\_image](#input\_compliance\_base\_image) | Pipeline baseimage to run most of the built-in pipeline code. | `string` | `""` | no |
 | <a name="input_compliance_pipeline_branch"></a> [compliance\_pipeline\_branch](#input\_compliance\_pipeline\_branch) | The Compliance Pipeline branch. | `string` | `"open-v9"` | no |
 | <a name="input_cos_api_key_secret_crn"></a> [cos\_api\_key\_secret\_crn](#input\_cos\_api\_key\_secret\_crn) | The CRN for the Cloud Object Storage apikey. | `string` | `""` | no |
@@ -555,9 +553,9 @@ statement instead the previous block.
 | <a name="input_create_cos_api_key"></a> [create\_cos\_api\_key](#input\_create\_cos\_api\_key) | Set to `true` to create and add a `cos-api-key` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_ibmcloud_api_key"></a> [create\_ibmcloud\_api\_key](#input\_create\_ibmcloud\_api\_key) | Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_icr_namespace"></a> [create\_icr\_namespace](#input\_create\_icr\_namespace) | Set to `true` to create the namespace. | `bool` | `false` | no |
+| <a name="input_create_secret_group"></a> [create\_secret\_group](#input\_create\_secret\_group) | Set to `true` to create the specified Secrets Manager secret group. | `bool` | `false` | no |
 | <a name="input_create_signing_certificate"></a> [create\_signing\_certificate](#input\_create\_signing\_certificate) | Set to `true` to create and add the `signing-certificate` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_signing_key"></a> [create\_signing\_key](#input\_create\_signing\_key) | Set to `true` to create and add a `signing_key`to the Secrets Provider. | `bool` | `false` | no |
-| <a name="input_create_sm_secret_group"></a> [create\_sm\_secret\_group](#input\_create\_sm\_secret\_group) | Set to `true` to create a secrets group in Secrets Manager. | `bool` | `false` | no |
 | <a name="input_deployment_repo_url"></a> [deployment\_repo\_url](#input\_deployment\_repo\_url) | This is the repository to clone deployment for DevSecOps toolchain template. | `string` | `""` | no |
 | <a name="input_deployment_target"></a> [deployment\_target](#input\_deployment\_target) | The deployment target, 'cluster' or 'code-engine'. Applies to both the CI and CD toolchains. To set individually use  `ci_deployment_target` and `cd_deployment_target`. | `string` | `"code-engine"` | no |
 | <a name="input_enable_key_protect"></a> [enable\_key\_protect](#input\_enable\_key\_protect) | Set to enable Key Protect Integrations. | `bool` | `false` | no |
@@ -606,6 +604,7 @@ statement instead the previous block.
 | <a name="input_pr_cra_deploy_analysis"></a> [pr\_cra\_deploy\_analysis](#input\_pr\_cra\_deploy\_analysis) | Set this flag to `1` for cra deployment analysis to be done in PR pipeline. | `string` | `"1"` | no |
 | <a name="input_pr_cra_vulnerability_scan"></a> [pr\_cra\_vulnerability\_scan](#input\_pr\_cra\_vulnerability\_scan) | Set this flag to `1` and `pr-cra-bom-generate` to `1` for cra vulnerability scan in PR pipeline. If this value is set to `1` and `pr-cra-bom-generate` is set to `0`, the scan will be marked as `failure` | `string` | `"1"` | no |
 | <a name="input_pr_pipeline_git_tag"></a> [pr\_pipeline\_git\_tag](#input\_pr\_pipeline\_git\_tag) | The GIT tag within the pipeline definitions repository for the Compliance PR Pipeline. | `string` | `""` | no |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | A prefix that is added to the toolchain resources. | `string` | `""` | no |
 | <a name="input_registry_namespace"></a> [registry\_namespace](#input\_registry\_namespace) | A unique namespace within the IBM Cloud Container Registry region where the application image is stored. | `string` | `""` | no |
 | <a name="input_registry_namespace"></a> [registry\_namespace\_suffix](#input\_registry\_namespace\_suffix) | A string that can be appended to the `registry_namespace` value to help ensure uniqueness.| `string` | `""` | no |
 | <a name="input_repo_git_token_secret_crn"></a> [repo\_git\_token\_secret\_crn](#input\_repo\_git\_token\_secret\_crn) | The CRN for the repositories Git Token. | `string` | `""` | no |
@@ -635,7 +634,6 @@ statement instead the previous block.
 | <a name="input_sm_secret_group"></a> [sm\_secret\_group](#input\_sm\_secret\_group) | Group in Secrets Manager for organizing/grouping secrets. This applies to the CI, CD and CC Secret Manager integrations. See `ci_sm_secret_group`, `cd_sm_secret_group`, and `cc_sm_secret_group` to set separately. | `string` | `"Default"` | no |
 | <a name="input_sonarqube_secret_crn"></a> [sonarqube\_secret\_crn](#input\_sonarqube\_secret\_crn) | The CRN for the SonarQube secret. | `string` | `""` | no |
 | <a name="input_toolchain_name"></a> [toolchain\_name](#input\_toolchain\_name) | Common element of the toolchain name. The toolchain names will be appended with `CI Toolchain` or `CD Toolchain` or `CC Toolchain` followed by a timestamp. Can explicitly be set using `ci_toolchain_name`, `cd_toolchain_name`, and `cc_toolchain_name`. | `string` | `"DevSecOps"` | no |
-| <a name="input_toolchain_name_prefix"></a> [toolchain\_name\_prefix](#input\_toolchain\_name\_prefix) | A prefix that is added to the toolchain names. | `string` | `""` | no |
 | <a name="input_toolchain_region"></a> [toolchain\_region](#input\_toolchain\_region) | The region identifier that will be used, by default, for all resource creation and service instance lookup. This can be overridden on a per resource/service basis. See `ci_toolchain_region`,`cd_toolchain_region`,`cc_toolchain_region`, `ci_registry_region`. | `string` | `"us-south"` | no |
 | <a name="input_toolchain_resource_group"></a> [toolchain\_resource\_group](#input\_toolchain\_resource\_group) | The resource group that will be used, by default, for all resource creation and service instance lookups. This can be overridden on a per resource/service basis. See `ci_toolchain_resource_group`,`cd_toolchain_resource_group`,`cc_toolchain_resource_group`. | `string` | `"Default"` | no |