fix: Prereqs icr (#437)

README.md

@@ -547,6 +547,7 @@ statement instead the previous block.
 | <a name="input_create_ci_toolchain"></a> [create\_ci\_toolchain](#input\_create\_ci\_toolchain) | Flag which determines if the DevSecOps CI toolchain is created. If this toolchain is not created then values must be set for the following variables, evidence\_repo\_url, issues\_repo\_url and inventory\_repo\_url. | `bool` | `true` | no |
 | <a name="input_create_cos_api_key"></a> [create\_cos\_api\_key](#input\_create\_cos\_api\_key) | Set to `true` to create and add a `cos-api-key` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_ibmcloud_api_key"></a> [create\_ibmcloud\_api\_key](#input\_create\_ibmcloud\_api\_key) | Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider. | `bool` | `false` | no |
+| <a name="input_create_icr_namespace"></a> [create\_icr\_namespace](#input\_create\_icr\_namespace) | Set to `true` to create the namespace. | `bool` | `false` | no |
 | <a name="input_create_signing_certificate"></a> [create\_signing\_certificate](#input\_create\_signing\_certificate) | Set to `true` to create and add the `signing-certificate` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_signing_key"></a> [create\_signing\_key](#input\_create\_signing\_key) | Set to `true` to create and add a `signing_key`to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_sm_secret_group"></a> [create\_sm\_secret\_group](#input\_create\_sm\_secret\_group) | Set to `true` to create a secrets group in Secrets Manager. | `bool` | `false` | no |

code-engine/README.md

@@ -554,6 +554,7 @@ statement instead the previous block.
 | <a name="input_create_ci_toolchain"></a> [create\_ci\_toolchain](#input\_create\_ci\_toolchain) | Flag which determines if the DevSecOps CI toolchain is created. If this toolchain is not created then values must be set for the following variables, evidence\_repo\_url, issues\_repo\_url and inventory\_repo\_url. | `bool` | `true` | no |
 | <a name="input_create_cos_api_key"></a> [create\_cos\_api\_key](#input\_create\_cos\_api\_key) | Set to `true` to create and add a `cos-api-key` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_ibmcloud_api_key"></a> [create\_ibmcloud\_api\_key](#input\_create\_ibmcloud\_api\_key) | Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider. | `bool` | `false` | no |
+| <a name="input_create_icr_namespace"></a> [create\_icr\_namespace](#input\_create\_icr\_namespace) | Set to `true` to create the namespace. | `bool` | `false` | no |
 | <a name="input_create_signing_certificate"></a> [create\_signing\_certificate](#input\_create\_signing\_certificate) | Set to `true` to create and add the `signing-certificate` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_signing_key"></a> [create\_signing\_key](#input\_create\_signing\_key) | Set to `true` to create and add a `signing_key`to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_sm_secret_group"></a> [create\_sm\_secret\_group](#input\_create\_sm\_secret\_group) | Set to `true` to create a secrets group in Secrets Manager. | `bool` | `false` | no |

code-engine/main.tf

@@ -76,9 +76,9 @@ resource "ibm_resource_instance" "cd_instance" {
 }
 
 module "prereqs" {
-  source     = "../prereqs"
-  depends_on = [data.ibm_resource_group.resource_group]
-  #region                         = var.toolchain_region
+  source                         = "../prereqs"
+  depends_on                     = [data.ibm_resource_group.resource_group]
+  create_icr_namespace           = var.create_icr_namespace
   create_sm_secret_group         = var.create_sm_secret_group
   create_ibmcloud_api_key        = var.create_ibmcloud_api_key
   create_cos_api_key             = var.create_cos_api_key

code-engine/variables.tf

@@ -3939,6 +3939,12 @@ variable "create_signing_certificate" {
   default     = false
 }
 
+variable "create_icr_namespace" {
+  type        = bool
+  description = "Set to `true` to create the namespace."
+  default     = false
+}
+
 variable "add_container_name_suffix" {
   type        = bool
   description = "Set to `true` to add a random suffix to the specified ICR name."

ibm_catalog.json

@@ -305,6 +305,13 @@
 							"description": "Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider.",
 							"required": false
 						},
+						{
+							"key": "create_icr_namespace",
+							"type": "boolean",
+							"default_value": false,
+							"description": "Set to `true` to create the namespace.",
+							"required": false
+						},
 						{
 							"key": "create_cos_api_key",
 							"type": "boolean",
@@ -4611,6 +4618,13 @@
 							"description": "Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider.",
 							"required": false
 						},
+						{
+							"key": "create_icr_namespace",
+							"type": "boolean",
+							"default_value": false,
+							"description": "Set to `true` to create the namespace.",
+							"required": false
+						},
 						{
 							"key": "create_cos_api_key",
 							"type": "boolean",

main.tf

@@ -57,9 +57,9 @@ resource "ibm_resource_instance" "cd_instance" {
 }
 
 module "prereqs" {
-  source     = "./prereqs"
-  depends_on = [data.ibm_resource_group.resource_group]
-  #region                         = var.toolchain_region
+  source                         = "./prereqs"
+  depends_on                     = [data.ibm_resource_group.resource_group]
+  create_icr_namespace           = var.create_icr_namespace
   create_sm_secret_group         = var.create_sm_secret_group
   create_ibmcloud_api_key        = var.create_ibmcloud_api_key
   create_cos_api_key             = var.create_cos_api_key

prereqs/main.tf

@@ -14,7 +14,7 @@ resource "random_string" "resource_suffix" {
 }
 
 resource "ibm_cr_namespace" "cr_namespace" {
-  count             = (var.registry_namespace != "") ? 1 : 0
+  count             = ((var.registry_namespace != "") && (var.create_icr_namespace == true)) ? 1 : 0
   name              = (var.add_container_name_suffix) ? format("%s-%s", var.registry_namespace, random_string.resource_suffix[0].result) : var.registry_namespace
   resource_group_id = var.resource_group_id
 }
@@ -43,15 +43,15 @@ data "external" "signing_keys" {
 ####### SECRETS MANAGER #####################
 
 data "ibm_resource_instance" "sm_instance" {
-  count             = ((var.sm_name != "") && (var.sm_exists == true)) ? 1 : 0
+  count             = ((var.sm_name != "") && (var.sm_location != "") && (var.sm_exists == true)) ? 1 : 0
   name              = var.sm_name
   location          = var.sm_location
   resource_group_id = var.resource_group_id
   service           = "secrets-manager"
 }
 
 resource "ibm_sm_secret_group" "sm_secret_group" {
-  count         = (var.create_sm_secret_group) ? 1 : 0
+  count         = ((var.create_sm_secret_group == true) && (var.sm_exists == true)) ? 1 : 0
   depends_on    = [data.ibm_resource_instance.sm_instance]
   instance_id   = (local.sm_instance_id != "") ? local.sm_instance_id : var.sm_instance_id
   region        = var.sm_location
@@ -60,7 +60,7 @@ resource "ibm_sm_secret_group" "sm_secret_group" {
 }
 
 resource "ibm_sm_arbitrary_secret" "secret_ibmcloud_api_key" {
-  count           = (var.create_ibmcloud_api_key) ? 1 : 0
+  count           = ((var.create_ibmcloud_api_key == true) && (var.sm_exists == true)) ? 1 : 0
   depends_on      = [ibm_sm_secret_group.sm_secret_group]
   region          = var.sm_location
   instance_id     = (local.sm_instance_id != "") ? local.sm_instance_id : var.sm_instance_id
@@ -74,7 +74,7 @@ resource "ibm_sm_arbitrary_secret" "secret_ibmcloud_api_key" {
 }
 
 resource "ibm_sm_arbitrary_secret" "secret_cos_api_key" {
-  count           = (var.create_cos_api_key) ? 1 : 0
+  count           = ((var.create_cos_api_key == true) && (var.sm_exists == true)) ? 1 : 0
   depends_on      = [ibm_sm_secret_group.sm_secret_group]
   region          = var.sm_location
   instance_id     = (local.sm_instance_id != "") ? local.sm_instance_id : var.sm_instance_id
@@ -88,7 +88,7 @@ resource "ibm_sm_arbitrary_secret" "secret_cos_api_key" {
 }
 
 resource "ibm_sm_arbitrary_secret" "secret_signing_key" {
-  count           = (var.create_signing_key) ? 1 : 0
+  count           = ((var.create_signing_key == true) && (var.sm_exists == true)) ? 1 : 0
   depends_on      = [ibm_sm_secret_group.sm_secret_group, data.external.signing_keys]
   region          = var.sm_location
   instance_id     = (local.sm_instance_id != "") ? local.sm_instance_id : var.sm_instance_id
@@ -102,7 +102,7 @@ resource "ibm_sm_arbitrary_secret" "secret_signing_key" {
 }
 
 resource "ibm_sm_arbitrary_secret" "secret_signing_certifcate" {
-  count           = (var.create_signing_certificate) ? 1 : 0
+  count           = ((var.create_signing_certificate == true) && (var.sm_exists == true)) ? 1 : 0
   depends_on      = [ibm_sm_secret_group.sm_secret_group, data.external.signing_keys]
   region          = var.sm_location
   instance_id     = (local.sm_instance_id != "") ? local.sm_instance_id : var.sm_instance_id

prereqs/scripts/gpg_keys.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-#dnf install pinentry -y
+dnf install pinentry -y
 
 function parse_input() {
   eval "$(jq -r '@sh "export EMAIL=\(.email) NAME=\(.name)"')"
@@ -42,11 +42,9 @@ function generate_keys() {
 
 
   #Export the signing key
-  #SIGNING_KEY=$(gpg --export-secret-key "${EMAIL}" | base64 -w0)
-  SIGNING_KEY=$(gpg --export-secret-key "${EMAIL}" | base64)
+  SIGNING_KEY=$(gpg --export-secret-key "${EMAIL}" | base64 -w0)
   #Export the public signing certifacate
-  #PUBLIC_CERTIFICATE=$(gpg --armor --export "${EMAIL}" | base64 -w0)
-  PUBLIC_CERTIFICATE=$(gpg --armor --export "${EMAIL}" | base64)
+  PUBLIC_CERTIFICATE=$(gpg --armor --export "${EMAIL}" | base64 -w0)
   #Terraform requires a JSON response from a script
   JSON_STRING_RESULT=$( jq -n --arg signing_key "$SIGNING_KEY" --arg public_key "$PUBLIC_CERTIFICATE" '{signingkey: $signing_key, publickey: $public_key}' )
 

prereqs/variables.tf

@@ -135,6 +135,12 @@ variable "signing_key_secret_name" {
 }
 
 ##################### ICR ################
+variable "create_icr_namespace" {
+  type        = bool
+  description = "Set to `true` to create the namespace."
+  default     = false
+}
+
 variable "add_container_name_suffix" {
   type        = bool
   description = "Set to `true` to add a random suffix to the specified ICR name."

variables.tf

@@ -3676,6 +3676,12 @@ variable "create_signing_certificate" {
   default     = false
 }
 
+variable "create_icr_namespace" {
+  type        = bool
+  description = "Set to `true` to create the namespace."
+  default     = false
+}
+
 variable "add_container_name_suffix" {
   type        = bool
   description = "Set to `true` to add a random suffix to the specified ICR name."