ci: update variable name and catalog json

README.md

@@ -566,7 +566,6 @@ statement instead the previous block.
 | <a name="input_evidence_repo_integration_owner"></a> [evidence\_repo\_integration\_owner](#input\_evidence\_repo\_integration\_owner) | The name of the integration owner. | `string` | `""` | no |
 | <a name="input_evidence_repo_name"></a> [evidence\_repo\_name](#input\_evidence\_repo\_name) | The repository name. | `string` | `""` | no |
 | <a name="input_evidence_repo_url"></a> [evidence\_repo\_url](#input\_evidence\_repo\_url) | Deprecated: Use `evidence_repo_existing_url`. This is a template repository to link compliance-evidence-locker for reference DevSecOps toolchain templates. | `string` | `""` | no |
-| <a name="input_expiration_period"></a> [expiration\_period](#input\_expiration\_period) | The number of days until the secret expires. Leave empty to not set an expiration. | `string` | `""` | no |
 | <a name="input_gosec_private_repository_host"></a> [gosec\_private\_repository\_host](#input\_gosec\_private\_repository\_host) | Your private repository base URL. | `string` | `""` | no |
 | <a name="input_gosec_private_repository_ssh_key_secret_crn"></a> [gosec\_private\_repository\_ssh\_key\_secret\_crn](#input\_gosec\_private\_repository\_ssh\_key\_secret\_crn) | The CRN for the GoSec repository secret. | `string` | `""` | no |
 | <a name="input_gosec_repo_ssh_key_secret_group"></a> [gosec\_repo\_ssh\_key\_secret\_group](#input\_gosec\_repo\_ssh\_key\_secret\_group) | Secret group prefix for the gosec private repository ssh key secret. Defaults to `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no |
@@ -628,6 +627,7 @@ statement instead the previous block.
 | <a name="input_sm_location"></a> [sm\_location](#input\_sm\_location) | The region location of the Secrets Manager instance. This applies to the CI, CD and CC Secret Manager integrations. See `ci_sm_location`, `cd_sm_location`, and `cc_sm_location` to set separately. | `string` | `"us-south"` | no |
 | <a name="input_sm_name"></a> [sm\_name](#input\_sm\_name) | The name of the Secret Managers instance. This applies to the CI, CD and CC Secret Manager integrations. See `ci_sm_name`, `cd_sm_name`, and `cc_sm_name` to set separately. | `string` | `"sm-instance"` | no |
 | <a name="input_sm_resource_group"></a> [sm\_resource\_group](#input\_sm\_resource\_group) | The resource group containing the Secrets Manager instance. This applies to the CI, CD and CC Secret Manager integrations. See `ci_sm_resource_group`, `cd_sm_resource_group`, and `cc_sm_resource_group` to set separately. | `string` | `"Default"` | no |
+| <a name="input_sm_secret_expiration_period"></a> [sm\_secret\_expiration\_period](#input\_sm\_secret\_expiration\_period) | The number of days until the secret expires. Leave empty to not set an expiration. | `string` | `""` | no |
 | <a name="input_sm_secret_group"></a> [sm\_secret\_group](#input\_sm\_secret\_group) | Group in Secrets Manager for organizing/grouping secrets. This applies to the CI, CD and CC Secret Manager integrations. See `ci_sm_secret_group`, `cd_sm_secret_group`, and `cc_sm_secret_group` to set separately. | `string` | `"Default"` | no |
 | <a name="input_sonarqube_secret_crn"></a> [sonarqube\_secret\_crn](#input\_sonarqube\_secret\_crn) | The CRN for the SonarQube secret. | `string` | `""` | no |
 | <a name="input_toolchain_name"></a> [toolchain\_name](#input\_toolchain\_name) | Common element of the toolchain name. The toolchain names will be appended with `CI Toolchain` or `CD Toolchain` or `CC Toolchain` followed by a timestamp. Can explicitly be set using `ci_toolchain_name`, `cd_toolchain_name`, and `cc_toolchain_name`. | `string` | `"DevSecOps"` | no |

code-engine/README.md

@@ -570,7 +570,6 @@ statement instead the previous block.
 | <a name="input_evidence_repo_integration_owner"></a> [evidence\_repo\_integration\_owner](#input\_evidence\_repo\_integration\_owner) | The name of the integration owner. | `string` | `""` | no |
 | <a name="input_evidence_repo_name"></a> [evidence\_repo\_name](#input\_evidence\_repo\_name) | The repository name. | `string` | `""` | no |
 | <a name="input_evidence_repo_url"></a> [evidence\_repo\_url](#input\_evidence\_repo\_url) | Deprecated: Use `evidence_repo_existing_url`. This is a template repository to link compliance-evidence-locker for reference DevSecOps toolchain templates. | `string` | `""` | no |
-| <a name="input_expiration_period"></a> [expiration\_period](#input\_expiration\_period) | The number of days until the secret expires. Leave empty to not set an expiration. | `string` | `""` | no |
 | <a name="input_gosec_private_repository_host"></a> [gosec\_private\_repository\_host](#input\_gosec\_private\_repository\_host) | Your private repository base URL. | `string` | `""` | no |
 | <a name="input_gosec_private_repository_ssh_key_secret_crn"></a> [gosec\_private\_repository\_ssh\_key\_secret\_crn](#input\_gosec\_private\_repository\_ssh\_key\_secret\_crn) | The CRN for the GoSec repository secret. | `string` | `""` | no |
 | <a name="input_gosec_repo_ssh_key_secret_group"></a> [gosec\_repo\_ssh\_key\_secret\_group](#input\_gosec\_repo\_ssh\_key\_secret\_group) | Secret group prefix for the gosec private repository ssh key secret. Defaults to `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no |
@@ -633,6 +632,7 @@ statement instead the previous block.
 | <a name="input_sm_location"></a> [sm\_location](#input\_sm\_location) | The region location of the Secrets Manager instance. This applies to the CI, CD and CC Secret Manager integrations. See `ci_sm_location`, `cd_sm_location`, and `cc_sm_location` to set separately. | `string` | `"us-south"` | no |
 | <a name="input_sm_name"></a> [sm\_name](#input\_sm\_name) | The name of the Secret Managers instance. This applies to the CI, CD and CC Secret Manager integrations. See `ci_sm_name`, `cd_sm_name`, and `cc_sm_name` to set separately. | `string` | `"sm-instance"` | no |
 | <a name="input_sm_resource_group"></a> [sm\_resource\_group](#input\_sm\_resource\_group) | The resource group containing the Secrets Manager instance. This applies to the CI, CD and CC Secret Manager integrations. See `ci_sm_resource_group`, `cd_sm_resource_group`, and `cc_sm_resource_group` to set separately. | `string` | `"Default"` | no |
+| <a name="input_sm_secret_expiration_period"></a> [sm\_secret\_expiration\_period](#input\_sm\_secret\_expiration\_period) | The number of days until the secret expires. Leave empty to not set an expiration. | `string` | `""` | no |
 | <a name="input_sm_secret_group"></a> [sm\_secret\_group](#input\_sm\_secret\_group) | Group in Secrets Manager for organizing/grouping secrets. This applies to the CI, CD and CC Secret Manager integrations. See `ci_sm_secret_group`, `cd_sm_secret_group`, and `cc_sm_secret_group` to set separately. | `string` | `"Default"` | no |
 | <a name="input_sonarqube_secret_crn"></a> [sonarqube\_secret\_crn](#input\_sonarqube\_secret\_crn) | The CRN for the SonarQube secret. | `string` | `""` | no |
 | <a name="input_toolchain_name"></a> [toolchain\_name](#input\_toolchain\_name) | Common element of the toolchain name. The toolchain names will be appended with `CI Toolchain` or `CD Toolchain` or `CC Toolchain` followed by a timestamp. Can explicitly be set using `ci_toolchain_name`, `cd_toolchain_name`, and `cc_toolchain_name`. | `string` | `"DevSecOps"` | no |

code-engine/main.tf

@@ -114,7 +114,7 @@ module "prereqs" {
   iam_api_key_secret_name        = var.pipeline_ibmcloud_api_key_secret_name
   signing_key_secret_name        = var.ci_signing_key_secret_name
   signing_certifcate_secret_name = var.cd_code_signing_cert_secret_name
-  expiration_period              = var.expiration_period
+  sm_secret_expiration_period    = var.sm_secret_expiration_period
   sm_exists                      = var.enable_secrets_manager
   sm_endpoint_type               = var.sm_endpoint_type
 }

code-engine/variables.tf

@@ -187,7 +187,7 @@ variable "sm_endpoint_type" {
   default     = "private"
 }
 
-variable "expiration_period" {
+variable "sm_secret_expiration_period" {
   type        = string
   description = "The number of days until the secret expires. Leave empty to not set an expiration."
   default     = ""

ibm_catalog.json

@@ -333,6 +333,13 @@
 							"description": "Set to `true` to create and add a `cos-api-key` to the Secrets Provider.",
 							"required": false
 						},
+						{
+							"key": "sm_secret_expiration_period",
+							"type": "string",
+							"default_value": "",
+							"description": "The number of days until the secret expires. Leave empty to not set an expiration.",
+							"required": false
+						},
 						{
 							"key": "create_cd_instance",
 							"type": "boolean",
@@ -4633,6 +4640,13 @@
 							"description": "Set to `true` to create and add a `cos-api-key` to the Secrets Provider.",
 							"required": false
 						},
+						{
+							"key": "sm_secret_expiration_period",
+							"type": "string",
+							"default_value": "",
+							"description": "The number of days until the secret expires. Leave empty to not set an expiration.",
+							"required": false
+						},
 						{
 							"key": "create_cd_instance",
 							"type": "boolean",

main.tf

@@ -98,7 +98,7 @@ module "prereqs" {
   iam_api_key_secret_name        = var.pipeline_ibmcloud_api_key_secret_name
   signing_key_secret_name        = var.ci_signing_key_secret_name
   signing_certifcate_secret_name = var.cd_code_signing_cert_secret_name
-  expiration_period              = var.expiration_period
+  sm_secret_expiration_period    = var.sm_secret_expiration_period
   sm_exists                      = var.enable_secrets_manager
   sm_endpoint_type               = var.sm_endpoint_type
 }

prereqs/main.tf

@@ -16,13 +16,13 @@ locals {
   secret_group_list = (var.sm_exists) ? data.ibm_sm_secret_groups.secret_groups[0].secret_groups : []
   secret_group_id   = try(local.secret_group_list[index(local.secret_group_list[*].name, var.sm_secret_group_name)].id, "")
 
-  expiration_period_hours = (var.expiration_period != "") ? var.expiration_period * 24 : null
+  sm_secret_expiration_period_hours = ((var.sm_secret_expiration_period != "") && (var.sm_secret_expiration_period != "0")) ? var.sm_secret_expiration_period * 24 : null
 
-  expiration_date = (local.expiration_period_hours != null) ? timeadd(time_static.timestamp[0].rfc3339, local.expiration_period_hours) : null
+  expiration_date = (local.sm_secret_expiration_period_hours != null) ? timeadd(time_static.timestamp[0].rfc3339, "${local.sm_secret_expiration_period_hours}h") : null
 }
 
 resource "time_static" "timestamp" {
-  count = (local.expiration_period_hours != null) ? 1 : 0
+  count = (local.sm_secret_expiration_period_hours != null) ? 1 : 0
 }
 
 ####### SECRETS MANAGER #####################

prereqs/variables.tf

@@ -76,7 +76,7 @@ variable "sm_endpoint_type" {
   default     = "public"
 }
 
-variable "expiration_period" {
+variable "sm_secret_expiration_period" {
   type        = string
   description = "The number of days until the secret expires. Leave empty to not set an expiration."
   default     = ""

variables.tf

@@ -187,7 +187,7 @@ variable "sm_endpoint_type" {
   default     = "private"
 }
 
-variable "expiration_period" {
+variable "sm_secret_expiration_period" {
   type        = string
   description = "The number of days until the secret expires. Leave empty to not set an expiration."
   default     = ""