ci: update catalog json

terraform-ibm-modules · Jul 2, 2024 · ce931fe · ce931fe
1 parent c18fd54
commit ce931fe
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 42 deletions.
diff --git a/code-engine/main.tf b/code-engine/main.tf
@@ -94,6 +94,7 @@ module "prereqs" {
   iam_api_key_secret_name        = var.pipeline_ibmcloud_api_key_secret_name
   signing_key_secret_name        = var.ci_signing_key_secret_name
   signing_certifcate_secret_name = var.cd_code_signing_cert_secret_name
+  sm_exists                      = var.enable_secrets_manager
 }
 
 module "devsecops_ci_toolchain" {

diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -337,14 +337,14 @@
 							"key": "create_signing_key",
 							"type": "boolean",
 							"default_value": false,
-							"description": "Set to `true` to create and add a `signing_key`to the Secrets Provider.",
+							"description": "Experimental. Set to `true` to create and add a `signing_key`to the Secrets Provider.",
 							"required": false
 						},
 						{
 							"key": "create_signing_certificate",
 							"type": "boolean",
 							"default_value": false,
-							"description": "Set to `true` to create and add the `signing-certificate` to the Secrets Provider.",
+							"description": "Experimental. Set to `true` to create and add the `signing-certificate` to the Secrets Provider.",
 							"required": false
 						},
 						{
@@ -4643,14 +4643,14 @@
 							"key": "create_signing_key",
 							"type": "boolean",
 							"default_value": false,
-							"description": "Set to `true` to create and add a `signing_key`to the Secrets Provider.",
+							"description": "Experimental. Set to `true` to create and add a `signing_key`to the Secrets Provider.",
 							"required": false
 						},
 						{
 							"key": "create_signing_certificate",
 							"type": "boolean",
 							"default_value": false,
-							"description": "Set to `true` to create and add the `signing-certificate` to the Secrets Provider.",
+							"description": "Experimental. Set to `true` to create and add the `signing-certificate` to the Secrets Provider.",
 							"required": false
 						},
 						{
@@ -4681,41 +4681,6 @@
 							"description": "Set the Cloud Object Storage endpoint for accessing your COS bucket. This setting sets the same endpoint for COS in the CI, CD, and CC toolchains. See `ci_cos_endpoint`, `cd_cos_endpoint`, and `cc_cos_endpoint` to set the endpoints separately.",
 							"required": false
 						},
-						{
-							"key": "create_ibmcloud_api_key",
-							"type": "boolean",
-							"default_value": false,
-							"description": "Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider.",
-							"required": false
-						},
-						{
-							"key": "create_cos_api_key",
-							"type": "boolean",
-							"default_value": false,
-							"description": "Set to `true` to create and add a `cos-api-key` to the Secrets Provider.",
-							"required": false
-						},
-						{
-							"key": "create_signing_key",
-							"type": "boolean",
-							"default_value": false,
-							"description": "Set to `true` to create and add a `signing_key`to the Secrets Provider.",
-							"required": false
-						},
-						{
-							"key": "create_signing_certificate",
-							"type": "boolean",
-							"default_value": false,
-							"description": "Set to `true` to create and add the `signing-certificate` to the Secrets Provider.",
-							"required": false
-						},
-						{
-							"key": "create_sm_secret_group",
-							"type": "boolean",
-							"default_value": false,
-							"description": "Set to `true` to create a secrets group in Secrets Manager.",
-							"required": false
-						},
 						{
 							"key": "repo_git_token_secret_name",
 							"type": "string",

diff --git a/main.tf b/main.tf
@@ -75,6 +75,7 @@ module "prereqs" {
   iam_api_key_secret_name        = var.pipeline_ibmcloud_api_key_secret_name
   signing_key_secret_name        = var.ci_signing_key_secret_name
   signing_certifcate_secret_name = var.cd_code_signing_cert_secret_name
+  sm_exists                      = var.enable_secrets_manager
 }
 
 module "devsecops_ci_toolchain" {

diff --git a/prereqs/main.tf b/prereqs/main.tf
@@ -43,7 +43,7 @@ data "external" "signing_keys" {
 ####### SECRETS MANAGER #####################
 
 data "ibm_resource_instance" "sm_instance" {
-  count             = (var.sm_name != "") ? 1 : 0
+  count             = ((var.sm_name != "") && (var.sm_exists == true)) ? 1 : 0
   name              = var.sm_name
   location          = var.sm_location
   resource_group_id = var.resource_group_id

diff --git a/prereqs/variables.tf b/prereqs/variables.tf
@@ -24,13 +24,13 @@ variable "create_cos_api_key" {
 
 variable "create_signing_key" {
   type        = bool
-  description = "Set to `true` to create and add a `signing_key`to the Secrets Provider."
+  description = "Experimental. Set to `true` to create and add a `signing_key`to the Secrets Provider."
   default     = false
 }
 
 variable "create_signing_certificate" {
   type        = bool
-  description = "Set to `true` to create and add the `signing-certificate` to the Secrets Provider."
+  description = "Experimental. Set to `true` to create and add the `signing-certificate` to the Secrets Provider."
   default     = false
 }
 
@@ -40,6 +40,12 @@ variable "create_sm_secret_group" {
   default     = false
 }
 
+variable "sm_exists" {
+  description = "Only connect to the Secrets Manager instance if it has been enabled for the toolchain."
+  type        = bool
+  default     = false
+}
+
 variable "sm_location" {
   type        = string
   description = "The region location of the Secrets Manager instance."