From ce931fe1a49db7194df1ddfaf06ca33aee434c4d Mon Sep 17 00:00:00 2001 From: huayuenh Date: Tue, 2 Jul 2024 14:01:53 +0100 Subject: [PATCH] ci: update catalog json --- code-engine/main.tf | 1 + ibm_catalog.json | 43 ++++--------------------------------------- main.tf | 1 + prereqs/main.tf | 2 +- prereqs/variables.tf | 10 ++++++++-- 5 files changed, 15 insertions(+), 42 deletions(-) diff --git a/code-engine/main.tf b/code-engine/main.tf index 32c69a3e..6363a156 100644 --- a/code-engine/main.tf +++ b/code-engine/main.tf @@ -94,6 +94,7 @@ module "prereqs" { iam_api_key_secret_name = var.pipeline_ibmcloud_api_key_secret_name signing_key_secret_name = var.ci_signing_key_secret_name signing_certifcate_secret_name = var.cd_code_signing_cert_secret_name + sm_exists = var.enable_secrets_manager } module "devsecops_ci_toolchain" { diff --git a/ibm_catalog.json b/ibm_catalog.json index 3815d8d3..581ac3e9 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -337,14 +337,14 @@ "key": "create_signing_key", "type": "boolean", "default_value": false, - "description": "Set to `true` to create and add a `signing_key`to the Secrets Provider.", + "description": "Experimental. Set to `true` to create and add a `signing_key`to the Secrets Provider.", "required": false }, { "key": "create_signing_certificate", "type": "boolean", "default_value": false, - "description": "Set to `true` to create and add the `signing-certificate` to the Secrets Provider.", + "description": "Experimental. Set to `true` to create and add the `signing-certificate` to the Secrets Provider.", "required": false }, { @@ -4643,14 +4643,14 @@ "key": "create_signing_key", "type": "boolean", "default_value": false, - "description": "Set to `true` to create and add a `signing_key`to the Secrets Provider.", + "description": "Experimental. Set to `true` to create and add a `signing_key`to the Secrets Provider.", "required": false }, { "key": "create_signing_certificate", "type": "boolean", "default_value": false, - "description": "Set to `true` to create and add the `signing-certificate` to the Secrets Provider.", + "description": "Experimental. Set to `true` to create and add the `signing-certificate` to the Secrets Provider.", "required": false }, { @@ -4681,41 +4681,6 @@ "description": "Set the Cloud Object Storage endpoint for accessing your COS bucket. This setting sets the same endpoint for COS in the CI, CD, and CC toolchains. See `ci_cos_endpoint`, `cd_cos_endpoint`, and `cc_cos_endpoint` to set the endpoints separately.", "required": false }, - { - "key": "create_ibmcloud_api_key", - "type": "boolean", - "default_value": false, - "description": "Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider.", - "required": false - }, - { - "key": "create_cos_api_key", - "type": "boolean", - "default_value": false, - "description": "Set to `true` to create and add a `cos-api-key` to the Secrets Provider.", - "required": false - }, - { - "key": "create_signing_key", - "type": "boolean", - "default_value": false, - "description": "Set to `true` to create and add a `signing_key`to the Secrets Provider.", - "required": false - }, - { - "key": "create_signing_certificate", - "type": "boolean", - "default_value": false, - "description": "Set to `true` to create and add the `signing-certificate` to the Secrets Provider.", - "required": false - }, - { - "key": "create_sm_secret_group", - "type": "boolean", - "default_value": false, - "description": "Set to `true` to create a secrets group in Secrets Manager.", - "required": false - }, { "key": "repo_git_token_secret_name", "type": "string", diff --git a/main.tf b/main.tf index 9e02d1b8..d68c66bf 100644 --- a/main.tf +++ b/main.tf @@ -75,6 +75,7 @@ module "prereqs" { iam_api_key_secret_name = var.pipeline_ibmcloud_api_key_secret_name signing_key_secret_name = var.ci_signing_key_secret_name signing_certifcate_secret_name = var.cd_code_signing_cert_secret_name + sm_exists = var.enable_secrets_manager } module "devsecops_ci_toolchain" { diff --git a/prereqs/main.tf b/prereqs/main.tf index c9ecc1cd..738446fc 100644 --- a/prereqs/main.tf +++ b/prereqs/main.tf @@ -43,7 +43,7 @@ data "external" "signing_keys" { ####### SECRETS MANAGER ##################### data "ibm_resource_instance" "sm_instance" { - count = (var.sm_name != "") ? 1 : 0 + count = ((var.sm_name != "") && (var.sm_exists == true)) ? 1 : 0 name = var.sm_name location = var.sm_location resource_group_id = var.resource_group_id diff --git a/prereqs/variables.tf b/prereqs/variables.tf index 3e021abd..7dbfbc4a 100644 --- a/prereqs/variables.tf +++ b/prereqs/variables.tf @@ -24,13 +24,13 @@ variable "create_cos_api_key" { variable "create_signing_key" { type = bool - description = "Set to `true` to create and add a `signing_key`to the Secrets Provider." + description = "Experimental. Set to `true` to create and add a `signing_key`to the Secrets Provider." default = false } variable "create_signing_certificate" { type = bool - description = "Set to `true` to create and add the `signing-certificate` to the Secrets Provider." + description = "Experimental. Set to `true` to create and add the `signing-certificate` to the Secrets Provider." default = false } @@ -40,6 +40,12 @@ variable "create_sm_secret_group" { default = false } +variable "sm_exists" { + description = "Only connect to the Secrets Manager instance if it has been enabled for the toolchain." + type = bool + default = false +} + variable "sm_location" { type = string description = "The region location of the Secrets Manager instance."