Appid (#23)

* YAML and appid<-->kp updates

* Updated generate shell script

* Updated the schematics and cloudant details

* Kubernetes namespace fix

* Updated the pattern

* Remove legacy credentials from Cloudant

* Updated README.md and diagram

* Removed Terraform version

* Updated the default cluster name

Author: VidyasagarMSC

.bluemix/deploy.json

@@ -59,7 +59,7 @@
         "$ref": "#/messages/deploy.schematicsWorkspaceDescription"
       },
       "type": "string",
-      "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
+      "pattern": "\\S"
     }
 },
 "required": [

.gitignore

@@ -20,3 +20,4 @@ local_yaml
 
 #vim swap files
 [._]*.sw[a-p]
+terraform/.terraform.lock.hcl

Architecture.svg

@@ -1,12 +1,12 @@
-An older code version for this tutorial can be found in the branch [archive_classic_tekton](https://github.com/IBM-Cloud/secure-file-storage/tree/archive_classic_tekton).
+> An older code version for this tutorial can be found in the branch [archive_classic_tekton](https://github.com/IBM-Cloud/secure-file-storage/tree/archive_classic_tekton).
 
 # Apply end to end security to a cloud application
 
 The repository features a sample application that enables groups of users to upload files to a common storage pool and to provide access to those files via shareable links. The application is written in Node.js and deployed as Docker container to the IBM Cloud Kubernetes service. It leverages several security-related services and features to improve app security. It includes data encrypted with your own keys, user authentication, and security auditing.
 
 Refer to [this tutorial](https://cloud.ibm.com/docs/solution-tutorials?topic=solution-tutorials-cloud-e2e-security) for instructions.
 
-![Architecture](Architecture.png)
+![Architecture](Architecture.svg)
 
 1. The user connects to the application.
 2. [App ID](https://cloud.ibm.com/catalog/services/AppID) secures the application and redirects the user to the authentication page. Users can sign up from there too.
@@ -31,7 +31,7 @@ Please note that the Kubernetes cluster and the resources deployed via Terraform
 
 ### Deploy resources using Terraform managed by Schematics
 
-Either create the Schematics workspace automatically by clicking this ["deploy link"](https://cloud.ibm.com/schematics/workspaces/create?repository=https://github.com/IBM-Cloud/secure-file-storage/tree/master/terraform&terraform_version=terraform_v0.13). Or set it up manually by going to the [Schematics workspaces](https://cloud.ibm.com/schematics/workspaces) and using https://github.com/IBM-Cloud/secure-file-storage/tree/master/terraform as source respository including path and Terraform v0.13 as runtime.
+Either create the Schematics workspace automatically by clicking this ["deploy link"](https://cloud.ibm.com/schematics/workspaces/create?repository=https://github.com/IBM-Cloud/secure-file-storage/tree/master/terraform). Or set it up manually by going to the [Schematics workspaces](https://cloud.ibm.com/schematics/workspaces) and using https://github.com/IBM-Cloud/secure-file-storage/tree/master/terraform as source respository including path and the latest version of Terraform runtime.
 
 Configure all required variables:
 - **basename**: project basename which is used as prefix for names, e.g., secure-file-storage
@@ -74,6 +74,7 @@ In the dialog configure the git repository and the pipeline:
 - IBM Cloud API Key: click New+ (do not click Save this key in a secrets store for reuse).  The API key provides the same privileges as your user id and is used during pipeline execution
 - Region: Region matching the toolchain is the default, but should be adjusted to where you plan to deploy the app.
 - Image Registry Namespace, e.g., secure-file-storage or your username
+- Schematics Workspace ID: Can be found under `Settings` tab of Schematics Workspace
 - Docker Image name: secure-file-storage default is good
 
 Click **Create**.

README.md

@@ -15,7 +15,7 @@ var allowAnonymousAccess = process.env.allow_anonymous || false;
 // Initialize Cloudant
 var Cloudant = require('@cloudant/cloudant');
 var cloudant = new Cloudant({
-  account: process.env.cloudant_username,
+  url: process.env.cloudant_url,
   plugins: [
     'promises',
     {

app/app.js

@@ -1,5 +1,5 @@
 # Cloudant Credentials
-cloudant_username=
+cloudant_url=
 cloudant_iam_apikey=
 cloudant_database=secure-file-storage-metadata
 

app/credentials.template.env

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+if [[ -z "$INGRESS_SUBDOMAIN" ]]; then
+  echo "Ingress subdomain cannot be empty"
+fi
+
+if [[ -z "$IMAGE_REPOSITORY" ]]; then
+  echo "Image repository cannot be empty"
+fi
+
+if [[ -z "$INGRESS_SECRET" ]]; then
+  echo "Ingress secret cannot be empty"
+fi
+
+if [[ -z "$BASENAME" ]]; then
+  BASENAME=secure-file-storage
+fi
+
+if [[ -z "$TARGET_NAMESPACE" ]]; then
+  TARGET_NAMESPACE=default
+fi
+
+cat secure-file-storage.template.yaml | \
+  INGRESS_SUBDOMAIN=$INGRESS_SUBDOMAIN \
+  INGRESS_SECRET=$INGRESS_SECRET \
+  IMAGE_REPOSITORY=$IMAGE_REPOSITORY \
+  BASENAME=$BASENAME \
+  TARGET_NAMESPACE=$TARGET_NAMESPACE \
+  envsubst '$IMAGE_NAME $INGRESS_SECRET $INGRESS_SUBDOMAIN $IMAGE_PULL_SECRET $IMAGE_REPOSITORY $TARGET_NAMESPACE $BASENAME' > secure-file-storage.yaml
+  #| \
+  #oc apply -f - || exit 1