hsf updates sept (#11590)

* added q3 changelog and how to get started

* added resources that were created with 2.2, broke out kubernetes and upgrading, added to workflows

* updating customizing docs

* formatting changes for customizng using chtl

* added sept changelog and audited created resources

* fixed duplicate line

* fixing link path

* reordering pages

Author: ashleykim9

kb/reference-architectures/hsf/changelog.md

@@ -1,9 +1,37 @@
 ---
 title: Changelog
 description: Changelogs and improvements to Harness Solutions Factory.
-sidebar_position: 5
+sidebar_position: 7
 ---
 
+## September 2025
+- Fixed issue with RESOURCE_VARS_ENVS_SECRETS typo
+- Added CI Golden Standard Template and documentation to provide Day-One support for standard Containerized Application builds
+- Fixed issue with Ci-Module-Primer to support setting the docker connector during setup
+
+## August 2025
+- Updated Register IDP Templates Workflow to support single directory load and customized registration file name and path
+- Updated Create And Manage pipeline to resolve IACM changes impacting ephemeral workspaces
+- Fixed issue with Teardown pipeline due to removal of workspace during execution of stage causes an error
+
+## July 2025
+- HSF 2.2 Upgrade to fully support IDP 2.0 release
+    - Updated registration IDP workflow process to use new module
+    - Updated Create and Manage Workspaces Flow to Register IDP resource as part of execution
+    - Updated Provision Workspace workflow to support IDP resource update
+    - Added enhanced IACM pipelines and defaults
+    - Enhanced ExecuteIACMWorkspace pipeline to support Ephemeral workspaces
+    - Enhanced CreateManageIACM workspaces to streamline the entire pipeline and add optional approval
+    - CreateManage pipeline to set the Git Repository Path as non-mandatory
+    - CreateManageWorkspace to pass HARNESS_ACCT and HARNESS_API_KEY variables to plugin
+    - PilotLight::HarnessAcctResources to submit email notifications to users when approval needed
+    - Added Bulk Workspace Management Pipeline
+    - Updated RemotePilotLight Setup
+    - HSF AWS Connector marked for deprecation and remove 'provider_connector' from PilotLight and SolutionsFactory workspaces
+
+## June 2025
+- Added an org-level Dockerhub connector to be leveraged as the default connector for HSF pipelines
+
 ## May 2025
 - Created and scanned HSF and HTL code repositories through Wiz
   - Outputted no vulnerabilities 

kb/reference-architectures/hsf/htl/upgrading-installation.md renamed to kb/reference-architectures/hsf/converting-to-kubernetes.md

@@ -1,26 +1,14 @@
 ---
-title: Upgrading your Installation
+title: Converting your HSF installation to use Kubernetes
 description: As new enhancements are released by the Harness team, your installation will require updates to receive the new capabilities and templates.  Additionally, there are some post-deployment tuning steps that will need to be done to adjust your implementation to suit your needs.
 ---
-As new enhancements are released by the Harness team, your installation will require updates to receive the new capabilities and templates.  Additionally, there are some post-deployment tuning steps that will need to be done to adjust your implementation to suit your needs.
-
-## Upgrade your version of Harness Solutions Factory
-
-1. Navigate to the `Solutions Factory` project within the `Harness Platform Management` organization of your Harness account
-2. Run the pipeline `Mirror Harness Official solutions Factory Repos`
-
-    _**Note**: This pipeline will replicate the current released versions and changes from the Harness ISE team into your local repositories stored within your organization `Harness Platform Management`_
-3. Run the pipeline `Manage Pilot Light` to implement the first phase of the update. This will update the core resources used by HSF
-4. Run the pipeline `Deploy Solutions Factory` to finish the upgrade of the Solutions Factory engines.
-5. Run the pipeline `Register IDP Templates` to synchronize the Harness Template Library workflows into your IDP installation
-
-## Convert your HSF installation to use Kubernetes
 
 1. Navigate to the `Solutions Factory` project within the `Harness Platform Management` organization of your Harness account
 2. Open the `Infrastructure` module and choose `Workspaces`
 3. Find and select the `Harness Pilot Light` workspace
 4. Navigate to the `Variables` tab and choose `OpenTofu Variables`
-5. Edit `kubernetes_connector` to provide an existing Kubernetes connector reference. _**Note**: The connector will need to be scoped to the correct location where the connector exists. Prefix with `account.` or `org.` depending on its location._
+5. Edit `kubernetes_connector` to provide an existing Kubernetes connector reference. 
+_**Note**: The connector will need to be scoped to the correct location where the connector exists. Prefix with `account.` or `org.` depending on its location._
 6. Optionally, edit `kubernetes_namespace` to modify the namespace into which the pods will be deployed.
 
 _**Note**: Additional details around the various options and variables can be found in the `pilot-light` directory of the Harness Solutions Factory repository_
@@ -40,4 +28,4 @@ _**STOP**: Changing the Kubernetes connector in this workspace only modifies it
 _**Note**: Additional details around the various options and variables can be found in the `solutions-factory` directory of the Harness Solutions Factory repository_
 
 15. Navigate to pipelines
-16. Run the pipeline `Deploy Solutions Factory` to apply the changes.
+16. Run the pipeline `Deploy Solutions Factory` to apply the changes.

kb/reference-architectures/hsf/created-resources.md

@@ -10,7 +10,10 @@ After HSF is deployed will have the following resources in your account:
 A service account named `harness-platform-manager` is created at the account level. This service account has admin privileges and is responsible for provisioning and managing the resources necessary for running HSF workflows.
 
 ### Variables
-To support IDP workflows, four account-level variables are also created. These variables store key configuration values, including the project name, organization name, connector information, and platform URL. They enable workflows to dynamically locate and interact with the correct components and environments within Harness.
+To support IDP workflows, account-level variables are created. These variables store key configuration values, including the project name, organization name, connector information, and platform URL. They enable workflows to dynamically locate and interact with the correct components and environments within Harness. The variables created are `HARNESS_ENDPOINT`, `HARNESS_PORTAL_RESOURCES`, `custom_template_library_connector`, `custom_template_library_repo`, `solutions_factory_template_library_connector`, `solutions_factory_template_library_repo`, `solutions_factory_endpoint`, `solutions_factory_org`, and `solutions_factory_project`.
+
+## Connectors
+Connectors are created to integrate HSF with codebases and artifact repos. The connectors that are created are `harnessSecretManager` for both `Delegate Mangement` and `Image Factory` projects, `Custom_Harness_Template_Library_Repo`, `solutions_factory_template_library_connector`, `solutions_factory_template_library_repo`, `Harness_Solutions_Factory_Repo`, `Harness_Template_Library_Repo`, `Harness_Solutions_Factory_Repo___Official`, `harnessSecretManager`, `hsf_solutions_factory_connector`, `hsf_dockerhub_connector`, and `harnessSecretManager`.
 
 ### Organizations
 All HSF-related resources are organized under a newly created organization named `harness-platform-management`. This organization serves as the central location for all projects, configurations, and access controls associated with the HSF deployment.
@@ -19,7 +22,7 @@ All HSF-related resources are organized under a newly created organization named
 Within this organization, two user groups are established: `hsf-admin` and `hsf-user`. The `hsf-admin` group has organization admin privileges and is intended for platform administrators and users managing the implementation of HSF. The `hsf-user` group, by contrast, is granted organization viewer privileges and is designed for broader team access to view and use the workflows without elevated permissions.
 
 ### Secrets
-Secrets are also created at the organization level to securely manage authentication and access credentials. The first, named `HSF Platform API Key`, stores the secret value associated with the harness-platform-manager service account. This key is managed by a pipeline that automatically handles rotation to maintain security best practices.
+Secrets are also created at the organization level to securely manage authentication and access credentials. `HSF Platform API Key`, stores the secret value associated with the harness-platform-manager service account. This key is managed by a pipeline that automatically handles rotation to maintain security best practices. `hsf_harness_stub_secret_key` and `hsf_harness_stub_access_key` are also created.
 
 ### Projects
 Several projects are initialized within the `harness-platform-management` organization. 
@@ -32,11 +35,18 @@ The Solutions Factory project includes eight pipelines, each designed to perform
 - The `Deploy Solutions Factory` pipeline handles additional configuration tasks related to setting up and managing the HSF deployment. It ensures that the target environment is properly initialized and ready to operate.
 - The `Mirror Harness Official Solutions Factory Repository` pipeline is responsible for cloning and copying data from the official HSF repository into your target Harness account. It also manages the synchronization of updates during future releases, effectively keeping your local copy aligned with the source of truth.
 - The `Register IDP Templates` pipeline automatically imports all available templates from the harness-template-library and registers them into your IDP instance. This ensures that your IDP has access to the full suite of templates required to power self-service workflows.
+- The `Register Custom IDP Templates` pipeline automatically imports all available templates from the custom-harness-template-library and registers them into your IDP instance.
 - The `Rotate HSF Token` pipeline handles secure token rotation for the harness-platform-manager service account. 
 - The `Manage Pilot Light` pipeline applies updates and changes to the core HSF framework. It is used to maintain and evolve the foundational infrastructure that supports the overall platform.
 - The `Create and Manage IACM Workspaces` pipeline is invoked at the start of each workflow execution. It provisions and manages IACM workspaces, ensuring that the required infrastructure is in place before any resource provisioning begins.
-- The `Provision Workspace` pipeline will be used for apply only executions and will be one of the pipelines that is separated out from Execute IACM Workspaces. 
+- The `Provision Workspace` pipeline plans and applies workflows (with built-in approvals).
 - The `Execute IACM Workspaces` pipeline is responsible for executing the IACM workspace by applying the selected templates and provisioning the actual Harness resources defined within the workflow.
+- The `Plan and Validate IACM Workspace` pipeline verifies Terraform code.
+- The `Mirror Harnesss Official Solutions Factory Repos` pipeline mirrors the official repos and pulls in any new updates that we release to the code base.
+- The `Execute Drift Analysis` pipeline identifies configuration drift from source code.
+- The `Teardown IACM Workspace` pipeline removes workspaces (with built-in approvals).
+- The `Bulk Workspace Management` pipeline allows for bulk operations.
+- The `Bulk Workspace IDP Registration` pipeline allows for backwards compatibility from older version to load older resources into IDP.
 
 ### Workspaces 
 Two IACM workspaces are created as part of the HSF framework:
@@ -45,6 +55,7 @@ Two IACM workspaces are created as part of the HSF framework:
 
 ### Repositories
 There are three repositories included in the deployment and exist under the organization level. You can find them under Harness Platform Management (organization) → Solutions Factory (account) → Code Repository (module) → Repositories:
-- The `harness-solutions-factory` repository houses all of the source code that is required to standup and run Harness Solutions Factory.
-- The `harness-template-library` repository houses all of the scaffold and templates for how to manage Harness resources.
-- The `harness-delegate-setup` repository serves as an example of how to build a custom Harness Delegate and automate the addition of tools into the delegate.
+- The `harness-solutions-factory` repository houses all of the source code that is required to standup and run Harness Solutions Factory. A code branch rule called `harness_solutions_factory_codeowners` is created in this repository.
+- The `harness-template-library` repository houses all of the scaffold and templates for how to manage Harness resources. A code branch rule called `harness_solutions_factory_codeowners` is created in this repository.
+- The `harness-delegate-setup` repository serves as an example of how to build a custom Harness Delegate and automate the addition of tools into the delegate.
+- The `custom-harness-template-library` repository houses customized templates created to support Harness entity management and provisioning.

kb/reference-architectures/hsf/hsf-faqs.md

@@ -1,7 +1,7 @@
 ---
 title: FAQs
 description: Get answers to some frequently asked questions about HSF.
-sidebar_position: 6
+sidebar_position: 8
 ---
 
 ### How does it work?

kb/reference-architectures/hsf/execute-workflow.md renamed to kb/reference-architectures/hsf/hsf-workflows.md

@@ -1,9 +1,37 @@
 ---
-title: Executing a Workflow
-description: Start using HSF by executing a workflow via IDP.
+title: HSF Workflows
+description: Start using HSF by understanding and executing workflows in IDP.
 sidebar_position: 3
 ---
+## Default Workflows
+These are the workflows that are automatically created when HSF is deployed into your account:
 
+### Harness Organization Setup
+Description: A template to request a new Harness Organization to be created or managed
+
+### Harness Project Setup
+Description: A template to request a new Harness Project to be created or managed
+Resources created: 3 environments (dev, prod, test), 6 user groups, 4 user groups, 2 roles and 7 user bindings
+
+|  | approvers | project_admins | project_engineers | all project users |
+| --- | --- | --- | --- | --- |
+| project viewer | x | x | x | x |
+| project admin |  | x |  |  |
+| developer |  | x | x |  |
+
+### Harness Central Build Farm Setup
+Description: Configures the connectors for a centralized build farm configuration 
+
+### Deploy Harness SAST & SCA Templates
+Description: Configures and deploys a series of templates for SCA and SAST scanners.
+
+### Harness CI Image Factory 
+Description: The Harness CI Image Factory is a pipeline designed to mirror and replicate the lifecycle of images used by Harness CI module steps.
+
+### Harness Delegate Image Factory 
+Description: The Harness Delegate Images Factory is a robust Harness pipeline designed to create and manage the lifecycle of customized Harness Delegate Images.
+
+## Executing a Workflow 
 In order to deploy a workflow or look at the catalog to see what workflows are available go to IDP → Workflows.
 
    <DocImage path={require('../static/hsf-execute-workflow-1.png')} title="Click to view full size image" />

kb/reference-architectures/hsf/htl/configuring-stage-infra.md

@@ -1,6 +1,7 @@
 ---
 title: Configuring Stage Infrastructure
 description: We have documented reusable code snippets that can be used for allowing user customization when writing pipeline template and Template workflows.
+sidebar_position: 3
 ---
 Within the Harness Platform, there are certain modules - CI, STO, IACM, or IDP - that require the user to configure infrastructure. When developing a pipeline with these modules a user must choose a build infrastructure type: Kubernetes or Cloud. We have documented reusable code snippets that can be used for allowing user customization when writing pipeline template and Template workflows.