From bfac8d9ca463f9870ddc4fb5427af451e5abe7fe Mon Sep 17 00:00:00 2001 From: Ashley Kim Date: Wed, 3 Sep 2025 15:21:13 -0400 Subject: [PATCH 1/8] added q3 changelog and how to get started --- kb/reference-architectures/hsf/changelog.md | 23 +++++++++++++++++++++ kb/reference-architectures/hsf/overview.md | 5 ++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/kb/reference-architectures/hsf/changelog.md b/kb/reference-architectures/hsf/changelog.md index e3a350d8c93..95c1e0825e2 100644 --- a/kb/reference-architectures/hsf/changelog.md +++ b/kb/reference-architectures/hsf/changelog.md @@ -4,6 +4,29 @@ description: Changelogs and improvements to Harness Solutions Factory. sidebar_position: 5 --- +## August 2025 +- Updated Register IDP Templates Workflow to support single directory load and customized registration file name and path +- Updated Create And Manage pipeline to resolve IACM changes impacting ephemeral workspaces +- Fixed issue with Teardown pipeline due to removal of workspace during execution of stage causes an error + +## July 2025 +- HSF 2.2 Upgrade to fully support IDP 2.0 release + - Updated registration IDP workflow process to use new module + - Updated Create and Manage Workspaces Flow to Register IDP resource as part of execution + - Updated Provision Workspace workflow to support IDP resource update + - Added enhanced IACM pipelines and defaults + - Enhanced ExecuteIACMWorkspace pipeline to support Ephemeral workspaces + - Enhanced CreateManageIACM workspaces to streamline the entire pipeline and add optional approval + - CreateManage pipeline to set the Git Repository Path as non-mandatory + - CreateManageWorkspace to pass HARNESS_ACCT and HARNESS_API_KEY variables to plugin + - PilotLight::HarnessAcctResources to submit email notifications to users when approval needed + - Added Bulk Workspace Management Pipeline + - Updated RemotePilotLight Setup + - HSF AWS Connector marked for deprecation and remove 'provider_connector' from PilotLight and SolutionsFactory workspaces + +## June 2025 +- Added an org-level Dockerhub connector to be leveraged as the default connector for HSF pipelines + ## May 2025 - Created and scanned HSF and HTL code repositories through Wiz - Outputted no vulnerabilities diff --git a/kb/reference-architectures/hsf/overview.md b/kb/reference-architectures/hsf/overview.md index 7dc71b66a71..dc9fa5a6567 100644 --- a/kb/reference-architectures/hsf/overview.md +++ b/kb/reference-architectures/hsf/overview.md @@ -7,4 +7,7 @@ sidebar_position: 1 ## What is Harness Solutions Factory? Harness Solutions Factory (HSF) is a value-added service provided by the Harness team. It's a scalable automation framework to manage Harness resources. HSF provides Terraform templates for managing the Harness Platform. It creates all resources needed to deploy the Harness Solutions Factory, along with example and best practice templates for platform usage. -Currently, HSF leverages three key Harness components: Code Repository for code storage, Infrastructure as Code Management for Terraform administration, and Internal Developer Portal to host automated workflows. \ No newline at end of file +Currently, HSF leverages three key Harness components: Code Repository for code storage, Infrastructure as Code Management for Terraform administration, and Internal Developer Portal to host automated workflows. + +## How to get started with Harness Solutions Factory? +Please reach out to your account team to get started with HSF! While there is no cost associated with HSF, we would like to understand your use case and make sure we enable the appropriate modules in order to get HSF deployed into your account. \ No newline at end of file From 24d0ee231d9f96a5e5963ad005ae34d3eadd5418 Mon Sep 17 00:00:00 2001 From: Ashley Kim Date: Thu, 11 Sep 2025 15:59:07 -0400 Subject: [PATCH 2/8] added resources that were created with 2.2, broke out kubernetes and upgrading, added to workflows --- ...llation.md => converting-to-kubernetes.md} | 17 +---- .../hsf/created-resources.md | 8 ++- .../hsf/execute-workflow.md | 32 ---------- .../hsf/hsf-workflows.md | 64 +++++++++++++++++++ kb/reference-architectures/hsf/overview.md | 6 +- .../hsf/upgrading-installation.md | 15 +++++ 6 files changed, 90 insertions(+), 52 deletions(-) rename kb/reference-architectures/hsf/{htl/upgrading-installation.md => converting-to-kubernetes.md} (66%) delete mode 100644 kb/reference-architectures/hsf/execute-workflow.md create mode 100644 kb/reference-architectures/hsf/hsf-workflows.md create mode 100644 kb/reference-architectures/hsf/upgrading-installation.md diff --git a/kb/reference-architectures/hsf/htl/upgrading-installation.md b/kb/reference-architectures/hsf/converting-to-kubernetes.md similarity index 66% rename from kb/reference-architectures/hsf/htl/upgrading-installation.md rename to kb/reference-architectures/hsf/converting-to-kubernetes.md index 7c58c435b6e..d739ae50954 100644 --- a/kb/reference-architectures/hsf/htl/upgrading-installation.md +++ b/kb/reference-architectures/hsf/converting-to-kubernetes.md @@ -1,20 +1,7 @@ --- -title: Upgrading your Installation +title: Converting your HSF installation to use Kubernetes description: As new enhancements are released by the Harness team, your installation will require updates to receive the new capabilities and templates. Additionally, there are some post-deployment tuning steps that will need to be done to adjust your implementation to suit your needs. --- -As new enhancements are released by the Harness team, your installation will require updates to receive the new capabilities and templates. Additionally, there are some post-deployment tuning steps that will need to be done to adjust your implementation to suit your needs. - -## Upgrade your version of Harness Solutions Factory - -1. Navigate to the `Solutions Factory` project within the `Harness Platform Management` organization of your Harness account -2. Run the pipeline `Mirror Harness Official solutions Factory Repos` - - _**Note**: This pipeline will replicate the current released versions and changes from the Harness ISE team into your local repositories stored within your organization `Harness Platform Management`_ -3. Run the pipeline `Manage Pilot Light` to implement the first phase of the update. This will update the core resources used by HSF -4. Run the pipeline `Deploy Solutions Factory` to finish the upgrade of the Solutions Factory engines. -5. Run the pipeline `Register IDP Templates` to synchronize the Harness Template Library workflows into your IDP installation - -## Convert your HSF installation to use Kubernetes 1. Navigate to the `Solutions Factory` project within the `Harness Platform Management` organization of your Harness account 2. Open the `Infrastructure` module and choose `Workspaces` @@ -40,4 +27,4 @@ _**STOP**: Changing the Kubernetes connector in this workspace only modifies it _**Note**: Additional details around the various options and variables can be found in the `solutions-factory` directory of the Harness Solutions Factory repository_ 15. Navigate to pipelines -16. Run the pipeline `Deploy Solutions Factory` to apply the changes. +16. Run the pipeline `Deploy Solutions Factory` to apply the changes. \ No newline at end of file diff --git a/kb/reference-architectures/hsf/created-resources.md b/kb/reference-architectures/hsf/created-resources.md index 572c7d48bc3..d12aaa3b247 100644 --- a/kb/reference-architectures/hsf/created-resources.md +++ b/kb/reference-architectures/hsf/created-resources.md @@ -35,8 +35,11 @@ The Solutions Factory project includes eight pipelines, each designed to perform - The `Rotate HSF Token` pipeline handles secure token rotation for the harness-platform-manager service account. - The `Manage Pilot Light` pipeline applies updates and changes to the core HSF framework. It is used to maintain and evolve the foundational infrastructure that supports the overall platform. - The `Create and Manage IACM Workspaces` pipeline is invoked at the start of each workflow execution. It provisions and manages IACM workspaces, ensuring that the required infrastructure is in place before any resource provisioning begins. -- The `Provision Workspace` pipeline will be used for apply only executions and will be one of the pipelines that is separated out from Execute IACM Workspaces. +- The `Provision Workspace` pipeline plans and applies workflows (with built-in approvals). - The `Execute IACM Workspaces` pipeline is responsible for executing the IACM workspace by applying the selected templates and provisioning the actual Harness resources defined within the workflow. +- The `Plan and Validate` pipeline verifies Terraform code. +- The `Drift Analysis` pipeline identifies configuration drift from source code. +- The `Teardown` pipeline removes workspaces (with built-in approvals). ### Workspaces Two IACM workspaces are created as part of the HSF framework: @@ -47,4 +50,5 @@ Two IACM workspaces are created as part of the HSF framework: There are three repositories included in the deployment and exist under the organization level. You can find them under Harness Platform Management (organization) → Solutions Factory (account) → Code Repository (module) → Repositories: - The `harness-solutions-factory` repository houses all of the source code that is required to standup and run Harness Solutions Factory. - The `harness-template-library` repository houses all of the scaffold and templates for how to manage Harness resources. -- The `harness-delegate-setup` repository serves as an example of how to build a custom Harness Delegate and automate the addition of tools into the delegate. \ No newline at end of file +- The `harness-delegate-setup` repository serves as an example of how to build a custom Harness Delegate and automate the addition of tools into the delegate. +- The `custom-harness-template-library` repository houses customized templates created to support Harness entity management and provisioning. \ No newline at end of file diff --git a/kb/reference-architectures/hsf/execute-workflow.md b/kb/reference-architectures/hsf/execute-workflow.md deleted file mode 100644 index f8f4db66a50..00000000000 --- a/kb/reference-architectures/hsf/execute-workflow.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: Executing a Workflow -description: Start using HSF by executing a workflow via IDP. -sidebar_position: 3 ---- - -In order to deploy a workflow or look at the catalog to see what workflows are available go to IDP → Workflows. - - - -To execute click ‘Execute’ and follow the prompts to add in additional configurations. - - - -For this example, we are going to create a new project managed by HSF. - -### How to debug or monitor workflows -After you click create you will see a workflow being kicked off. You can click ‘Show Logs’ to see the output. - - - -If you scroll down you will see another link that will direct you to the **Create and Manage IACM Workspaces** pipeline that is being run to start the workflow. - - - -After this pipeline is done, it will kick off the **Execute IACM Workspace** pipeline. - - - -To see the logs you can navigate to the running instance of the pipeline and monitor it. - - \ No newline at end of file diff --git a/kb/reference-architectures/hsf/hsf-workflows.md b/kb/reference-architectures/hsf/hsf-workflows.md new file mode 100644 index 00000000000..e037ff56b24 --- /dev/null +++ b/kb/reference-architectures/hsf/hsf-workflows.md @@ -0,0 +1,64 @@ +--- +title: HSF Workflows +description: Start using HSF by understanding and executing workflows in IDP. +sidebar_position: 3 +--- +## Default Workflows +These are the workflows that are automatically created when HSF is deployed into your account: + +### Harness Organization Setup +Description: A template to request a new Harness Organization to be created or managed + +### Harness Project Setup +Description: A template to request a new Harness Project to be created or managed +Resources created: 3 environments (dev, prod, test), 6 user groups, 4 user groups, 2 roles and 7 user bindings + +| | approvers | project_admins | project_engineers | all project users | +| --- | --- | --- | --- | --- | +| project viewer | x | x | x | x | +| project admin | | x | | | +| developer | | x | x | | + +### Harness Central Build Farm Setup +Description: Configures the connectors for a centralized build farm configuration + +### Deploy Harness SAST & SCA Templates +Description: Configures and deploys a series of templates for SCA and SAST scanners. + +### Harness CI Image Factory +Description: The Harness CI Image Factory is a pipeline designed to mirror and replicate the lifecycle of images used by Harness CI module steps. + +### Harness Delegate Image Factory +Description: The Harness Delegate Images Factory is a robust Harness pipeline designed to create and manage the lifecycle of customized Harness Delegate Images. + +## Executing a Workflow +In order to deploy a workflow or look at the catalog to see what workflows are available go to IDP → Workflows. + + + +To execute click ‘Execute’ and follow the prompts to add in additional configurations. + + + +For this example, we are going to create a new project managed by HSF. + +### How to debug or monitor workflows +After you click create you will see a workflow being kicked off. You can click ‘Show Logs’ to see the output. + + + +If you scroll down you will see another link that will direct you to the **Create and Manage IACM Workspaces** pipeline that is being run to start the workflow. + + + +After this pipeline is done, it will kick off the **Execute IACM Workspace** pipeline. + + + +To see the logs you can navigate to the running instance of the pipeline and monitor it. + + + +## Making Changes to a Workflow + +## Making Changes to Resources Created by a Workflow \ No newline at end of file diff --git a/kb/reference-architectures/hsf/overview.md b/kb/reference-architectures/hsf/overview.md index dc9fa5a6567..737c47bde01 100644 --- a/kb/reference-architectures/hsf/overview.md +++ b/kb/reference-architectures/hsf/overview.md @@ -5,9 +5,9 @@ sidebar_position: 1 --- ## What is Harness Solutions Factory? -Harness Solutions Factory (HSF) is a value-added service provided by the Harness team. It's a scalable automation framework to manage Harness resources. HSF provides Terraform templates for managing the Harness Platform. It creates all resources needed to deploy the Harness Solutions Factory, along with example and best practice templates for platform usage. +Harness Solutions Factory (HSF) is a value delivery service provided by Harness. It's a scalable automation framework to manage Harness resources. HSF provides you with self-service workflows that have a baseline of industry standards and best practices while delivering day-one value. -Currently, HSF leverages three key Harness components: Code Repository for code storage, Infrastructure as Code Management for Terraform administration, and Internal Developer Portal to host automated workflows. +HSF is an opinionated framework for automating and scaling Harness Platform onboarding and adoption, offering pre-built templates, pipelines, best practices, and workflows powered by Harness Code Repositories, IaC Management, and the Internal Developer Portal. -## How to get started with Harness Solutions Factory? +## How do I get started with Harness Solutions Factory? Please reach out to your account team to get started with HSF! While there is no cost associated with HSF, we would like to understand your use case and make sure we enable the appropriate modules in order to get HSF deployed into your account. \ No newline at end of file diff --git a/kb/reference-architectures/hsf/upgrading-installation.md b/kb/reference-architectures/hsf/upgrading-installation.md new file mode 100644 index 00000000000..b205a4ea621 --- /dev/null +++ b/kb/reference-architectures/hsf/upgrading-installation.md @@ -0,0 +1,15 @@ +--- +title: Upgrading your Installation +description: As new enhancements are released by the Harness team, your installation will require updates to receive the new capabilities and templates. Additionally, there are some post-deployment tuning steps that will need to be done to adjust your implementation to suit your needs. +--- +As new enhancements are released by the Harness team, your installation will require updates to receive the new capabilities and templates. Additionally, there are some post-deployment tuning steps that will need to be done to adjust your implementation to suit your needs. + +## Upgrade your version of Harness Solutions Factory + +1. Navigate to the `Solutions Factory` project within the `Harness Platform Management` organization of your Harness account +2. Run the pipeline `Mirror Harness Official solutions Factory Repos` + + _**Note**: This pipeline will replicate the current released versions and changes from the Harness ISE team into your local repositories stored within your organization `Harness Platform Management`_ +3. Run the pipeline `Manage Pilot Light` to implement the first phase of the update. This will update the core resources used by HSF +4. Run the pipeline `Deploy Solutions Factory` to finish the upgrade of the Solutions Factory engines. +5. Run the pipeline `Register IDP Templates` to synchronize the Harness Template Library workflows into your IDP installation From d46fb440ef9714304668a0a0760a431de7265f3a Mon Sep 17 00:00:00 2001 From: Ashley Kim Date: Mon, 15 Sep 2025 10:01:22 -0400 Subject: [PATCH 3/8] updating customizing docs --- .../hsf/htl/customizing-using-chtl.md | 174 ++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 kb/reference-architectures/hsf/htl/customizing-using-chtl.md diff --git a/kb/reference-architectures/hsf/htl/customizing-using-chtl.md b/kb/reference-architectures/hsf/htl/customizing-using-chtl.md new file mode 100644 index 00000000000..944700e2e78 --- /dev/null +++ b/kb/reference-architectures/hsf/htl/customizing-using-chtl.md @@ -0,0 +1,174 @@ +--- +title: How To Customize using Harness Custom Template Library +description: This document will walk you through the steps required to setup a new custom Harness Template Library and connect it to your Harness Solutions Factory deployment. +--- + +For the purpose of this tutorial we will be focusing on customizing the project creation workflow but this can be done for any workflow. + +## Setup the Custom Template Library + +1. Clone **harness-template-library** and **custom-harness-template-library** from your account. + + * **harness-template-library** has the source + + * **custom-harness-template-library** has the scaffold + +2. Open in your code editor and create a branch. + +3. Copy **idp\_resource\_template**, the entire directory from **harness-template-library**, into **custom-harness-template-library** + + * This directory contains files for setting up connections and resource templates. It is used presently, and if it don’t exist it will fail. + +4. Copy **idp\_registry\_mgr.yaml** into root you want this to be in the same exact location at **harness-template-library** + + * Inside this file look for the workflow you want to customize and delete the entities that do not apply. We are deleting them because they are not needed because they do not exist! + + * If you already have other custom workflows make sure you don’t delete the ones you’ve already created and just add another under entities. + + * Chance the **source** to custom-template-library + + * Change the **created\_by** + + * Save + +* For our example our **idp\_registry\_mgr.yaml** will look like this: + +``` +--- +annotations: + source: custom-template-library + created_by: Mine +entities: + - org: Harness_Platform_Management + project: Solutions Factory + workflows: + - name: harness-project +``` + +5. Copy the directory of the workflow you are modifying and drop it at the root of **custom-harness-template-library** + + * Go into .harness → **catalog\_template.yaml** file to make changes so that the catalog file is pointed to the custom copy + + * Find the **template\_library\_connector** and change the **default** to + + * Find the **template\_library\_repo** and change the **default** to + + * _**Note:** These variables are set and already in our Harness account under Account Settings → Variables as Custom Template Library Repo and Custom Template Library Connector._ + + * Find the **template\_library\_branch** and change the default to whatever you named your branch + + * If you wanted multiple different workflows you could customize even further and edit **template\_library\_directory** + + * Change the properties repo\_source default to custom. This will set the tag for bulk actions. + + * Save, commit, push + +6. Go back to Harness → Solutions Factory Project → Pipelines and run the Register Custom IDP Templates pipeline which will read from the file we just edited. + + * Change the **hsf\_branch** pipeline variable to the branch we just pushed to + + * _**Note:** Generally the branch will be set to main but for testing purposes we are setting it to the branch we just pushed to._ + + * This pipeline is cloning the repo, and read the registration file + + +You don’t need to worry about the one that currently exists because it has an annotation **is\_harnesss\_official: “True”**. When this workflow runs it will match the ID of the workflow, then change the annotation is\_harness\_official to “False” and replace any of the changes. From this point forward if I run the official IDP it won’t touch the one I modified. + +Any workspaces that are created with the custom template library will now be configured with the **source:custom** tag, and have the appropriate connectors, branch and repos. + +## Adding in a Variable + +Going back to our example let’s assume that you want to add a variable into the project creation workflow. + +1. Navigate to the [Terraform Harness Documentation](https://registry.terraform.io/providers/harness/harness/latest/docs "https://registry.terraform.io/providers/harness/harness/latest/docs") + +2. Under Next Gen find harness\_platform\_variables + +3. Go into your code editor + +4. Add in file **harness\_variables.tf** and paste in declaration from the Terraform docs + + * Change **org\_id** to data.harness\_platform\_organization.selected.id + + * You could use a variable but this was pulled from the others where the data object already exists. + + * Change **project\_id** to data.harness\_platform\_project.selected.id + + * You could use a variable but this was pulled from the others where the data object already exists. + + * Change **fixed\_value** to var.application\_id + + +``` +resource "harness_platform_variables" "application_id"{ + identifier = "application_id" + name = "Application ID" + org_id = data.harness_platform_organization.selected.id + project_id = data.harness_platform_project.selected.id + type = "String" + spec { + value_type = "FIXED" + fixed_value = var.application_id + } +} +``` + +5. Add in the **application\_id** variable into **variables.tf** +``` +variable "application_id"{ + type = string + description = "[Optional] Please provide your team's application ID" + default = "n/a" +} +``` +6. Add the variable to **catalog\_template.yaml**. This will tell the user what to do and pass the information. + +``` +application_id: + title: "ServiceNOW Application Identifier" + type: string + description: "Please provide your team's application ID" +``` + +* If you wanted to add in validations you can add this in here and add in things like patterns, minLength, and maxLength. + +* Let’s say all new builds must have this field, so now we will add it into required + +* Note: the default value covers all pre-existing builds + +* Scroll down to **configure\_workspace** and under RESOURCE\_VARS add + + +```application_id: ${{ parameters.application_id }}``` + +* This will pass in the application ID into workspace creation. + +* Save, commit and push + + +7. Since we made changes to the workflow you need to run the Register Custom IDP Templates pipeline + + +Workflows are registered using APIs not git experience therefore the change would only take effect if it’s reloaded back in. + +## Adding a New Group + +1. Create a new file under groups + + +The name of the file is very important as it is going to determine the identifier + +As an example let’s create a Security Champions group by creating the Security\_Champions.yaml file that looks like this: + +``` +tags: + purpose: Security Champions +role bindings: + - role: _project_viewer + resource_group: _all_project_level_resources + - role: _sto_secops_role + resource_group: _all_project_level_resources +``` + +2. Save, commit and push + \ No newline at end of file From 5a60446231a1f48de12bfee8f8457f5a734f415f Mon Sep 17 00:00:00 2001 From: Ashley Kim Date: Mon, 15 Sep 2025 10:12:24 -0400 Subject: [PATCH 4/8] formatting changes for customizng using chtl --- .../hsf/htl/customizing-using-chtl.md | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/kb/reference-architectures/hsf/htl/customizing-using-chtl.md b/kb/reference-architectures/hsf/htl/customizing-using-chtl.md index 944700e2e78..942a3330fbb 100644 --- a/kb/reference-architectures/hsf/htl/customizing-using-chtl.md +++ b/kb/reference-architectures/hsf/htl/customizing-using-chtl.md @@ -15,11 +15,11 @@ For the purpose of this tutorial we will be focusing on customizing the project 2. Open in your code editor and create a branch. -3. Copy **idp\_resource\_template**, the entire directory from **harness-template-library**, into **custom-harness-template-library** +3. Copy **idp_resource_template**, the entire directory from **harness-template-library**, into **custom-harness-template-library** * This directory contains files for setting up connections and resource templates. It is used presently, and if it don’t exist it will fail. -4. Copy **idp\_registry\_mgr.yaml** into root you want this to be in the same exact location at **harness-template-library** +4. Copy **idp_registry_mgr.yaml** into root you want this to be in the same exact location at **harness-template-library** * Inside this file look for the workflow you want to customize and delete the entities that do not apply. We are deleting them because they are not needed because they do not exist! @@ -27,11 +27,11 @@ For the purpose of this tutorial we will be focusing on customizing the project * Chance the **source** to custom-template-library - * Change the **created\_by** + * Change the **created_by** * Save -* For our example our **idp\_registry\_mgr.yaml** will look like this: +* For our example our **idp_registry_mgr.yaml** will look like this: ``` --- @@ -47,32 +47,32 @@ entities: 5. Copy the directory of the workflow you are modifying and drop it at the root of **custom-harness-template-library** - * Go into .harness → **catalog\_template.yaml** file to make changes so that the catalog file is pointed to the custom copy + * Go into .harness → **catalog_template.yaml** file to make changes so that the catalog file is pointed to the custom copy - * Find the **template\_library\_connector** and change the **default** to + * Find the **template_library_connector** and change the **default** to `` - * Find the **template\_library\_repo** and change the **default** to + * Find the **template_library_repo** and change the **default** to `` - * _**Note:** These variables are set and already in our Harness account under Account Settings → Variables as Custom Template Library Repo and Custom Template Library Connector._ + * **Note:** These variables are set and already in our Harness account under Account Settings → Variables as Custom Template Library Repo and Custom Template Library Connector._ - * Find the **template\_library\_branch** and change the default to whatever you named your branch + * Find the **template_library_branch** and change the default to whatever you named your branch - * If you wanted multiple different workflows you could customize even further and edit **template\_library\_directory** + * If you wanted multiple different workflows you could customize even further and edit **template_library_directory** - * Change the properties repo\_source default to custom. This will set the tag for bulk actions. + * Change the properties repo_source default to custom. This will set the tag for bulk actions. * Save, commit, push 6. Go back to Harness → Solutions Factory Project → Pipelines and run the Register Custom IDP Templates pipeline which will read from the file we just edited. - * Change the **hsf\_branch** pipeline variable to the branch we just pushed to + * Change the **hsf_branch** pipeline variable to the branch we just pushed to * _**Note:** Generally the branch will be set to main but for testing purposes we are setting it to the branch we just pushed to._ * This pipeline is cloning the repo, and read the registration file -You don’t need to worry about the one that currently exists because it has an annotation **is\_harnesss\_official: “True”**. When this workflow runs it will match the ID of the workflow, then change the annotation is\_harness\_official to “False” and replace any of the changes. From this point forward if I run the official IDP it won’t touch the one I modified. +You don’t need to worry about the one that currently exists because it has an annotation **is_harnesss_official: “True”**. When this workflow runs it will match the ID of the workflow, then change the annotation is_harness_official to “False” and replace any of the changes. From this point forward if I run the official IDP it won’t touch the one I modified. Any workspaces that are created with the custom template library will now be configured with the **source:custom** tag, and have the appropriate connectors, branch and repos. @@ -82,21 +82,21 @@ Going back to our example let’s assume that you want to add a variable into th 1. Navigate to the [Terraform Harness Documentation](https://registry.terraform.io/providers/harness/harness/latest/docs "https://registry.terraform.io/providers/harness/harness/latest/docs") -2. Under Next Gen find harness\_platform\_variables +2. Under Next Gen find harness_platform_variables 3. Go into your code editor -4. Add in file **harness\_variables.tf** and paste in declaration from the Terraform docs +4. Add in file **harness_variables.tf** and paste in declaration from the Terraform docs - * Change **org\_id** to data.harness\_platform\_organization.selected.id + * Change **org_id** to data.harness_platform_organization.selected.id * You could use a variable but this was pulled from the others where the data object already exists. - * Change **project\_id** to data.harness\_platform\_project.selected.id + * Change **project_id** to data.harness_platform_project.selected.id * You could use a variable but this was pulled from the others where the data object already exists. - * Change **fixed\_value** to var.application\_id + * Change **fixed_value** to var.application_id ``` @@ -113,7 +113,7 @@ resource "harness_platform_variables" "application_id"{ } ``` -5. Add in the **application\_id** variable into **variables.tf** +5. Add in the **application_id** variable into **variables.tf** ``` variable "application_id"{ type = string @@ -121,7 +121,7 @@ variable "application_id"{ default = "n/a" } ``` -6. Add the variable to **catalog\_template.yaml**. This will tell the user what to do and pass the information. +6. Add the variable to **catalog_template.yaml**. This will tell the user what to do and pass the information. ``` application_id: @@ -136,7 +136,7 @@ application_id: * Note: the default value covers all pre-existing builds -* Scroll down to **configure\_workspace** and under RESOURCE\_VARS add +* Scroll down to **configure_workspace** and under RESOURCE_VARS add ```application_id: ${{ parameters.application_id }}``` @@ -146,7 +146,7 @@ application_id: * Save, commit and push -7. Since we made changes to the workflow you need to run the Register Custom IDP Templates pipeline +7. Run the Register Custom IDP Templates pipeline since we made changes to the workflow. Workflows are registered using APIs not git experience therefore the change would only take effect if it’s reloaded back in. @@ -158,7 +158,7 @@ Workflows are registered using APIs not git experience therefore the change woul The name of the file is very important as it is going to determine the identifier -As an example let’s create a Security Champions group by creating the Security\_Champions.yaml file that looks like this: +As an example let’s create a Security Champions group by creating the Security_Champions.yaml file that looks like this: ``` tags: From 81b388e36e8932a954021eb829304bee97860039 Mon Sep 17 00:00:00 2001 From: Ashley Kim Date: Tue, 16 Sep 2025 10:21:46 -0400 Subject: [PATCH 5/8] added sept changelog and audited created resources --- kb/reference-architectures/hsf/changelog.md | 6 ++++++ .../hsf/created-resources.md | 21 ++++++++++++------- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/kb/reference-architectures/hsf/changelog.md b/kb/reference-architectures/hsf/changelog.md index 95c1e0825e2..9d0240e5547 100644 --- a/kb/reference-architectures/hsf/changelog.md +++ b/kb/reference-architectures/hsf/changelog.md @@ -4,6 +4,12 @@ description: Changelogs and improvements to Harness Solutions Factory. sidebar_position: 5 --- +## September 2025 +- Fixed issue with RESOURCE_VARS_ENVS_SECRETS typo +- Added CI Golden Standard Template and documentation to provide Day-One support for standard Containerized Application builds +- Fixed issue with Ci-Module-Primer to support setting the docker connector during setup +- Fixed issue with Ci-Module-Primer to support setting the docker connector during setup + ## August 2025 - Updated Register IDP Templates Workflow to support single directory load and customized registration file name and path - Updated Create And Manage pipeline to resolve IACM changes impacting ephemeral workspaces diff --git a/kb/reference-architectures/hsf/created-resources.md b/kb/reference-architectures/hsf/created-resources.md index d12aaa3b247..f786fa25be7 100644 --- a/kb/reference-architectures/hsf/created-resources.md +++ b/kb/reference-architectures/hsf/created-resources.md @@ -10,7 +10,10 @@ After HSF is deployed will have the following resources in your account: A service account named `harness-platform-manager` is created at the account level. This service account has admin privileges and is responsible for provisioning and managing the resources necessary for running HSF workflows. ### Variables -To support IDP workflows, four account-level variables are also created. These variables store key configuration values, including the project name, organization name, connector information, and platform URL. They enable workflows to dynamically locate and interact with the correct components and environments within Harness. +To support IDP workflows, account-level variables are created. These variables store key configuration values, including the project name, organization name, connector information, and platform URL. They enable workflows to dynamically locate and interact with the correct components and environments within Harness. The variables created are `HARNESS_ENDPOINT`, `HARNESS_PORTAL_RESOURCES`, `custom_template_library_connector`, `custom_template_library_repo`, `solutions_factory_template_library_connector`, `solutions_factory_template_library_repo`, `solutions_factory_endpoint`, `solutions_factory_org`, and `solutions_factory_project`. + +## Connectors +Connectors are created to integrate HSF with codebases and artifact repos. The connectors that are created are `harnessSecretManager` for both `Delegate Mangement` and `Image Factory` projects, `Custom_Harness_Template_Library_Repo`, `solutions_factory_template_library_connector`, `solutions_factory_template_library_repo`, `Harness_Solutions_Factory_Repo`, `Harness_Template_Library_Repo`, `Harness_Solutions_Factory_Repo___Official`, `harnessSecretManager`, `hsf_solutions_factory_connector`, `hsf_dockerhub_connector`, and `harnessSecretManager`. ### Organizations All HSF-related resources are organized under a newly created organization named `harness-platform-management`. This organization serves as the central location for all projects, configurations, and access controls associated with the HSF deployment. @@ -19,7 +22,7 @@ All HSF-related resources are organized under a newly created organization named Within this organization, two user groups are established: `hsf-admin` and `hsf-user`. The `hsf-admin` group has organization admin privileges and is intended for platform administrators and users managing the implementation of HSF. The `hsf-user` group, by contrast, is granted organization viewer privileges and is designed for broader team access to view and use the workflows without elevated permissions. ### Secrets -Secrets are also created at the organization level to securely manage authentication and access credentials. The first, named `HSF Platform API Key`, stores the secret value associated with the harness-platform-manager service account. This key is managed by a pipeline that automatically handles rotation to maintain security best practices. +Secrets are also created at the organization level to securely manage authentication and access credentials. `HSF Platform API Key`, stores the secret value associated with the harness-platform-manager service account. This key is managed by a pipeline that automatically handles rotation to maintain security best practices. `hsf_harness_stub_secret_key` and `hsf_harness_stub_access_key` are also created. ### Projects Several projects are initialized within the `harness-platform-management` organization. @@ -32,14 +35,18 @@ The Solutions Factory project includes eight pipelines, each designed to perform - The `Deploy Solutions Factory` pipeline handles additional configuration tasks related to setting up and managing the HSF deployment. It ensures that the target environment is properly initialized and ready to operate. - The `Mirror Harness Official Solutions Factory Repository` pipeline is responsible for cloning and copying data from the official HSF repository into your target Harness account. It also manages the synchronization of updates during future releases, effectively keeping your local copy aligned with the source of truth. - The `Register IDP Templates` pipeline automatically imports all available templates from the harness-template-library and registers them into your IDP instance. This ensures that your IDP has access to the full suite of templates required to power self-service workflows. +- The `Register Custom IDP Templates` pipeline automatically imports all available templates from the custom-harness-template-library and registers them into your IDP instance. - The `Rotate HSF Token` pipeline handles secure token rotation for the harness-platform-manager service account. - The `Manage Pilot Light` pipeline applies updates and changes to the core HSF framework. It is used to maintain and evolve the foundational infrastructure that supports the overall platform. - The `Create and Manage IACM Workspaces` pipeline is invoked at the start of each workflow execution. It provisions and manages IACM workspaces, ensuring that the required infrastructure is in place before any resource provisioning begins. - The `Provision Workspace` pipeline plans and applies workflows (with built-in approvals). - The `Execute IACM Workspaces` pipeline is responsible for executing the IACM workspace by applying the selected templates and provisioning the actual Harness resources defined within the workflow. -- The `Plan and Validate` pipeline verifies Terraform code. -- The `Drift Analysis` pipeline identifies configuration drift from source code. -- The `Teardown` pipeline removes workspaces (with built-in approvals). +- The `Plan and Validate IACM Workspace` pipeline verifies Terraform code. +- The `Mirror Harnesss Official Solutions Factory Repos` pipeline mirrors the official repos and pulls in any new updates that we release to the code base. +- The `Execute Drift Analysis` pipeline identifies configuration drift from source code. +- The `Teardown IACM Workspace` pipeline removes workspaces (with built-in approvals). +- The `Bulk Workspace Management` pipeline allows for bulk operations. +- The `Bulk Workspace IDP Registration` pipeline allows for backwards compatibility from older version to load older resources into IDP. ### Workspaces Two IACM workspaces are created as part of the HSF framework: @@ -48,7 +55,7 @@ Two IACM workspaces are created as part of the HSF framework: ### Repositories There are three repositories included in the deployment and exist under the organization level. You can find them under Harness Platform Management (organization) → Solutions Factory (account) → Code Repository (module) → Repositories: -- The `harness-solutions-factory` repository houses all of the source code that is required to standup and run Harness Solutions Factory. -- The `harness-template-library` repository houses all of the scaffold and templates for how to manage Harness resources. +- The `harness-solutions-factory` repository houses all of the source code that is required to standup and run Harness Solutions Factory. A code branch rule called `harness_solutions_factory_codeowners` is created in this repository. +- The `harness-template-library` repository houses all of the scaffold and templates for how to manage Harness resources. A code branch rule called `harness_solutions_factory_codeowners` is created in this repository. - The `harness-delegate-setup` repository serves as an example of how to build a custom Harness Delegate and automate the addition of tools into the delegate. - The `custom-harness-template-library` repository houses customized templates created to support Harness entity management and provisioning. \ No newline at end of file From 706ba793863b2ad07b7f4ea4aabb7d9e7f9c5b2e Mon Sep 17 00:00:00 2001 From: Ashley Kim Date: Tue, 16 Sep 2025 10:34:42 -0400 Subject: [PATCH 6/8] fixed duplicate line --- kb/reference-architectures/hsf/changelog.md | 1 - kb/reference-architectures/hsf/converting-to-kubernetes.md | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kb/reference-architectures/hsf/changelog.md b/kb/reference-architectures/hsf/changelog.md index 9d0240e5547..378c34d05c3 100644 --- a/kb/reference-architectures/hsf/changelog.md +++ b/kb/reference-architectures/hsf/changelog.md @@ -8,7 +8,6 @@ sidebar_position: 5 - Fixed issue with RESOURCE_VARS_ENVS_SECRETS typo - Added CI Golden Standard Template and documentation to provide Day-One support for standard Containerized Application builds - Fixed issue with Ci-Module-Primer to support setting the docker connector during setup -- Fixed issue with Ci-Module-Primer to support setting the docker connector during setup ## August 2025 - Updated Register IDP Templates Workflow to support single directory load and customized registration file name and path diff --git a/kb/reference-architectures/hsf/converting-to-kubernetes.md b/kb/reference-architectures/hsf/converting-to-kubernetes.md index d739ae50954..948415f898e 100644 --- a/kb/reference-architectures/hsf/converting-to-kubernetes.md +++ b/kb/reference-architectures/hsf/converting-to-kubernetes.md @@ -7,7 +7,8 @@ description: As new enhancements are released by the Harness team, your installa 2. Open the `Infrastructure` module and choose `Workspaces` 3. Find and select the `Harness Pilot Light` workspace 4. Navigate to the `Variables` tab and choose `OpenTofu Variables` -5. Edit `kubernetes_connector` to provide an existing Kubernetes connector reference. _**Note**: The connector will need to be scoped to the correct location where the connector exists. Prefix with `account.` or `org.` depending on its location._ +5. Edit `kubernetes_connector` to provide an existing Kubernetes connector reference. +_**Note**: The connector will need to be scoped to the correct location where the connector exists. Prefix with `account.` or `org.` depending on its location._ 6. Optionally, edit `kubernetes_namespace` to modify the namespace into which the pods will be deployed. _**Note**: Additional details around the various options and variables can be found in the `pilot-light` directory of the Harness Solutions Factory repository_ From 8a2d850315c787071c16df6d2d506323ac4633bf Mon Sep 17 00:00:00 2001 From: Ashley Kim Date: Tue, 16 Sep 2025 10:47:09 -0400 Subject: [PATCH 7/8] fixing link path --- kb/reference-architectures/hsf/htl/setup-custom-htl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kb/reference-architectures/hsf/htl/setup-custom-htl.md b/kb/reference-architectures/hsf/htl/setup-custom-htl.md index 791b0449071..cd3b32f4b1b 100644 --- a/kb/reference-architectures/hsf/htl/setup-custom-htl.md +++ b/kb/reference-architectures/hsf/htl/setup-custom-htl.md @@ -7,7 +7,7 @@ This document will walk you through the steps required to setup a new custom Har A Custom Harness Template Library repository is included with the deployment of your Harness Solutions Factory. This repo contains a copy of this documentation along with additional configuration files intended to help streamline the setup of new or modified Template Library entries. -_**Note**: If you do not have a Custom Harness Template Library repo in the root of your Harness Platform Management organization, then proceed to the documentation on [How to upgrade your Solutions Factory implementation](./upgrading-installation.md)_ +_**Note**: If you do not have a Custom Harness Template Library repo in the root of your Harness Platform Management organization, then proceed to the documentation on [How to upgrade your Solutions Factory implementation](../upgrading-installation.md)_ _**Note**: When configuring the Solutions Factory implementation for the first time, the custom-harness-template-library will import the original source repository directly into the repo. The source for this repo can be found in [Github here](https://github.com/harness-solutions-factory/custom-harness-template-library). Subsequent updates to the Solutions Factory installation will not synchronize any changes in this repository._ From 8d90b6ec92989a5216e2bb1fb7cddf8c05488594 Mon Sep 17 00:00:00 2001 From: Ashley Kim Date: Tue, 16 Sep 2025 11:41:39 -0400 Subject: [PATCH 8/8] reordering pages --- kb/reference-architectures/hsf/changelog.md | 2 +- kb/reference-architectures/hsf/hsf-faqs.md | 2 +- kb/reference-architectures/hsf/hsf-workflows.md | 6 +----- .../hsf/htl/configuring-stage-infra.md | 1 + .../hsf/htl/customizing-using-chtl.md | 1 + kb/reference-architectures/hsf/htl/developer-env-setup.md | 1 + .../hsf/htl/local-testing-using-make.md | 1 + kb/reference-architectures/hsf/htl/setup-custom-htl.md | 1 + 8 files changed, 8 insertions(+), 7 deletions(-) diff --git a/kb/reference-architectures/hsf/changelog.md b/kb/reference-architectures/hsf/changelog.md index 378c34d05c3..054d4a91b3d 100644 --- a/kb/reference-architectures/hsf/changelog.md +++ b/kb/reference-architectures/hsf/changelog.md @@ -1,7 +1,7 @@ --- title: Changelog description: Changelogs and improvements to Harness Solutions Factory. -sidebar_position: 5 +sidebar_position: 7 --- ## September 2025 diff --git a/kb/reference-architectures/hsf/hsf-faqs.md b/kb/reference-architectures/hsf/hsf-faqs.md index b9cb0a1a4b5..ca01dd03b81 100644 --- a/kb/reference-architectures/hsf/hsf-faqs.md +++ b/kb/reference-architectures/hsf/hsf-faqs.md @@ -1,7 +1,7 @@ --- title: FAQs description: Get answers to some frequently asked questions about HSF. -sidebar_position: 6 +sidebar_position: 8 --- ### How does it work? diff --git a/kb/reference-architectures/hsf/hsf-workflows.md b/kb/reference-architectures/hsf/hsf-workflows.md index e037ff56b24..2b3b9bdb2a5 100644 --- a/kb/reference-architectures/hsf/hsf-workflows.md +++ b/kb/reference-architectures/hsf/hsf-workflows.md @@ -57,8 +57,4 @@ After this pipeline is done, it will kick off the **Execute IACM Workspace** pip To see the logs you can navigate to the running instance of the pipeline and monitor it. - - -## Making Changes to a Workflow - -## Making Changes to Resources Created by a Workflow \ No newline at end of file + \ No newline at end of file diff --git a/kb/reference-architectures/hsf/htl/configuring-stage-infra.md b/kb/reference-architectures/hsf/htl/configuring-stage-infra.md index c6d2fee3db1..41ccb097f41 100644 --- a/kb/reference-architectures/hsf/htl/configuring-stage-infra.md +++ b/kb/reference-architectures/hsf/htl/configuring-stage-infra.md @@ -1,6 +1,7 @@ --- title: Configuring Stage Infrastructure description: We have documented reusable code snippets that can be used for allowing user customization when writing pipeline template and Template workflows. +sidebar_position: 3 --- Within the Harness Platform, there are certain modules - CI, STO, IACM, or IDP - that require the user to configure infrastructure. When developing a pipeline with these modules a user must choose a build infrastructure type: Kubernetes or Cloud. We have documented reusable code snippets that can be used for allowing user customization when writing pipeline template and Template workflows. diff --git a/kb/reference-architectures/hsf/htl/customizing-using-chtl.md b/kb/reference-architectures/hsf/htl/customizing-using-chtl.md index 942a3330fbb..484808be78d 100644 --- a/kb/reference-architectures/hsf/htl/customizing-using-chtl.md +++ b/kb/reference-architectures/hsf/htl/customizing-using-chtl.md @@ -1,6 +1,7 @@ --- title: How To Customize using Harness Custom Template Library description: This document will walk you through the steps required to setup a new custom Harness Template Library and connect it to your Harness Solutions Factory deployment. +sidebar_position: 5 --- For the purpose of this tutorial we will be focusing on customizing the project creation workflow but this can be done for any workflow. diff --git a/kb/reference-architectures/hsf/htl/developer-env-setup.md b/kb/reference-architectures/hsf/htl/developer-env-setup.md index e9743c5c321..6b30fb94cc0 100644 --- a/kb/reference-architectures/hsf/htl/developer-env-setup.md +++ b/kb/reference-architectures/hsf/htl/developer-env-setup.md @@ -1,6 +1,7 @@ --- title: Developer Environment Setup description: Developing for HTL involves having docker, terraform/opentofu, and git installed locally. +sidebar_position: 1 --- ## Using the DevContainer in this repository diff --git a/kb/reference-architectures/hsf/htl/local-testing-using-make.md b/kb/reference-architectures/hsf/htl/local-testing-using-make.md index 80e0495fa27..119b7e5c97e 100644 --- a/kb/reference-architectures/hsf/htl/local-testing-using-make.md +++ b/kb/reference-architectures/hsf/htl/local-testing-using-make.md @@ -1,6 +1,7 @@ --- title: Local Testing Using Make description: This document details the available Makefile commands. The goal is to simplify the various commands to rapid testing and prototyping. +sidebar_position: 2 --- This document details the available Makefile commands. The goal is to simplify the various commands to rapid testing and prototyping. diff --git a/kb/reference-architectures/hsf/htl/setup-custom-htl.md b/kb/reference-architectures/hsf/htl/setup-custom-htl.md index cd3b32f4b1b..589cce15a5a 100644 --- a/kb/reference-architectures/hsf/htl/setup-custom-htl.md +++ b/kb/reference-architectures/hsf/htl/setup-custom-htl.md @@ -1,6 +1,7 @@ --- title: Add Custom Template Library description: This document will walk you through the steps required to setup a new custom Harness Template Library and connect it to your Harness Solutions Factory deployment. +sidebar_position: 4 --- This document will walk you through the steps required to setup a new custom Harness Template Library and connect it to your Harness Solutions Factory deployment.