Added - Devops Deploy Helm Attestation with helm args and helm diff.

Author: paul-hummel-oracle

CHANGELOG.md

@@ -5,6 +5,7 @@
 - Support for Operations Insights : Customizable configuration
 - Support for ADB-D & ADB-CC | Autonomous Data Guard v3
 - Support for ADB-D | Oracle Home Version Control
+- Support for Devops Deploy Helm Attestation with helm args and helm diff
 ### Bug Fix
 - Fix oci_core_instance to enable updating KMS Key id associated with the boot volume
 - Resource Discovery is not getting detected for Custom table resource in metering_computation service

examples/devops/deployment_service/deploy_helm_artifact/deploy_helm_artifact.tf

@@ -61,7 +61,7 @@ resource "oci_devops_deploy_artifact" "test_deploy_helm_artifact" {
   argument_substitution_mode = "NONE"
   deploy_artifact_source {
     deploy_artifact_source_type = "HELM_CHART"
-    chart_url = "iad.ocir.io/ax022wvgmjpq/fake"
+    chart_url = "oci://iad.ocir.io/ax022wvgmjpq/fake"
     deploy_artifact_version = "0.1"
   }
 }

examples/devops/deployment_service/deploy_helm_artifact_with_attestation/deploy_helm_artifact_for_attestation.tf

@@ -0,0 +1,178 @@
+/*
+This example demonstrates the various ways a helm chart artifact can be created and specifically,
+the options available for having a signed helm chart verified per
+https://helm.sh/docs/topics/provenance/.
+*/
+
+variable "tenancy_ocid" {
+}
+
+variable "user_ocid" {
+}
+
+variable "fingerprint" {
+}
+
+variable "private_key_path" {
+}
+
+variable "region" {
+}
+
+variable "vault_secret_public_key_ocid" {
+}
+
+provider "oci" {
+  region           = var.region
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+}
+
+
+# OCID of the DevOps project.
+variable "project_id" {
+}
+
+
+locals {
+  chart_url = "oci://iad.ocir.io/namespace/repository/chart-name"
+  chart_version = "0.0.1"
+  vault_secret_public_key_ocid = var.vault_secret_public_key_ocid
+  public_key = "" // Add the public key here
+}
+
+
+resource "oci_devops_deploy_artifact" "helm_chart_implicit_no_public_key" {
+    #Required
+    argument_substitution_mode = "SUBSTITUTE_PLACEHOLDERS"
+    deploy_artifact_source {
+        #Required
+        deploy_artifact_source_type = "HELM_CHART"
+
+        #Optional
+        chart_url = local.chart_url
+        deploy_artifact_version = local.chart_version
+    }
+    deploy_artifact_type = "HELM_CHART"
+    project_id = var.project_id
+
+    #Optional
+    description = "helm chart artifact with no public key"
+    display_name = "helmChartWithImplicitNoPublicKey"
+}
+
+
+resource "oci_devops_deploy_artifact" "helm_chart_no_public_key" {
+    #Required
+    argument_substitution_mode = "SUBSTITUTE_PLACEHOLDERS"
+    deploy_artifact_source {
+        #Required
+        deploy_artifact_source_type = "HELM_CHART"
+
+        #Optional
+        chart_url = local.chart_url
+        deploy_artifact_version = local.chart_version
+
+        helm_verification_key_source {
+            verification_key_source_type = "NONE"
+        }
+    }
+    deploy_artifact_type = "HELM_CHART"
+    project_id = var.project_id
+
+    #Optional
+    description = "helm chart artifact with no public key"
+    display_name = "helmChartWithNoPublicKey"
+
+}
+
+
+
+resource "oci_devops_deploy_artifact" "helm_chart_vault_public_key" {
+    #Required
+    argument_substitution_mode = "SUBSTITUTE_PLACEHOLDERS"
+    deploy_artifact_source {
+        #Required
+        deploy_artifact_source_type = "HELM_CHART"
+
+        #Optional
+        chart_url = local.chart_url
+        deploy_artifact_version = local.chart_version
+
+        helm_verification_key_source {
+            verification_key_source_type = "VAULT_SECRET"
+            vault_secret_id = local.vault_secret_public_key_ocid
+        }
+    }
+    deploy_artifact_type = "HELM_CHART"
+    project_id = var.project_id
+
+    #Optional
+    description = "helm chart artifact with vault public key"
+    display_name = "helmChartVaultPublicKey"
+
+
+}
+
+
+resource "oci_devops_deploy_artifact" "helm_chart_inline_public_key" {
+    #Required
+    argument_substitution_mode = "SUBSTITUTE_PLACEHOLDERS"
+    deploy_artifact_source {
+        #Required
+        deploy_artifact_source_type = "HELM_CHART"
+
+        #Optional
+        chart_url = local.chart_url
+        deploy_artifact_version = local.chart_version
+
+        helm_verification_key_source {
+            verification_key_source_type = "INLINE_PUBLIC_KEY"
+            current_public_key = local.public_key
+            previous_public_key = local.public_key
+        }
+    }
+    deploy_artifact_type = "HELM_CHART"
+    project_id = var.project_id
+
+    #Optional
+    description = "helm chart artifact with inline public keys"
+    display_name = "helmChartInlinePublicKeys"
+
+}
+
+data "oci_devops_deploy_artifact" "retrieve_artifact_with_vault_public_key" {
+    deploy_artifact_id = oci_devops_deploy_artifact.helm_chart_vault_public_key.id
+}
+
+data "oci_devops_deploy_artifact" "retrieve_artifact_with_inline_public_key" {
+    deploy_artifact_id = oci_devops_deploy_artifact.helm_chart_inline_public_key.id
+}
+
+data "oci_devops_deploy_artifact" "retrieve_artifact_with_no_public_key" {
+    deploy_artifact_id = oci_devops_deploy_artifact.helm_chart_no_public_key.id
+}
+
+data "oci_devops_deploy_artifact" "retrieve_artifact_implicit_no_public_key" {
+    deploy_artifact_id = oci_devops_deploy_artifact.helm_chart_implicit_no_public_key.id
+}
+
+
+output helm_chart_implicit_no_public_key {
+    value = data.oci_devops_deploy_artifact.retrieve_artifact_implicit_no_public_key
+}
+
+output helm_chart_no_public_key {
+    value = data.oci_devops_deploy_artifact.retrieve_artifact_with_no_public_key
+}
+
+output helm_chart_vault_public_key {
+    value = data.oci_devops_deploy_artifact.retrieve_artifact_with_vault_public_key
+}
+
+output helm_chart_inline_public_key {
+    value = data.oci_devops_deploy_artifact.retrieve_artifact_with_inline_public_key
+}
+

examples/devops/deployment_service/helm_diff/cluster.tf

@@ -0,0 +1,7 @@
+resource "oci_containerengine_cluster" "test_cluster" {
+  #Required
+  compartment_id     = var.compartment_ocid
+  kubernetes_version = "v1.21.5"
+  name               = "cluster"
+  vcn_id             = oci_core_vcn.test_vcn.id
+}

examples/devops/deployment_service/helm_diff/oke_helm_diff_deployment.tf

@@ -0,0 +1,114 @@
+// Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+variable "tenancy_ocid" {
+}
+
+variable "user_ocid" {
+}
+
+variable "fingerprint" {
+}
+
+variable "private_key_path" {
+}
+
+variable "compartment_ocid" {
+}
+
+variable "region" {
+}
+
+provider "oci" {
+  region           = var.region
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+}
+
+resource "random_string" "topicname" {
+  length  = 10
+  special = false
+}
+
+resource "random_string" "projectname" {
+  length  = 10
+  special = false
+}
+
+resource "oci_ons_notification_topic" "test_notification_topic" {
+  #Required
+  compartment_id = var.compartment_ocid
+  name           = random_string.topicname.result
+}
+
+resource "oci_devops_project" "test_project" {
+  #Required
+  compartment_id = var.compartment_ocid
+  name           = join("", ["A", random_string.projectname.result])
+  notification_config {
+    #Required
+    topic_id = oci_ons_notification_topic.test_notification_topic.id
+  }
+}
+
+resource "oci_devops_deploy_pipeline" "test_deploy_pipeline" {
+  #Required
+  project_id = oci_devops_project.test_project.id
+
+  description   = "description"
+  display_name  = "displayName"
+}
+
+resource "oci_devops_deploy_artifact" "test_deploy_helm_artifact" {
+  project_id              = oci_devops_project.test_project.id
+  display_name = "Display_name"
+  deploy_artifact_type = "HELM_CHART"
+  argument_substitution_mode = "NONE"
+  deploy_artifact_source {
+    deploy_artifact_source_type = "HELM_CHART"
+    chart_url = "iad.ocir.io/ax022wvgmjpq/fake"
+    deploy_artifact_version = "0.1"
+  }
+}
+
+resource "oci_devops_deploy_environment" "test_deploy_oke_environment" {
+  #Required
+  deploy_environment_type = "OKE_CLUSTER"
+  project_id              = oci_devops_project.test_project.id
+  cluster_id              = oci_containerengine_cluster.test_cluster.id
+  display_name            = "okeDeployEnvironment"
+}
+
+resource "oci_devops_deploy_stage" "test_helm_deploy_stage" {
+  #Required
+  deploy_pipeline_id = oci_devops_deploy_pipeline.test_deploy_pipeline.id
+  deploy_stage_predecessor_collection {
+    #Required
+    items {
+      #Required
+      id = oci_devops_deploy_stage.test_oke_canary_traffic_shift_deploy_stage.id
+    }
+  }
+  deploy_stage_type = "OKE_HELM_CHART_DEPLOYMENT"
+  release_name = "release-name"
+  helm_chart_deploy_artifact_id = oci_devops_deploy_artifact.test_deploy_helm_artifact.id
+}
+
+resource "oci_devops_deployment" "test_deployment" {
+  #Required
+  deploy_pipeline_id = oci_devops_deploy_pipeline.test_deploy_pipeline.id
+  deployment_type = "PIPELINE_DEPLOYMENT"
+
+  deploy_stage_id = oci_devops_deploy_stage.test_helm_deploy_stage.id
+  display_name = "HelmDiffDeployment"
+  deployment_arguments {
+
+    items {
+      name = "PLAN_DRY_RUN"
+      value = "true"
+    }
+
+  }
+}