From 9e7a7633d54565f77c15f058cce22ebac46d2612 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 30 Jul 2024 13:59:45 +0530 Subject: [PATCH 01/18] feat: added support to enable the secrets manager public cert engine --- ibm_catalog.json | 7 +++++++ stack_definition.json | 21 ++++++++++++++++----- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 7e85676..279fd21 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -253,6 +253,13 @@ "description": "Set this to true to to configure a Secrets Manager IAM credentials engine. If set to false, no IAM engine will be configured for your instance.", "required": false }, + { + "key": "secret_manager_public_engine_enabled", + "type": "boolean", + "default_value": false, + "description": "Set this to true to configure a Secrets Manager public certificate engine for an existing Secrets Manager instance. If set to false, no public certificate engine will be configured for your instance.", + "required": false + }, { "key": "scc_service_plan", "type": "string", diff --git a/stack_definition.json b/stack_definition.json index bd11a59..664875d 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -78,7 +78,14 @@ "type": "boolean", "hidden": false, "default": false - } + }, + { + "name": "secret_manager_public_engine_enabled", + "required": false, + "type": "boolean", + "hidden": false, + "default": false + } ], "members": [ { @@ -311,10 +318,14 @@ "name": "service_plan", "value": "ref:../../inputs/sm_service_plan" }, - { - "name": "iam_engine_enabled", - "value": "ref:../../inputs/secret_manager_iam_engine_enabled" - } + { + "name": "iam_engine_enabled", + "value": "ref:../../inputs/secret_manager_iam_engine_enabled" + }, + { + "name": "public_engine_enabled", + "value": "ref:../../inputs/secret_manager_public_engine_enabled" + } ], "name": "4b - Secrets Manager", "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c93ef740-6249-47d0-b91a-c8e0fbd0ed99-global" From 94742e8b93519f14850dd34c91859a2d3411270d Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 30 Jul 2024 14:13:36 +0530 Subject: [PATCH 02/18] fix: add secret_manager_public_engine_enabled in pr_test --- tests/pr_test.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index f592b4a..c9828e7 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -38,13 +38,14 @@ func TestProjectsFullTest(t *testing.T) { }) options.StackInputs = map[string]interface{}{ - "prefix": options.Prefix, - "existing_resource_group_name": resourceGroup, - "sm_service_plan": "trial", - "secret_manager_iam_engine_enabled": true, - "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack - "enable_platform_logs_metrics": false, - "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "prefix": options.Prefix, + "existing_resource_group_name": resourceGroup, + "sm_service_plan": "trial", + "secret_manager_iam_engine_enabled": true, + "secret_manager_public_engine_enabled": true, + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack + "enable_platform_logs_metrics": false, + "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, } err := options.RunProjectsTest() From a4befc844ea5b933adc744216d9be97f580d2b29 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 2 Aug 2024 16:52:09 +0530 Subject: [PATCH 03/18] fix: fmt issue --- tests/pr_test.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index 463c431..4b18ba2 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -53,15 +53,15 @@ func TestProjectsFullTest(t *testing.T) { }) options.StackInputs = map[string]interface{}{ - "prefix": options.Prefix, - "region": validRegions[rand.Intn(len(validRegions))], - "existing_resource_group_name": resourceGroup, - "sm_service_plan": "trial", - "secret_manager_iam_engine_enabled": true, - "secret_manager_public_engine_enabled": true, - "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack - "enable_platform_logs_metrics": false, - "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "prefix": options.Prefix, + "region": validRegions[rand.Intn(len(validRegions))], + "existing_resource_group_name": resourceGroup, + "sm_service_plan": "trial", + "secret_manager_iam_engine_enabled": true, + "secret_manager_public_engine_enabled": true, + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack + "enable_platform_logs_metrics": false, + "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, } err := options.RunProjectsTest() From dc5f3a0e779be89efad391de78c4973a240fbde5 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 2 Aug 2024 20:52:32 +0530 Subject: [PATCH 04/18] fix: added public engine dependency --- ibm_catalog.json | 28 ++++++++++++++++++++++ stack_definition.json | 54 +++++++++++++++++++++++++++++++++++++++++-- tests/go.mod | 1 + tests/go.sum | 2 ++ tests/pr_test.go | 35 ++++++++++++++++++++++++++++ 5 files changed, 118 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 4a41246..7e7bf0d 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -260,6 +260,34 @@ "description": "Set this to true to configure a Secrets Manager public certificate engine for an existing Secrets Manager instance. If set to false, no public certificate engine will be configured for your instance.", "required": false }, + { + "key": "cis_id", + "type": "string", + "default_value": "__NULL__", + "description": "Cloud Internet Service ID.", + "required": false + }, + { + "key": "ca_name", + "type": "string", + "default_value": "cert-auth", + "description": "The name of the certificate authority for Secrets Manager.", + "required": false + }, + { + "key": "dns_provider_name", + "type": "string", + "default_value": "certificate-dns", + "description": "The name of the DNS provider for the public certificate secrets engine configuration.", + "required": false + }, + { + "key": "acme_letsencrypt_private_key", + "type": "string", + "default_value": "__NULL__", + "description": "The private key generated by the ACME account creation tool.", + "required": false + }, { "key": "scc_service_plan", "type": "string", diff --git a/stack_definition.json b/stack_definition.json index 89dc22e..b9e346e 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -77,14 +77,48 @@ "required": false, "type": "boolean", "hidden": false, - "default": false + "default": false, + "custom_config": {} }, { "name": "secret_manager_public_engine_enabled", "required": false, "type": "boolean", "hidden": false, - "default": false + "default": false, + "custom_config": {} + }, + { + "name": "cis_id", + "required": false, + "type": "string", + "hidden": false, + "default": "__NULL__", + "custom_config": {} + }, + { + "name": "ca_name", + "required": false, + "type": "string", + "hidden": false, + "default": "__NULL__", + "custom_config": {} + }, + { + "name": "dns_provider_name", + "required": false, + "type": "string", + "hidden": false, + "default": "__NULL__", + "custom_config": {} + }, + { + "name": "acme_letsencrypt_private_key", + "required": false, + "type": "string", + "hidden": true, + "default": "__NULL__", + "custom_config": {} } ], "members": [ @@ -325,6 +359,22 @@ { "name": "public_engine_enabled", "value": "ref:../../inputs/secret_manager_public_engine_enabled" + }, + { + "name": "cis_id", + "value": "ref:../../inputs/cis_id" + }, + { + "name": "ca_name", + "value": "ref:../../inputs/ca_name" + }, + { + "name": "dns_provider_name", + "value": "ref:../../inputs/dns_provider_name" + }, + { + "name": "acme_letsencrypt_private_key", + "value": "ref:../../inputs/acme_letsencrypt_private_key" } ], "name": "4b - Secrets Manager", diff --git a/tests/go.mod b/tests/go.mod index 6cba474..397614f 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -22,6 +22,7 @@ require ( github.com/IBM/go-sdk-core/v5 v5.17.3 // indirect github.com/IBM/platform-services-go-sdk v0.63.1 // indirect github.com/IBM/project-go-sdk v0.3.0 // indirect + github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 github.com/IBM/vpc-go-sdk v0.51.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/agext/levenshtein v1.2.3 // indirect diff --git a/tests/go.sum b/tests/go.sum index 4cf9e19..f57dac0 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -199,6 +199,8 @@ github.com/IBM/platform-services-go-sdk v0.63.1 h1:F5mZU1hKDHqpZa85twUeSYmM9g9gw github.com/IBM/platform-services-go-sdk v0.63.1/go.mod h1:16nYqb16KRNSnBFVjHzI+9XfEWcooh0WxklA5VWUuzY= github.com/IBM/project-go-sdk v0.3.0 h1:lZR4wT6UCsOZ8QkEBITrfM6OZkLlL70/HXiPxF/Olt4= github.com/IBM/project-go-sdk v0.3.0/go.mod h1:FOJM9ihQV3EEAY6YigcWiTNfVCThtdY8bLC/nhQHFvo= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 h1:xa9e+POVqaXxXHXkSMCOVAbKdUNEu86jQmo5hcpd+L4= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4/go.mod h1:5gq8D8uWOIbqOm1uztay6lpOysgJaxxEsaVZLWGWb40= github.com/IBM/vpc-go-sdk v0.51.0 h1:JfeE/TnPm/NFU59UctiPzjxEhHtmBqXxG6zHH5eTI8I= github.com/IBM/vpc-go-sdk v0.51.0/go.mod h1:3+zQ0dqiv46ALjRXXVrser+dCdAVXOHVwlYkCCX4bNU= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= diff --git a/tests/pr_test.go b/tests/pr_test.go index 4b18ba2..38d8365 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -8,6 +8,8 @@ import ( "strings" "testing" + "github.com/IBM/go-sdk-core/v5/core" + "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2" "github.com/gruntwork-io/terratest/modules/files" "github.com/gruntwork-io/terratest/modules/logger" "github.com/gruntwork-io/terratest/modules/random" @@ -46,6 +48,13 @@ func TestMain(m *testing.M) { func TestProjectsFullTest(t *testing.T) { t.Parallel() + + acme_letsencrypt_private_key := GetSecretsManagerKey( // pragma: allowlist secret + permanentResources["acme_letsencrypt_private_key_sm_id"].(string), + permanentResources["acme_letsencrypt_private_key_sm_region"].(string), + permanentResources["acme_letsencrypt_private_key_secret_id"].(string), + ) + options := testprojects.TestProjectOptionsDefault(&testprojects.TestProjectsOptions{ Testing: t, Prefix: "cs", // setting prefix here gets a random string appended to it @@ -59,6 +68,10 @@ func TestProjectsFullTest(t *testing.T) { "sm_service_plan": "trial", "secret_manager_iam_engine_enabled": true, "secret_manager_public_engine_enabled": true, + "cis_id": permanentResources["cisInstanceId"], + "ca_name": permanentResources["certificateAuthorityName"], + "dns_provider_name": permanentResources["dnsProviderName"], + "acme_letsencrypt_private_key": *acme_letsencrypt_private_key, // pragma: allowlist secret "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack "enable_platform_logs_metrics": false, "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, @@ -72,6 +85,28 @@ func TestProjectsFullTest(t *testing.T) { } } +func GetSecretsManagerKey(sm_id string, sm_region string, sm_key_id string) *string { + secretsManagerService, err := secretsmanagerv2.NewSecretsManagerV2(&secretsmanagerv2.SecretsManagerV2Options{ + URL: fmt.Sprintf("https://%s.%s.secrets-manager.appdomain.cloud", sm_id, sm_region), + Authenticator: &core.IamAuthenticator{ + ApiKey: os.Getenv("TF_VAR_ibmcloud_api_key"), + }, + }) + if err != nil { + panic(err) + } + + getSecretOptions := secretsManagerService.NewGetSecretOptions( + sm_key_id, + ) + + secret, _, err := secretsManagerService.GetSecret(getSecretOptions) + if err != nil { + panic(err) + } + return secret.(*secretsmanagerv2.ArbitrarySecret).Payload +} + func TestProjectsExistingResourcesTest(t *testing.T) { t.Parallel() From 22c7b668eb6fa60942d172fcdc870de56acc628f Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 6 Aug 2024 19:31:25 +0530 Subject: [PATCH 05/18] fix: skip test tear down --- tests/pr_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/pr_test.go b/tests/pr_test.go index 38d8365..5fa2ba6 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -61,6 +61,8 @@ func TestProjectsFullTest(t *testing.T) { ParallelDeploy: true, }) + options.SkipTestTearDown = true + options.StackInputs = map[string]interface{}{ "prefix": options.Prefix, "region": validRegions[rand.Intn(len(validRegions))], From 8577a4ed802f2e2a530062fd5740f18881d3afac Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 7 Aug 2024 15:12:59 +0530 Subject: [PATCH 06/18] fix: update SM plan --- common-dev-assets | 2 +- tests/pr_test.go | 2 +- tests/resources/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/common-dev-assets b/common-dev-assets index 67f3ce5..d3a341c 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 67f3ce531fd573618f50976a6182819d66440798 +Subproject commit d3a341c2a8323485369d62a2aa6bce79b7df379e diff --git a/tests/pr_test.go b/tests/pr_test.go index 5fa2ba6..1297f3b 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -67,7 +67,7 @@ func TestProjectsFullTest(t *testing.T) { "prefix": options.Prefix, "region": validRegions[rand.Intn(len(validRegions))], "existing_resource_group_name": resourceGroup, - "sm_service_plan": "trial", + "sm_service_plan": "standard", "secret_manager_iam_engine_enabled": true, "secret_manager_public_engine_enabled": true, "cis_id": permanentResources["cisInstanceId"], diff --git a/tests/resources/main.tf b/tests/resources/main.tf index 2a06c7f..de0974d 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -35,6 +35,6 @@ module "secrets_manager" { resource_group_id = module.resource_group.resource_group_id region = var.region secrets_manager_name = "${var.prefix}-secrets-manager" #tfsec:ignore:general-secrets-no-plaintext-exposure - sm_service_plan = "trial" + sm_service_plan = "standard" sm_tags = var.resource_tags } From 5f89b36934039b6aa8dfff657a51366e69298b0b Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 7 Aug 2024 15:24:45 +0530 Subject: [PATCH 07/18] resolve pre-commit error --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index d3a341c..67f3ce5 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit d3a341c2a8323485369d62a2aa6bce79b7df379e +Subproject commit 67f3ce531fd573618f50976a6182819d66440798 From 1c97f3e9acc61ae0f1a3d86213dbb89855db023a Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 7 Aug 2024 17:56:35 +0530 Subject: [PATCH 08/18] fix: add existing endpoint --- ibm_catalog.json | 7 +++++++ stack_definition.json | 8 ++++++++ tests/pr_test.go | 1 + 3 files changed, 16 insertions(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index 7e7bf0d..b946854 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -229,6 +229,13 @@ "description": "The CRN of an existing Secrets Manager instance to use in this solution. If not set, a new Secrets Manager instance is provisioned.", "required": false }, + { + "key": "existing_secrets_endpoint_type", + "type": "string", + "default_value": "__NULL__", + "description": "The endpoint type to use if existing_secrets_manager_crn is specified.", + "required": false + }, { "key": "sm_service_plan", "type": "string", diff --git a/stack_definition.json b/stack_definition.json index b9e346e..5f193dc 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -88,6 +88,14 @@ "default": false, "custom_config": {} }, + { + "name": "existing_secrets_endpoint_type", + "required": false, + "type": "string", + "hidden": false, + "default": "__NULL__", + "custom_config": {} + }, { "name": "cis_id", "required": false, diff --git a/tests/pr_test.go b/tests/pr_test.go index 1297f3b..c13ba53 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -70,6 +70,7 @@ func TestProjectsFullTest(t *testing.T) { "sm_service_plan": "standard", "secret_manager_iam_engine_enabled": true, "secret_manager_public_engine_enabled": true, + "existing_secrets_endpoint_type": "private", "cis_id": permanentResources["cisInstanceId"], "ca_name": permanentResources["certificateAuthorityName"], "dns_provider_name": permanentResources["dnsProviderName"], From c3373bd3551ec3e5ca9bfe99c1160184969fad90 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 7 Aug 2024 19:27:47 +0530 Subject: [PATCH 09/18] fix: remove skip tear down --- tests/pr_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index c13ba53..fe2c700 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -61,8 +61,6 @@ func TestProjectsFullTest(t *testing.T) { ParallelDeploy: true, }) - options.SkipTestTearDown = true - options.StackInputs = map[string]interface{}{ "prefix": options.Prefix, "region": validRegions[rand.Intn(len(validRegions))], From e8e97fbc225f839dee118817046cac15c802bd68 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 9 Aug 2024 17:44:24 +0530 Subject: [PATCH 10/18] fix: update pr_test --- tests/pr_test.go | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index fe2c700..4d8549d 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -111,6 +111,12 @@ func GetSecretsManagerKey(sm_id string, sm_region string, sm_key_id string) *str func TestProjectsExistingResourcesTest(t *testing.T) { t.Parallel() + acme_letsencrypt_private_key := GetSecretsManagerKey( // pragma: allowlist secret + permanentResources["acme_letsencrypt_private_key_sm_id"].(string), + permanentResources["acme_letsencrypt_private_key_sm_region"].(string), + permanentResources["acme_letsencrypt_private_key_secret_id"].(string), + ) + // ------------------------------------------------------------------------------------ // Provision RG, EN and SM // ------------------------------------------------------------------------------------ @@ -153,15 +159,21 @@ func TestProjectsExistingResourcesTest(t *testing.T) { }) options.StackInputs = map[string]interface{}{ - "prefix": terraform.Output(t, existingTerraformOptions, "prefix"), - "region": terraform.Output(t, existingTerraformOptions, "region"), - "existing_resource_group_name": terraform.Output(t, existingTerraformOptions, "resource_group_name"), - "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack - "enable_platform_logs_metrics": false, - "existing_secrets_manager_crn": terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"), - "secret_manager_iam_engine_enabled": true, - "existing_kms_instance_crn": permanentResources["hpcs_south_crn"], - "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, + "prefix": terraform.Output(t, existingTerraformOptions, "prefix"), + "region": terraform.Output(t, existingTerraformOptions, "region"), + "existing_resource_group_name": terraform.Output(t, existingTerraformOptions, "resource_group_name"), + "ibmcloud_api_key": options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], // always required by the stack + "enable_platform_logs_metrics": false, + "existing_secrets_manager_crn": terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"), + "secret_manager_iam_engine_enabled": true, + "secret_manager_public_engine_enabled": true, + "existing_secrets_endpoint_type": "private", + "cis_id": permanentResources["cisInstanceId"], + "ca_name": permanentResources["certificateAuthorityName"], + "dns_provider_name": permanentResources["dnsProviderName"], + "acme_letsencrypt_private_key": *acme_letsencrypt_private_key, // pragma: allowlist secret + "existing_kms_instance_crn": permanentResources["hpcs_south_crn"], + "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, } err := options.RunProjectsTest() From 886055cc8602954ff1bf578bc325f2f3842ff9ac Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 12 Aug 2024 15:17:09 +0530 Subject: [PATCH 11/18] update common-dev-assets --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 6ea009a..67f3ce5 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 6ea009a712c35c7a08f21759d1453d5f3b48b1bd +Subproject commit 67f3ce531fd573618f50976a6182819d66440798 From 59a7d8a5ccd5df78184e52c977dfe37a80f4ca2f Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 12 Aug 2024 15:18:43 +0530 Subject: [PATCH 12/18] update branch --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 67f3ce5..6ea009a 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 67f3ce531fd573618f50976a6182819d66440798 +Subproject commit 6ea009a712c35c7a08f21759d1453d5f3b48b1bd From 19f9c7ac833f0c0af80b011d411cb402d3c4a5c2 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 13 Aug 2024 19:55:41 +0530 Subject: [PATCH 13/18] fix: update SM plan --- tests/pr_test.go | 2 +- tests/resources/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index 4d8549d..dd6ccb5 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -65,7 +65,7 @@ func TestProjectsFullTest(t *testing.T) { "prefix": options.Prefix, "region": validRegions[rand.Intn(len(validRegions))], "existing_resource_group_name": resourceGroup, - "sm_service_plan": "standard", + "sm_service_plan": "trial", "secret_manager_iam_engine_enabled": true, "secret_manager_public_engine_enabled": true, "existing_secrets_endpoint_type": "private", diff --git a/tests/resources/main.tf b/tests/resources/main.tf index de0974d..2a06c7f 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -35,6 +35,6 @@ module "secrets_manager" { resource_group_id = module.resource_group.resource_group_id region = var.region secrets_manager_name = "${var.prefix}-secrets-manager" #tfsec:ignore:general-secrets-no-plaintext-exposure - sm_service_plan = "standard" + sm_service_plan = "trial" sm_tags = var.resource_tags } From 87724ea0a4bc9007d9b3f220c40ebf862acb0199 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 19 Aug 2024 15:23:19 +0530 Subject: [PATCH 14/18] fix: resolve comments --- ibm_catalog.json | 15 ++++++++------- stack_definition.json | 2 +- tests/pr_test.go | 21 +++++++++------------ 3 files changed, 18 insertions(+), 20 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index b946854..198b676 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -232,8 +232,8 @@ { "key": "existing_secrets_endpoint_type", "type": "string", - "default_value": "__NULL__", - "description": "The endpoint type to use if existing_secrets_manager_crn is specified.", + "default_value": "private", + "description": "The endpoint type to use if `existing_secrets_manager_crn` is specified.", "required": false }, { @@ -264,21 +264,21 @@ "key": "secret_manager_public_engine_enabled", "type": "boolean", "default_value": false, - "description": "Set this to true to configure a Secrets Manager public certificate engine for an existing Secrets Manager instance. If set to false, no public certificate engine will be configured for your instance.", + "description": "Whether to configure a Secrets Manager public certificate engine for an existing Secrets Manager instance. If `false`, no public certificate engine is configured for your instance.", "required": false }, { "key": "cis_id", "type": "string", "default_value": "__NULL__", - "description": "Cloud Internet Service ID.", + "description": "Cloud Internet Service ID. Required if secret_manager_public_engine_enabled is set to true", "required": false }, { "key": "ca_name", "type": "string", "default_value": "cert-auth", - "description": "The name of the certificate authority for Secrets Manager.", + "description": "The name of the certificate authority for Secrets Manager. Required if secret_manager_public_engine_enabled is set to true", "required": false }, { @@ -292,8 +292,9 @@ "key": "acme_letsencrypt_private_key", "type": "string", "default_value": "__NULL__", - "description": "The private key generated by the ACME account creation tool.", - "required": false + "description": "The private key generated by the ACME account creation tool. For more information, see [documentation](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates)", + "required": false, + "sensitive": true }, { "key": "scc_service_plan", diff --git a/stack_definition.json b/stack_definition.json index 5f193dc..674f4b3 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -93,7 +93,7 @@ "required": false, "type": "string", "hidden": false, - "default": "__NULL__", + "default": "private", "custom_config": {} }, { diff --git a/tests/pr_test.go b/tests/pr_test.go index dd6ccb5..a8df0e0 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -28,6 +28,8 @@ const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-res var permanentResources map[string]interface{} +var acme_letsencrypt_private_key *string + // Current supported regions var validRegions = []string{ "us-south", @@ -39,6 +41,13 @@ func TestMain(m *testing.M) { // Read the YAML file contents var err error permanentResources, err = common.LoadMapFromYaml(yamlLocation) + + acme_letsencrypt_private_key = GetSecretsManagerKey( // pragma: allowlist secret + permanentResources["acme_letsencrypt_private_key_sm_id"].(string), + permanentResources["acme_letsencrypt_private_key_sm_region"].(string), + permanentResources["acme_letsencrypt_private_key_secret_id"].(string), + ) + if err != nil { log.Fatal(err) } @@ -49,12 +58,6 @@ func TestMain(m *testing.M) { func TestProjectsFullTest(t *testing.T) { t.Parallel() - acme_letsencrypt_private_key := GetSecretsManagerKey( // pragma: allowlist secret - permanentResources["acme_letsencrypt_private_key_sm_id"].(string), - permanentResources["acme_letsencrypt_private_key_sm_region"].(string), - permanentResources["acme_letsencrypt_private_key_secret_id"].(string), - ) - options := testprojects.TestProjectOptionsDefault(&testprojects.TestProjectsOptions{ Testing: t, Prefix: "cs", // setting prefix here gets a random string appended to it @@ -111,12 +114,6 @@ func GetSecretsManagerKey(sm_id string, sm_region string, sm_key_id string) *str func TestProjectsExistingResourcesTest(t *testing.T) { t.Parallel() - acme_letsencrypt_private_key := GetSecretsManagerKey( // pragma: allowlist secret - permanentResources["acme_letsencrypt_private_key_sm_id"].(string), - permanentResources["acme_letsencrypt_private_key_sm_region"].(string), - permanentResources["acme_letsencrypt_private_key_secret_id"].(string), - ) - // ------------------------------------------------------------------------------------ // Provision RG, EN and SM // ------------------------------------------------------------------------------------ From c8300aa2df44580b986e0839994d14083ac35382 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 21 Aug 2024 18:31:56 +0530 Subject: [PATCH 15/18] fix: resolve comments --- ibm_catalog.json | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 3994cc2..c926546 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -241,7 +241,18 @@ "type": "string", "default_value": "private", "description": "The endpoint type to use if `existing_secrets_manager_crn` is specified.", - "required": false + "required": false, + "options": [ + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "private", + "value": "private" + } + ] + }, { "key": "sm_service_plan", @@ -284,7 +295,7 @@ { "key": "ca_name", "type": "string", - "default_value": "cert-auth", + "default_value": "__NULL__", "description": "The name of the certificate authority for Secrets Manager. Required if secret_manager_public_engine_enabled is set to true", "required": false }, From 9869b553652dacf5e87fd757c61d2f91d167339c Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 23 Aug 2024 19:56:39 +0530 Subject: [PATCH 16/18] fix: resolve comments --- ibm_catalog.json | 8 +-- stack_definition.json | 112 +++++++++++++++++++++--------------------- 2 files changed, 60 insertions(+), 60 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index c926546..1e7b91c 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -289,21 +289,21 @@ "key": "cis_id", "type": "string", "default_value": "__NULL__", - "description": "Cloud Internet Service ID. Required if secret_manager_public_engine_enabled is set to true", + "description": "Cloud Internet Service ID. Required if `secret_manager_public_engine_enabled` is set to true.", "required": false }, { "key": "ca_name", "type": "string", "default_value": "__NULL__", - "description": "The name of the certificate authority for Secrets Manager. Required if secret_manager_public_engine_enabled is set to true", + "description": "The name of the certificate authority for Secrets Manager. Required if `secret_manager_public_engine_enabled` is set to true.", "required": false }, { "key": "dns_provider_name", "type": "string", - "default_value": "certificate-dns", - "description": "The name of the DNS provider for the public certificate secrets engine configuration.", + "default_value": "__NULL__", + "description": "The name of the DNS provider for the public certificate secrets engine configuration. Required if `secret_manager_public_engine_enabled` is set to true.", "required": false }, { diff --git a/stack_definition.json b/stack_definition.json index 86d811c..ed7a384 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -79,62 +79,62 @@ "default": "security-compliance-center-standard-plan", "custom_config": {} }, - { - "name": "secret_manager_iam_engine_enabled", - "required": false, - "type": "boolean", - "hidden": false, - "default": false, - "custom_config": {} - }, - { - "name": "secret_manager_public_engine_enabled", - "required": false, - "type": "boolean", - "hidden": false, - "default": false, - "custom_config": {} - }, - { - "name": "existing_secrets_endpoint_type", - "required": false, - "type": "string", - "hidden": false, - "default": "private", - "custom_config": {} - }, - { - "name": "cis_id", - "required": false, - "type": "string", - "hidden": false, - "default": "__NULL__", - "custom_config": {} - }, - { - "name": "ca_name", - "required": false, - "type": "string", - "hidden": false, - "default": "__NULL__", - "custom_config": {} - }, - { - "name": "dns_provider_name", - "required": false, - "type": "string", - "hidden": false, - "default": "__NULL__", - "custom_config": {} - }, - { - "name": "acme_letsencrypt_private_key", - "required": false, - "type": "string", - "hidden": true, - "default": "__NULL__", - "custom_config": {} - } + { + "name": "secret_manager_iam_engine_enabled", + "required": false, + "type": "boolean", + "hidden": false, + "default": false, + "custom_config": {} + }, + { + "name": "secret_manager_public_engine_enabled", + "required": false, + "type": "boolean", + "hidden": false, + "default": false, + "custom_config": {} + }, + { + "name": "existing_secrets_endpoint_type", + "required": false, + "type": "string", + "hidden": false, + "default": "private", + "custom_config": {} + }, + { + "name": "cis_id", + "required": false, + "type": "string", + "hidden": false, + "default": "__NULL__", + "custom_config": {} + }, + { + "name": "ca_name", + "required": false, + "type": "string", + "hidden": false, + "default": "__NULL__", + "custom_config": {} + }, + { + "name": "dns_provider_name", + "required": false, + "type": "string", + "hidden": false, + "default": "__NULL__", + "custom_config": {} + }, + { + "name": "acme_letsencrypt_private_key", + "required": false, + "type": "string", + "hidden": true, + "default": "__NULL__", + "custom_config": {} + } ], "members": [ { From 0e15f692eed8683c05dc5c166e9eadcb0c87d566 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Mon, 26 Aug 2024 23:24:27 +0530 Subject: [PATCH 17/18] fix: update ibm_catalog.json Co-authored-by: Allen Dean --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 1e7b91c..3f9ae48 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -310,7 +310,7 @@ "key": "acme_letsencrypt_private_key", "type": "string", "default_value": "__NULL__", - "description": "The private key generated by the ACME account creation tool. For more information, see [documentation](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates)", + "description": "The private key generated by the ACME protocol. For more information, see [Preparing to order public certificates](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates).", "required": false, "sensitive": true }, From 04b090da29520c5b62ee358d512178d98e3ee9e7 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 13 Sep 2024 11:37:06 +0530 Subject: [PATCH 18/18] fix: pre-commit errors --- stack_definition.json | 1 - 1 file changed, 1 deletion(-) diff --git a/stack_definition.json b/stack_definition.json index c5e5558..9a7203f 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -134,7 +134,6 @@ "hidden": true, "default": "__NULL__", "custom_config": {} - "default": false } ], "members": [