From 198d2f9002d94a0c11d65ce38497340c061654bb Mon Sep 17 00:00:00 2001 From: huayuenh Date: Thu, 27 Feb 2025 11:44:06 +0000 Subject: [PATCH 1/6] chore: update airgap support --- ibm_catalog.json | 149 ++++++++--------- kubernetes/stack_definition.json | 229 ++++++++++++++------------ stack_definition.json | 268 +++++++++++++------------------ 3 files changed, 301 insertions(+), 345 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index c70cb12..43e5a69 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -151,6 +151,20 @@ "description": "Set to `true` to create a Continuous Delivery Service. This is required for running the DevSecOps toolchain pipelines and to successfuly interact with a DevOps Insights integration.", "required": false }, + { + "key": "project_ci_name", + "required": false, + "type": "string", + "default_value": "CI_Project", + "description": "The name of the IBM Cloud Code Engine CI project." + }, + { + "key": "project_cd_name", + "required": false, + "type": "string", + "default_value": "CD_Project", + "description": "The name of the IBM Cloud Code Engine CD project." + }, { "key": "pipeline_ibmcloud_api_key_secret_name", "type": "string", @@ -292,13 +306,6 @@ "description": "Name of the Git token secret in the secret provider used for accessing the sample (or bring your own) application repository.", "required": false }, - { - "key": "project_names", - "required": false, - "type": "array", - "default_value": ["CI_Project", "CD_Project"], - "description": "The names of the projects to add the IBM Cloud Code Engine." - }, { "key": "existing_secrets_manager_crn", "required": false, @@ -306,13 +313,6 @@ "default_value": "__NULL__", "description": "The CRN of an existing Secrets Manager instance" }, - { - "key": "autostart", - "required": false, - "type": "boolean", - "default_value": false, - "description": "Set to `true` to automatically run the CI pipeline." - }, { "key": "create_git_token", "required": false, @@ -320,62 +320,6 @@ "default_value": false, "description": "Set to `true` to create a Git Token secret in the speficied Secrets Manager, using the name set in `repo_git_token_secret_name` and the value set in `repo_git_token_secret_value`." }, - { - "key": "custom_app_repo_title", - "type": "string", - "default_value": "", - "description": "(Optional) The title of the server. e.g. My Git Enterprise Server. Applies to the sample application repository, pipeline config repository and additionally the deployment repository of the CD toolchain. Takes precedence over `repo_title`, if also set.", - "required": false - }, - { - "key": "custom_app_repo_root_url", - "type": "string", - "default_value": "", - "description": "(Optional) The Root URL of the server. e.g. https://git.example.com. Applies to the sample application repository, pipeline config repository and additionally the deployment repository of the CD toolchain. Takes precedence over `repo_root_url`, if also set.", - "required": false - }, - { - "key": "custom_app_repo_blind_connection", - "type": "string", - "default_value": "false", - "description": "Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server.", - "required": false - }, - { - "key": "custom_app_repo_git_id", - "type": "string", - "default_value": "", - "description": "The Git ID for the application repositories. Used by the sample application repository, pipeline config repository and additionally the deployment repository of the CD toolchain. Takes precedence for these repositories over the value set in `repo_git_id`.", - "required": false - }, - { - "key": "custom_app_repo_group", - "type": "string", - "default_value": "", - "description": "Specify the Git user or group for your application. This must be set if the repository authentication type is `pat` (personal access token). Used by the sample application repository, pipeline config repository and additionally the deployment repository of the CD toolchain. Takes precedence for these repositories over the value set in `repo_group`.", - "required": false - }, - { - "key": "custom_app_repo_git_provider", - "type": "string", - "default_value": "", - "description": "The Git provider type. Used by the sample application repository, pipeline config repository and additionally the deployment repository of the CD toolchain. Takes precedence for these repositories over the value set in `repo_git_provider`.", - "required": false - }, - { - "key": "custom_app_repo_git_token_secret_name", - "type": "string", - "default_value": "", - "description": "The name of the Git token secret in the secret provider used for accessing the sample application repository, pipeline config repository and additionally the deployment repository of the CD toolchain. Takes precedence for these repositories over the value set in `repo_git_token_secret_name`.", - "required": false - }, - { - "key": "custom_app_repo_git_token_secret_value", - "type": "password", - "default_value": "", - "description": "The personal access token that will be added to the `custom_app_repo_git_token_secret_name` secret in the secrets provider. Note if also using `repo_git_token_secret_name` to set a Git Token in Secrets Manager, the names of the secrets must be different.", - "required": false - }, { "key": "repo_git_token_secret_name", "required": false, @@ -397,6 +341,13 @@ "default_value": "", "description": "The name of the Git repository owner/group. This setting applies to all all the compliance repositories and sample app." }, + { + "key": "repo_apply_settings_to_compliance_repos", + "type": "boolean", + "default_value": true, + "description": "Set to `true` to apply the same settings to all the default compliance repositories. Set to `false` to apply these settings to only the sample application, pipeline config and the deployment repositories.", + "required": false + }, { "key": "repo_git_provider", "type": "string", @@ -542,6 +493,20 @@ "type": "password", "description": "The private worker service api key that will be added to the `privateworker_credentials_secret_name` secret in the secrets provider.", "required": false + }, + { + "key": "toolchain_access_group_name", + "type": "string", + "default_value": "devsecops-toolchain", + "description": "The name of the DevSecOps access group that is created.", + "required": false + }, + { + "key": "use_legacy_ref", + "type": "boolean", + "default_value": true, + "description": "Set to `true` to use the legacy secret reference format for Secrets Manager secrets.", + "required": false } ], "outputs": [ @@ -625,13 +590,6 @@ } } }, - { - "key": "cluster_name", - "type": "string", - "default_value": "mycluster", - "description": "The name of cluster. Treats the dev and prod cluster as the same cluster.", - "required": true - }, { "key": "prefix", "type": "string", @@ -674,6 +632,13 @@ "description": "Set to `true` to create a Continuous Delivery Service. This is required for running the DevSecOps toolchain pipelines and to successfuly interact with a DevOps Insights integration.", "required": false }, + { + "key": "cluster_name", + "type": "string", + "default_value": "mycluster", + "description": "The name of cluster. Treats the dev and prod cluster as the same cluster.", + "required": true + }, { "key": "ci_cluster_name", "type": "string", @@ -712,7 +677,7 @@ { "key": "cd_cluster_namespace", "type": "string", - "default_value": "dev", + "default_value": "prod", "description": "The name of production cluster namespace.", "required": false }, @@ -864,13 +829,6 @@ "default_value": "__NULL__", "description": "The CRN of an existing Secrets Manager instance" }, - { - "key": "autostart", - "required": false, - "type": "boolean", - "default_value": false, - "description": "Set to `true` to automatically run the CI pipeline." - }, { "key": "create_git_token", "required": false, @@ -900,6 +858,13 @@ "description": "The name of the Git repository owner/group. This setting applies to all all the compliance repositories and sample app." }, { + "key": "repo_apply_settings_to_compliance_repos", + "type": "boolean", + "default_value": true, + "description": "Set to `true` to apply the same settings to all the default compliance repositories. Set to `false` to apply these settings to only the sample application, pipeline config and the deployment repositories.", + "required": false + }, + { "key": "repo_git_provider", "type": "string", "default_value": "", @@ -1044,6 +1009,20 @@ "type": "password", "description": "The private worker service api key that will be added to the `privateworker_credentials_secret_name` secret in the secrets provider.", "required": false + }, + { + "key": "toolchain_access_group_name", + "type": "string", + "default_value": "devsecops-toolchain", + "description": "The name of the DevSecOps access group that is created.", + "required": false + }, + { + "key": "use_legacy_ref", + "type": "boolean", + "default_value": true, + "description": "Set to `true` to use the legacy secret reference format for Secrets Manager secrets.", + "required": false } ], "outputs": [ diff --git a/kubernetes/stack_definition.json b/kubernetes/stack_definition.json index e2e6ecf..143f779 100644 --- a/kubernetes/stack_definition.json +++ b/kubernetes/stack_definition.json @@ -31,58 +31,11 @@ "required": true }, { - "name": "cluster_name", - "required": true, - "type": "string", - "hidden": false, - "default": "mycluster" - }, - { - "name": "ci_cluster_resource_group", - "required": false, - "type": "string", - "hidden": false, - "default": "ref:../../inputs/resource_group_name", - "custom_config": {} - }, - { - "name": "ci_cluster_name", - "required": false, - "type": "string", - "hidden": false, - "default": "ref:../../inputs/cluster_name", - "custom_config": {} - }, - { - "name": "ci_cluster_namespace", - "required": false, - "type": "string", - "hidden": false, - "default": "dev", - "custom_config": {} - }, - { - "name": "ci_cluster_region", - "required": false, - "type": "string", - "hidden": false, - "default": "us-south", - "custom_config": {} - }, - { - "name": "cd_cluster_name", - "required": false, - "type": "string", - "hidden": false, - "default": "ref:../../inputs/cluster_name", - "custom_config": {} - }, - { - "name": "cd_cluster_namespace", + "name": "resource_group_name", "required": false, "type": "string", "hidden": false, - "default": "prod", + "default": "devsecops-rg", "custom_config": {} }, { @@ -92,14 +45,6 @@ "hidden": false, "default": "devsecops" }, - { - "name": "resource_group_name", - "required": false, - "type": "string", - "hidden": false, - "default": "devsecops-rg", - "custom_config": {} - }, { "name": "prefix", "required": false, @@ -208,11 +153,11 @@ "custom_config": {} }, { - "name": "autostart", + "name": "create_icr_namespace", "required": false, "type": "boolean", "hidden": false, - "default": false, + "default": true, "custom_config": {} }, { @@ -223,6 +168,14 @@ "default": false, "custom_config": {} }, + { + "name": "force_create_standard_api_key", + "required": false, + "type": "boolean", + "hidden": false, + "default": false, + "custom_config": {} + }, { "name": "repo_git_token_secret_name", "required": false, @@ -248,11 +201,11 @@ "custom_config": {} }, { - "name": "create_icr_namespace", + "name": "repo_apply_settings_to_compliance_repos", "required": false, "type": "boolean", "hidden": false, - "default": true, + "default": false, "custom_config": {} }, { @@ -422,6 +375,69 @@ "hidden": false, "default": "", "custom_config": {} + }, + { + "name": "use_legacy_ref", + "required": false, + "type": "boolean", + "hidden": false, + "default": false, + "custom_config": {} + }, + { + "name": "cluster_name", + "required": true, + "type": "string", + "hidden": false, + "default": "mycluster" + }, + { + "name": "ci_cluster_resource_group", + "required": false, + "type": "string", + "hidden": false, + "default": "ref:../../inputs/resource_group_name", + "custom_config": {} + }, + { + "name": "ci_cluster_name", + "required": false, + "type": "string", + "hidden": false, + "default": "ref:../../inputs/cluster_name", + "custom_config": {} + }, + { + "name": "ci_cluster_namespace", + "required": false, + "type": "string", + "hidden": false, + "default": "dev", + "custom_config": {} + }, + { + "name": "ci_cluster_region", + "required": false, + "type": "string", + "hidden": false, + "default": "us-south", + "custom_config": {} + }, + { + "name": "cd_cluster_name", + "required": false, + "type": "string", + "hidden": false, + "default": "ref:../../inputs/cluster_name", + "custom_config": {} + }, + { + "name": "cd_cluster_namespace", + "required": false, + "type": "string", + "hidden": false, + "default": "prod", + "custom_config": {} } ], "members": [ @@ -627,7 +643,7 @@ }, { "name": "7 - DevSecOps Toolchains", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.1f5e0b6e-e03f-4988-8fba-6810ed59de29-global", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.dbe53da3-d4cf-41ce-9f60-553aab0a2014-global", "inputs": [ { "name": "ibmcloud_api_key", @@ -677,18 +693,23 @@ "name" : "registry_namespace", "value" : "ref:../../inputs/registry_namespace" }, - { - "name": "autostart", - "value": "ref:../../inputs/autostart" - }, { "name": "prefix", "value": "ref:../../inputs/prefix" }, + { + "name": "add_container_name_suffix", + "value": "true" + }, + { + "name": "create_icr_namespace", + "value": "ref:../../inputs/create_icr_namespace" + }, { "name": "create_cd_instance", "value": "ref:../../inputs/create_cd_instance" }, + { "name" : "create_secret_group", "value" : true @@ -705,6 +726,10 @@ "name" : "create_signing_key", "value" : true }, + { + "name": "create_access_group", + "value": true + }, { "name" : "pipeline_ibmcloud_api_key_secret_name", "value" : "ref:../../inputs/pipeline_ibmcloud_api_key_secret_name" @@ -722,40 +747,8 @@ "value" : "ref:../../inputs/cos_api_key_secret_name" }, { - "name" : "cluster_name", - "value" : "ref:../../inputs/cluster_name" - }, - { - "name" : "ci_cluster_name", - "value" : "ref:../../inputs/ci_cluster_name" - }, - { - "name" : "cd_cluster_name", - "value" : "ref:../../inputs/cd_cluster_name" - }, - { - "name" : "ci_cluster_namespace", - "value" : "ref:../../inputs/ci_cluster_namespace" - }, - { - "name" : "cd_cluster_namespace", - "value" : "ref:../../inputs/cd_cluster_namespace" - }, - { - "name" : "ci_cluster_region", - "value" : "ref:../../inputs/ci_cluster_region" - }, - { - "name" : "ci_cluster_resource_group", - "value" : "ref:../../inputs/ci_cluster_resource_group" - }, - { - "name": "add_container_name_suffix", - "value": "true" - }, - { - "name": "create_icr_namespace", - "value": "ref:../../inputs/create_icr_namespace" + "name": "force_create_standard_api_key", + "value": "ref:../../inputs/force_create_standard_api_key" }, { "name": "create_git_token", @@ -773,6 +766,10 @@ "name": "repo_group", "value": "ref:../../inputs/repo_group" }, + { + "name": "repo_apply_settings_to_compliance_repos", + "value": "ref:../../inputs/repo_apply_settings_to_compliance_repos" + }, { "name": "repo_git_provider", "value": "ref:../../inputs/repo_git_provider" @@ -860,6 +857,38 @@ { "name": "privateworker_secret_value", "value": "ref:../../inputs/privateworker_secret_value" + }, + { + "name": "use_legacy_ref", + "value": "ref:../../inputs/use_legacy_ref" + }, + { + "name" : "cluster_name", + "value" : "ref:../../inputs/cluster_name" + }, + { + "name" : "ci_cluster_name", + "value" : "ref:../../inputs/ci_cluster_name" + }, + { + "name" : "ci_cluster_region", + "value" : "ref:../../inputs/ci_cluster_region" + }, + { + "name" : "ci_cluster_resource_group", + "value" : "ref:../../inputs/ci_cluster_resource_group" + }, + { + "name" : "cd_cluster_name", + "value" : "ref:../../inputs/cd_cluster_name" + }, + { + "name" : "ci_cluster_namespace", + "value" : "ref:../../inputs/ci_cluster_namespace" + }, + { + "name" : "cd_cluster_namespace", + "value" : "ref:../../inputs/cd_cluster_namespace" } ] } diff --git a/stack_definition.json b/stack_definition.json index a47b400..42f7585 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -129,16 +129,6 @@ "hidden": false, "default": "security-compliance-center-standard-plan", "custom_config": {} - }, - { - "name": "project_names", - "required": false, - "type": "array", - "hidden": false, - "value": [ - "CI_Project", - "CD_Project" - ] }, { "name": "app_repo_branch", @@ -162,14 +152,6 @@ "default": "__NULL__", "custom_config": {} }, - { - "name": "autostart", - "required": false, - "type": "boolean", - "hidden": false, - "default": false, - "custom_config": {} - }, { "name": "create_icr_namespace", "required": false, @@ -195,7 +177,7 @@ "custom_config": {} }, { - "name": "custom_app_repo_git_token_secret_name", + "name": "repo_git_token_secret_name", "required": false, "type": "string", "hidden": false, @@ -203,7 +185,7 @@ "custom_config": {} }, { - "name": "custom_app_repo_git_token_secret_value", + "name": "repo_git_token_secret_value", "required": false, "type": "password", "hidden": false, @@ -211,55 +193,7 @@ "custom_config": {} }, { - "name": "custom_app_repo_group", - "required": false, - "type": "string", - "hidden": false, - "default": "", - "custom_config": {} - }, - { - "name": "custom_app_repo_git_provider", - "required": false, - "type": "string", - "hidden": false, - "default": "", - "custom_config": {} - }, - { - "name": "custom_app_repo_git_id", - "required": false, - "type": "string", - "hidden": false, - "default": "", - "custom_config": {} - }, - { - "name": "custom_app_repo_title", - "required": false, - "type": "string", - "hidden": false, - "default": "", - "custom_config": {} - }, - { - "name": "custom_app_repo_root_url", - "required": false, - "type": "string", - "hidden": false, - "default": "", - "custom_config": {} - }, - { - "name": "custom_app_repo_blind_connection", - "required": false, - "type": "string", - "hidden": false, - "default": "false", - "custom_config": {} - }, - { - "name": "repo_git_token_secret_name", + "name": "repo_group", "required": false, "type": "string", "hidden": false, @@ -267,19 +201,11 @@ "custom_config": {} }, { - "name": "repo_git_token_secret_value", + "name": "repo_apply_settings_to_compliance_repos", "required": false, - "type": "password", - "hidden": false, - "default": "", - "custom_config": {} - }, - { - "name": "repo_group", - "required": false, - "type": "string", + "type": "boolean", "hidden": false, - "default": "", + "default": false, "custom_config": {} }, { @@ -449,7 +375,31 @@ "hidden": false, "default": "", "custom_config": {} - } + }, + { + "name": "use_legacy_ref", + "required": false, + "type": "boolean", + "hidden": false, + "default": false, + "custom_config": {} + }, + { + "name": "project_ci_name", + "required": false, + "type": "string", + "hidden": false, + "default": "CI_Project", + "custom_config": {} + }, + { + "name": "project_cd_name", + "required": false, + "type": "string", + "hidden": false, + "default": "CD_Project", + "custom_config": {} + } ], "members": [ { @@ -653,30 +603,8 @@ "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.0e4e8fc9-8953-4456-a51c-6ed6a3ca1bd7-global" }, { - "inputs": [ - { - "name": "resource_group_name", - "value": "ref:../../members/1 - Key Management/outputs/resource_group_name" - }, - { - "name": "existing_resource_group", - "value": true - }, - { - "name": "prefix", - "value": "ref:../../inputs/prefix" - }, - { - "name": "project_names", - "value": "ref:../../inputs/project_names" - } - ], - "name": "7 - Code Engine Project", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.10aa04ed-4d19-4fcf-8522-478b78598acd-global" - }, - { - "name": "8 - DevSecOps Toolchains", - "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.4c1fefe4-346d-447d-98b5-d65dfc791e71-global", + "name": "7 - DevSecOps Toolchains", + "version_locator": "1082e7d2-5e2f-0a11-a3bc-f88a8e1931fc.1b108206-4284-4b9d-b6b7-1a613bebe627-global", "inputs": [ { "name": "ibmcloud_api_key", @@ -726,10 +654,6 @@ "name": "registry_namespace", "value": "ref:../../inputs/registry_namespace" }, - { - "name": "autostart", - "value": "ref:../../inputs/autostart" - }, { "name": "prefix", "value": "ref:../../inputs/prefix" @@ -738,10 +662,6 @@ "name": "add_container_name_suffix", "value": "true" }, - { - "name": "add_code_engine_prefix", - "value": "false" - }, { "name": "create_icr_namespace", "value": "ref:../../inputs/create_icr_namespace" @@ -766,6 +686,10 @@ "name": "create_signing_key", "value": true }, + { + "name": "create_access_group", + "value": true + }, { "name": "pipeline_ibmcloud_api_key_secret_name", "value": "ref:../../inputs/pipeline_ibmcloud_api_key_secret_name" @@ -782,54 +706,14 @@ "name": "cos_api_key_secret_name", "value": "ref:../../inputs/cos_api_key_secret_name" }, - { - "name": "ci_code_engine_project", - "value": "ref:../../members/7 - Code Engine Project/outputs/project_2_name" - }, - { - "name": "cd_code_engine_project", - "value": "ref:../../members/7 - Code Engine Project/outputs/project_1_name" - }, - { - "name": "create_git_token", - "value": "ref:../../inputs/create_git_token" - }, { "name": "force_create_standard_api_key", "value": "ref:../../inputs/force_create_standard_api_key" }, { - "name": "custom_app_repo_git_token_secret_name", - "value": "ref:../../inputs/custom_app_repo_git_token_secret_name" - }, - { - "name": "custom_app_repo_git_token_secret_value", - "value": "ref:../../inputs/custom_app_repo_git_token_secret_value" - }, - { - "name": "custom_app_repo_group", - "value": "ref:../../inputs/custom_app_repo_group" - }, - { - "name": "custom_app_repo_git_provider", - "value": "ref:../../inputs/custom_app_repo_git_provider" - }, - { - "name": "custom_app_repo_git_id", - "value": "ref:../../inputs/custom_app_repo_git_id" - }, - { - "name": "custom_app_repo_title", - "value": "ref:../../inputs/custom_app_repo_title" - }, - { - "name": "custom_app_repo_root_url", - "value": "ref:../../inputs/custom_app_repo_root_url" - }, - { - "name": "custom_app_repo_blind_connection", - "value": "ref:../../inputs/custom_app_repo_blind_connection" - }, + "name": "create_git_token", + "value": "ref:../../inputs/create_git_token" + }, { "name": "repo_git_token_secret_name", "value": "ref:../../inputs/repo_git_token_secret_name" @@ -842,6 +726,10 @@ "name": "repo_group", "value": "ref:../../inputs/repo_group" }, + { + "name": "repo_apply_settings_to_compliance_repos", + "value": "ref:../../inputs/repo_apply_settings_to_compliance_repos" + }, { "name": "repo_git_provider", "value": "ref:../../inputs/repo_git_provider" @@ -929,22 +817,82 @@ { "name": "privateworker_secret_value", "value": "ref:../../inputs/privateworker_secret_value" - } + }, + { + "name": "use_legacy_ref", + "value": "ref:../../inputs/use_legacy_ref" + }, + { + "name": "ci_code_engine_project", + "value": "ref:../../members/7 - Code Engine Project/outputs/project_2_name" + }, + { + "name": "cd_code_engine_project", + "value": "ref:../../members/7 - Code Engine Project/outputs/project_1_name" + }, + { + "name": "use_app_repo_for_cd_deploy", + "value": true + } ] + }, + { + "inputs": [ + { + "name": "resource_group_name", + "value": "ref:../../members/1 - Key Management/outputs/resource_group_name" + }, + { + "name": "existing_resource_group", + "value": true + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "project_name", + "value": "ref:../../inputs/project_name" + } + ], + "name": "8a - Code Engine CI Project", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b82c8a79-20a1-49b5-8ec8-92d571a54e1b-global" + }, + { + "inputs": [ + { + "name": "resource_group_name", + "value": "ref:../../members/1 - Key Management/outputs/resource_group_name" + }, + { + "name": "existing_resource_group", + "value": true + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "project_name", + "value": "ref:../../inputs/project_name" + } + ], + "name": "8b - Code Engine CD Project", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b82c8a79-20a1-49b5-8ec8-92d571a54e1b-global" } ], "outputs": [ { "name": "compliance-ci-toolchain", - "value": "ref:./members/8 - DevSecOps Toolchains/outputs/compliance_ci_toolchain_url" + "value": "ref:./members/7 - DevSecOps Toolchains/outputs/compliance_ci_toolchain_url" }, { "name": "compliance-cd-toolchain", - "value": "ref:./members/8 - DevSecOps Toolchains/outputs/compliance_cd_toolchain_url" + "value": "ref:./members/7 - DevSecOps Toolchains/outputs/compliance_cd_toolchain_url" }, { "name": "compliance-cc-toolchain", - "value": "ref:./members/8 - DevSecOps Toolchains/outputs/compliance_cc_toolchain_url" + "value": "ref:./members/7 - DevSecOps Toolchains/outputs/compliance_cc_toolchain_url" } ] } From e5e0490aadd6d7ea81e10e6bc8edb20b7e7199a5 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Thu, 27 Feb 2025 11:59:26 +0000 Subject: [PATCH 2/6] chore: add missing variable --- kubernetes/stack_definition.json | 14 +++++++++++++- stack_definition.json | 12 ++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/kubernetes/stack_definition.json b/kubernetes/stack_definition.json index 143f779..b411b92 100644 --- a/kubernetes/stack_definition.json +++ b/kubernetes/stack_definition.json @@ -376,6 +376,14 @@ "default": "", "custom_config": {} }, + { + "name": "toolchain_access_group_name", + "required": false, + "type": "string", + "hidden": false, + "default": "devsecops-toolchain", + "custom_config": {} + }, { "name": "use_legacy_ref", "required": false, @@ -383,7 +391,7 @@ "hidden": false, "default": false, "custom_config": {} - }, + }, { "name": "cluster_name", "required": true, @@ -858,6 +866,10 @@ "name": "privateworker_secret_value", "value": "ref:../../inputs/privateworker_secret_value" }, + { + "name": "toolchain_access_group_name", + "value": "ref:../../inputs/toolchain_access_group_name" + }, { "name": "use_legacy_ref", "value": "ref:../../inputs/use_legacy_ref" diff --git a/stack_definition.json b/stack_definition.json index 42f7585..46bfed8 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -376,6 +376,14 @@ "default": "", "custom_config": {} }, + { + "name": "toolchain_access_group_name", + "required": false, + "type": "string", + "hidden": false, + "default": "devsecops-toolchain", + "custom_config": {} + }, { "name": "use_legacy_ref", "required": false, @@ -818,6 +826,10 @@ "name": "privateworker_secret_value", "value": "ref:../../inputs/privateworker_secret_value" }, + { + "name": "toolchain_access_group_name", + "value": "ref:../../inputs/toolchain_access_group_name" + }, { "name": "use_legacy_ref", "value": "ref:../../inputs/use_legacy_ref" From 97f9c63909e91a3d7e213369cdc1975fafe59752 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Thu, 27 Feb 2025 15:12:05 +0000 Subject: [PATCH 3/6] fix: stack input reference --- stack_definition.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stack_definition.json b/stack_definition.json index 46bfed8..4f4563c 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -836,11 +836,11 @@ }, { "name": "ci_code_engine_project", - "value": "ref:../../members/7 - Code Engine Project/outputs/project_2_name" + "value": "ref:../../inputs/project_ci_name" }, { "name": "cd_code_engine_project", - "value": "ref:../../members/7 - Code Engine Project/outputs/project_1_name" + "value": "ref:../../inputs/project_cd_name" }, { "name": "use_app_repo_for_cd_deploy", From 4549a64a02f2e917260c7a4bbc1f9afe4fe764d3 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Thu, 27 Feb 2025 16:29:40 +0000 Subject: [PATCH 4/6] fix: references --- ibm_catalog.json | 14 ++++++++++++++ stack_definition.json | 12 ++++++------ 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 43e5a69..6a82a9c 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -314,6 +314,13 @@ "description": "The CRN of an existing Secrets Manager instance" }, { + "key": "force_create_standard_api_key", + "type": "boolean", + "default_value": false, + "description": "Set to `true` to force create a standard api key. By default the generated apikey will be a service api key. It is recommended to use a Git Token when using the service api key. In the case where the user has been invited to an account and that user not the account owner, during toolchain creation the default compliance repositories will be created in that user's account and the service api will not have access to those repositories. In this case a Git Token for the repositories is required. See `repo_git_token_secret_name` for more details. The alternative is to set `force_create_standard_api_key` to `true` to create a standard api key.", + "required": false + }, + { "key": "create_git_token", "required": false, "type": "boolean", @@ -830,6 +837,13 @@ "description": "The CRN of an existing Secrets Manager instance" }, { + "key": "force_create_standard_api_key", + "type": "boolean", + "default_value": false, + "description": "Set to `true` to force create a standard api key. By default the generated apikey will be a service api key. It is recommended to use a Git Token when using the service api key. In the case where the user has been invited to an account and that user not the account owner, during toolchain creation the default compliance repositories will be created in that user's account and the service api will not have access to those repositories. In this case a Git Token for the repositories is required. See `repo_git_token_secret_name` for more details. The alternative is to set `force_create_standard_api_key` to `true` to create a standard api key.", + "required": false + }, + { "key": "create_git_token", "required": false, "type": "boolean", diff --git a/stack_definition.json b/stack_definition.json index 4f4563c..b5960a7 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -393,7 +393,7 @@ "custom_config": {} }, { - "name": "project_ci_name", + "name": "ci_code_engine_project", "required": false, "type": "string", "hidden": false, @@ -401,7 +401,7 @@ "custom_config": {} }, { - "name": "project_cd_name", + "name": "cd_code_engine_project", "required": false, "type": "string", "hidden": false, @@ -836,11 +836,11 @@ }, { "name": "ci_code_engine_project", - "value": "ref:../../inputs/project_ci_name" + "value": "ref:../../inputs/ci_code_engine_project" }, { "name": "cd_code_engine_project", - "value": "ref:../../inputs/project_cd_name" + "value": "ref:../../inputs/cd_code_engine_project" }, { "name": "use_app_repo_for_cd_deploy", @@ -864,7 +864,7 @@ }, { "name": "project_name", - "value": "ref:../../inputs/project_name" + "value": "ref:../../inputs/ci_code_engine_project" } ], "name": "8a - Code Engine CI Project", @@ -886,7 +886,7 @@ }, { "name": "project_name", - "value": "ref:../../inputs/project_name" + "value": "ref:../../inputs/cd_code_engine_project" } ], "name": "8b - Code Engine CD Project", From 44bfa27e53120fb7729fd6004ccbddcd6b378736 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Thu, 27 Feb 2025 16:59:06 +0000 Subject: [PATCH 5/6] fix: references --- stack_definition.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/stack_definition.json b/stack_definition.json index b5960a7..bcb2b98 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -393,7 +393,7 @@ "custom_config": {} }, { - "name": "ci_code_engine_project", + "name": "project_ci_name", "required": false, "type": "string", "hidden": false, @@ -401,7 +401,7 @@ "custom_config": {} }, { - "name": "cd_code_engine_project", + "name": "project_cd_name", "required": false, "type": "string", "hidden": false, @@ -836,11 +836,11 @@ }, { "name": "ci_code_engine_project", - "value": "ref:../../inputs/ci_code_engine_project" + "value": "ref:../../inputs/project_ci_name" }, { "name": "cd_code_engine_project", - "value": "ref:../../inputs/cd_code_engine_project" + "value": "ref:../../inputs/project_cd_name" }, { "name": "use_app_repo_for_cd_deploy", @@ -864,7 +864,7 @@ }, { "name": "project_name", - "value": "ref:../../inputs/ci_code_engine_project" + "value": "ref:../../inputs/project_ci_name" } ], "name": "8a - Code Engine CI Project", @@ -886,7 +886,7 @@ }, { "name": "project_name", - "value": "ref:../../inputs/cd_code_engine_project" + "value": "ref:../../inputs/project_cd_name" } ], "name": "8b - Code Engine CD Project", From c4113874214dc0690bf361e2b497246ec1c53f80 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Thu, 27 Feb 2025 22:15:50 +0000 Subject: [PATCH 6/6] fix: add missing cos crn input --- kubernetes/stack_definition.json | 4 ++++ stack_definition.json | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/kubernetes/stack_definition.json b/kubernetes/stack_definition.json index b411b92..519c700 100644 --- a/kubernetes/stack_definition.json +++ b/kubernetes/stack_definition.json @@ -697,6 +697,10 @@ "name" : "cos_endpoint", "value" : "ref:../../members/3 - Cloud Object Bucket/outputs/s3_endpoint_direct" }, + { + "name": "cos_instance_crn", + "value": "ref:../../members/2 - Cloud Object Storage/outputs/cos_instance_id" + }, { "name" : "registry_namespace", "value" : "ref:../../inputs/registry_namespace" diff --git a/stack_definition.json b/stack_definition.json index bcb2b98..25dffa5 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -658,6 +658,10 @@ "name": "cos_endpoint", "value": "ref:../../members/3 - Cloud Object Bucket/outputs/s3_endpoint_direct" }, + { + "name": "cos_instance_crn", + "value": "ref:../../members/2 - Cloud Object Storage/outputs/cos_instance_id" + }, { "name": "registry_namespace", "value": "ref:../../inputs/registry_namespace"