added resource_block to create secrets

Author: Aatreyee Mukherjee

common-dev-assets

@@ -358,6 +358,9 @@
             {
               "key": "existing_code_engine_project_id"
             },
+            {
+              "key": "use_existing_registry_secret"
+            },
             {
               "key": "kibana_registry_namespace_image"
             },

ibm_catalog.json

@@ -444,6 +444,7 @@ data "http" "es_metadata" {
 }
 
 resource "ibm_code_engine_secret" "image_registry_secret" {
+  count      = var.enable_kibana_dashboard && !var.use_existing_registry_secret ? 1 : 0
   name       = var.kibana_image_secret
   project_id = var.existing_code_engine_project_id
   format     = "registry"

solutions/standard/main.tf

@@ -346,6 +346,12 @@ variable "admin_pass_secrets_manager_secret_name" {
   default     = "elasticsearch-admin-password"
 }
 
+variable "use_existing_registry_secret" {
+  description = "Set to true to use an existing image registry secret instead of creating a new one."
+  type        = bool
+  default     = false
+}
+
 ##############################################################
 # Kibana Configuration
 ##############################################################
@@ -408,6 +414,10 @@ variable "kibana_image_secret" {
   description = "The name of the image registry access secret."
   type        = string
   default     = null
+  validation {
+    condition     = !var.enable_kibana_dashboard || var.use_existing_registry_secret || (var.kibana_image_secret != null && var.kibana_image_secret != "")
+    error_message = "You must provide a valid secret name for Kibana image registry access."
+  }
 }
 
 variable "kibana_visibility" {
@@ -423,11 +433,13 @@ variable "kibana_visibility" {
 variable "kibana_registry_username" {
   description = "Username for the for the container registry."
   type        = string
+  default     = null
 }
 
 variable "kibana_registry_personal_access_token" {
   description = "Pesonal access token for the container registry."
   type        = string
+  default     = null
   sensitive   = true
 }
 

solutions/standard/variables.tf

@@ -61,6 +61,8 @@ func TestMain(m *testing.M) {
 func TestRunStandardSolutionSchematics(t *testing.T) {
 	t.Parallel()
 
+	enableKibana := false
+
 	options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{
 		Testing: t,
 		TarIncludePatterns: []string{
@@ -93,7 +95,6 @@ func TestRunStandardSolutionSchematics(t *testing.T) {
 			},
 		},
 	}
-
 	options.TerraformVars = []testschematic.TestSchematicTerraformVar{
 		{Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true},
 		{Name: "access_tags", Value: permanentResources["accessTags"], DataType: "list(string)"},
@@ -109,11 +110,44 @@ func TestRunStandardSolutionSchematics(t *testing.T) {
 		{Name: "admin_pass", Value: GetRandomAdminPassword(t), DataType: "string"},
 		{Name: "admin_pass_secrets_manager_secret_group", Value: options.Prefix, DataType: "string"},
 		{Name: "admin_pass_secrets_manager_secret_name", Value: options.Prefix, DataType: "string"},
-		{Name: "enable_kibana_dashboard", Value: true, DataType: "bool"},
+		{Name: "enable_kibana_dashboard", Value: enableKibana, DataType: "bool"},
 		{Name: "provider_visibility", Value: "private", DataType: "string"},
 		{Name: "prefix", Value: options.Prefix, DataType: "string"},
 		{Name: "admin_pass", Value: GetRandomAdminPassword(t), DataType: "string"},
 	}
+
+	if enableKibana {
+		existingProjectID := os.Getenv("EXISTING_CODE_ENGINE_PROJECT_ID")
+		kibanaImageSecret := os.Getenv("KIBANA_IMAGE_SECRET")
+		kibanaRegistryUsername := os.Getenv("KIBANA_REGISTRY_USERNAME")
+		kibanaRegistryToken := os.Getenv("KIBANA_REGISTRY_PERSONAL_ACCESS_TOKEN")
+		kibanaRegistryServer := os.Getenv("KIBANA_REGISTRY_SERVER")
+
+		if existingProjectID == "" {
+			t.Fatal("existing_code_engine_project_id env var must be set when enable_kibana_dashboard is true")
+		}
+		if kibanaImageSecret == "" {
+			t.Fatal("kibana_image_secret env var must be set when enable_kibana_dashboard is true")
+		}
+		if kibanaRegistryUsername == "" {
+			t.Fatal("kibana_registry_username env var must be set when enable_kibana_dashboard is true")
+		}
+		if kibanaRegistryToken == "" {
+			t.Fatal("kibana_personal_access_token env var must be set when enable_kibana_dashboard is true")
+		}
+		if kibanaRegistryServer == "" {
+			t.Fatal("kibana_registry_server env var must be set when enable_kibana_dashboard is true")
+		}
+
+		options.TerraformVars = append(options.TerraformVars,
+			testschematic.TestSchematicTerraformVar{Name: "existing_code_engine_project_id", Value: existingProjectID, DataType: "string"},
+			testschematic.TestSchematicTerraformVar{Name: "kibana_image_secret", Value: kibanaImageSecret, DataType: "string"},
+			testschematic.TestSchematicTerraformVar{Name: "kibana_registry_username", Value: kibanaRegistryUsername, DataType: "string"},
+			testschematic.TestSchematicTerraformVar{Name: "kibana_registry_personal_access_token", Value: kibanaRegistryToken, DataType: "string"},
+			testschematic.TestSchematicTerraformVar{Name: "kibana_registry_server", Value: kibanaRegistryServer, DataType: "string"},
+		)
+	}
+
 	err := options.RunSchematicTest()
 	assert.Nil(t, err, "This should not have errored")
 }