feat: create admin pass automatically if not passed in

[akocbek]

Description

Issue: #227

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[akocbek]

/run pipeline

[akocbek]

/run pipeline

[akocbek]

/run pipeline

[akocbek]

we can skip upgrade test, since with new version we always create admin_pass if not passed as input variable (main branch does not set it)

[akocbek]

/run pipeline

[ocofaigh]

I left a comment - I wonder if we need to expose the ability to set the admin password secret name to prevent secret name clashes?

Also please add new variables into ibm_catalog.json so they can be group together. Group all the secret related stuff together

[ocofaigh]

We will need to output the secret name, secret ID, and secret group details if we are going to now create these for admin password

[akocbek]

as a part of service_credential_secrets output we output admin_pass secret value

service_credential_secrets = {
  "test-313-cred-reader" = {
    "secret_crn" = "crn:v1:bluemix:public:secrets-manager:us-south:a/abac0df06b644a9cabc6e44f55b3880e:c6698c1b-48fa-4d46-b7a9-90295fe2ca01:secret:9dc5296b-d1f0-0956-b050-5766791dc9f5"
    "secret_id" = "9dc5296b-d1f0-0956-b050-5766791dc9f5"
    "secret_next_rotation_date" = "2024-12-22T14:56:05Z"
    "secret_rotation" = true
    "secret_rotation_interval" = "89 day(s)"
  }
  "test-313-cred-writer" = {
    "secret_crn" = "crn:v1:bluemix:public:secrets-manager:us-south:a/abac0df06b644a9cabc6e44f55b3880e:c6698c1b-48fa-4d46-b7a9-90295fe2ca01:secret:26e38184-4fdb-bd89-0410-3d2c85f4cf4e"
    "secret_id" = "26e38184-4fdb-bd89-0410-3d2c85f4cf4e"
    "secret_next_rotation_date" = "2024-12-22T14:56:05Z"
    "secret_rotation" = true
    "secret_rotation_interval" = "89 day(s)"
  }
  "test-andrej-3-elasticsearch-administrator-secret2" = {
    "secret_crn" = "crn:v1:bluemix:public:secrets-manager:us-south:a/abac0df06b644a9cabc6e44f55b3880e:c6698c1b-48fa-4d46-b7a9-90295fe2ca01:secret:d17546be-26ba-5d7a-8a7f-2568a3f8aec7"
    "secret_id" = "d17546be-26ba-5d7a-8a7f-2568a3f8aec7"
    "secret_next_rotation_date" = null
    "secret_rotation" = tobool(null)
    "secret_rotation_interval" = "89 day(s)"
  }
}

maybe the output name should be changed to something more generic?

another output is admin_pass = <sensitive> which contains the value.

terraform output admin_pass
"NO0xxxx....xxx1Z"

[ocofaigh]

ok I see the confusion, the module secrets_manager_service_credentials is creating both the service credentials and the arbitrary admin pass secret.

The problem is the service_credential_secrets output will now also output the admin password even though its not a service credentials. Can we maybe add a new output for that?

[ocofaigh]

or maybe we just re-use service_credential_secrets and service_credential_secret_groups but rename them? Also not sure they these are separate outputs?

[akocbek]

admin_pass_sm_secret_name input variable exposed

[akocbek]

/run pipeline

[akocbek]

/run pipeline

[terraform-ibm-modules-ops]

🎉 This PR is included in version 1.20.0 🎉

The release is available on:

• GitHub release
• v1.20.0

Your semantic-release bot 📦🚀