From 59ef292561e4e707e80239192254b107936cb07f Mon Sep 17 00:00:00 2001 From: whoffler Date: Mon, 29 Sep 2025 13:38:38 +0100 Subject: [PATCH 1/2] readd validation script adding rg --- .catalog-onboard-pipeline.yaml | 4 ++++ tests/new-rg/README.md | 1 + tests/new-rg/main.tf | 11 ++++++++++ tests/new-rg/outputs.tf | 13 ++++++++++++ tests/new-rg/provider.tf | 3 +++ tests/new-rg/variables.tf | 17 +++++++++++++++ tests/new-rg/version.tf | 9 ++++++++ tests/scripts/post-validate.sh | 19 +++++++++++++++++ tests/scripts/pre-validate.sh | 38 ++++++++++++++++++++++++++++++++++ 9 files changed, 115 insertions(+) create mode 100644 tests/new-rg/README.md create mode 100644 tests/new-rg/main.tf create mode 100644 tests/new-rg/outputs.tf create mode 100644 tests/new-rg/provider.tf create mode 100644 tests/new-rg/variables.tf create mode 100644 tests/new-rg/version.tf create mode 100755 tests/scripts/post-validate.sh create mode 100755 tests/scripts/pre-validate.sh diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index 8b1b246c..a73239bf 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -9,6 +9,8 @@ offerings: - name: security-enforced mark_ready: true install_type: fullstack + pre_validation: "tests/scripts/pre-validate.sh solutions/security-enforced" + post_validation: "tests/scripts/post-validate.sh" scc: instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 region: us-south @@ -16,6 +18,8 @@ offerings: - name: fully-configurable mark_ready: true install_type: fullstack + pre_validation: "tests/scripts/pre-validate.sh solutions/fully-configurable" + post_validation: "tests/scripts/post-validate.sh" scc: instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 region: us-south diff --git a/tests/new-rg/README.md b/tests/new-rg/README.md new file mode 100644 index 00000000..761359cb --- /dev/null +++ b/tests/new-rg/README.md @@ -0,0 +1 @@ +The terraform code in this directory is used for by catalog pipeline \ No newline at end of file diff --git a/tests/new-rg/main.tf b/tests/new-rg/main.tf new file mode 100644 index 00000000..d58e7f97 --- /dev/null +++ b/tests/new-rg/main.tf @@ -0,0 +1,11 @@ +############################################################################## +# Resource Group +############################################################################## + +module "resource_group" { + source = "terraform-ibm-modules/resource-group/ibm" + version = "1.3.0" + # if an existing resource group is not set (null) create a new one using prefix + resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null + existing_resource_group_name = var.resource_group +} diff --git a/tests/new-rg/outputs.tf b/tests/new-rg/outputs.tf new file mode 100644 index 00000000..7143446e --- /dev/null +++ b/tests/new-rg/outputs.tf @@ -0,0 +1,13 @@ +############################################################################## +# Outputs +############################################################################## + +output "resource_group_id" { + value = module.resource_group.resource_group_id + description = "Resource group ID." +} + +output "resource_group_name" { + value = module.resource_group.resource_group_name + description = "Resource group name." +} diff --git a/tests/new-rg/provider.tf b/tests/new-rg/provider.tf new file mode 100644 index 00000000..4a12678d --- /dev/null +++ b/tests/new-rg/provider.tf @@ -0,0 +1,3 @@ +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key +} diff --git a/tests/new-rg/variables.tf b/tests/new-rg/variables.tf new file mode 100644 index 00000000..e8146795 --- /dev/null +++ b/tests/new-rg/variables.tf @@ -0,0 +1,17 @@ +variable "ibmcloud_api_key" { + type = string + description = "The IBM Cloud API Key." + sensitive = true +} + +variable "prefix" { + type = string + description = "Prefix to append to all resources created by this example." + default = "sm" +} + +variable "resource_group" { + type = string + description = "The name of an existing resource group to provision resources in. If not specified, a new resource group is created with the `prefix` variable." + default = null +} diff --git a/tests/new-rg/version.tf b/tests/new-rg/version.tf new file mode 100644 index 00000000..cb783436 --- /dev/null +++ b/tests/new-rg/version.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.9.0" + required_providers { + ibm = { + source = "ibm-cloud/ibm" + version = ">= 1.79.0" + } + } +} diff --git a/tests/scripts/post-validate.sh b/tests/scripts/post-validate.sh new file mode 100755 index 00000000..87318b2b --- /dev/null +++ b/tests/scripts/post-validate.sh @@ -0,0 +1,19 @@ +#! /bin/bash + +######################################################################################################################## +## This script is used by the catalog pipeline to destroy prerequisite resource required for catalog validation ## +######################################################################################################################## + +set -e + +TERRAFORM_SOURCE_DIR="tests/new-rg" +TF_VARS_FILE="terraform.tfvars" + +( + cd ${TERRAFORM_SOURCE_DIR} + echo "Destroying resource group .." + terraform destroy -input=false -auto-approve -var-file=${TF_VARS_FILE} || exit 1 + rm -f "${TF_VARS_FILE}" + + echo "Post-validation completed successfully" +) \ No newline at end of file diff --git a/tests/scripts/pre-validate.sh b/tests/scripts/pre-validate.sh new file mode 100755 index 00000000..25acb057 --- /dev/null +++ b/tests/scripts/pre-validate.sh @@ -0,0 +1,38 @@ +#! /bin/bash + +############################################################################################################ +## This script is used by the catalog pipeline to provision a new resource group +## (required to ensure auth policies don't clash in account) +############################################################################################################ + +set -e + +DA_DIR="${1}" +TERRAFORM_SOURCE_DIR="tests/new-rg" +JSON_FILE="${DA_DIR}/catalogValidationValues.json" +TF_VARS_FILE="terraform.tfvars" + +( + cwd=$(pwd) + cd ${TERRAFORM_SOURCE_DIR} + echo "Provisioning new resource group .." + terraform init || exit 1 + # $VALIDATION_APIKEY is available in the catalog runtime + { + echo "ibmcloud_api_key=\"${VALIDATION_APIKEY}\"" + echo "prefix=\"ocp-$(openssl rand -hex 2)\"" + } >> ${TF_VARS_FILE} + terraform apply -input=false -auto-approve -var-file=${TF_VARS_FILE} || exit 1 + + rg_var_name="existing_resource_group_name" + rg_value=$(terraform output -state=terraform.tfstate -raw resource_group_name) + + echo "Appending '${rg_var_name}', input variable value to ${JSON_FILE}.." + + cd "${cwd}" + jq -r --arg rg_var_name "${rg_var_name}" \ + --arg rg_value "${rg_value}" \ + '. + {($rg_var_name): $rg_value}' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1 + + echo "Pre-validation complete successfully" +) \ No newline at end of file From 5f97f1381651816106924adfcc0541808fbb6187 Mon Sep 17 00:00:00 2001 From: whoffler Date: Mon, 29 Sep 2025 14:05:54 +0100 Subject: [PATCH 2/2] update --- tests/new-rg/README.md | 2 +- tests/scripts/post-validate.sh | 2 +- tests/scripts/pre-validate.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/new-rg/README.md b/tests/new-rg/README.md index 761359cb..9afda9d8 100644 --- a/tests/new-rg/README.md +++ b/tests/new-rg/README.md @@ -1 +1 @@ -The terraform code in this directory is used for by catalog pipeline \ No newline at end of file +The terraform code in this directory is used for by catalog pipeline diff --git a/tests/scripts/post-validate.sh b/tests/scripts/post-validate.sh index 87318b2b..f5808710 100755 --- a/tests/scripts/post-validate.sh +++ b/tests/scripts/post-validate.sh @@ -16,4 +16,4 @@ TF_VARS_FILE="terraform.tfvars" rm -f "${TF_VARS_FILE}" echo "Post-validation completed successfully" -) \ No newline at end of file +) diff --git a/tests/scripts/pre-validate.sh b/tests/scripts/pre-validate.sh index 25acb057..709a2785 100755 --- a/tests/scripts/pre-validate.sh +++ b/tests/scripts/pre-validate.sh @@ -35,4 +35,4 @@ TF_VARS_FILE="terraform.tfvars" '. + {($rg_var_name): $rg_value}' "${JSON_FILE}" > tmpfile && mv tmpfile "${JSON_FILE}" || exit 1 echo "Pre-validation complete successfully" -) \ No newline at end of file +)