From 53c5f5da2a6328fa4f9577007ed38c0dcef58b83 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Mon, 23 Sep 2024 00:29:52 +0100 Subject: [PATCH 1/9] feat: add gitlab support --- README.md | 12 ++- main.tf | 131 ++++++++++++++++++++++------- solutions/code-engine/README.md | 6 ++ solutions/code-engine/main.tf | 39 +++++---- solutions/code-engine/variables.tf | 46 ++++++++++ solutions/kubernetes/README.md | 6 ++ solutions/kubernetes/main.tf | 39 +++++---- solutions/kubernetes/variables.tf | 46 ++++++++++ variables.tf | 46 ++++++++++ 9 files changed, 304 insertions(+), 67 deletions(-) diff --git a/README.md b/README.md index 15d8fcea..b41be402 100644 --- a/README.md +++ b/README.md @@ -65,9 +65,9 @@ statement instead the previous block. | Name | Source | Version | |------|--------|---------| -| [devsecops\_cc\_toolchain](#module\_devsecops\_cc\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain | v2.0.0 | -| [devsecops\_cd\_toolchain](#module\_devsecops\_cd\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain | v2.0.0 | -| [devsecops\_ci\_toolchain](#module\_devsecops\_ci\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain | v2.0.0 | +| [devsecops\_cc\_toolchain](#module\_devsecops\_cc\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain | gitlab | +| [devsecops\_cd\_toolchain](#module\_devsecops\_cd\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain | gitlab | +| [devsecops\_ci\_toolchain](#module\_devsecops\_ci\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain | gitlab | | [prereqs](#module\_prereqs) | ./prereqs | n/a | ### Resources @@ -214,6 +214,7 @@ statement instead the previous block. | [cd\_authorization\_policy\_creation](#input\_cd\_authorization\_policy\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. | `string` | `""` | no | | [cd\_change\_management\_group](#input\_cd\_change\_management\_group) | Specify group for change management repository | `string` | `""` | no | | [cd\_change\_management\_repo\_auth\_type](#input\_cd\_change\_management\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | +| [cd\_change\_management\_repo\_git\_provider](#input\_cd\_change\_management\_repo\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_crn](#input\_cd\_change\_management\_repo\_git\_token\_secret\_crn) | The CRN for the Change Management repository Git Token. | `string` | `""` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_name](#input\_cd\_change\_management\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. | `string` | `""` | no | | [cd\_change\_management\_repo\_secret\_group](#input\_cd\_change\_management\_repo\_secret\_group) | Secret group for the Change Management repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -543,10 +544,15 @@ statement instead the previous block. | [pr\_pipeline\_git\_tag](#input\_pr\_pipeline\_git\_tag) | The GIT tag selector for the Compliance Pipelines definitions. | `string` | `""` | no | | [prefix](#input\_prefix) | A prefix that is added to the toolchain resources. | `string` | `""` | no | | [registry\_namespace](#input\_registry\_namespace) | A unique namespace within the IBM Cloud Container Registry region where the application image is stored. | `string` | `""` | no | +| [repo\_blind\_connection](#input\_repo\_blind\_connection) | Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server. | `string` | `""` | no | +| [repo\_git\_id](#input\_repo\_git\_id) | The Git ID for the compliance repositories. | `string` | `""` | no | +| [repo\_git\_provider](#input\_repo\_git\_provider) | The Git provider type. | `string` | `""` | no | | [repo\_git\_token\_secret\_crn](#input\_repo\_git\_token\_secret\_crn) | The CRN for the repositories Git Token. | `string` | `""` | no | | [repo\_git\_token\_secret\_name](#input\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. Specifying a secret name for the Git Token automatically sets the authentication type to `pat`. | `string` | `""` | no | | [repo\_group](#input\_repo\_group) | Specify the Git user or group for your application. This must be set if the repository authentication type is `pat` (personal access token). | `string` | `""` | no | +| [repo\_root\_url](#input\_repo\_root\_url) | (Optional) The Root URL of the server. e.g. https://git.example.com. | `string` | `""` | no | | [repo\_secret\_group](#input\_repo\_secret\_group) | Secret group in Secrets Manager that contains the secret for the repository. This variable will set the same secret group for all the repositories. Can be overriden on a per secret group basis. Only applies when using Secrets Manager. | `string` | `""` | no | +| [repo\_title](#input\_repo\_title) | (Optional) The title of the server. e.g. My Git Enterprise Server. | `string` | `""` | no | | [repositories\_prefix](#input\_repositories\_prefix) | Prefix name for the cloned compliance repos. For the repositories\_prefix value only a-z, A-Z and 0-9 and the special characters `-_` are allowed. In addition the string must not end with a special character or have two consecutive special characters. | `string` | `"compliance"` | no | | [sample\_default\_application](#input\_sample\_default\_application) | The name of the sample application repository. The repository source URL is automatically computed based on the toolchain region. The other currently supported name is `code-engine-compliance-app`. Alternatively an integration can be created that can link to or clone from an existing repository. See `app_repo_existing_url` and `app_repo_clone_from_url` to override the sample application default behavior. | `string` | `"hello-compliance-app"` | no | | [scc\_attachment\_id](#input\_scc\_attachment\_id) | An attachment ID. An attachment is configured under a profile to define how a scan will be run. To find the attachment ID, in the browser, in the attachments list, click on the attachment link, and a panel appears with a button to copy the attachment ID. This parameter is only relevant when the `scc_use_profile_attachment` parameter is enabled. | `string` | `""` | no | diff --git a/main.tf b/main.tf index 215d8270..9e7a7ff7 100644 --- a/main.tf +++ b/main.tf @@ -250,7 +250,7 @@ module "prereqs" { module "devsecops_ci_toolchain" { count = var.create_ci_toolchain ? 1 : 0 depends_on = [ibm_resource_instance.cd_instance] - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain?ref=v2.0.0" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain?ref=gitlab" ibmcloud_api_key = var.ibmcloud_api_key toolchain_name = (var.prefix == "") ? local.ci_toolchain_name : format("${var.prefix}-%s", local.ci_toolchain_name) toolchain_region = (var.ci_toolchain_region == "") ? var.toolchain_region : replace(replace(var.ci_toolchain_region, "ibm:yp:", ""), "ibm:ys1:", "") @@ -344,32 +344,54 @@ module "devsecops_ci_toolchain" { app_repo_existing_git_id = local.ci_app_repo_existing_git_id app_repo_clone_to_git_provider = local.ci_app_repo_clone_to_git_provider app_repo_clone_to_git_id = local.ci_app_repo_clone_to_git_id + app_repo_blind_connection = var.repo_blind_connection + app_repo_root_url = var.repo_root_url + app_repo_title = var.repo_title + + #COMPLIANCE PIPELINE REPO + compliance_pipelines_repo_blind_connection = var.repo_blind_connection + compliance_pipelines_repo_root_url = var.repo_root_url + compliance_pipelines_repo_title = var.repo_title + #clone_compliance_pipelines = var.clone_compliance_pipelines + #PIPELINE CONFIG REPO - pipeline_config_repo_existing_url = local.ci_pipeline_config_repo_existing_url - pipeline_config_repo_clone_from_url = local.ci_pipeline_config_repo_clone_from_url - pipeline_config_repo_branch = (local.ci_pipeline_config_repo_branch == "") ? local.ci_app_repo_branch : local.ci_pipeline_config_repo_branch + pipeline_config_repo_existing_url = local.ci_pipeline_config_repo_existing_url + pipeline_config_repo_clone_from_url = local.ci_pipeline_config_repo_clone_from_url + pipeline_config_repo_branch = (local.ci_pipeline_config_repo_branch == "") ? local.ci_app_repo_branch : local.ci_pipeline_config_repo_branch + pipeline_config_repo_blind_connection = var.repo_blind_connection + pipeline_config_repo_root_url = var.repo_root_url + pipeline_config_repo_title = var.repo_title #EVIDENCE REPO evidence_repo_name = var.evidence_repo_name evidence_repo_existing_url = var.evidence_repo_existing_url - evidence_repo_git_provider = var.evidence_repo_existing_git_provider - evidence_repo_git_id = var.evidence_repo_existing_git_id + evidence_repo_git_provider = (var.evidence_repo_existing_git_provider == "") ? var.repo_git_provider : var.evidence_repo_existing_git_provider + evidence_repo_git_id = (var.evidence_repo_existing_git_id == "") ? var.repo_git_id : var.evidence_repo_existing_git_id evidence_repo_integration_owner = var.evidence_repo_integration_owner + evidence_repo_blind_connection = var.repo_blind_connection + evidence_repo_root_url = var.repo_root_url + evidence_repo_title = var.repo_title #ISSUES REPO issues_repo_name = var.issues_repo_name issues_repo_existing_url = var.issues_repo_existing_url - issues_repo_git_provider = var.issues_repo_existing_git_provider - issues_repo_git_id = var.issues_repo_existing_git_id + issues_repo_git_provider = (var.issues_repo_existing_git_provider == "") ? var.repo_git_provider : var.issues_repo_existing_git_provider + issues_repo_git_id = (var.issues_repo_existing_git_id == "") ? var.repo_git_id : var.issues_repo_existing_git_id issues_repo_integration_owner = var.issues_repo_integration_owner + issues_repo_blind_connection = var.repo_blind_connection + issues_repo_root_url = var.repo_root_url + issues_repo_title = var.repo_title #INVENTORY REPO inventory_repo_name = var.inventory_repo_name inventory_repo_existing_url = var.inventory_repo_existing_url - inventory_repo_git_provider = var.inventory_repo_existing_git_provider - inventory_repo_git_id = var.inventory_repo_existing_git_id + inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_id : var.inventory_repo_existing_git_provider + inventory_repo_git_id = (var.inventory_repo_existing_git_id == "") ? var.repo_git_id : var.inventory_repo_existing_git_id inventory_repo_integration_owner = var.inventory_repo_integration_owner + inventory_repo_blind_connection = var.repo_blind_connection + inventory_repo_root_url = var.repo_root_url + inventory_repo_title = var.repo_title app_name = var.ci_app_name signing_key_secret_name = var.ci_signing_key_secret_name @@ -450,7 +472,7 @@ module "devsecops_ci_toolchain" { module "devsecops_cd_toolchain" { count = var.create_cd_toolchain ? 1 : 0 depends_on = [ibm_resource_instance.cd_instance] - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain?ref=v2.0.0" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain?ref=gitlab" ibmcloud_api_key = var.ibmcloud_api_key toolchain_name = (var.prefix == "") ? local.cd_toolchain_name : format("${var.prefix}-%s", local.cd_toolchain_name) @@ -544,35 +566,57 @@ module "devsecops_cd_toolchain" { deployment_group = (var.cd_deployment_group == "") ? var.repo_group : var.cd_deployment_group change_management_group = (var.cd_change_management_group == "") ? var.repo_group : var.cd_change_management_group + #COMPLIANCE PIPELINE REPO + compliance_pipelines_repo_blind_connection = var.repo_blind_connection + compliance_pipelines_repo_root_url = var.repo_root_url + compliance_pipelines_repo_title = var.repo_title + #clone_compliance_pipelines = var.clone_compliance_pipelines + #PIPELINE CONFIG REPO - pipeline_config_repo_existing_url = local.cd_pipeline_config_repo_existing_url - pipeline_config_repo_clone_from_url = local.cd_pipeline_config_repo_clone_from_url - pipeline_config_repo_branch = (local.cd_pipeline_config_repo_branch == "") ? "master" : local.cd_pipeline_config_repo_branch + pipeline_config_repo_existing_url = local.cd_pipeline_config_repo_existing_url + pipeline_config_repo_clone_from_url = local.cd_pipeline_config_repo_clone_from_url + pipeline_config_repo_branch = (local.cd_pipeline_config_repo_branch == "") ? "master" : local.cd_pipeline_config_repo_branch + pipeline_config_repo_blind_connection = var.repo_blind_connection + pipeline_config_repo_root_url = var.repo_root_url + pipeline_config_repo_title = var.repo_title #EVIDENCE REPO evidence_repo_name = var.evidence_repo_name evidence_repo_url = try(module.devsecops_ci_toolchain[0].evidence_repo_url, var.evidence_repo_existing_url) - evidence_repo_git_provider = var.evidence_repo_existing_git_provider - evidence_repo_git_id = var.evidence_repo_existing_git_id + evidence_repo_git_provider = (var.evidence_repo_existing_git_provider == "") ? var.repo_git_provider : var.evidence_repo_existing_git_provider + evidence_repo_git_id = (var.evidence_repo_existing_git_id == "") ? var.repo_git_id : var.evidence_repo_existing_git_id evidence_repo_integration_owner = var.evidence_repo_integration_owner + evidence_repo_blind_connection = var.repo_blind_connection + evidence_repo_root_url = var.repo_root_url + evidence_repo_title = var.repo_title #ISSUES REPO issues_repo_name = var.issues_repo_name issues_repo_url = try(module.devsecops_ci_toolchain[0].issues_repo_url, var.issues_repo_existing_url) - issues_repo_git_provider = var.issues_repo_existing_git_provider - issues_repo_git_id = var.issues_repo_existing_git_id + issues_repo_git_provider = (var.issues_repo_existing_git_provider == "") ? var.repo_git_provider : var.issues_repo_existing_git_provider + issues_repo_git_id = (var.issues_repo_existing_git_id == "") ? var.repo_git_id : var.issues_repo_existing_git_id issues_repo_integration_owner = var.issues_repo_integration_owner + issues_repo_blind_connection = var.repo_blind_connection + issues_repo_root_url = var.repo_root_url + issues_repo_title = var.repo_title #INVENTORY REPO inventory_repo_name = var.inventory_repo_name inventory_repo_url = try(module.devsecops_ci_toolchain[0].inventory_repo_url, var.inventory_repo_existing_url) - inventory_repo_git_provider = var.inventory_repo_existing_git_provider - inventory_repo_git_id = var.inventory_repo_existing_git_id + inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_id : var.inventory_repo_existing_git_provider + inventory_repo_git_id = (var.inventory_repo_existing_git_id == "") ? var.repo_git_id : var.inventory_repo_existing_git_id inventory_repo_integration_owner = var.inventory_repo_integration_owner + inventory_repo_blind_connection = var.repo_blind_connection + inventory_repo_root_url = var.repo_root_url + inventory_repo_title = var.repo_title #CHANGE MANAGEMENT REPO - change_repo_clone_from_url = var.cd_change_repo_clone_from_url - enable_change_management_repo = true + enable_change_management_repo = true + change_repo_clone_from_url = var.cd_change_repo_clone_from_url + change_management_repo_blind_connection = var.repo_blind_connection + change_management_repo_root_url = var.repo_root_url + change_management_repo_title = var.repo_title + change_management_repo_git_provider = var.cd_change_management_repo_git_provider #DEPLOYMENT REPO deployment_repo_existing_git_provider = (var.use_app_repo_for_cd_deploy) ? try(module.devsecops_ci_toolchain[0].app_repo_git_provider, "") : var.cd_deployment_repo_existing_git_provider @@ -583,6 +627,11 @@ module "devsecops_cd_toolchain" { deployment_repo_clone_from_branch = var.cd_deployment_repo_clone_from_branch deployment_repo_existing_url = (var.use_app_repo_for_cd_deploy) ? try(module.devsecops_ci_toolchain[0].app_repo_url, "") : var.cd_deployment_repo_existing_url deployment_repo_existing_branch = (var.use_app_repo_for_cd_deploy) ? try(module.devsecops_ci_toolchain[0].app_repo_branch, "") : var.cd_deployment_repo_existing_branch + deployment_repo_blind_connection = var.repo_blind_connection + deployment_repo_root_url = var.repo_root_url + deployment_repo_title = var.repo_title + + #SCC scc_enable_scc = (local.cd_scc_enable_scc == "true") ? true : false @@ -664,7 +713,7 @@ module "devsecops_cd_toolchain" { module "devsecops_cc_toolchain" { count = var.create_cc_toolchain ? 1 : 0 - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain?ref=v2.0.0" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain?ref=gitlab" ibmcloud_api_key = var.ibmcloud_api_key toolchain_name = (var.prefix == "") ? local.cc_toolchain_name : format("${var.prefix}-%s", local.cc_toolchain_name) toolchain_description = var.cc_toolchain_description @@ -753,10 +802,19 @@ module "devsecops_cc_toolchain" { link_to_doi_toolchain = var.cc_link_to_doi_toolchain + #COMPLIANCE PIPELINE REPO + compliance_pipelines_repo_blind_connection = var.repo_blind_connection + compliance_pipelines_repo_root_url = var.repo_root_url + compliance_pipelines_repo_title = var.repo_title + #clone_compliance_pipelines = var.clone_compliance_pipelines + #PIPELINE CONFIG REPO - pipeline_config_repo_existing_url = local.cc_pipeline_config_repo_existing_url - pipeline_config_repo_clone_from_url = local.cc_pipeline_config_repo_clone_from_url - pipeline_config_repo_branch = (local.cc_pipeline_config_repo_branch == "") ? local.cc_app_repo_branch : local.cc_pipeline_config_repo_branch + pipeline_config_repo_existing_url = local.cc_pipeline_config_repo_existing_url + pipeline_config_repo_clone_from_url = local.cc_pipeline_config_repo_clone_from_url + pipeline_config_repo_branch = (local.cc_pipeline_config_repo_branch == "") ? local.cc_app_repo_branch : local.cc_pipeline_config_repo_branch + pipeline_config_repo_blind_connection = var.repo_blind_connection + pipeline_config_repo_root_url = var.repo_root_url + pipeline_config_repo_title = var.repo_title #APP REPO app_repo_url = try(module.devsecops_ci_toolchain[0].app_repo_url, local.cc_app_repo_existing_url) @@ -767,23 +825,32 @@ module "devsecops_cc_toolchain" { #EVIDENCE REPO evidence_repo_name = var.evidence_repo_name evidence_repo_url = try(module.devsecops_ci_toolchain[0].evidence_repo_url, var.evidence_repo_existing_url) - evidence_repo_git_provider = var.evidence_repo_existing_git_provider - evidence_repo_git_id = var.evidence_repo_existing_git_id + evidence_repo_git_provider = (var.evidence_repo_existing_git_provider == "") ? var.repo_git_provider : var.evidence_repo_existing_git_provider + evidence_repo_git_id = (var.evidence_repo_existing_git_id == "") ? var.repo_git_id : var.evidence_repo_existing_git_id evidence_repo_integration_owner = var.evidence_repo_integration_owner + evidence_repo_blind_connection = var.repo_blind_connection + evidence_repo_root_url = var.repo_root_url + evidence_repo_title = var.repo_title #ISSUES REPO issues_repo_name = var.issues_repo_name issues_repo_url = try(module.devsecops_ci_toolchain[0].issues_repo_url, var.issues_repo_existing_url) - issues_repo_git_provider = var.issues_repo_existing_git_provider - issues_repo_git_id = var.issues_repo_existing_git_id + issues_repo_git_provider = (var.issues_repo_existing_git_provider == "") ? var.repo_git_provider : var.issues_repo_existing_git_provider + issues_repo_git_id = (var.issues_repo_existing_git_id == "") ? var.repo_git_id : var.issues_repo_existing_git_id issues_repo_integration_owner = var.issues_repo_integration_owner + issues_repo_blind_connection = var.repo_blind_connection + issues_repo_root_url = var.repo_root_url + issues_repo_title = var.repo_title #INVENTORY REPO inventory_repo_name = var.inventory_repo_name inventory_repo_url = try(module.devsecops_ci_toolchain[0].inventory_repo_url, var.inventory_repo_existing_url) - inventory_repo_git_provider = var.inventory_repo_existing_git_provider - inventory_repo_git_id = var.inventory_repo_existing_git_id + inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_id : var.inventory_repo_existing_git_provider + inventory_repo_git_id = (var.inventory_repo_existing_git_id == "") ? var.repo_git_id : var.inventory_repo_existing_git_id inventory_repo_integration_owner = var.inventory_repo_integration_owner + inventory_repo_blind_connection = var.repo_blind_connection + inventory_repo_root_url = var.repo_root_url + inventory_repo_title = var.repo_title #SCC scc_enable_scc = (local.cc_scc_enable_scc == "true") ? true : false diff --git a/solutions/code-engine/README.md b/solutions/code-engine/README.md index dff914b1..8e6eb872 100644 --- a/solutions/code-engine/README.md +++ b/solutions/code-engine/README.md @@ -198,6 +198,7 @@ No resources. | [cd\_authorization\_policy\_creation](#input\_cd\_authorization\_policy\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. | `string` | `""` | no | | [cd\_change\_management\_group](#input\_cd\_change\_management\_group) | Specify group for change management repository | `string` | `""` | no | | [cd\_change\_management\_repo\_auth\_type](#input\_cd\_change\_management\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | +| [cd\_change\_management\_repo\_git\_provider](#input\_cd\_change\_management\_repo\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_crn](#input\_cd\_change\_management\_repo\_git\_token\_secret\_crn) | The CRN for the Change Management repository Git Token. | `string` | `""` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_name](#input\_cd\_change\_management\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. | `string` | `""` | no | | [cd\_change\_management\_repo\_secret\_group](#input\_cd\_change\_management\_repo\_secret\_group) | Secret group for the Change Management repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -527,10 +528,15 @@ No resources. | [pr\_pipeline\_git\_tag](#input\_pr\_pipeline\_git\_tag) | The GIT tag selector for the Compliance Pipelines definitions. | `string` | `""` | no | | [prefix](#input\_prefix) | A prefix that is added to the toolchain resources. | `string` | `""` | no | | [registry\_namespace](#input\_registry\_namespace) | A unique namespace within the IBM Cloud Container Registry region where the application image is stored. | `string` | `""` | no | +| [repo\_blind\_connection](#input\_repo\_blind\_connection) | Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server. | `string` | `""` | no | +| [repo\_git\_id](#input\_repo\_git\_id) | The Git ID for the compliance repositories. | `string` | `""` | no | +| [repo\_git\_provider](#input\_repo\_git\_provider) | The Git provider type. | `string` | `""` | no | | [repo\_git\_token\_secret\_crn](#input\_repo\_git\_token\_secret\_crn) | The CRN for the repositories Git Token. | `string` | `""` | no | | [repo\_git\_token\_secret\_name](#input\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. Specifying a secret name for the Git Token automatically sets the authentication type to `pat`. | `string` | `""` | no | | [repo\_group](#input\_repo\_group) | Specify the Git user or group for your application. This must be set if the repository authentication type is `pat` (personal access token). | `string` | `""` | no | +| [repo\_root\_url](#input\_repo\_root\_url) | (Optional) The Root URL of the server. e.g. https://git.example.com. | `string` | `""` | no | | [repo\_secret\_group](#input\_repo\_secret\_group) | Secret group in Secrets Manager that contains the secret for the repository. This variable will set the same secret group for all the repositories. Can be overriden on a per secret group basis. Only applies when using Secrets Manager. | `string` | `""` | no | +| [repo\_title](#input\_repo\_title) | (Optional) The title of the server. e.g. My Git Enterprise Server. | `string` | `""` | no | | [repositories\_prefix](#input\_repositories\_prefix) | Prefix name for the cloned compliance repos. For the repositories\_prefix value only a-z, A-Z and 0-9 and the special characters `-_` are allowed. In addition the string must not end with a special character or have two consecutive special characters. | `string` | `"compliance"` | no | | [sample\_default\_application](#input\_sample\_default\_application) | The name of the sample application repository. The repository source URL is automatically computed based on the toolchain region. The other currently supported name is `code-engine-compliance-app`. Alternatively an integration can be created that can link to or clone from an existing repository. See `app_repo_existing_url` and `app_repo_clone_from_url` to override the sample application default behavior. | `string` | `"code-engine-compliance-app"` | no | | [scc\_attachment\_id](#input\_scc\_attachment\_id) | An attachment ID. An attachment is configured under a profile to define how a scan will be run. To find the attachment ID, in the browser, in the attachments list, click on the attachment link, and a panel appears with a button to copy the attachment ID. This parameter is only relevant when the `scc_use_profile_attachment` parameter is enabled. | `string` | `""` | no | diff --git a/solutions/code-engine/main.tf b/solutions/code-engine/main.tf index a2188c91..83117a51 100644 --- a/solutions/code-engine/main.tf +++ b/solutions/code-engine/main.tf @@ -1,22 +1,23 @@ module "devsecops_da" { source = "../../" - add_code_engine_prefix = var.add_code_engine_prefix - add_container_name_suffix = var.add_container_name_suffix - app_group = var.app_group - app_repo_auth_type = var.app_repo_auth_type - app_repo_branch = var.app_repo_branch - app_repo_clone_from_url = var.app_repo_clone_from_url - app_repo_clone_to_git_id = var.app_repo_clone_to_git_id - app_repo_clone_to_git_provider = var.app_repo_clone_to_git_provider - app_repo_existing_git_id = var.app_repo_existing_git_id - app_repo_existing_git_provider = var.app_repo_existing_git_provider - app_repo_existing_url = var.app_repo_existing_url - app_repo_git_token_secret_crn = var.app_repo_git_token_secret_crn - app_repo_git_token_secret_name = var.app_repo_git_token_secret_name - app_repo_secret_group = var.app_repo_secret_group - authorization_policy_creation = var.authorization_policy_creation - autostart = var.autostart + add_code_engine_prefix = var.add_code_engine_prefix + add_container_name_suffix = var.add_container_name_suffix + app_group = var.app_group + app_repo_auth_type = var.app_repo_auth_type + app_repo_branch = var.app_repo_branch + app_repo_clone_from_url = var.app_repo_clone_from_url + app_repo_clone_to_git_id = var.app_repo_clone_to_git_id + app_repo_clone_to_git_provider = var.app_repo_clone_to_git_provider + app_repo_existing_git_id = var.app_repo_existing_git_id + app_repo_existing_git_provider = var.app_repo_existing_git_provider + app_repo_existing_url = var.app_repo_existing_url + app_repo_git_token_secret_crn = var.app_repo_git_token_secret_crn + app_repo_git_token_secret_name = var.app_repo_git_token_secret_name + app_repo_secret_group = var.app_repo_secret_group + authorization_policy_creation = var.authorization_policy_creation + autostart = var.autostart + #clone_compliance_pipelines = var.clone_compliance_pipelines cluster_name = var.cluster_name code_engine_project = var.code_engine_project compliance_pipeline_branch = var.compliance_pipeline_branch @@ -100,10 +101,15 @@ module "devsecops_da" { pipeline_ibmcloud_api_key_secret_name = var.pipeline_ibmcloud_api_key_secret_name prefix = var.prefix registry_namespace = var.registry_namespace + repo_blind_connection = var.repo_blind_connection + repo_git_id = var.repo_git_id + repo_git_provider = var.repo_git_provider repo_git_token_secret_crn = var.repo_git_token_secret_crn repo_git_token_secret_name = var.repo_git_token_secret_name repo_group = var.repo_group + repo_root_url = var.repo_root_url repo_secret_group = var.repo_secret_group + repo_title = var.repo_title repositories_prefix = var.repositories_prefix scc_attachment_id = var.scc_attachment_id scc_enable_scc = var.scc_enable_scc @@ -250,6 +256,7 @@ module "devsecops_da" { cd_change_management_group = var.cd_change_management_group cd_change_management_repo_auth_type = var.cd_change_management_repo_auth_type cd_change_management_repo_git_token_secret_crn = var.cd_change_management_repo_git_token_secret_crn + cd_change_management_repo_git_provider = var.cd_change_management_repo_git_provider cd_change_management_repo_git_token_secret_name = var.cd_change_management_repo_git_token_secret_name cd_change_management_repo_secret_group = var.cd_change_management_repo_secret_group cd_change_repo_clone_from_url = var.cd_change_repo_clone_from_url diff --git a/solutions/code-engine/variables.tf b/solutions/code-engine/variables.tf index d78548c7..4f26c42c 100644 --- a/solutions/code-engine/variables.tf +++ b/solutions/code-engine/variables.tf @@ -105,6 +105,12 @@ variable "autostart" { default = false } +#variable "clone_compliance_pipelines" { +# type = bool +# description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." +# default = false +#} + variable "cluster_name" { type = string description = "Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`." @@ -661,6 +667,24 @@ variable "registry_namespace" { default = "" } +variable "repo_blind_connection" { + type = string + description = "Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server." + default = "" +} + +variable "repo_git_id" { + type = string + description = "The Git ID for the compliance repositories." + default = "" +} + +variable "repo_git_provider" { + type = string + description = "The Git provider type." + default = "" +} + variable "repo_git_token_secret_crn" { type = string sensitive = true @@ -704,6 +728,18 @@ variable "repositories_prefix" { } } +variable "repo_root_url" { + type = string + description = "(Optional) The Root URL of the server. e.g. https://git.example.com." + default = "" +} + +variable "repo_title" { + type = string + description = "(Optional) The title of the server. e.g. My Git Enterprise Server." + default = "" +} + variable "scc_attachment_id" { type = string description = "An attachment ID. An attachment is configured under a profile to define how a scan will be run. To find the attachment ID, in the browser, in the attachments list, click on the attachment link, and a panel appears with a button to copy the attachment ID. This parameter is only relevant when the `scc_use_profile_attachment` parameter is enabled." @@ -1654,6 +1690,16 @@ variable "cd_change_management_repo_auth_type" { default = "" } +variable "cd_change_management_repo_git_provider" { + type = string + default = "hostedgit" + description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.cd_change_management_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." + } +} + variable "cd_change_management_repo_git_token_secret_crn" { type = string sensitive = true diff --git a/solutions/kubernetes/README.md b/solutions/kubernetes/README.md index cf88e94b..88547cc4 100644 --- a/solutions/kubernetes/README.md +++ b/solutions/kubernetes/README.md @@ -198,6 +198,7 @@ No resources. | [cd\_authorization\_policy\_creation](#input\_cd\_authorization\_policy\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. | `string` | `""` | no | | [cd\_change\_management\_group](#input\_cd\_change\_management\_group) | Specify group for change management repository | `string` | `""` | no | | [cd\_change\_management\_repo\_auth\_type](#input\_cd\_change\_management\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | +| [cd\_change\_management\_repo\_git\_provider](#input\_cd\_change\_management\_repo\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_crn](#input\_cd\_change\_management\_repo\_git\_token\_secret\_crn) | The CRN for the Change Management repository Git Token. | `string` | `""` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_name](#input\_cd\_change\_management\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. | `string` | `""` | no | | [cd\_change\_management\_repo\_secret\_group](#input\_cd\_change\_management\_repo\_secret\_group) | Secret group for the Change Management repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -527,10 +528,15 @@ No resources. | [pr\_pipeline\_git\_tag](#input\_pr\_pipeline\_git\_tag) | The GIT tag selector for the Compliance Pipelines definitions. | `string` | `""` | no | | [prefix](#input\_prefix) | A prefix that is added to the toolchain resources. | `string` | `""` | no | | [registry\_namespace](#input\_registry\_namespace) | A unique namespace within the IBM Cloud Container Registry region where the application image is stored. | `string` | `""` | no | +| [repo\_blind\_connection](#input\_repo\_blind\_connection) | Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server. | `string` | `""` | no | +| [repo\_git\_id](#input\_repo\_git\_id) | The Git ID for the compliance repositories. | `string` | `""` | no | +| [repo\_git\_provider](#input\_repo\_git\_provider) | The Git provider type. | `string` | `""` | no | | [repo\_git\_token\_secret\_crn](#input\_repo\_git\_token\_secret\_crn) | The CRN for the repositories Git Token. | `string` | `""` | no | | [repo\_git\_token\_secret\_name](#input\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. Specifying a secret name for the Git Token automatically sets the authentication type to `pat`. | `string` | `""` | no | | [repo\_group](#input\_repo\_group) | Specify the Git user or group for your application. This must be set if the repository authentication type is `pat` (personal access token). | `string` | `""` | no | +| [repo\_root\_url](#input\_repo\_root\_url) | (Optional) The Root URL of the server. e.g. https://git.example.com. | `string` | `""` | no | | [repo\_secret\_group](#input\_repo\_secret\_group) | Secret group in Secrets Manager that contains the secret for the repository. This variable will set the same secret group for all the repositories. Can be overriden on a per secret group basis. Only applies when using Secrets Manager. | `string` | `""` | no | +| [repo\_title](#input\_repo\_title) | (Optional) The title of the server. e.g. My Git Enterprise Server. | `string` | `""` | no | | [repositories\_prefix](#input\_repositories\_prefix) | Prefix name for the cloned compliance repos. For the repositories\_prefix value only a-z, A-Z and 0-9 and the special characters `-_` are allowed. In addition the string must not end with a special character or have two consecutive special characters. | `string` | `"compliance"` | no | | [sample\_default\_application](#input\_sample\_default\_application) | The name of the sample application repository. The repository source URL is automatically computed based on the toolchain region. The other currently supported name is `code-engine-compliance-app`. Alternatively an integration can be created that can link to or clone from an existing repository. See `app_repo_existing_url` and `app_repo_clone_from_url` to override the sample application default behavior. | `string` | `"hello-compliance-app"` | no | | [scc\_attachment\_id](#input\_scc\_attachment\_id) | An attachment ID. An attachment is configured under a profile to define how a scan will be run. To find the attachment ID, in the browser, in the attachments list, click on the attachment link, and a panel appears with a button to copy the attachment ID. This parameter is only relevant when the `scc_use_profile_attachment` parameter is enabled. | `string` | `""` | no | diff --git a/solutions/kubernetes/main.tf b/solutions/kubernetes/main.tf index a2188c91..83117a51 100644 --- a/solutions/kubernetes/main.tf +++ b/solutions/kubernetes/main.tf @@ -1,22 +1,23 @@ module "devsecops_da" { source = "../../" - add_code_engine_prefix = var.add_code_engine_prefix - add_container_name_suffix = var.add_container_name_suffix - app_group = var.app_group - app_repo_auth_type = var.app_repo_auth_type - app_repo_branch = var.app_repo_branch - app_repo_clone_from_url = var.app_repo_clone_from_url - app_repo_clone_to_git_id = var.app_repo_clone_to_git_id - app_repo_clone_to_git_provider = var.app_repo_clone_to_git_provider - app_repo_existing_git_id = var.app_repo_existing_git_id - app_repo_existing_git_provider = var.app_repo_existing_git_provider - app_repo_existing_url = var.app_repo_existing_url - app_repo_git_token_secret_crn = var.app_repo_git_token_secret_crn - app_repo_git_token_secret_name = var.app_repo_git_token_secret_name - app_repo_secret_group = var.app_repo_secret_group - authorization_policy_creation = var.authorization_policy_creation - autostart = var.autostart + add_code_engine_prefix = var.add_code_engine_prefix + add_container_name_suffix = var.add_container_name_suffix + app_group = var.app_group + app_repo_auth_type = var.app_repo_auth_type + app_repo_branch = var.app_repo_branch + app_repo_clone_from_url = var.app_repo_clone_from_url + app_repo_clone_to_git_id = var.app_repo_clone_to_git_id + app_repo_clone_to_git_provider = var.app_repo_clone_to_git_provider + app_repo_existing_git_id = var.app_repo_existing_git_id + app_repo_existing_git_provider = var.app_repo_existing_git_provider + app_repo_existing_url = var.app_repo_existing_url + app_repo_git_token_secret_crn = var.app_repo_git_token_secret_crn + app_repo_git_token_secret_name = var.app_repo_git_token_secret_name + app_repo_secret_group = var.app_repo_secret_group + authorization_policy_creation = var.authorization_policy_creation + autostart = var.autostart + #clone_compliance_pipelines = var.clone_compliance_pipelines cluster_name = var.cluster_name code_engine_project = var.code_engine_project compliance_pipeline_branch = var.compliance_pipeline_branch @@ -100,10 +101,15 @@ module "devsecops_da" { pipeline_ibmcloud_api_key_secret_name = var.pipeline_ibmcloud_api_key_secret_name prefix = var.prefix registry_namespace = var.registry_namespace + repo_blind_connection = var.repo_blind_connection + repo_git_id = var.repo_git_id + repo_git_provider = var.repo_git_provider repo_git_token_secret_crn = var.repo_git_token_secret_crn repo_git_token_secret_name = var.repo_git_token_secret_name repo_group = var.repo_group + repo_root_url = var.repo_root_url repo_secret_group = var.repo_secret_group + repo_title = var.repo_title repositories_prefix = var.repositories_prefix scc_attachment_id = var.scc_attachment_id scc_enable_scc = var.scc_enable_scc @@ -250,6 +256,7 @@ module "devsecops_da" { cd_change_management_group = var.cd_change_management_group cd_change_management_repo_auth_type = var.cd_change_management_repo_auth_type cd_change_management_repo_git_token_secret_crn = var.cd_change_management_repo_git_token_secret_crn + cd_change_management_repo_git_provider = var.cd_change_management_repo_git_provider cd_change_management_repo_git_token_secret_name = var.cd_change_management_repo_git_token_secret_name cd_change_management_repo_secret_group = var.cd_change_management_repo_secret_group cd_change_repo_clone_from_url = var.cd_change_repo_clone_from_url diff --git a/solutions/kubernetes/variables.tf b/solutions/kubernetes/variables.tf index 7a167c48..cd336c8f 100644 --- a/solutions/kubernetes/variables.tf +++ b/solutions/kubernetes/variables.tf @@ -105,6 +105,12 @@ variable "autostart" { default = false } +#variable "clone_compliance_pipelines" { +# type = bool +# description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." +# default = false +#} + variable "cluster_name" { type = string description = "Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`." @@ -661,6 +667,24 @@ variable "registry_namespace" { default = "" } +variable "repo_blind_connection" { + type = string + description = "Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server." + default = "" +} + +variable "repo_git_id" { + type = string + description = "The Git ID for the compliance repositories." + default = "" +} + +variable "repo_git_provider" { + type = string + description = "The Git provider type." + default = "" +} + variable "repo_git_token_secret_crn" { type = string sensitive = true @@ -704,6 +728,18 @@ variable "repositories_prefix" { } } +variable "repo_root_url" { + type = string + description = "(Optional) The Root URL of the server. e.g. https://git.example.com." + default = "" +} + +variable "repo_title" { + type = string + description = "(Optional) The title of the server. e.g. My Git Enterprise Server." + default = "" +} + variable "scc_attachment_id" { type = string description = "An attachment ID. An attachment is configured under a profile to define how a scan will be run. To find the attachment ID, in the browser, in the attachments list, click on the attachment link, and a panel appears with a button to copy the attachment ID. This parameter is only relevant when the `scc_use_profile_attachment` parameter is enabled." @@ -1654,6 +1690,16 @@ variable "cd_change_management_repo_auth_type" { default = "" } +variable "cd_change_management_repo_git_provider" { + type = string + default = "hostedgit" + description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.cd_change_management_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." + } +} + variable "cd_change_management_repo_git_token_secret_crn" { type = string sensitive = true diff --git a/variables.tf b/variables.tf index 06996ee7..29d89b12 100644 --- a/variables.tf +++ b/variables.tf @@ -105,6 +105,12 @@ variable "autostart" { default = false } +#variable "clone_compliance_pipelines" { +# type = bool +# description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." +# default = false +#} + variable "cluster_name" { type = string description = "Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`." @@ -661,6 +667,24 @@ variable "registry_namespace" { default = "" } +variable "repo_blind_connection" { + type = string + description = "Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server." + default = "" +} + +variable "repo_git_id" { + type = string + description = "The Git ID for the compliance repositories." + default = "" +} + +variable "repo_git_provider" { + type = string + description = "The Git provider type." + default = "" +} + variable "repo_git_token_secret_crn" { type = string sensitive = true @@ -704,6 +728,18 @@ variable "repositories_prefix" { } } +variable "repo_root_url" { + type = string + description = "(Optional) The Root URL of the server. e.g. https://git.example.com." + default = "" +} + +variable "repo_title" { + type = string + description = "(Optional) The title of the server. e.g. My Git Enterprise Server." + default = "" +} + variable "scc_attachment_id" { type = string description = "An attachment ID. An attachment is configured under a profile to define how a scan will be run. To find the attachment ID, in the browser, in the attachments list, click on the attachment link, and a panel appears with a button to copy the attachment ID. This parameter is only relevant when the `scc_use_profile_attachment` parameter is enabled." @@ -1654,6 +1690,16 @@ variable "cd_change_management_repo_auth_type" { default = "" } +variable "cd_change_management_repo_git_provider" { + type = string + default = "hostedgit" + description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.cd_change_management_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." + } +} + variable "cd_change_management_repo_git_token_secret_crn" { type = string sensitive = true From f30899eebba0220acdfe59984ab595ce5dfe7605 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Mon, 23 Sep 2024 16:04:41 +0100 Subject: [PATCH 2/9] chore: surface compliance pipelines cars --- README.md | 2 ++ main.tf | 10 +++++---- solutions/code-engine/README.md | 2 ++ solutions/code-engine/main.tf | 35 +++++++++++++++--------------- solutions/code-engine/variables.tf | 20 ++++++++++++----- solutions/kubernetes/README.md | 2 ++ solutions/kubernetes/main.tf | 35 +++++++++++++++--------------- solutions/kubernetes/variables.tf | 20 ++++++++++++----- variables.tf | 20 ++++++++++++----- 9 files changed, 93 insertions(+), 53 deletions(-) diff --git a/README.md b/README.md index b41be402..113fb925 100644 --- a/README.md +++ b/README.md @@ -459,11 +459,13 @@ statement instead the previous block. | [ci\_trigger\_timed\_name](#input\_ci\_trigger\_timed\_name) | The name of the CI pipeline Timed trigger. | `string` | `"Git CI Timed Trigger"` | no | | [ci\_trigger\_timed\_pruner\_enable](#input\_ci\_trigger\_timed\_pruner\_enable) | Set to `true` to enable the timed Pruner trigger. | `bool` | `false` | no | | [ci\_trigger\_timed\_pruner\_name](#input\_ci\_trigger\_timed\_pruner\_name) | The name of the timed Pruner trigger. | `string` | `"Evidence Pruner Timed Trigger"` | no | +| [clone\_compliance\_pipelines](#input\_clone\_compliance\_pipelines) | Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories. | `bool` | `false` | no | | [cluster\_name](#input\_cluster\_name) | Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`. | `string` | `"mycluster-free"` | no | | [code\_engine\_project](#input\_code\_engine\_project) | The name of the Code Engine project to use. Created if it does not exist. Applies to both the CI and CD toolchains. To set individually use `ci_code_engine_project` and `cd_code_engine_project`. | `string` | `""` | no | | [compliance\_pipeline\_branch](#input\_compliance\_pipeline\_branch) | The Compliance Pipeline definitions branch. See `ci_compliance_pipeline_branch`, `cd_compliance_pipeline_branch` and `cc_compliance_pipeline_branch` to set independently. | `string` | `"open-v10"` | no | | [compliance\_pipeline\_group](#input\_compliance\_pipeline\_group) | Specify user or group for compliance pipline repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_auth\_type](#input\_compliance\_pipeline\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | +| [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for pipeline repo | `string` | `"hostedgit"` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_crn](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_name](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_secret\_group](#input\_compliance\_pipeline\_repo\_secret\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | diff --git a/main.tf b/main.tf index 9e7a7ff7..802026b0 100644 --- a/main.tf +++ b/main.tf @@ -352,8 +352,8 @@ module "devsecops_ci_toolchain" { compliance_pipelines_repo_blind_connection = var.repo_blind_connection compliance_pipelines_repo_root_url = var.repo_root_url compliance_pipelines_repo_title = var.repo_title - #clone_compliance_pipelines = var.clone_compliance_pipelines - + clone_compliance_pipelines = var.clone_compliance_pipelines + compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider #PIPELINE CONFIG REPO pipeline_config_repo_existing_url = local.ci_pipeline_config_repo_existing_url @@ -570,7 +570,8 @@ module "devsecops_cd_toolchain" { compliance_pipelines_repo_blind_connection = var.repo_blind_connection compliance_pipelines_repo_root_url = var.repo_root_url compliance_pipelines_repo_title = var.repo_title - #clone_compliance_pipelines = var.clone_compliance_pipelines + clone_compliance_pipelines = var.clone_compliance_pipelines + compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider #PIPELINE CONFIG REPO pipeline_config_repo_existing_url = local.cd_pipeline_config_repo_existing_url @@ -806,7 +807,8 @@ module "devsecops_cc_toolchain" { compliance_pipelines_repo_blind_connection = var.repo_blind_connection compliance_pipelines_repo_root_url = var.repo_root_url compliance_pipelines_repo_title = var.repo_title - #clone_compliance_pipelines = var.clone_compliance_pipelines + clone_compliance_pipelines = var.clone_compliance_pipelines + compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider #PIPELINE CONFIG REPO pipeline_config_repo_existing_url = local.cc_pipeline_config_repo_existing_url diff --git a/solutions/code-engine/README.md b/solutions/code-engine/README.md index 8e6eb872..88072d71 100644 --- a/solutions/code-engine/README.md +++ b/solutions/code-engine/README.md @@ -443,11 +443,13 @@ No resources. | [ci\_trigger\_timed\_name](#input\_ci\_trigger\_timed\_name) | The name of the CI pipeline Timed trigger. | `string` | `"Git CI Timed Trigger"` | no | | [ci\_trigger\_timed\_pruner\_enable](#input\_ci\_trigger\_timed\_pruner\_enable) | Set to `true` to enable the timed Pruner trigger. | `bool` | `false` | no | | [ci\_trigger\_timed\_pruner\_name](#input\_ci\_trigger\_timed\_pruner\_name) | The name of the timed Pruner trigger. | `string` | `"Evidence Pruner Timed Trigger"` | no | +| [clone\_compliance\_pipelines](#input\_clone\_compliance\_pipelines) | Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories. | `bool` | `false` | no | | [cluster\_name](#input\_cluster\_name) | Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`. | `string` | `"mycluster-free"` | no | | [code\_engine\_project](#input\_code\_engine\_project) | The name of the Code Engine project to use. Created if it does not exist. Applies to both the CI and CD toolchains. To set individually use `ci_code_engine_project` and `cd_code_engine_project`. | `string` | `""` | no | | [compliance\_pipeline\_branch](#input\_compliance\_pipeline\_branch) | The Compliance Pipeline definitions branch. See `ci_compliance_pipeline_branch`, `cd_compliance_pipeline_branch` and `cc_compliance_pipeline_branch` to set independently. | `string` | `"open-v10"` | no | | [compliance\_pipeline\_group](#input\_compliance\_pipeline\_group) | Specify user or group for compliance pipline repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_auth\_type](#input\_compliance\_pipeline\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | +| [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for pipeline repo | `string` | `"hostedgit"` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_crn](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_name](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_secret\_group](#input\_compliance\_pipeline\_repo\_secret\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | diff --git a/solutions/code-engine/main.tf b/solutions/code-engine/main.tf index 83117a51..6c345252 100644 --- a/solutions/code-engine/main.tf +++ b/solutions/code-engine/main.tf @@ -1,28 +1,29 @@ module "devsecops_da" { source = "../../" - add_code_engine_prefix = var.add_code_engine_prefix - add_container_name_suffix = var.add_container_name_suffix - app_group = var.app_group - app_repo_auth_type = var.app_repo_auth_type - app_repo_branch = var.app_repo_branch - app_repo_clone_from_url = var.app_repo_clone_from_url - app_repo_clone_to_git_id = var.app_repo_clone_to_git_id - app_repo_clone_to_git_provider = var.app_repo_clone_to_git_provider - app_repo_existing_git_id = var.app_repo_existing_git_id - app_repo_existing_git_provider = var.app_repo_existing_git_provider - app_repo_existing_url = var.app_repo_existing_url - app_repo_git_token_secret_crn = var.app_repo_git_token_secret_crn - app_repo_git_token_secret_name = var.app_repo_git_token_secret_name - app_repo_secret_group = var.app_repo_secret_group - authorization_policy_creation = var.authorization_policy_creation - autostart = var.autostart - #clone_compliance_pipelines = var.clone_compliance_pipelines + add_code_engine_prefix = var.add_code_engine_prefix + add_container_name_suffix = var.add_container_name_suffix + app_group = var.app_group + app_repo_auth_type = var.app_repo_auth_type + app_repo_branch = var.app_repo_branch + app_repo_clone_from_url = var.app_repo_clone_from_url + app_repo_clone_to_git_id = var.app_repo_clone_to_git_id + app_repo_clone_to_git_provider = var.app_repo_clone_to_git_provider + app_repo_existing_git_id = var.app_repo_existing_git_id + app_repo_existing_git_provider = var.app_repo_existing_git_provider + app_repo_existing_url = var.app_repo_existing_url + app_repo_git_token_secret_crn = var.app_repo_git_token_secret_crn + app_repo_git_token_secret_name = var.app_repo_git_token_secret_name + app_repo_secret_group = var.app_repo_secret_group + authorization_policy_creation = var.authorization_policy_creation + autostart = var.autostart + clone_compliance_pipelines = var.clone_compliance_pipelines cluster_name = var.cluster_name code_engine_project = var.code_engine_project compliance_pipeline_branch = var.compliance_pipeline_branch compliance_pipeline_group = var.compliance_pipeline_group compliance_pipeline_repo_auth_type = var.compliance_pipeline_repo_auth_type + compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider compliance_pipeline_repo_git_token_secret_crn = var.compliance_pipeline_repo_git_token_secret_crn compliance_pipeline_repo_git_token_secret_name = var.compliance_pipeline_repo_git_token_secret_name compliance_pipeline_repo_secret_group = var.compliance_pipeline_repo_secret_group diff --git a/solutions/code-engine/variables.tf b/solutions/code-engine/variables.tf index 4f26c42c..6431488b 100644 --- a/solutions/code-engine/variables.tf +++ b/solutions/code-engine/variables.tf @@ -105,11 +105,11 @@ variable "autostart" { default = false } -#variable "clone_compliance_pipelines" { -# type = bool -# description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." -# default = false -#} +variable "clone_compliance_pipelines" { + type = bool + description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." + default = false +} variable "cluster_name" { type = string @@ -141,6 +141,16 @@ variable "compliance_pipeline_repo_auth_type" { default = "" } +variable "compliance_pipeline_repo_git_provider" { + type = string + default = "hostedgit" + description = "Git provider for pipeline repo" + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.compliance_pipeline_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline repo." + } +} + variable "compliance_pipeline_repo_git_token_secret_crn" { type = string sensitive = true diff --git a/solutions/kubernetes/README.md b/solutions/kubernetes/README.md index 88547cc4..f60247fe 100644 --- a/solutions/kubernetes/README.md +++ b/solutions/kubernetes/README.md @@ -443,11 +443,13 @@ No resources. | [ci\_trigger\_timed\_name](#input\_ci\_trigger\_timed\_name) | The name of the CI pipeline Timed trigger. | `string` | `"Git CI Timed Trigger"` | no | | [ci\_trigger\_timed\_pruner\_enable](#input\_ci\_trigger\_timed\_pruner\_enable) | Set to `true` to enable the timed Pruner trigger. | `bool` | `false` | no | | [ci\_trigger\_timed\_pruner\_name](#input\_ci\_trigger\_timed\_pruner\_name) | The name of the timed Pruner trigger. | `string` | `"Evidence Pruner Timed Trigger"` | no | +| [clone\_compliance\_pipelines](#input\_clone\_compliance\_pipelines) | Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories. | `bool` | `false` | no | | [cluster\_name](#input\_cluster\_name) | Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`. | `string` | `"mycluster-free"` | no | | [code\_engine\_project](#input\_code\_engine\_project) | The name of the Code Engine project to use. Created if it does not exist. Applies to both the CI and CD toolchains. To set individually use `ci_code_engine_project` and `cd_code_engine_project`. | `string` | `""` | no | | [compliance\_pipeline\_branch](#input\_compliance\_pipeline\_branch) | The Compliance Pipeline definitions branch. See `ci_compliance_pipeline_branch`, `cd_compliance_pipeline_branch` and `cc_compliance_pipeline_branch` to set independently. | `string` | `"open-v10"` | no | | [compliance\_pipeline\_group](#input\_compliance\_pipeline\_group) | Specify user or group for compliance pipline repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_auth\_type](#input\_compliance\_pipeline\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | +| [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for pipeline repo | `string` | `"hostedgit"` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_crn](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_name](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_secret\_group](#input\_compliance\_pipeline\_repo\_secret\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | diff --git a/solutions/kubernetes/main.tf b/solutions/kubernetes/main.tf index 83117a51..6c345252 100644 --- a/solutions/kubernetes/main.tf +++ b/solutions/kubernetes/main.tf @@ -1,28 +1,29 @@ module "devsecops_da" { source = "../../" - add_code_engine_prefix = var.add_code_engine_prefix - add_container_name_suffix = var.add_container_name_suffix - app_group = var.app_group - app_repo_auth_type = var.app_repo_auth_type - app_repo_branch = var.app_repo_branch - app_repo_clone_from_url = var.app_repo_clone_from_url - app_repo_clone_to_git_id = var.app_repo_clone_to_git_id - app_repo_clone_to_git_provider = var.app_repo_clone_to_git_provider - app_repo_existing_git_id = var.app_repo_existing_git_id - app_repo_existing_git_provider = var.app_repo_existing_git_provider - app_repo_existing_url = var.app_repo_existing_url - app_repo_git_token_secret_crn = var.app_repo_git_token_secret_crn - app_repo_git_token_secret_name = var.app_repo_git_token_secret_name - app_repo_secret_group = var.app_repo_secret_group - authorization_policy_creation = var.authorization_policy_creation - autostart = var.autostart - #clone_compliance_pipelines = var.clone_compliance_pipelines + add_code_engine_prefix = var.add_code_engine_prefix + add_container_name_suffix = var.add_container_name_suffix + app_group = var.app_group + app_repo_auth_type = var.app_repo_auth_type + app_repo_branch = var.app_repo_branch + app_repo_clone_from_url = var.app_repo_clone_from_url + app_repo_clone_to_git_id = var.app_repo_clone_to_git_id + app_repo_clone_to_git_provider = var.app_repo_clone_to_git_provider + app_repo_existing_git_id = var.app_repo_existing_git_id + app_repo_existing_git_provider = var.app_repo_existing_git_provider + app_repo_existing_url = var.app_repo_existing_url + app_repo_git_token_secret_crn = var.app_repo_git_token_secret_crn + app_repo_git_token_secret_name = var.app_repo_git_token_secret_name + app_repo_secret_group = var.app_repo_secret_group + authorization_policy_creation = var.authorization_policy_creation + autostart = var.autostart + clone_compliance_pipelines = var.clone_compliance_pipelines cluster_name = var.cluster_name code_engine_project = var.code_engine_project compliance_pipeline_branch = var.compliance_pipeline_branch compliance_pipeline_group = var.compliance_pipeline_group compliance_pipeline_repo_auth_type = var.compliance_pipeline_repo_auth_type + compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider compliance_pipeline_repo_git_token_secret_crn = var.compliance_pipeline_repo_git_token_secret_crn compliance_pipeline_repo_git_token_secret_name = var.compliance_pipeline_repo_git_token_secret_name compliance_pipeline_repo_secret_group = var.compliance_pipeline_repo_secret_group diff --git a/solutions/kubernetes/variables.tf b/solutions/kubernetes/variables.tf index cd336c8f..b9f81f44 100644 --- a/solutions/kubernetes/variables.tf +++ b/solutions/kubernetes/variables.tf @@ -105,11 +105,11 @@ variable "autostart" { default = false } -#variable "clone_compliance_pipelines" { -# type = bool -# description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." -# default = false -#} +variable "clone_compliance_pipelines" { + type = bool + description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." + default = false +} variable "cluster_name" { type = string @@ -141,6 +141,16 @@ variable "compliance_pipeline_repo_auth_type" { default = "" } +variable "compliance_pipeline_repo_git_provider" { + type = string + default = "hostedgit" + description = "Git provider for pipeline repo" + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.compliance_pipeline_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline repo." + } +} + variable "compliance_pipeline_repo_git_token_secret_crn" { type = string sensitive = true diff --git a/variables.tf b/variables.tf index 29d89b12..6261c772 100644 --- a/variables.tf +++ b/variables.tf @@ -105,11 +105,11 @@ variable "autostart" { default = false } -#variable "clone_compliance_pipelines" { -# type = bool -# description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." -# default = false -#} +variable "clone_compliance_pipelines" { + type = bool + description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." + default = false +} variable "cluster_name" { type = string @@ -141,6 +141,16 @@ variable "compliance_pipeline_repo_auth_type" { default = "" } +variable "compliance_pipeline_repo_git_provider" { + type = string + default = "hostedgit" + description = "Git provider for pipeline repo" + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.compliance_pipeline_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline repo." + } +} + variable "compliance_pipeline_repo_git_token_secret_crn" { type = string sensitive = true From 141dad7c4977e7fbbb5f1c178c62405b09206d32 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Thu, 26 Sep 2024 10:43:44 +0100 Subject: [PATCH 3/9] chore: set up repos less compliance-pipelines --- README.md | 26 ++++--- main.tf | 57 ++++++++++----- solutions/code-engine/README.md | 8 ++- solutions/code-engine/main.tf | 8 ++- solutions/code-engine/variables.tf | 52 ++++++++++++-- solutions/kubernetes/README.md | 8 ++- solutions/kubernetes/main.tf | 8 ++- solutions/kubernetes/variables.tf | 52 ++++++++++++-- variables.tf | 112 +++++++++++++++++++++-------- 9 files changed, 260 insertions(+), 71 deletions(-) diff --git a/README.md b/README.md index 113fb925..b304a9ae 100644 --- a/README.md +++ b/README.md @@ -98,7 +98,7 @@ statement instead the previous block. | [app\_repo\_clone\_to\_git\_id](#input\_app\_repo\_clone\_to\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | | [app\_repo\_clone\_to\_git\_provider](#input\_app\_repo\_clone\_to\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | | [app\_repo\_existing\_git\_id](#input\_app\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [app\_repo\_existing\_git\_provider](#input\_app\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | +| [app\_repo\_existing\_git\_provider](#input\_app\_repo\_existing\_git\_provider) | Git provider for application repo. If not set will default `hostedgit`. | `string` | `""` | no | | [app\_repo\_existing\_url](#input\_app\_repo\_existing\_url) | Bring your own existing application repository by providing the URL. This will create an integration for your application repository instead of cloning the default sample. Repositories existing in a different org will require the use of Git token. See `app_repo_git_token_secret_name` under optional variables. | `string` | `"__NOTSET__"` | no | | [app\_repo\_git\_token\_secret\_crn](#input\_app\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `""` | no | | [app\_repo\_git\_token\_secret\_name](#input\_app\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the sample (or bring your own) application repository. | `string` | `""` | no | @@ -109,7 +109,7 @@ statement instead the previous block. | [cc\_app\_repo\_auth\_type](#input\_cc\_app\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [cc\_app\_repo\_branch](#input\_cc\_app\_repo\_branch) | The default branch of the app repository. | `string` | `""` | no | | [cc\_app\_repo\_git\_id](#input\_cc\_app\_repo\_git\_id) | The Git Id of the repository. | `string` | `""` | no | -| [cc\_app\_repo\_git\_provider](#input\_cc\_app\_repo\_git\_provider) | The type of the Git provider. | `string` | `"hostedgit"` | no | +| [cc\_app\_repo\_git\_provider](#input\_cc\_app\_repo\_git\_provider) | Git provider for the application repo. If not set will default `hostedgit`. | `string` | `""` | no | | [cc\_app\_repo\_git\_token\_secret\_crn](#input\_cc\_app\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the application repository. | `string` | `""` | no | | [cc\_app\_repo\_git\_token\_secret\_name](#input\_cc\_app\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the sample (or bring your own) application repository. | `string` | `""` | no | | [cc\_app\_repo\_secret\_group](#input\_cc\_app\_repo\_secret\_group) | Secret group for the App repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -214,7 +214,7 @@ statement instead the previous block. | [cd\_authorization\_policy\_creation](#input\_cd\_authorization\_policy\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. | `string` | `""` | no | | [cd\_change\_management\_group](#input\_cd\_change\_management\_group) | Specify group for change management repository | `string` | `""` | no | | [cd\_change\_management\_repo\_auth\_type](#input\_cd\_change\_management\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | -| [cd\_change\_management\_repo\_git\_provider](#input\_cd\_change\_management\_repo\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [cd\_change\_management\_repo\_git\_provider](#input\_cd\_change\_management\_repo\_git\_provider) | Git provider for the change management repo. If not set will default `hostedgit`. | `string` | `""` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_crn](#input\_cd\_change\_management\_repo\_git\_token\_secret\_crn) | The CRN for the Change Management repository Git Token. | `string` | `""` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_name](#input\_cd\_change\_management\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. | `string` | `""` | no | | [cd\_change\_management\_repo\_secret\_group](#input\_cd\_change\_management\_repo\_secret\_group) | Secret group for the Change Management repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -245,7 +245,7 @@ statement instead the previous block. | [cd\_deployment\_repo\_clone\_to\_git\_provider](#input\_cd\_deployment\_repo\_clone\_to\_git\_provider) | By default 'hostedgit', else use 'githubconsolidated' or 'gitlab'. | `string` | `""` | no | | [cd\_deployment\_repo\_existing\_branch](#input\_cd\_deployment\_repo\_existing\_branch) | Used when deployment\_repo\_existing\_url is provided, the default branch that is by the CD build, usually either main or master. | `string` | `""` | no | | [cd\_deployment\_repo\_existing\_git\_id](#input\_cd\_deployment\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [cd\_deployment\_repo\_existing\_git\_provider](#input\_cd\_deployment\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [cd\_deployment\_repo\_existing\_git\_provider](#input\_cd\_deployment\_repo\_existing\_git\_provider) | Git provider for the deployment repo. If not set will default `hostedgit`. | `string` | `""` | no | | [cd\_deployment\_repo\_existing\_url](#input\_cd\_deployment\_repo\_existing\_url) | Override to bring your own existing deployment repository URL, which is used directly instead of cloning the default deployment sample. | `string` | `""` | no | | [cd\_deployment\_repo\_git\_token\_secret\_crn](#input\_cd\_deployment\_repo\_git\_token\_secret\_crn) | The CRN for the Deployment repository Git Token. | `string` | `""` | no | | [cd\_deployment\_repo\_git\_token\_secret\_name](#input\_cd\_deployment\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. | `string` | `""` | no | @@ -337,6 +337,8 @@ statement instead the previous block. | [cd\_trigger\_timed\_name](#input\_cd\_trigger\_timed\_name) | The name of the CD pipeline Timed trigger. | `string` | `"Git CD Timed Trigger"` | no | | [cd\_trigger\_timed\_pruner\_enable](#input\_cd\_trigger\_timed\_pruner\_enable) | Set to `true` to enable the timed Pruner trigger. | `bool` | `false` | no | | [cd\_trigger\_timed\_pruner\_name](#input\_cd\_trigger\_timed\_pruner\_name) | The name of the timed Pruner trigger. | `string` | `"Evidence Pruner Timed Trigger"` | no | +| [change\_management\_existing\_url](#input\_change\_management\_existing\_url) | The URL for an existing Change Management repository. | `string` | `""` | no | +| [change\_management\_repo\_git\_id](#input\_change\_management\_repo\_git\_id) | Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server. | `string` | `""` | no | | [ci\_app\_group](#input\_ci\_app\_group) | Specify the Git user or group for the application repository. | `string` | `""` | no | | [ci\_app\_name](#input\_ci\_app\_name) | Name of the application image and inventory entry. | `string` | `"hello-compliance-app"` | no | | [ci\_app\_repo\_auth\_type](#input\_ci\_app\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | @@ -345,7 +347,7 @@ statement instead the previous block. | [ci\_app\_repo\_clone\_to\_git\_id](#input\_ci\_app\_repo\_clone\_to\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | | [ci\_app\_repo\_clone\_to\_git\_provider](#input\_ci\_app\_repo\_clone\_to\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | | [ci\_app\_repo\_existing\_git\_id](#input\_ci\_app\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [ci\_app\_repo\_existing\_git\_provider](#input\_ci\_app\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | +| [ci\_app\_repo\_existing\_git\_provider](#input\_ci\_app\_repo\_existing\_git\_provider) | Git provider for application repo. If not set will default `hostedgit`. | `string` | `""` | no | | [ci\_app\_repo\_existing\_url](#input\_ci\_app\_repo\_existing\_url) | Bring your own existing application repository by providing the URL. This will create an integration for your application repository instead of cloning the default sample. Repositories existing in a different org will require the use of Git token. See `app_repo_git_token_secret_name` under optional variables. | `string` | `""` | no | | [ci\_app\_repo\_git\_token\_secret\_crn](#input\_ci\_app\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the application repository. | `string` | `""` | no | | [ci\_app\_repo\_git\_token\_secret\_name](#input\_ci\_app\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the sample (or bring your own) application repository. | `string` | `""` | no | @@ -459,16 +461,18 @@ statement instead the previous block. | [ci\_trigger\_timed\_name](#input\_ci\_trigger\_timed\_name) | The name of the CI pipeline Timed trigger. | `string` | `"Git CI Timed Trigger"` | no | | [ci\_trigger\_timed\_pruner\_enable](#input\_ci\_trigger\_timed\_pruner\_enable) | Set to `true` to enable the timed Pruner trigger. | `bool` | `false` | no | | [ci\_trigger\_timed\_pruner\_name](#input\_ci\_trigger\_timed\_pruner\_name) | The name of the timed Pruner trigger. | `string` | `"Evidence Pruner Timed Trigger"` | no | -| [clone\_compliance\_pipelines](#input\_clone\_compliance\_pipelines) | Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories. | `bool` | `false` | no | | [cluster\_name](#input\_cluster\_name) | Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`. | `string` | `"mycluster-free"` | no | | [code\_engine\_project](#input\_code\_engine\_project) | The name of the Code Engine project to use. Created if it does not exist. Applies to both the CI and CD toolchains. To set individually use `ci_code_engine_project` and `cd_code_engine_project`. | `string` | `""` | no | | [compliance\_pipeline\_branch](#input\_compliance\_pipeline\_branch) | The Compliance Pipeline definitions branch. See `ci_compliance_pipeline_branch`, `cd_compliance_pipeline_branch` and `cc_compliance_pipeline_branch` to set independently. | `string` | `"open-v10"` | no | +| [compliance\_pipeline\_existing\_repo\_url](#input\_compliance\_pipeline\_existing\_repo\_url) | The URL of an existing compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_group](#input\_compliance\_pipeline\_group) | Specify user or group for compliance pipline repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_auth\_type](#input\_compliance\_pipeline\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | -| [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for pipeline repo | `string` | `"hostedgit"` | no | +| [compliance\_pipeline\_repo\_git\_id](#input\_compliance\_pipeline\_repo\_git\_id) | Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server. | `string` | `""` | no | +| [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for compliance pipeline repo. If not set will default `hostedgit`. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_crn](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_name](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_secret\_group](#input\_compliance\_pipeline\_repo\_secret\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | +| [compliance\_pipeline\_source\_repo\_url](#input\_compliance\_pipeline\_source\_repo\_url) | The URL of a compliance pipelines repository to clone. | `string` | `""` | no | | [continuous\_delivery\_service\_name](#input\_continuous\_delivery\_service\_name) | The name of the Continuous Delivery service instance. | `string` | `"cd-devsecops"` | no | | [cos\_api\_key\_secret\_crn](#input\_cos\_api\_key\_secret\_crn) | The CRN of the Cloud Object Storage apikey. Applies to the CI, CD and CC toolchains. Can beset independently using `ci_cos_api_key_secret_crn`,`cd_cos_api_key_secret_crn`,`cc_cos_api_key_secret_crn`. | `string` | `""` | no | | [cos\_api\_key\_secret\_group](#input\_cos\_api\_key\_secret\_group) | Secret group for the COS api key secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -496,7 +500,7 @@ statement instead the previous block. | [evidence\_group](#input\_evidence\_group) | Specify the Git user or group for the evidence repository. | `string` | `""` | no | | [evidence\_repo\_auth\_type](#input\_evidence\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [evidence\_repo\_existing\_git\_id](#input\_evidence\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [evidence\_repo\_existing\_git\_provider](#input\_evidence\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [evidence\_repo\_existing\_git\_provider](#input\_evidence\_repo\_existing\_git\_provider) | Git provider for evidence repo. If not set will default `hostedgit`. | `string` | `""` | no | | [evidence\_repo\_existing\_url](#input\_evidence\_repo\_existing\_url) | Set to use an existing evidence repository. | `string` | `""` | no | | [evidence\_repo\_git\_token\_secret\_crn](#input\_evidence\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the Evidence repository. | `string` | `""` | no | | [evidence\_repo\_git\_token\_secret\_name](#input\_evidence\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the evidence repository. | `string` | `""` | no | @@ -507,7 +511,7 @@ statement instead the previous block. | [inventory\_group](#input\_inventory\_group) | Specify the Git user or group for the inventory repository. | `string` | `""` | no | | [inventory\_repo\_auth\_type](#input\_inventory\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [inventory\_repo\_existing\_git\_id](#input\_inventory\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [inventory\_repo\_existing\_git\_provider](#input\_inventory\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [inventory\_repo\_existing\_git\_provider](#input\_inventory\_repo\_existing\_git\_provider) | Git provider for the inventory repo. If not set will default `hostedgit`. | `string` | `""` | no | | [inventory\_repo\_existing\_url](#input\_inventory\_repo\_existing\_url) | Set to use an existing inventory repository. | `string` | `""` | no | | [inventory\_repo\_git\_token\_secret\_crn](#input\_inventory\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for acessing the Inventory repository. | `string` | `""` | no | | [inventory\_repo\_git\_token\_secret\_name](#input\_inventory\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the inventory repository. | `string` | `""` | no | @@ -517,7 +521,7 @@ statement instead the previous block. | [issues\_group](#input\_issues\_group) | Specify the Git user or group for the issues repository. | `string` | `""` | no | | [issues\_repo\_auth\_type](#input\_issues\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [issues\_repo\_existing\_git\_id](#input\_issues\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [issues\_repo\_existing\_git\_provider](#input\_issues\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [issues\_repo\_existing\_git\_provider](#input\_issues\_repo\_existing\_git\_provider) | Git provider for the issues repo. If not set will default `hostedgit`. | `string` | `""` | no | | [issues\_repo\_existing\_url](#input\_issues\_repo\_existing\_url) | Set to use an existing issues repository. | `string` | `""` | no | | [issues\_repo\_git\_token\_secret\_crn](#input\_issues\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the Issues repository. | `string` | `""` | no | | [issues\_repo\_git\_token\_secret\_name](#input\_issues\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the issues repository. | `string` | `""` | no | @@ -533,6 +537,8 @@ statement instead the previous block. | [pipeline\_config\_repo\_branch](#input\_pipeline\_config\_repo\_branch) | Specify the branch containing the custom pipeline-config.yaml file. | `string` | `""` | no | | [pipeline\_config\_repo\_clone\_from\_url](#input\_pipeline\_config\_repo\_clone\_from\_url) | Specify a repository containing a custom pipeline-config.yaml file. | `string` | `""` | no | | [pipeline\_config\_repo\_existing\_url](#input\_pipeline\_config\_repo\_existing\_url) | Specify and link to an existing repository containing a custom pipeline-config.yaml file. | `string` | `""` | no | +| [pipeline\_config\_repo\_git\_id](#input\_pipeline\_config\_repo\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | +| [pipeline\_config\_repo\_git\_provider](#input\_pipeline\_config\_repo\_git\_provider) | Git provider for pipeline repo config | `string` | `""` | no | | [pipeline\_config\_repo\_git\_token\_secret\_crn](#input\_pipeline\_config\_repo\_git\_token\_secret\_crn) | The CRN of the Git token for accessing the pipeline config repository. | `string` | `""` | no | | [pipeline\_config\_repo\_git\_token\_secret\_name](#input\_pipeline\_config\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the pipeline config repository. | `string` | `""` | no | | [pipeline\_config\_repo\_secret\_group](#input\_pipeline\_config\_repo\_secret\_group) | Secret group for the Pipeline Config repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | diff --git a/main.tf b/main.tf index 802026b0..eea9e401 100644 --- a/main.tf +++ b/main.tf @@ -155,11 +155,15 @@ locals { cc_pipeline_config_repo_branch = (var.cc_pipeline_config_repo_branch == "") ? var.pipeline_config_repo_branch : var.cc_pipeline_config_repo_branch calculated_provider = ( + (var.app_repo_existing_git_provider != "") ? var.app_repo_existing_git_provider : + (var.repo_git_provider != "") ? var.repo_git_provider : (strcontains(var.app_repo_existing_url, "github")) ? "githubconsolidated" : (strcontains(var.app_repo_existing_url, "git.cloud.ibm.com")) ? "hostedgit" : "" ) calculated_git_id = ( + (var.app_repo_existing_git_id != "") ? var.app_repo_existing_git_id : + (var.repo_git_id != "") ? var.repo_git_id : (strcontains(var.app_repo_existing_url, "github.ibm.com")) ? "integrated" : (strcontains(var.app_repo_existing_url, "github")) ? "github" : (strcontains(var.app_repo_existing_url, "git.cloud.ibm.com")) ? "" : "" @@ -181,6 +185,7 @@ locals { ci_app_repo_existing_url = (var.ci_app_repo_existing_url == "") ? local.app_repo_existing_url : var.ci_app_repo_existing_url cc_app_repo_existing_url = (var.cc_app_repo_url == "") ? local.app_repo_existing_url : var.cc_app_repo_url + ci_app_repo_existing_git_id_temp = (var.ci_app_repo_existing_git_id == "") ? var.app_repo_existing_git_id : var.ci_app_repo_existing_git_id ci_app_repo_existing_git_id = (local.ci_app_repo_existing_git_id_temp == "") ? local.calculated_git_id : local.ci_app_repo_existing_git_id_temp cc_app_repo_existing_git_id_temp = (var.cc_app_repo_git_id == "") ? var.app_repo_existing_git_id : var.cc_app_repo_git_id @@ -194,6 +199,9 @@ locals { ci_app_repo_clone_to_git_id = (var.ci_app_repo_clone_to_git_id == "") ? var.app_repo_clone_to_git_id : var.ci_app_repo_clone_to_git_id ci_app_repo_clone_to_git_provider = (var.ci_app_repo_clone_to_git_provider == "") ? var.app_repo_clone_to_git_provider : var.ci_app_repo_clone_to_git_provider + + deployment_repo_existing_git_provider = (var.cd_deployment_repo_existing_git_provider == "") ? var.repo_git_provider : var.cd_deployment_repo_existing_git_provider + deployment_repo_existing_git_id = (var.cd_deployment_repo_existing_git_id == "") ? var.repo_git_id : var.cd_deployment_repo_existing_git_id } @@ -352,12 +360,16 @@ module "devsecops_ci_toolchain" { compliance_pipelines_repo_blind_connection = var.repo_blind_connection compliance_pipelines_repo_root_url = var.repo_root_url compliance_pipelines_repo_title = var.repo_title - clone_compliance_pipelines = var.clone_compliance_pipelines compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider + compliance_pipelines_repo_git_id = var.compliance_pipeline_repo_git_id + compliance_pipeline_existing_repo_url = var.compliance_pipeline_existing_repo_url + compliance_pipeline_source_repo_url = var.compliance_pipeline_source_repo_url #PIPELINE CONFIG REPO pipeline_config_repo_existing_url = local.ci_pipeline_config_repo_existing_url pipeline_config_repo_clone_from_url = local.ci_pipeline_config_repo_clone_from_url + pipeline_config_repo_git_provider = (var.pipeline_config_repo_git_provider == "") ? var.repo_git_provider : var.pipeline_config_repo_git_provider + pipeline_config_repo_git_id = (var.pipeline_config_repo_git_id == "") ? var.repo_git_id : var.pipeline_config_repo_git_id pipeline_config_repo_branch = (local.ci_pipeline_config_repo_branch == "") ? local.ci_app_repo_branch : local.ci_pipeline_config_repo_branch pipeline_config_repo_blind_connection = var.repo_blind_connection pipeline_config_repo_root_url = var.repo_root_url @@ -386,7 +398,7 @@ module "devsecops_ci_toolchain" { #INVENTORY REPO inventory_repo_name = var.inventory_repo_name inventory_repo_existing_url = var.inventory_repo_existing_url - inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_id : var.inventory_repo_existing_git_provider + inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_provider : var.inventory_repo_existing_git_provider inventory_repo_git_id = (var.inventory_repo_existing_git_id == "") ? var.repo_git_id : var.inventory_repo_existing_git_id inventory_repo_integration_owner = var.inventory_repo_integration_owner inventory_repo_blind_connection = var.repo_blind_connection @@ -570,12 +582,16 @@ module "devsecops_cd_toolchain" { compliance_pipelines_repo_blind_connection = var.repo_blind_connection compliance_pipelines_repo_root_url = var.repo_root_url compliance_pipelines_repo_title = var.repo_title - clone_compliance_pipelines = var.clone_compliance_pipelines compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider + compliance_pipelines_repo_git_id = var.compliance_pipeline_repo_git_id + compliance_pipeline_existing_repo_url = var.compliance_pipeline_existing_repo_url + compliance_pipeline_source_repo_url = var.compliance_pipeline_source_repo_url #PIPELINE CONFIG REPO pipeline_config_repo_existing_url = local.cd_pipeline_config_repo_existing_url pipeline_config_repo_clone_from_url = local.cd_pipeline_config_repo_clone_from_url + pipeline_config_repo_git_provider = (var.pipeline_config_repo_git_provider == "") ? var.repo_git_provider : var.pipeline_config_repo_git_provider + pipeline_config_repo_git_id = (var.pipeline_config_repo_git_id == "") ? var.repo_git_id : var.pipeline_config_repo_git_id pipeline_config_repo_branch = (local.cd_pipeline_config_repo_branch == "") ? "master" : local.cd_pipeline_config_repo_branch pipeline_config_repo_blind_connection = var.repo_blind_connection pipeline_config_repo_root_url = var.repo_root_url @@ -604,7 +620,7 @@ module "devsecops_cd_toolchain" { #INVENTORY REPO inventory_repo_name = var.inventory_repo_name inventory_repo_url = try(module.devsecops_ci_toolchain[0].inventory_repo_url, var.inventory_repo_existing_url) - inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_id : var.inventory_repo_existing_git_provider + inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_provider : var.inventory_repo_existing_git_provider inventory_repo_git_id = (var.inventory_repo_existing_git_id == "") ? var.repo_git_id : var.inventory_repo_existing_git_id inventory_repo_integration_owner = var.inventory_repo_integration_owner inventory_repo_blind_connection = var.repo_blind_connection @@ -617,13 +633,15 @@ module "devsecops_cd_toolchain" { change_management_repo_blind_connection = var.repo_blind_connection change_management_repo_root_url = var.repo_root_url change_management_repo_title = var.repo_title - change_management_repo_git_provider = var.cd_change_management_repo_git_provider + change_management_repo_git_provider = (var.cd_change_management_repo_git_provider == "") ? var.repo_git_provider : var.cd_change_management_repo_git_provider + change_management_repo_git_id = (var.change_management_repo_git_id == "") ? var.repo_git_id : var.change_management_repo_git_id + change_management_existing_url = var.change_management_existing_url #DEPLOYMENT REPO - deployment_repo_existing_git_provider = (var.use_app_repo_for_cd_deploy) ? try(module.devsecops_ci_toolchain[0].app_repo_git_provider, "") : var.cd_deployment_repo_existing_git_provider - deployment_repo_existing_git_id = (var.use_app_repo_for_cd_deploy) ? try(module.devsecops_ci_toolchain[0].app_repo_git_id, "") : var.cd_deployment_repo_existing_git_id - deployment_repo_clone_to_git_provider = var.cd_deployment_repo_clone_to_git_provider - deployment_repo_clone_to_git_id = var.cd_deployment_repo_clone_to_git_id + deployment_repo_existing_git_provider = (var.use_app_repo_for_cd_deploy) ? try(module.devsecops_ci_toolchain[0].app_repo_git_provider, "") : local.deployment_repo_existing_git_provider + deployment_repo_existing_git_id = (var.use_app_repo_for_cd_deploy) ? try(module.devsecops_ci_toolchain[0].app_repo_git_id, "") : local.deployment_repo_existing_git_id + deployment_repo_clone_to_git_provider = (var.cd_deployment_repo_clone_to_git_provider == "") ? var.repo_git_provider : var.cd_deployment_repo_clone_to_git_provider + deployment_repo_clone_to_git_id = (var.cd_deployment_repo_clone_to_git_id == "") ? var.repo_git_id : var.cd_deployment_repo_clone_to_git_id deployment_repo_clone_from_url = var.cd_deployment_repo_clone_from_url deployment_repo_clone_from_branch = var.cd_deployment_repo_clone_from_branch deployment_repo_existing_url = (var.use_app_repo_for_cd_deploy) ? try(module.devsecops_ci_toolchain[0].app_repo_url, "") : var.cd_deployment_repo_existing_url @@ -632,8 +650,6 @@ module "devsecops_cd_toolchain" { deployment_repo_root_url = var.repo_root_url deployment_repo_title = var.repo_title - - #SCC scc_enable_scc = (local.cd_scc_enable_scc == "true") ? true : false scc_integration_name = var.cd_scc_integration_name @@ -807,22 +823,29 @@ module "devsecops_cc_toolchain" { compliance_pipelines_repo_blind_connection = var.repo_blind_connection compliance_pipelines_repo_root_url = var.repo_root_url compliance_pipelines_repo_title = var.repo_title - clone_compliance_pipelines = var.clone_compliance_pipelines compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider + compliance_pipelines_repo_git_id = var.compliance_pipeline_repo_git_id + compliance_pipeline_existing_repo_url = var.compliance_pipeline_existing_repo_url + compliance_pipeline_source_repo_url = var.compliance_pipeline_source_repo_url #PIPELINE CONFIG REPO pipeline_config_repo_existing_url = local.cc_pipeline_config_repo_existing_url pipeline_config_repo_clone_from_url = local.cc_pipeline_config_repo_clone_from_url + pipeline_config_repo_git_provider = (var.pipeline_config_repo_git_provider == "") ? var.repo_git_provider : var.pipeline_config_repo_git_provider + pipeline_config_repo_git_id = (var.pipeline_config_repo_git_id == "") ? var.repo_git_id : var.pipeline_config_repo_git_id pipeline_config_repo_branch = (local.cc_pipeline_config_repo_branch == "") ? local.cc_app_repo_branch : local.cc_pipeline_config_repo_branch pipeline_config_repo_blind_connection = var.repo_blind_connection pipeline_config_repo_root_url = var.repo_root_url pipeline_config_repo_title = var.repo_title #APP REPO - app_repo_url = try(module.devsecops_ci_toolchain[0].app_repo_url, local.cc_app_repo_existing_url) - app_repo_git_provider = try(module.devsecops_ci_toolchain[0].app_repo_git_provider, local.cc_app_repo_existing_git_provider) - app_repo_branch = try(module.devsecops_ci_toolchain[0].app_repo_branch, local.cc_app_repo_branch) - app_repo_git_id = try(module.devsecops_ci_toolchain[0].app_repo_git_id, local.cc_app_repo_existing_git_id) + app_repo_url = try(module.devsecops_ci_toolchain[0].app_repo_url, local.cc_app_repo_existing_url) + app_repo_git_provider = try(module.devsecops_ci_toolchain[0].app_repo_git_provider, local.cc_app_repo_existing_git_provider) + app_repo_branch = try(module.devsecops_ci_toolchain[0].app_repo_branch, local.cc_app_repo_branch) + app_repo_git_id = try(module.devsecops_ci_toolchain[0].app_repo_git_id, local.cc_app_repo_existing_git_id) + app_repo_title = var.repo_title + app_repo_blind_connection = var.repo_blind_connection + app_repo_root_url = var.repo_root_url #EVIDENCE REPO evidence_repo_name = var.evidence_repo_name @@ -847,7 +870,7 @@ module "devsecops_cc_toolchain" { #INVENTORY REPO inventory_repo_name = var.inventory_repo_name inventory_repo_url = try(module.devsecops_ci_toolchain[0].inventory_repo_url, var.inventory_repo_existing_url) - inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_id : var.inventory_repo_existing_git_provider + inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_provider : var.inventory_repo_existing_git_provider inventory_repo_git_id = (var.inventory_repo_existing_git_id == "") ? var.repo_git_id : var.inventory_repo_existing_git_id inventory_repo_integration_owner = var.inventory_repo_integration_owner inventory_repo_blind_connection = var.repo_blind_connection diff --git a/solutions/code-engine/README.md b/solutions/code-engine/README.md index 88072d71..0faa913f 100644 --- a/solutions/code-engine/README.md +++ b/solutions/code-engine/README.md @@ -321,6 +321,8 @@ No resources. | [cd\_trigger\_timed\_name](#input\_cd\_trigger\_timed\_name) | The name of the CD pipeline Timed trigger. | `string` | `"Git CD Timed Trigger"` | no | | [cd\_trigger\_timed\_pruner\_enable](#input\_cd\_trigger\_timed\_pruner\_enable) | Set to `true` to enable the timed Pruner trigger. | `bool` | `false` | no | | [cd\_trigger\_timed\_pruner\_name](#input\_cd\_trigger\_timed\_pruner\_name) | The name of the timed Pruner trigger. | `string` | `"Evidence Pruner Timed Trigger"` | no | +| [change\_management\_existing\_url](#input\_change\_management\_existing\_url) | The URL for an existing Change Management repository. | `string` | `""` | no | +| [change\_management\_repo\_git\_id](#input\_change\_management\_repo\_git\_id) | Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server. | `string` | `""` | no | | [ci\_app\_group](#input\_ci\_app\_group) | Specify the Git user or group for the application repository. | `string` | `""` | no | | [ci\_app\_name](#input\_ci\_app\_name) | Name of the application image and inventory entry. | `string` | `"hello-compliance-app"` | no | | [ci\_app\_repo\_auth\_type](#input\_ci\_app\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | @@ -443,16 +445,18 @@ No resources. | [ci\_trigger\_timed\_name](#input\_ci\_trigger\_timed\_name) | The name of the CI pipeline Timed trigger. | `string` | `"Git CI Timed Trigger"` | no | | [ci\_trigger\_timed\_pruner\_enable](#input\_ci\_trigger\_timed\_pruner\_enable) | Set to `true` to enable the timed Pruner trigger. | `bool` | `false` | no | | [ci\_trigger\_timed\_pruner\_name](#input\_ci\_trigger\_timed\_pruner\_name) | The name of the timed Pruner trigger. | `string` | `"Evidence Pruner Timed Trigger"` | no | -| [clone\_compliance\_pipelines](#input\_clone\_compliance\_pipelines) | Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories. | `bool` | `false` | no | | [cluster\_name](#input\_cluster\_name) | Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`. | `string` | `"mycluster-free"` | no | | [code\_engine\_project](#input\_code\_engine\_project) | The name of the Code Engine project to use. Created if it does not exist. Applies to both the CI and CD toolchains. To set individually use `ci_code_engine_project` and `cd_code_engine_project`. | `string` | `""` | no | | [compliance\_pipeline\_branch](#input\_compliance\_pipeline\_branch) | The Compliance Pipeline definitions branch. See `ci_compliance_pipeline_branch`, `cd_compliance_pipeline_branch` and `cc_compliance_pipeline_branch` to set independently. | `string` | `"open-v10"` | no | +| [compliance\_pipeline\_existing\_repo\_url](#input\_compliance\_pipeline\_existing\_repo\_url) | The URL of an existing compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_group](#input\_compliance\_pipeline\_group) | Specify user or group for compliance pipline repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_auth\_type](#input\_compliance\_pipeline\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | +| [compliance\_pipeline\_repo\_git\_id](#input\_compliance\_pipeline\_repo\_git\_id) | Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for pipeline repo | `string` | `"hostedgit"` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_crn](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_name](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_secret\_group](#input\_compliance\_pipeline\_repo\_secret\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | +| [compliance\_pipeline\_source\_repo\_url](#input\_compliance\_pipeline\_source\_repo\_url) | The URL of a compliance pipelines repository to clone. | `string` | `""` | no | | [continuous\_delivery\_service\_name](#input\_continuous\_delivery\_service\_name) | The name of the CD instance. | `string` | `"cd-devsecops"` | no | | [cos\_api\_key\_secret\_crn](#input\_cos\_api\_key\_secret\_crn) | The CRN of the Cloud Object Storage apikey. Applies to the CI, CD and CC toolchains. Can beset independently using `ci_cos_api_key_secret_crn`,`cd_cos_api_key_secret_crn`,`cc_cos_api_key_secret_crn`. | `string` | `""` | no | | [cos\_api\_key\_secret\_group](#input\_cos\_api\_key\_secret\_group) | Secret group for the COS api key secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -517,6 +521,8 @@ No resources. | [pipeline\_config\_repo\_branch](#input\_pipeline\_config\_repo\_branch) | Specify the branch containing the custom pipeline-config.yaml file. | `string` | `""` | no | | [pipeline\_config\_repo\_clone\_from\_url](#input\_pipeline\_config\_repo\_clone\_from\_url) | Specify a repository containing a custom pipeline-config.yaml file. | `string` | `""` | no | | [pipeline\_config\_repo\_existing\_url](#input\_pipeline\_config\_repo\_existing\_url) | Specify and link to an existing repository containing a custom pipeline-config.yaml file. | `string` | `""` | no | +| [pipeline\_config\_repo\_git\_id](#input\_pipeline\_config\_repo\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | +| [pipeline\_config\_repo\_git\_provider](#input\_pipeline\_config\_repo\_git\_provider) | Git provider for pipeline repo config | `string` | `""` | no | | [pipeline\_config\_repo\_git\_token\_secret\_crn](#input\_pipeline\_config\_repo\_git\_token\_secret\_crn) | The CRN of the Git token for accessing the pipeline config repository. | `string` | `""` | no | | [pipeline\_config\_repo\_git\_token\_secret\_name](#input\_pipeline\_config\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the pipeline config repository. | `string` | `""` | no | | [pipeline\_config\_repo\_secret\_group](#input\_pipeline\_config\_repo\_secret\_group) | Secret group for the Pipeline Config repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | diff --git a/solutions/code-engine/main.tf b/solutions/code-engine/main.tf index 6c345252..d3c6a075 100644 --- a/solutions/code-engine/main.tf +++ b/solutions/code-engine/main.tf @@ -17,16 +17,20 @@ module "devsecops_da" { app_repo_secret_group = var.app_repo_secret_group authorization_policy_creation = var.authorization_policy_creation autostart = var.autostart - clone_compliance_pipelines = var.clone_compliance_pipelines + change_management_existing_url = var.change_management_existing_url + change_management_repo_git_id = var.change_management_repo_git_id cluster_name = var.cluster_name code_engine_project = var.code_engine_project compliance_pipeline_branch = var.compliance_pipeline_branch + compliance_pipeline_existing_repo_url = var.compliance_pipeline_existing_repo_url compliance_pipeline_group = var.compliance_pipeline_group compliance_pipeline_repo_auth_type = var.compliance_pipeline_repo_auth_type + compliance_pipeline_repo_git_id = var.compliance_pipeline_repo_git_id compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider compliance_pipeline_repo_git_token_secret_crn = var.compliance_pipeline_repo_git_token_secret_crn compliance_pipeline_repo_git_token_secret_name = var.compliance_pipeline_repo_git_token_secret_name compliance_pipeline_repo_secret_group = var.compliance_pipeline_repo_secret_group + compliance_pipeline_source_repo_url = var.compliance_pipeline_source_repo_url cos_api_key_secret_crn = var.cos_api_key_secret_crn cos_api_key_secret_group = var.cos_api_key_secret_group cos_api_key_secret_name = var.cos_api_key_secret_name @@ -90,6 +94,8 @@ module "devsecops_da" { pipeline_config_repo_branch = var.pipeline_config_repo_branch pipeline_config_repo_clone_from_url = var.pipeline_config_repo_clone_from_url pipeline_config_repo_existing_url = var.pipeline_config_repo_existing_url + pipeline_config_repo_git_id = var.pipeline_config_repo_git_id + pipeline_config_repo_git_provider = var.pipeline_config_repo_git_provider pipeline_config_repo_git_token_secret_crn = var.pipeline_config_repo_git_token_secret_crn pipeline_config_repo_git_token_secret_name = var.pipeline_config_repo_git_token_secret_name pipeline_config_repo_secret_group = var.pipeline_config_repo_secret_group diff --git a/solutions/code-engine/variables.tf b/solutions/code-engine/variables.tf index 6431488b..d9cc78f9 100644 --- a/solutions/code-engine/variables.tf +++ b/solutions/code-engine/variables.tf @@ -105,12 +105,6 @@ variable "autostart" { default = false } -variable "clone_compliance_pipelines" { - type = bool - description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." - default = false -} - variable "cluster_name" { type = string description = "Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`." @@ -129,6 +123,12 @@ variable "compliance_pipeline_branch" { default = "open-v10" } +variable "compliance_pipeline_existing_repo_url" { + type = string + default = "" + description = "The URL of an existing compliance pipelines repository." +} + variable "compliance_pipeline_group" { type = string description = "Specify user or group for compliance pipline repository." @@ -141,6 +141,12 @@ variable "compliance_pipeline_repo_auth_type" { default = "" } +variable "compliance_pipeline_repo_git_id" { + type = string + description = "Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server." + default = "" +} + variable "compliance_pipeline_repo_git_provider" { type = string default = "hostedgit" @@ -174,6 +180,12 @@ variable "compliance_pipeline_repo_secret_group" { default = "" } +variable "compliance_pipeline_source_repo_url" { + type = string + default = "" + description = "The URL of a compliance pipelines repository to clone." +} + variable "cos_api_key_secret_crn" { type = string sensitive = true @@ -601,6 +613,22 @@ variable "pipeline_config_group" { default = "" } +variable "pipeline_config_repo_git_id" { + type = string + description = "Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server." + default = "" +} + +variable "pipeline_config_repo_git_provider" { + type = string + default = "" + description = "Git provider for pipeline repo config" + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.pipeline_config_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline config repo." + } +} + variable "pipeline_config_repo_git_token_secret_name" { type = string description = "Name of the Git token secret in the secret provider used for accessing the pipeline config repository." @@ -1700,6 +1728,18 @@ variable "cd_change_management_repo_auth_type" { default = "" } +variable "change_management_existing_url" { + type = string + description = "The URL for an existing Change Management repository." + default = "" +} + +variable "change_management_repo_git_id" { + type = string + description = "Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server." + default = "" +} + variable "cd_change_management_repo_git_provider" { type = string default = "hostedgit" diff --git a/solutions/kubernetes/README.md b/solutions/kubernetes/README.md index f60247fe..4b514623 100644 --- a/solutions/kubernetes/README.md +++ b/solutions/kubernetes/README.md @@ -321,6 +321,8 @@ No resources. | [cd\_trigger\_timed\_name](#input\_cd\_trigger\_timed\_name) | The name of the CD pipeline Timed trigger. | `string` | `"Git CD Timed Trigger"` | no | | [cd\_trigger\_timed\_pruner\_enable](#input\_cd\_trigger\_timed\_pruner\_enable) | Set to `true` to enable the timed Pruner trigger. | `bool` | `false` | no | | [cd\_trigger\_timed\_pruner\_name](#input\_cd\_trigger\_timed\_pruner\_name) | The name of the timed Pruner trigger. | `string` | `"Evidence Pruner Timed Trigger"` | no | +| [change\_management\_existing\_url](#input\_change\_management\_existing\_url) | The URL for an existing Change Management repository. | `string` | `""` | no | +| [change\_management\_repo\_git\_id](#input\_change\_management\_repo\_git\_id) | Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server. | `string` | `""` | no | | [ci\_app\_group](#input\_ci\_app\_group) | Specify the Git user or group for the application repository. | `string` | `""` | no | | [ci\_app\_name](#input\_ci\_app\_name) | Name of the application image and inventory entry. | `string` | `"hello-compliance-app"` | no | | [ci\_app\_repo\_auth\_type](#input\_ci\_app\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | @@ -443,16 +445,18 @@ No resources. | [ci\_trigger\_timed\_name](#input\_ci\_trigger\_timed\_name) | The name of the CI pipeline Timed trigger. | `string` | `"Git CI Timed Trigger"` | no | | [ci\_trigger\_timed\_pruner\_enable](#input\_ci\_trigger\_timed\_pruner\_enable) | Set to `true` to enable the timed Pruner trigger. | `bool` | `false` | no | | [ci\_trigger\_timed\_pruner\_name](#input\_ci\_trigger\_timed\_pruner\_name) | The name of the timed Pruner trigger. | `string` | `"Evidence Pruner Timed Trigger"` | no | -| [clone\_compliance\_pipelines](#input\_clone\_compliance\_pipelines) | Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories. | `bool` | `false` | no | | [cluster\_name](#input\_cluster\_name) | Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`. | `string` | `"mycluster-free"` | no | | [code\_engine\_project](#input\_code\_engine\_project) | The name of the Code Engine project to use. Created if it does not exist. Applies to both the CI and CD toolchains. To set individually use `ci_code_engine_project` and `cd_code_engine_project`. | `string` | `""` | no | | [compliance\_pipeline\_branch](#input\_compliance\_pipeline\_branch) | The Compliance Pipeline definitions branch. See `ci_compliance_pipeline_branch`, `cd_compliance_pipeline_branch` and `cc_compliance_pipeline_branch` to set independently. | `string` | `"open-v10"` | no | +| [compliance\_pipeline\_existing\_repo\_url](#input\_compliance\_pipeline\_existing\_repo\_url) | The URL of an existing compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_group](#input\_compliance\_pipeline\_group) | Specify user or group for compliance pipline repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_auth\_type](#input\_compliance\_pipeline\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | +| [compliance\_pipeline\_repo\_git\_id](#input\_compliance\_pipeline\_repo\_git\_id) | Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for pipeline repo | `string` | `"hostedgit"` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_crn](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_name](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_secret\_group](#input\_compliance\_pipeline\_repo\_secret\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | +| [compliance\_pipeline\_source\_repo\_url](#input\_compliance\_pipeline\_source\_repo\_url) | The URL of a compliance pipelines repository to clone. | `string` | `""` | no | | [continuous\_delivery\_service\_name](#input\_continuous\_delivery\_service\_name) | The name of the CD instance. | `string` | `"cd-devsecops"` | no | | [cos\_api\_key\_secret\_crn](#input\_cos\_api\_key\_secret\_crn) | The CRN of the Cloud Object Storage apikey. Applies to the CI, CD and CC toolchains. Can beset independently using `ci_cos_api_key_secret_crn`,`cd_cos_api_key_secret_crn`,`cc_cos_api_key_secret_crn`. | `string` | `""` | no | | [cos\_api\_key\_secret\_group](#input\_cos\_api\_key\_secret\_group) | Secret group for the COS api key secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -517,6 +521,8 @@ No resources. | [pipeline\_config\_repo\_branch](#input\_pipeline\_config\_repo\_branch) | Specify the branch containing the custom pipeline-config.yaml file. | `string` | `""` | no | | [pipeline\_config\_repo\_clone\_from\_url](#input\_pipeline\_config\_repo\_clone\_from\_url) | Specify a repository containing a custom pipeline-config.yaml file. | `string` | `""` | no | | [pipeline\_config\_repo\_existing\_url](#input\_pipeline\_config\_repo\_existing\_url) | Specify and link to an existing repository containing a custom pipeline-config.yaml file. | `string` | `""` | no | +| [pipeline\_config\_repo\_git\_id](#input\_pipeline\_config\_repo\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | +| [pipeline\_config\_repo\_git\_provider](#input\_pipeline\_config\_repo\_git\_provider) | Git provider for pipeline repo config | `string` | `""` | no | | [pipeline\_config\_repo\_git\_token\_secret\_crn](#input\_pipeline\_config\_repo\_git\_token\_secret\_crn) | The CRN of the Git token for accessing the pipeline config repository. | `string` | `""` | no | | [pipeline\_config\_repo\_git\_token\_secret\_name](#input\_pipeline\_config\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the pipeline config repository. | `string` | `""` | no | | [pipeline\_config\_repo\_secret\_group](#input\_pipeline\_config\_repo\_secret\_group) | Secret group for the Pipeline Config repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | diff --git a/solutions/kubernetes/main.tf b/solutions/kubernetes/main.tf index 6c345252..d3c6a075 100644 --- a/solutions/kubernetes/main.tf +++ b/solutions/kubernetes/main.tf @@ -17,16 +17,20 @@ module "devsecops_da" { app_repo_secret_group = var.app_repo_secret_group authorization_policy_creation = var.authorization_policy_creation autostart = var.autostart - clone_compliance_pipelines = var.clone_compliance_pipelines + change_management_existing_url = var.change_management_existing_url + change_management_repo_git_id = var.change_management_repo_git_id cluster_name = var.cluster_name code_engine_project = var.code_engine_project compliance_pipeline_branch = var.compliance_pipeline_branch + compliance_pipeline_existing_repo_url = var.compliance_pipeline_existing_repo_url compliance_pipeline_group = var.compliance_pipeline_group compliance_pipeline_repo_auth_type = var.compliance_pipeline_repo_auth_type + compliance_pipeline_repo_git_id = var.compliance_pipeline_repo_git_id compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider compliance_pipeline_repo_git_token_secret_crn = var.compliance_pipeline_repo_git_token_secret_crn compliance_pipeline_repo_git_token_secret_name = var.compliance_pipeline_repo_git_token_secret_name compliance_pipeline_repo_secret_group = var.compliance_pipeline_repo_secret_group + compliance_pipeline_source_repo_url = var.compliance_pipeline_source_repo_url cos_api_key_secret_crn = var.cos_api_key_secret_crn cos_api_key_secret_group = var.cos_api_key_secret_group cos_api_key_secret_name = var.cos_api_key_secret_name @@ -90,6 +94,8 @@ module "devsecops_da" { pipeline_config_repo_branch = var.pipeline_config_repo_branch pipeline_config_repo_clone_from_url = var.pipeline_config_repo_clone_from_url pipeline_config_repo_existing_url = var.pipeline_config_repo_existing_url + pipeline_config_repo_git_id = var.pipeline_config_repo_git_id + pipeline_config_repo_git_provider = var.pipeline_config_repo_git_provider pipeline_config_repo_git_token_secret_crn = var.pipeline_config_repo_git_token_secret_crn pipeline_config_repo_git_token_secret_name = var.pipeline_config_repo_git_token_secret_name pipeline_config_repo_secret_group = var.pipeline_config_repo_secret_group diff --git a/solutions/kubernetes/variables.tf b/solutions/kubernetes/variables.tf index b9f81f44..eb13966e 100644 --- a/solutions/kubernetes/variables.tf +++ b/solutions/kubernetes/variables.tf @@ -105,12 +105,6 @@ variable "autostart" { default = false } -variable "clone_compliance_pipelines" { - type = bool - description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." - default = false -} - variable "cluster_name" { type = string description = "Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`." @@ -129,6 +123,12 @@ variable "compliance_pipeline_branch" { default = "open-v10" } +variable "compliance_pipeline_existing_repo_url" { + type = string + default = "" + description = "The URL of an existing compliance pipelines repository." +} + variable "compliance_pipeline_group" { type = string description = "Specify user or group for compliance pipline repository." @@ -141,6 +141,12 @@ variable "compliance_pipeline_repo_auth_type" { default = "" } +variable "compliance_pipeline_repo_git_id" { + type = string + description = "Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server." + default = "" +} + variable "compliance_pipeline_repo_git_provider" { type = string default = "hostedgit" @@ -174,6 +180,12 @@ variable "compliance_pipeline_repo_secret_group" { default = "" } +variable "compliance_pipeline_source_repo_url" { + type = string + default = "" + description = "The URL of a compliance pipelines repository to clone." +} + variable "cos_api_key_secret_crn" { type = string sensitive = true @@ -601,6 +613,22 @@ variable "pipeline_config_group" { default = "" } +variable "pipeline_config_repo_git_id" { + type = string + description = "Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server." + default = "" +} + +variable "pipeline_config_repo_git_provider" { + type = string + default = "" + description = "Git provider for pipeline repo config" + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.pipeline_config_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline config repo." + } +} + variable "pipeline_config_repo_git_token_secret_name" { type = string description = "Name of the Git token secret in the secret provider used for accessing the pipeline config repository." @@ -1710,6 +1738,18 @@ variable "cd_change_management_repo_git_provider" { } } +variable "change_management_existing_url" { + type = string + description = "The URL for an existing Change Management repository." + default = "" +} + +variable "change_management_repo_git_id" { + type = string + description = "Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server." + default = "" +} + variable "cd_change_management_repo_git_token_secret_crn" { type = string sensitive = true diff --git a/variables.tf b/variables.tf index 6261c772..d8a8c581 100644 --- a/variables.tf +++ b/variables.tf @@ -60,8 +60,12 @@ variable "app_repo_existing_git_id" { variable "app_repo_existing_git_provider" { type = string - description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." default = "" + description = "Git provider for application repo. If not set will default `hostedgit`." + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.app_repo_existing_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." + } } variable "app_repo_existing_url" { @@ -105,12 +109,6 @@ variable "autostart" { default = false } -variable "clone_compliance_pipelines" { - type = bool - description = "Setting to `true` will clone the compliance pipeline repository instead of linking to it. This is required for the case where the user opts to use a non IBM hosted repositories." - default = false -} - variable "cluster_name" { type = string description = "Name of the Kubernetes cluster where the application is deployed. This sets the same cluster name for both CI and CD toolchains. See `ci_cluster_name` and `cd_cluster_name` to set different cluster names. By default , the cluster namespace for CI will be set to `dev` and CD to `prod`. These can be changed using `ci_cluster_namespace` and `cd_cluster_namespace`." @@ -129,6 +127,12 @@ variable "compliance_pipeline_branch" { default = "open-v10" } +variable "compliance_pipeline_existing_repo_url" { + type = string + default = "" + description = "The URL of an existing compliance pipelines repository." +} + variable "compliance_pipeline_group" { type = string description = "Specify user or group for compliance pipline repository." @@ -143,14 +147,20 @@ variable "compliance_pipeline_repo_auth_type" { variable "compliance_pipeline_repo_git_provider" { type = string - default = "hostedgit" - description = "Git provider for pipeline repo" + default = "" + description = "Git provider for compliance pipeline repo. If not set will default `hostedgit`." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.compliance_pipeline_repo_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.compliance_pipeline_repo_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline repo." } } +variable "compliance_pipeline_repo_git_id" { + type = string + description = "Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server." + default = "" +} + variable "compliance_pipeline_repo_git_token_secret_crn" { type = string sensitive = true @@ -174,6 +184,12 @@ variable "compliance_pipeline_repo_secret_group" { default = "" } +variable "compliance_pipeline_source_repo_url" { + type = string + default = "" + description = "The URL of a compliance pipelines repository to clone." +} + variable "cos_api_key_secret_crn" { type = string sensitive = true @@ -337,10 +353,10 @@ variable "evidence_repo_existing_git_id" { variable "evidence_repo_existing_git_provider" { type = string - default = "hostedgit" - description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." + default = "" + description = "Git provider for evidence repo. If not set will default `hostedgit`." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.evidence_repo_existing_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.evidence_repo_existing_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." } } @@ -412,10 +428,10 @@ variable "inventory_repo_existing_git_id" { variable "inventory_repo_existing_git_provider" { type = string - default = "hostedgit" - description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." + default = "" + description = "Git provider for the inventory repo. If not set will default `hostedgit`." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.inventory_repo_existing_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.inventory_repo_existing_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for Inventory repository." } } @@ -481,10 +497,10 @@ variable "issues_repo_existing_git_id" { variable "issues_repo_existing_git_provider" { type = string - default = "hostedgit" - description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." + default = "" + description = "Git provider for the issues repo. If not set will default `hostedgit`." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.issues_repo_existing_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.issues_repo_existing_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for issue repository." } } @@ -595,6 +611,22 @@ variable "pipeline_ibmcloud_api_key_secret_group" { default = "" } +variable "pipeline_config_repo_git_id" { + type = string + description = "Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server." + default = "" +} + +variable "pipeline_config_repo_git_provider" { + type = string + default = "" + description = "Git provider for pipeline repo config" + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.pipeline_config_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline config repo." + } +} + variable "pipeline_config_group" { type = string description = "Specify the Git user or group for the compliance pipeline repository." @@ -994,8 +1026,12 @@ variable "cc_app_repo_git_id" { variable "cc_app_repo_git_provider" { type = string - description = "The type of the Git provider." - default = "hostedgit" + description = "Git provider for the application repo. If not set will default `hostedgit`." + default = "" + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.cc_app_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." + } } variable "cc_app_repo_git_token_secret_crn" { @@ -1700,13 +1736,25 @@ variable "cd_change_management_repo_auth_type" { default = "" } +variable "change_management_existing_url" { + type = string + description = "The URL for an existing Change Management repository." + default = "" +} + +variable "change_management_repo_git_id" { + type = string + description = "Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server." + default = "" +} + variable "cd_change_management_repo_git_provider" { type = string - default = "hostedgit" - description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." + default = "" + description = "Git provider for the change management repo. If not set will default `hostedgit`." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.cd_change_management_repo_git_provider) - error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.cd_change_management_repo_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for change management repository." } } @@ -1907,8 +1955,12 @@ variable "cd_deployment_repo_existing_git_id" { variable "cd_deployment_repo_existing_git_provider" { type = string - description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." - default = "hostedgit" + description = "Git provider for the deployment repo. If not set will default `hostedgit`." + default = "" + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.cd_deployment_repo_existing_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." + } } variable "cd_deployment_repo_existing_url" { @@ -2571,8 +2623,12 @@ variable "ci_app_repo_existing_git_id" { variable "ci_app_repo_existing_git_provider" { type = string - description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." default = "" + description = "Git provider for application repo. If not set will default `hostedgit`." + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.ci_app_repo_existing_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." + } } variable "ci_app_repo_existing_url" { From 5a231455691a2ff02ba2b7fd679fb7121d0c02f4 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Thu, 26 Sep 2024 16:16:14 +0100 Subject: [PATCH 4/9] chore: add trigger variable --- README.md | 1 + main.tf | 57 ++++++++++++++++++++++-------- solutions/code-engine/README.md | 13 +++---- solutions/code-engine/main.tf | 1 + solutions/code-engine/variables.tf | 34 +++++++++++------- solutions/kubernetes/README.md | 13 +++---- solutions/kubernetes/main.tf | 1 + solutions/kubernetes/variables.tf | 34 +++++++++++------- variables.tf | 6 ++++ 9 files changed, 109 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index b304a9ae..797df81d 100644 --- a/README.md +++ b/README.md @@ -489,6 +489,7 @@ statement instead the previous block. | [create\_secret\_group](#input\_create\_secret\_group) | Set to `true` to create the specified Secrets Manager secret group. | `bool` | `false` | no | | [create\_signing\_certificate](#input\_create\_signing\_certificate) | Set to `true` to create and add the `signing-certificate` to the Secrets Provider. | `bool` | `false` | no | | [create\_signing\_key](#input\_create\_signing\_key) | Set to `true` to create and add a `signing_key`to the Secrets Provider. | `bool` | `false` | no | +| [create\_triggers](#input\_create\_triggers) | Set to `true` to create the default triggers associated with the compliance repos and sample app. | `string` | `"true"` | no | | [enable\_key\_protect](#input\_enable\_key\_protect) | Set to `true` to the enable Key Protect integrations. | `string` | `"false"` | no | | [enable\_pipeline\_notifications](#input\_enable\_pipeline\_notifications) | When enabled, pipeline run events will be sent to the Event Notifications and Slack integrations in the enclosing toolchain. | `string` | `""` | no | | [enable\_secrets\_manager](#input\_enable\_secrets\_manager) | Set to `true` to enable the Secrets Manager integrations. | `string` | `"true"` | no | diff --git a/main.tf b/main.tf index eea9e401..9534aef6 100644 --- a/main.tf +++ b/main.tf @@ -78,6 +78,10 @@ locals { ci_compliance_pipeline_group = (var.ci_compliance_pipeline_group == "") ? var.compliance_pipeline_group : var.ci_compliance_pipeline_group cd_compliance_pipeline_group = (var.cd_compliance_pipeline_group == "") ? var.compliance_pipeline_group : var.cd_compliance_pipeline_group cc_compliance_pipeline_group = (var.cc_compliance_pipeline_group == "") ? var.compliance_pipeline_group : var.cc_compliance_pipeline_group + compliance_pipeline_repo_existing_git_provider = ( + (var.compliance_pipeline_repo_git_provider != "") ? var.compliance_pipeline_repo_git_provider : + (var.repo_git_provider != "") ? var.repo_git_provider : "hostedgit" + ) ci_evidence_repo_auth_type = (var.ci_evidence_repo_auth_type == "") ? var.evidence_repo_auth_type : var.ci_evidence_repo_auth_type cd_evidence_repo_auth_type = (var.cd_evidence_repo_auth_type == "") ? var.evidence_repo_auth_type : var.cd_evidence_repo_auth_type @@ -94,6 +98,10 @@ locals { ci_evidence_group = (var.ci_evidence_group == "") ? var.evidence_group : var.ci_evidence_group cd_evidence_group = (var.cd_evidence_group == "") ? var.evidence_group : var.cd_evidence_group cc_evidence_group = (var.cc_evidence_group == "") ? var.evidence_group : var.cc_evidence_group + evidence_repo_existing_git_provider = ( + (var.evidence_repo_existing_git_provider != "") ? var.evidence_repo_existing_git_provider : + (var.repo_git_provider != "") ? var.repo_git_provider : "hostedgit" + ) ci_issues_repo_auth_type = (var.ci_issues_repo_auth_type == "") ? var.issues_repo_auth_type : var.ci_issues_repo_auth_type cd_issues_repo_auth_type = (var.cd_issues_repo_auth_type == "") ? var.issues_repo_auth_type : var.cd_issues_repo_auth_type @@ -110,6 +118,10 @@ locals { ci_issues_group = (var.ci_issues_group == "") ? var.issues_group : var.ci_issues_group cd_issues_group = (var.cd_issues_group == "") ? var.issues_group : var.cd_issues_group cc_issues_group = (var.cc_issues_group == "") ? var.issues_group : var.cc_issues_group + issues_repo_existing_git_provider = ( + (var.issues_repo_existing_git_provider != "") ? var.issues_repo_existing_git_provider : + (var.repo_git_provider != "") ? var.repo_git_provider : "hostedgit" + ) ci_inventory_repo_auth_type = (var.ci_inventory_repo_auth_type == "") ? var.inventory_repo_auth_type : var.ci_inventory_repo_auth_type cd_inventory_repo_auth_type = (var.cd_inventory_repo_auth_type == "") ? var.inventory_repo_auth_type : var.cd_inventory_repo_auth_type @@ -126,6 +138,10 @@ locals { ci_inventory_group = (var.ci_inventory_group == "") ? var.inventory_group : var.ci_inventory_group cd_inventory_group = (var.cd_inventory_group == "") ? var.inventory_group : var.cd_inventory_group cc_inventory_group = (var.cc_inventory_group == "") ? var.inventory_group : var.cc_inventory_group + inventory_repo_existing_git_provider = ( + (var.inventory_repo_existing_git_provider != "") ? var.inventory_repo_existing_git_provider : + (var.repo_git_provider != "") ? var.repo_git_provider : "hostedgit" + ) ci_pipeline_config_repo_auth_type = (var.ci_pipeline_config_repo_auth_type == "") ? var.pipeline_config_repo_auth_type : var.ci_pipeline_config_repo_auth_type cd_pipeline_config_repo_auth_type = (var.cd_pipeline_config_repo_auth_type == "") ? var.pipeline_config_repo_auth_type : var.cd_pipeline_config_repo_auth_type @@ -154,6 +170,11 @@ locals { cd_pipeline_config_repo_branch = (var.cd_pipeline_config_repo_branch == "") ? var.pipeline_config_repo_branch : var.cd_pipeline_config_repo_branch cc_pipeline_config_repo_branch = (var.cc_pipeline_config_repo_branch == "") ? var.pipeline_config_repo_branch : var.cc_pipeline_config_repo_branch + change_management_repo_git_provider = ( + (var.cd_change_management_repo_git_provider != "") ? var.cd_change_management_repo_git_provider : + (var.repo_git_provider != "") ? var.repo_git_provider : "hostedgit" + ) + calculated_provider = ( (var.app_repo_existing_git_provider != "") ? var.app_repo_existing_git_provider : (var.repo_git_provider != "") ? var.repo_git_provider : @@ -200,8 +221,11 @@ locals { ci_app_repo_clone_to_git_id = (var.ci_app_repo_clone_to_git_id == "") ? var.app_repo_clone_to_git_id : var.ci_app_repo_clone_to_git_id ci_app_repo_clone_to_git_provider = (var.ci_app_repo_clone_to_git_provider == "") ? var.app_repo_clone_to_git_provider : var.ci_app_repo_clone_to_git_provider - deployment_repo_existing_git_provider = (var.cd_deployment_repo_existing_git_provider == "") ? var.repo_git_provider : var.cd_deployment_repo_existing_git_provider - deployment_repo_existing_git_id = (var.cd_deployment_repo_existing_git_id == "") ? var.repo_git_id : var.cd_deployment_repo_existing_git_id + deployment_repo_existing_git_id = (var.cd_deployment_repo_existing_git_id == "") ? var.repo_git_id : var.cd_deployment_repo_existing_git_id + deployment_repo_existing_git_provider = ( + (var.cd_deployment_repo_existing_git_provider != "") ? var.cd_deployment_repo_existing_git_provider : + (var.repo_git_provider != "") ? var.repo_git_provider : "hostedgit" + ) } @@ -360,7 +384,7 @@ module "devsecops_ci_toolchain" { compliance_pipelines_repo_blind_connection = var.repo_blind_connection compliance_pipelines_repo_root_url = var.repo_root_url compliance_pipelines_repo_title = var.repo_title - compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider + compliance_pipeline_repo_git_provider = local.compliance_pipeline_repo_existing_git_provider compliance_pipelines_repo_git_id = var.compliance_pipeline_repo_git_id compliance_pipeline_existing_repo_url = var.compliance_pipeline_existing_repo_url compliance_pipeline_source_repo_url = var.compliance_pipeline_source_repo_url @@ -378,7 +402,7 @@ module "devsecops_ci_toolchain" { #EVIDENCE REPO evidence_repo_name = var.evidence_repo_name evidence_repo_existing_url = var.evidence_repo_existing_url - evidence_repo_git_provider = (var.evidence_repo_existing_git_provider == "") ? var.repo_git_provider : var.evidence_repo_existing_git_provider + evidence_repo_git_provider = local.evidence_repo_existing_git_provider evidence_repo_git_id = (var.evidence_repo_existing_git_id == "") ? var.repo_git_id : var.evidence_repo_existing_git_id evidence_repo_integration_owner = var.evidence_repo_integration_owner evidence_repo_blind_connection = var.repo_blind_connection @@ -388,7 +412,7 @@ module "devsecops_ci_toolchain" { #ISSUES REPO issues_repo_name = var.issues_repo_name issues_repo_existing_url = var.issues_repo_existing_url - issues_repo_git_provider = (var.issues_repo_existing_git_provider == "") ? var.repo_git_provider : var.issues_repo_existing_git_provider + issues_repo_git_provider = local.issues_repo_existing_git_provider issues_repo_git_id = (var.issues_repo_existing_git_id == "") ? var.repo_git_id : var.issues_repo_existing_git_id issues_repo_integration_owner = var.issues_repo_integration_owner issues_repo_blind_connection = var.repo_blind_connection @@ -398,7 +422,7 @@ module "devsecops_ci_toolchain" { #INVENTORY REPO inventory_repo_name = var.inventory_repo_name inventory_repo_existing_url = var.inventory_repo_existing_url - inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_provider : var.inventory_repo_existing_git_provider + inventory_repo_git_provider = local.inventory_repo_existing_git_provider inventory_repo_git_id = (var.inventory_repo_existing_git_id == "") ? var.repo_git_id : var.inventory_repo_existing_git_id inventory_repo_integration_owner = var.inventory_repo_integration_owner inventory_repo_blind_connection = var.repo_blind_connection @@ -466,6 +490,7 @@ module "devsecops_ci_toolchain" { link_to_doi_toolchain = var.ci_link_to_doi_toolchain #TRIGGER PROPERTIES + create_triggers = var.create_triggers trigger_git_name = var.ci_trigger_git_name trigger_git_enable = var.ci_trigger_git_enable trigger_timed_name = var.ci_trigger_timed_name @@ -582,7 +607,7 @@ module "devsecops_cd_toolchain" { compliance_pipelines_repo_blind_connection = var.repo_blind_connection compliance_pipelines_repo_root_url = var.repo_root_url compliance_pipelines_repo_title = var.repo_title - compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider + compliance_pipeline_repo_git_provider = local.compliance_pipeline_repo_existing_git_provider compliance_pipelines_repo_git_id = var.compliance_pipeline_repo_git_id compliance_pipeline_existing_repo_url = var.compliance_pipeline_existing_repo_url compliance_pipeline_source_repo_url = var.compliance_pipeline_source_repo_url @@ -600,7 +625,7 @@ module "devsecops_cd_toolchain" { #EVIDENCE REPO evidence_repo_name = var.evidence_repo_name evidence_repo_url = try(module.devsecops_ci_toolchain[0].evidence_repo_url, var.evidence_repo_existing_url) - evidence_repo_git_provider = (var.evidence_repo_existing_git_provider == "") ? var.repo_git_provider : var.evidence_repo_existing_git_provider + evidence_repo_git_provider = local.evidence_repo_existing_git_provider evidence_repo_git_id = (var.evidence_repo_existing_git_id == "") ? var.repo_git_id : var.evidence_repo_existing_git_id evidence_repo_integration_owner = var.evidence_repo_integration_owner evidence_repo_blind_connection = var.repo_blind_connection @@ -610,7 +635,7 @@ module "devsecops_cd_toolchain" { #ISSUES REPO issues_repo_name = var.issues_repo_name issues_repo_url = try(module.devsecops_ci_toolchain[0].issues_repo_url, var.issues_repo_existing_url) - issues_repo_git_provider = (var.issues_repo_existing_git_provider == "") ? var.repo_git_provider : var.issues_repo_existing_git_provider + issues_repo_git_provider = local.issues_repo_existing_git_provider issues_repo_git_id = (var.issues_repo_existing_git_id == "") ? var.repo_git_id : var.issues_repo_existing_git_id issues_repo_integration_owner = var.issues_repo_integration_owner issues_repo_blind_connection = var.repo_blind_connection @@ -620,7 +645,7 @@ module "devsecops_cd_toolchain" { #INVENTORY REPO inventory_repo_name = var.inventory_repo_name inventory_repo_url = try(module.devsecops_ci_toolchain[0].inventory_repo_url, var.inventory_repo_existing_url) - inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_provider : var.inventory_repo_existing_git_provider + inventory_repo_git_provider = local.inventory_repo_existing_git_provider inventory_repo_git_id = (var.inventory_repo_existing_git_id == "") ? var.repo_git_id : var.inventory_repo_existing_git_id inventory_repo_integration_owner = var.inventory_repo_integration_owner inventory_repo_blind_connection = var.repo_blind_connection @@ -633,7 +658,7 @@ module "devsecops_cd_toolchain" { change_management_repo_blind_connection = var.repo_blind_connection change_management_repo_root_url = var.repo_root_url change_management_repo_title = var.repo_title - change_management_repo_git_provider = (var.cd_change_management_repo_git_provider == "") ? var.repo_git_provider : var.cd_change_management_repo_git_provider + change_management_repo_git_provider = local.change_management_repo_git_provider change_management_repo_git_id = (var.change_management_repo_git_id == "") ? var.repo_git_id : var.change_management_repo_git_id change_management_existing_url = var.change_management_existing_url @@ -709,6 +734,7 @@ module "devsecops_cd_toolchain" { slack_integration_name = var.slack_integration_name #TRIGGER PROPERTIES + create_triggers = var.create_triggers trigger_git_name = var.cd_trigger_git_name trigger_git_enable = var.cd_trigger_git_enable trigger_git_promotion_listener = var.cd_trigger_git_promotion_validation_listener @@ -823,7 +849,7 @@ module "devsecops_cc_toolchain" { compliance_pipelines_repo_blind_connection = var.repo_blind_connection compliance_pipelines_repo_root_url = var.repo_root_url compliance_pipelines_repo_title = var.repo_title - compliance_pipeline_repo_git_provider = var.compliance_pipeline_repo_git_provider + compliance_pipeline_repo_git_provider = local.compliance_pipeline_repo_existing_git_provider compliance_pipelines_repo_git_id = var.compliance_pipeline_repo_git_id compliance_pipeline_existing_repo_url = var.compliance_pipeline_existing_repo_url compliance_pipeline_source_repo_url = var.compliance_pipeline_source_repo_url @@ -850,7 +876,7 @@ module "devsecops_cc_toolchain" { #EVIDENCE REPO evidence_repo_name = var.evidence_repo_name evidence_repo_url = try(module.devsecops_ci_toolchain[0].evidence_repo_url, var.evidence_repo_existing_url) - evidence_repo_git_provider = (var.evidence_repo_existing_git_provider == "") ? var.repo_git_provider : var.evidence_repo_existing_git_provider + evidence_repo_git_provider = local.evidence_repo_existing_git_provider evidence_repo_git_id = (var.evidence_repo_existing_git_id == "") ? var.repo_git_id : var.evidence_repo_existing_git_id evidence_repo_integration_owner = var.evidence_repo_integration_owner evidence_repo_blind_connection = var.repo_blind_connection @@ -860,7 +886,7 @@ module "devsecops_cc_toolchain" { #ISSUES REPO issues_repo_name = var.issues_repo_name issues_repo_url = try(module.devsecops_ci_toolchain[0].issues_repo_url, var.issues_repo_existing_url) - issues_repo_git_provider = (var.issues_repo_existing_git_provider == "") ? var.repo_git_provider : var.issues_repo_existing_git_provider + issues_repo_git_provider = local.issues_repo_existing_git_provider issues_repo_git_id = (var.issues_repo_existing_git_id == "") ? var.repo_git_id : var.issues_repo_existing_git_id issues_repo_integration_owner = var.issues_repo_integration_owner issues_repo_blind_connection = var.repo_blind_connection @@ -870,7 +896,7 @@ module "devsecops_cc_toolchain" { #INVENTORY REPO inventory_repo_name = var.inventory_repo_name inventory_repo_url = try(module.devsecops_ci_toolchain[0].inventory_repo_url, var.inventory_repo_existing_url) - inventory_repo_git_provider = (var.inventory_repo_existing_git_provider == "") ? var.repo_git_provider : var.inventory_repo_existing_git_provider + inventory_repo_git_provider = local.inventory_repo_existing_git_provider inventory_repo_git_id = (var.inventory_repo_existing_git_id == "") ? var.repo_git_id : var.inventory_repo_existing_git_id inventory_repo_integration_owner = var.inventory_repo_integration_owner inventory_repo_blind_connection = var.repo_blind_connection @@ -930,6 +956,7 @@ module "devsecops_cc_toolchain" { sonarqube_server_url = (var.cc_sonarqube_server_url == "") ? var.sonarqube_server_url : var.cc_sonarqube_server_url #TRIGGER PROPERTIES + create_triggers = var.create_triggers trigger_timed_name = var.cc_trigger_timed_name trigger_timed_enable = var.cc_trigger_timed_enable trigger_timed_cron_schedule = var.cc_trigger_timed_cron_schedule diff --git a/solutions/code-engine/README.md b/solutions/code-engine/README.md index 0faa913f..8aa7b10c 100644 --- a/solutions/code-engine/README.md +++ b/solutions/code-engine/README.md @@ -198,7 +198,7 @@ No resources. | [cd\_authorization\_policy\_creation](#input\_cd\_authorization\_policy\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. | `string` | `""` | no | | [cd\_change\_management\_group](#input\_cd\_change\_management\_group) | Specify group for change management repository | `string` | `""` | no | | [cd\_change\_management\_repo\_auth\_type](#input\_cd\_change\_management\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | -| [cd\_change\_management\_repo\_git\_provider](#input\_cd\_change\_management\_repo\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [cd\_change\_management\_repo\_git\_provider](#input\_cd\_change\_management\_repo\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_crn](#input\_cd\_change\_management\_repo\_git\_token\_secret\_crn) | The CRN for the Change Management repository Git Token. | `string` | `""` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_name](#input\_cd\_change\_management\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. | `string` | `""` | no | | [cd\_change\_management\_repo\_secret\_group](#input\_cd\_change\_management\_repo\_secret\_group) | Secret group for the Change Management repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -229,7 +229,7 @@ No resources. | [cd\_deployment\_repo\_clone\_to\_git\_provider](#input\_cd\_deployment\_repo\_clone\_to\_git\_provider) | By default 'hostedgit', else use 'githubconsolidated' or 'gitlab'. | `string` | `""` | no | | [cd\_deployment\_repo\_existing\_branch](#input\_cd\_deployment\_repo\_existing\_branch) | Used when deployment\_repo\_existing\_url is provided, the default branch that is by the CD build, usually either main or master. | `string` | `""` | no | | [cd\_deployment\_repo\_existing\_git\_id](#input\_cd\_deployment\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [cd\_deployment\_repo\_existing\_git\_provider](#input\_cd\_deployment\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [cd\_deployment\_repo\_existing\_git\_provider](#input\_cd\_deployment\_repo\_existing\_git\_provider) | Git provider for the deployment repo. If not set will default `hostedgit`. | `string` | `""` | no | | [cd\_deployment\_repo\_existing\_url](#input\_cd\_deployment\_repo\_existing\_url) | Override to bring your own existing deployment repository URL, which is used directly instead of cloning the default deployment sample. | `string` | `""` | no | | [cd\_deployment\_repo\_git\_token\_secret\_crn](#input\_cd\_deployment\_repo\_git\_token\_secret\_crn) | The CRN for the Deployment repository Git Token. | `string` | `""` | no | | [cd\_deployment\_repo\_git\_token\_secret\_name](#input\_cd\_deployment\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. | `string` | `""` | no | @@ -452,7 +452,7 @@ No resources. | [compliance\_pipeline\_group](#input\_compliance\_pipeline\_group) | Specify user or group for compliance pipline repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_auth\_type](#input\_compliance\_pipeline\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_id](#input\_compliance\_pipeline\_repo\_git\_id) | Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for pipeline repo | `string` | `"hostedgit"` | no | +| [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for pipeline repo | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_crn](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_name](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_secret\_group](#input\_compliance\_pipeline\_repo\_secret\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -473,6 +473,7 @@ No resources. | [create\_secret\_group](#input\_create\_secret\_group) | Set to `true` to create the specified Secrets Manager secret group. | `bool` | `false` | no | | [create\_signing\_certificate](#input\_create\_signing\_certificate) | Set to `true` to create and add the `signing-certificate` to the Secrets Provider. | `bool` | `false` | no | | [create\_signing\_key](#input\_create\_signing\_key) | Set to `true` to create and add a `signing_key`to the Secrets Provider. | `bool` | `false` | no | +| [create\_triggers](#input\_create\_triggers) | Set to `true` to create the default triggers associated with the compliance repos and sample app. | `string` | `"true"` | no | | [enable\_key\_protect](#input\_enable\_key\_protect) | Set to `true` to the enable Key Protect integrations. | `string` | `"false"` | no | | [enable\_pipeline\_notifications](#input\_enable\_pipeline\_notifications) | When enabled, pipeline run events will be sent to the Event Notifications and Slack integrations in the enclosing toolchain. | `string` | `""` | no | | [enable\_secrets\_manager](#input\_enable\_secrets\_manager) | Set to `true` to enable the Secrets Manager integrations. | `string` | `"true"` | no | @@ -484,7 +485,7 @@ No resources. | [evidence\_group](#input\_evidence\_group) | Specify the Git user or group for the evidence repository. | `string` | `""` | no | | [evidence\_repo\_auth\_type](#input\_evidence\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [evidence\_repo\_existing\_git\_id](#input\_evidence\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [evidence\_repo\_existing\_git\_provider](#input\_evidence\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [evidence\_repo\_existing\_git\_provider](#input\_evidence\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | | [evidence\_repo\_existing\_url](#input\_evidence\_repo\_existing\_url) | Set to use an existing evidence repository. | `string` | `""` | no | | [evidence\_repo\_git\_token\_secret\_crn](#input\_evidence\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the Evidence repository. | `string` | `""` | no | | [evidence\_repo\_git\_token\_secret\_name](#input\_evidence\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the evidence repository. | `string` | `""` | no | @@ -495,7 +496,7 @@ No resources. | [inventory\_group](#input\_inventory\_group) | Specify the Git user or group for the inventory repository. | `string` | `""` | no | | [inventory\_repo\_auth\_type](#input\_inventory\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [inventory\_repo\_existing\_git\_id](#input\_inventory\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [inventory\_repo\_existing\_git\_provider](#input\_inventory\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [inventory\_repo\_existing\_git\_provider](#input\_inventory\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | | [inventory\_repo\_existing\_url](#input\_inventory\_repo\_existing\_url) | Set to use an existing inventory repository. | `string` | `""` | no | | [inventory\_repo\_git\_token\_secret\_crn](#input\_inventory\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for acessing the Inventory repository. | `string` | `""` | no | | [inventory\_repo\_git\_token\_secret\_name](#input\_inventory\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the inventory repository. | `string` | `""` | no | @@ -505,7 +506,7 @@ No resources. | [issues\_group](#input\_issues\_group) | Specify the Git user or group for the issues repository. | `string` | `""` | no | | [issues\_repo\_auth\_type](#input\_issues\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [issues\_repo\_existing\_git\_id](#input\_issues\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [issues\_repo\_existing\_git\_provider](#input\_issues\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [issues\_repo\_existing\_git\_provider](#input\_issues\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | | [issues\_repo\_existing\_url](#input\_issues\_repo\_existing\_url) | Set to use an existing issues repository. | `string` | `""` | no | | [issues\_repo\_git\_token\_secret\_crn](#input\_issues\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the Issues repository. | `string` | `""` | no | | [issues\_repo\_git\_token\_secret\_name](#input\_issues\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the issues repository. | `string` | `""` | no | diff --git a/solutions/code-engine/main.tf b/solutions/code-engine/main.tf index d3c6a075..7ce18019 100644 --- a/solutions/code-engine/main.tf +++ b/solutions/code-engine/main.tf @@ -46,6 +46,7 @@ module "devsecops_da" { create_secret_group = var.create_secret_group create_signing_certificate = var.create_signing_certificate create_signing_key = var.create_signing_key + create_triggers = var.create_triggers enable_key_protect = var.enable_key_protect enable_pipeline_notifications = var.enable_pipeline_notifications enable_secrets_manager = var.enable_secrets_manager diff --git a/solutions/code-engine/variables.tf b/solutions/code-engine/variables.tf index d9cc78f9..7add0a1c 100644 --- a/solutions/code-engine/variables.tf +++ b/solutions/code-engine/variables.tf @@ -149,10 +149,10 @@ variable "compliance_pipeline_repo_git_id" { variable "compliance_pipeline_repo_git_provider" { type = string - default = "hostedgit" + default = "" description = "Git provider for pipeline repo" validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.compliance_pipeline_repo_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.compliance_pipeline_repo_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline repo." } } @@ -281,6 +281,12 @@ variable "create_signing_key" { default = false } +variable "create_triggers" { + type = string + description = "Set to `true` to create the default triggers associated with the compliance repos and sample app." + default = "true" +} + variable "enable_key_protect" { type = string description = "Set to `true` to the enable Key Protect integrations." @@ -349,10 +355,10 @@ variable "evidence_repo_existing_git_id" { variable "evidence_repo_existing_git_provider" { type = string - default = "hostedgit" + default = "" description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.evidence_repo_existing_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.evidence_repo_existing_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." } } @@ -424,10 +430,10 @@ variable "inventory_repo_existing_git_id" { variable "inventory_repo_existing_git_provider" { type = string - default = "hostedgit" + default = "" description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.inventory_repo_existing_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.inventory_repo_existing_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for Inventory repository." } } @@ -493,10 +499,10 @@ variable "issues_repo_existing_git_id" { variable "issues_repo_existing_git_provider" { type = string - default = "hostedgit" + default = "" description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.issues_repo_existing_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.issues_repo_existing_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for issue repository." } } @@ -1742,10 +1748,10 @@ variable "change_management_repo_git_id" { variable "cd_change_management_repo_git_provider" { type = string - default = "hostedgit" + default = "" description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.cd_change_management_repo_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.cd_change_management_repo_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." } } @@ -1947,8 +1953,12 @@ variable "cd_deployment_repo_existing_git_id" { variable "cd_deployment_repo_existing_git_provider" { type = string - description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." - default = "hostedgit" + description = "Git provider for the deployment repo. If not set will default `hostedgit`." + default = "" + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.cd_deployment_repo_existing_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." + } } variable "cd_deployment_repo_existing_url" { diff --git a/solutions/kubernetes/README.md b/solutions/kubernetes/README.md index 4b514623..5cd2d8ba 100644 --- a/solutions/kubernetes/README.md +++ b/solutions/kubernetes/README.md @@ -198,7 +198,7 @@ No resources. | [cd\_authorization\_policy\_creation](#input\_cd\_authorization\_policy\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. | `string` | `""` | no | | [cd\_change\_management\_group](#input\_cd\_change\_management\_group) | Specify group for change management repository | `string` | `""` | no | | [cd\_change\_management\_repo\_auth\_type](#input\_cd\_change\_management\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | -| [cd\_change\_management\_repo\_git\_provider](#input\_cd\_change\_management\_repo\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [cd\_change\_management\_repo\_git\_provider](#input\_cd\_change\_management\_repo\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_crn](#input\_cd\_change\_management\_repo\_git\_token\_secret\_crn) | The CRN for the Change Management repository Git Token. | `string` | `""` | no | | [cd\_change\_management\_repo\_git\_token\_secret\_name](#input\_cd\_change\_management\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. | `string` | `""` | no | | [cd\_change\_management\_repo\_secret\_group](#input\_cd\_change\_management\_repo\_secret\_group) | Secret group for the Change Management repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -229,7 +229,7 @@ No resources. | [cd\_deployment\_repo\_clone\_to\_git\_provider](#input\_cd\_deployment\_repo\_clone\_to\_git\_provider) | By default 'hostedgit', else use 'githubconsolidated' or 'gitlab'. | `string` | `""` | no | | [cd\_deployment\_repo\_existing\_branch](#input\_cd\_deployment\_repo\_existing\_branch) | Used when deployment\_repo\_existing\_url is provided, the default branch that is by the CD build, usually either main or master. | `string` | `""` | no | | [cd\_deployment\_repo\_existing\_git\_id](#input\_cd\_deployment\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [cd\_deployment\_repo\_existing\_git\_provider](#input\_cd\_deployment\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [cd\_deployment\_repo\_existing\_git\_provider](#input\_cd\_deployment\_repo\_existing\_git\_provider) | Git provider for the deployment repo. If not set will default `hostedgit`. | `string` | `""` | no | | [cd\_deployment\_repo\_existing\_url](#input\_cd\_deployment\_repo\_existing\_url) | Override to bring your own existing deployment repository URL, which is used directly instead of cloning the default deployment sample. | `string` | `""` | no | | [cd\_deployment\_repo\_git\_token\_secret\_crn](#input\_cd\_deployment\_repo\_git\_token\_secret\_crn) | The CRN for the Deployment repository Git Token. | `string` | `""` | no | | [cd\_deployment\_repo\_git\_token\_secret\_name](#input\_cd\_deployment\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider. | `string` | `""` | no | @@ -452,7 +452,7 @@ No resources. | [compliance\_pipeline\_group](#input\_compliance\_pipeline\_group) | Specify user or group for compliance pipline repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_auth\_type](#input\_compliance\_pipeline\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_id](#input\_compliance\_pipeline\_repo\_git\_id) | Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for pipeline repo | `string` | `"hostedgit"` | no | +| [compliance\_pipeline\_repo\_git\_provider](#input\_compliance\_pipeline\_repo\_git\_provider) | Git provider for pipeline repo | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_crn](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_git\_token\_secret\_name](#input\_compliance\_pipeline\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `""` | no | | [compliance\_pipeline\_repo\_secret\_group](#input\_compliance\_pipeline\_repo\_secret\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | @@ -473,6 +473,7 @@ No resources. | [create\_secret\_group](#input\_create\_secret\_group) | Set to `true` to create the specified Secrets Manager secret group. | `bool` | `false` | no | | [create\_signing\_certificate](#input\_create\_signing\_certificate) | Set to `true` to create and add the `signing-certificate` to the Secrets Provider. | `bool` | `false` | no | | [create\_signing\_key](#input\_create\_signing\_key) | Set to `true` to create and add a `signing_key`to the Secrets Provider. | `bool` | `false` | no | +| [create\_triggers](#input\_create\_triggers) | Set to `true` to create the default triggers associated with the compliance repos and sample app. | `string` | `"true"` | no | | [enable\_key\_protect](#input\_enable\_key\_protect) | Set to `true` to the enable Key Protect integrations. | `string` | `"false"` | no | | [enable\_pipeline\_notifications](#input\_enable\_pipeline\_notifications) | When enabled, pipeline run events will be sent to the Event Notifications and Slack integrations in the enclosing toolchain. | `string` | `""` | no | | [enable\_secrets\_manager](#input\_enable\_secrets\_manager) | Set to `true` to enable the Secrets Manager integrations. | `string` | `"true"` | no | @@ -484,7 +485,7 @@ No resources. | [evidence\_group](#input\_evidence\_group) | Specify the Git user or group for the evidence repository. | `string` | `""` | no | | [evidence\_repo\_auth\_type](#input\_evidence\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [evidence\_repo\_existing\_git\_id](#input\_evidence\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [evidence\_repo\_existing\_git\_provider](#input\_evidence\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [evidence\_repo\_existing\_git\_provider](#input\_evidence\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | | [evidence\_repo\_existing\_url](#input\_evidence\_repo\_existing\_url) | Set to use an existing evidence repository. | `string` | `""` | no | | [evidence\_repo\_git\_token\_secret\_crn](#input\_evidence\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the Evidence repository. | `string` | `""` | no | | [evidence\_repo\_git\_token\_secret\_name](#input\_evidence\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the evidence repository. | `string` | `""` | no | @@ -495,7 +496,7 @@ No resources. | [inventory\_group](#input\_inventory\_group) | Specify the Git user or group for the inventory repository. | `string` | `""` | no | | [inventory\_repo\_auth\_type](#input\_inventory\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [inventory\_repo\_existing\_git\_id](#input\_inventory\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [inventory\_repo\_existing\_git\_provider](#input\_inventory\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [inventory\_repo\_existing\_git\_provider](#input\_inventory\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | | [inventory\_repo\_existing\_url](#input\_inventory\_repo\_existing\_url) | Set to use an existing inventory repository. | `string` | `""` | no | | [inventory\_repo\_git\_token\_secret\_crn](#input\_inventory\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for acessing the Inventory repository. | `string` | `""` | no | | [inventory\_repo\_git\_token\_secret\_name](#input\_inventory\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the inventory repository. | `string` | `""` | no | @@ -505,7 +506,7 @@ No resources. | [issues\_group](#input\_issues\_group) | Specify the Git user or group for the issues repository. | `string` | `""` | no | | [issues\_repo\_auth\_type](#input\_issues\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [issues\_repo\_existing\_git\_id](#input\_issues\_repo\_existing\_git\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `""` | no | -| [issues\_repo\_existing\_git\_provider](#input\_issues\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `"hostedgit"` | no | +| [issues\_repo\_existing\_git\_provider](#input\_issues\_repo\_existing\_git\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `""` | no | | [issues\_repo\_existing\_url](#input\_issues\_repo\_existing\_url) | Set to use an existing issues repository. | `string` | `""` | no | | [issues\_repo\_git\_token\_secret\_crn](#input\_issues\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the Issues repository. | `string` | `""` | no | | [issues\_repo\_git\_token\_secret\_name](#input\_issues\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the issues repository. | `string` | `""` | no | diff --git a/solutions/kubernetes/main.tf b/solutions/kubernetes/main.tf index d3c6a075..7ce18019 100644 --- a/solutions/kubernetes/main.tf +++ b/solutions/kubernetes/main.tf @@ -46,6 +46,7 @@ module "devsecops_da" { create_secret_group = var.create_secret_group create_signing_certificate = var.create_signing_certificate create_signing_key = var.create_signing_key + create_triggers = var.create_triggers enable_key_protect = var.enable_key_protect enable_pipeline_notifications = var.enable_pipeline_notifications enable_secrets_manager = var.enable_secrets_manager diff --git a/solutions/kubernetes/variables.tf b/solutions/kubernetes/variables.tf index eb13966e..df158be1 100644 --- a/solutions/kubernetes/variables.tf +++ b/solutions/kubernetes/variables.tf @@ -149,10 +149,10 @@ variable "compliance_pipeline_repo_git_id" { variable "compliance_pipeline_repo_git_provider" { type = string - default = "hostedgit" + default = "" description = "Git provider for pipeline repo" validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.compliance_pipeline_repo_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.compliance_pipeline_repo_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for pipeline repo." } } @@ -281,6 +281,12 @@ variable "create_signing_key" { default = false } +variable "create_triggers" { + type = string + description = "Set to `true` to create the default triggers associated with the compliance repos and sample app." + default = "true" +} + variable "enable_key_protect" { type = string description = "Set to `true` to the enable Key Protect integrations." @@ -349,10 +355,10 @@ variable "evidence_repo_existing_git_id" { variable "evidence_repo_existing_git_provider" { type = string - default = "hostedgit" + default = "" description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.evidence_repo_existing_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.evidence_repo_existing_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." } } @@ -424,10 +430,10 @@ variable "inventory_repo_existing_git_id" { variable "inventory_repo_existing_git_provider" { type = string - default = "hostedgit" + default = "" description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.inventory_repo_existing_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.inventory_repo_existing_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for Inventory repository." } } @@ -493,10 +499,10 @@ variable "issues_repo_existing_git_id" { variable "issues_repo_existing_git_provider" { type = string - default = "hostedgit" + default = "" description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.issues_repo_existing_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.issues_repo_existing_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for issue repository." } } @@ -1730,10 +1736,10 @@ variable "cd_change_management_repo_auth_type" { variable "cd_change_management_repo_git_provider" { type = string - default = "hostedgit" + default = "" description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." validation { - condition = contains(["hostedgit", "githubconsolidated", "gitlab"], var.cd_change_management_repo_git_provider) + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.cd_change_management_repo_git_provider) error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." } } @@ -1947,8 +1953,12 @@ variable "cd_deployment_repo_existing_git_id" { variable "cd_deployment_repo_existing_git_provider" { type = string - description = "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories." - default = "hostedgit" + description = "Git provider for the deployment repo. If not set will default `hostedgit`." + default = "" + validation { + condition = contains(["hostedgit", "githubconsolidated", "gitlab", ""], var.cd_deployment_repo_existing_git_provider) + error_message = "Must be either \"hostedgit\" or \"gitlab\" or \"githubconsolidated\" for evidence repository." + } } variable "cd_deployment_repo_existing_url" { diff --git a/variables.tf b/variables.tf index d8a8c581..521e6a97 100644 --- a/variables.tf +++ b/variables.tf @@ -285,6 +285,12 @@ variable "create_signing_key" { default = false } +variable "create_triggers" { + type = string + description = "Set to `true` to create the default triggers associated with the compliance repos and sample app." + default = "true" +} + variable "enable_key_protect" { type = string description = "Set to `true` to the enable Key Protect integrations." From ad3376cf1daf5feeb3a982cc13237696287466b9 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Mon, 30 Sep 2024 14:52:57 +0100 Subject: [PATCH 5/9] chore: toshiba settings --- README.md | 1 + ibm_catalog.json | 280 +++++++++++++++++++++++------ main.tf | 63 +++---- solutions/code-engine/README.md | 1 + solutions/code-engine/main.tf | 1 + solutions/code-engine/variables.tf | 6 + solutions/kubernetes/README.md | 1 + solutions/kubernetes/main.tf | 1 + solutions/kubernetes/variables.tf | 6 + variables.tf | 6 + 10 files changed, 280 insertions(+), 86 deletions(-) diff --git a/README.md b/README.md index 797df81d..bdfaa7a1 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,7 @@ statement instead the previous block. |------|-------------|------|---------|:--------:| | [add\_code\_engine\_prefix](#input\_add\_code\_engine\_prefix) | Set to `true` to use `prefix` to add a prefix to the code engine project names. | `bool` | `true` | no | | [add\_container\_name\_suffix](#input\_add\_container\_name\_suffix) | Set to `true` to add a random suffix to the specified ICR name. | `bool` | `false` | no | +| [add\_pipeline\_definitions](#input\_add\_pipeline\_definitions) | Set to `true` to add pipeline definitions. | `string` | `"true"` | no | | [app\_group](#input\_app\_group) | Specify the Git user or group for the application repository. | `string` | `""` | no | | [app\_repo\_auth\_type](#input\_app\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [app\_repo\_branch](#input\_app\_repo\_branch) | This is the repository branch used by the default sample application. Alternatively if `app_repo_existing_url` is provided, then the branch must reflect the default branch for that repository. Typically these branches are `main` or `master`. | `string` | `"master"` | no | diff --git a/ibm_catalog.json b/ibm_catalog.json index e0b91b1f..f24f797e 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -285,6 +285,118 @@ "description": "Bring your own existing application repository by providing the URL. This will create an integration for your application repository instead of cloning the default sample. Repositories existing in a different org will require the use of Git token. See `app_repo_git_token_secret_name` under optional variables. ", "required": true }, + { + "key": "repo_git_provider", + "type": "string", + "default_value": "", + "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories or `gitlab` for GitLab. Applies to all the default DevSecOps repositories, except the `Compliance Pipelines` repository that get created at the time of running the DA.", + "required": false + }, + { + "key": "repo_git_id", + "type": "string", + "default_value": "", + "description": "Set this value to `github` for github.com, `gitlabcustom` for GitLab or to the ID of a custom GitHub Enterprise server.", + "required": false + }, + { + "key": "repo_git_token_secret_name", + "type": "string", + "default_value": "", + "description": "Name of the Git token secret in the secret provider used for accessing the repositories created by the DA.", + "required": false + }, + { + "key": "repo_title", + "type": "string", + "default_value": "", + "description": "(Optional) The title of the server. e.g. My Git Enterprise Server.", + "required": false + }, + { + "key": "repo_root_url", + "type": "string", + "default_value": "", + "description": "(Optional) The Root URL of the server. e.g. https://git.example.com.", + "required": false + }, + { + "key": "repo_blind_connection", + "type": "string", + "default_value": "false", + "description": "Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server.", + "required": false + }, + { + "key": "create_triggers", + "type": "string", + "default_value": "true", + "description": "Set to `true` to create the triggers used by the DevSecOps pipelines.", + "required": false + }, + { + "key": "add_pipeline_definitions", + "type": "string", + "default_value": "true", + "description": "Set to `true` to add the compliance pipelines definitions to the DevSecOps pipelines.", + "required": false + }, + { + "key": "cd_deployment_repo_existing_url", + "type": "string", + "default_value": "", + "description": "Override to bring your own existing deployment repository URL, which is used directly instead of cloning the default deployment sample.", + "required": false + }, + { + "key": "change_management_existing_url", + "type": "string", + "default_value": "", + "description": "Override to bring your own existing change management repository URL, which is used directly instead of cloning the default change management repository.", + "required": false + }, + { + "key": "evidence_repo_existing_url", + "type": "string", + "default_value": "", + "description": "Set to use an existing evidence repository.", + "required": false + }, + { + "key": "inventory_repo_existing_url", + "type": "string", + "default_value": "", + "description": "Set to use an existing inventory repository.", + "required": false + }, + { + "key": "issues_repo_existing_url", + "type": "string", + "default_value": "", + "description": "Set to use an existing issues repository.", + "required": false + }, + { + "key": "compliance_pipeline_repo_git_provider", + "type": "string", + "default_value": "", + "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories or `gitlab` for GitLab.", + "required": false + }, + { + "key": "compliance_pipeline_repo_git_id", + "type": "string", + "default_value": "", + "description": "Set this value to `github` for github.com, `gitlabcustom` for GitLab or to the ID of a custom GitHub Enterprise server.", + "required": false + }, + { + "key": "compliance_pipeline_existing_repo_url", + "type": "string", + "default_value": "", + "description": "Override to bring your own existing compliance pipelines repository URL, which is used directly instead of cloning the default change compliance pipelines repository.", + "required": false + }, { "key": "add_code_engine_prefix", "type": "boolean", @@ -604,13 +716,6 @@ "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, - { - "key": "cd_deployment_repo_existing_url", - "type": "string", - "default_value": "", - "description": "Override to bring your own existing deployment repository URL, which is used directly instead of cloning the default deployment sample.", - "required": false - }, { "key": "cd_deployment_repo_git_token_secret_crn", "type": "password", @@ -1178,13 +1283,6 @@ "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, - { - "key": "evidence_repo_existing_url", - "type": "string", - "default_value": "", - "description": "Set to use an existing evidence repository.", - "required": false - }, { "key": "evidence_repo_git_token_secret_crn", "type": "password", @@ -1247,13 +1345,6 @@ "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, - { - "key": "inventory_repo_existing_url", - "type": "string", - "default_value": "", - "description": "Set to use an existing inventory repository.", - "required": false - }, { "key": "inventory_repo_git_token_secret_crn", "type": "password", @@ -1316,13 +1407,6 @@ "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, - { - "key": "issues_repo_existing_url", - "type": "string", - "default_value": "", - "description": "Set to use an existing issues repository.", - "required": false - }, { "key": "issues_repo_git_token_secret_crn", "type": "password", @@ -2060,6 +2144,118 @@ "description": "Bring your own existing application repository by providing the URL. This will create an integration for your application repository instead of cloning the default sample. Repositories existing in a different org will require the use of Git token. See `app_repo_git_token_secret_name` under optional variables. ", "required": true }, + { + "key": "repo_git_provider", + "type": "string", + "default_value": "", + "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories or `gitlab` for GitLab. Applies to all the default DevSecOps repositories, except the `Compliance Pipelines` repository that get created at the time of running the DA.", + "required": false + }, + { + "key": "repo_git_id", + "type": "string", + "default_value": "", + "description": "Set this value to `github` for github.com, `gitlabcustom` for GitLab or to the ID of a custom GitHub Enterprise server.", + "required": false + }, + { + "key": "repo_git_token_secret_name", + "type": "string", + "default_value": "", + "description": "Name of the Git token secret in the secret provider used for accessing the repositories created by the DA.", + "required": false + }, + { + "key": "repo_title", + "type": "string", + "default_value": "", + "description": "(Optional) The title of the server. e.g. My Git Enterprise Server.", + "required": false + }, + { + "key": "repo_root_url", + "type": "string", + "default_value": "", + "description": "(Optional) The Root URL of the server. e.g. https://git.example.com.", + "required": false + }, + { + "key": "repo_blind_connection", + "type": "string", + "default_value": "false", + "description": "Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server.", + "required": false + }, + { + "key": "create_triggers", + "type": "string", + "default_value": "true", + "description": "Set to `true` to create the triggers used by the DevSecOps pipelines.", + "required": false + }, + { + "key": "add_pipeline_definitions", + "type": "string", + "default_value": "true", + "description": "Set to `true` to add the compliance pipelines definitions to the DevSecOps pipelines.", + "required": false + }, + { + "key": "cd_deployment_repo_existing_url", + "type": "string", + "default_value": "", + "description": "Override to bring your own existing deployment repository URL, which is used directly instead of cloning the default deployment sample.", + "required": false + }, + { + "key": "change_management_existing_url", + "type": "string", + "default_value": "", + "description": "Override to bring your own existing change management repository URL, which is used directly instead of cloning the default change management repository.", + "required": false + }, + { + "key": "evidence_repo_existing_url", + "type": "string", + "default_value": "", + "description": "Set to use an existing evidence repository.", + "required": false + }, + { + "key": "inventory_repo_existing_url", + "type": "string", + "default_value": "", + "description": "Set to use an existing inventory repository.", + "required": false + }, + { + "key": "issues_repo_existing_url", + "type": "string", + "default_value": "", + "description": "Set to use an existing issues repository.", + "required": false + }, + { + "key": "compliance_pipeline_repo_git_provider", + "type": "string", + "default_value": "", + "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories or `gitlab` for GitLab.", + "required": false + }, + { + "key": "compliance_pipeline_repo_git_id", + "type": "string", + "default_value": "", + "description": "Set this value to `github` for github.com, `gitlabcustom` for GitLab or to the ID of a custom GitHub Enterprise server.", + "required": false + }, + { + "key": "compliance_pipeline_existing_repo_url", + "type": "string", + "default_value": "", + "description": "Override to bring your own existing compliance pipelines repository URL, which is used directly instead of cloning the default change compliance pipelines repository.", + "required": false + }, { "key": "add_container_name_suffix", "type": "boolean", @@ -2379,13 +2575,6 @@ "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, - { - "key": "cd_deployment_repo_existing_url", - "type": "string", - "default_value": "", - "description": "Override to bring your own existing deployment repository URL, which is used directly instead of cloning the default deployment sample.", - "required": false - }, { "key": "cd_deployment_repo_git_token_secret_crn", "type": "password", @@ -2953,13 +3142,6 @@ "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, - { - "key": "evidence_repo_existing_url", - "type": "string", - "default_value": "", - "description": "Set to use an existing evidence repository.", - "required": false - }, { "key": "evidence_repo_git_token_secret_crn", "type": "password", @@ -3022,13 +3204,6 @@ "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, - { - "key": "inventory_repo_existing_url", - "type": "string", - "default_value": "", - "description": "Set to use an existing inventory repository.", - "required": false - }, { "key": "inventory_repo_git_token_secret_crn", "type": "password", @@ -3091,13 +3266,6 @@ "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, - { - "key": "issues_repo_existing_url", - "type": "string", - "default_value": "", - "description": "Set to use an existing issues repository.", - "required": false - }, { "key": "issues_repo_git_token_secret_crn", "type": "password", diff --git a/main.tf b/main.tf index 9534aef6..3632caa1 100644 --- a/main.tf +++ b/main.tf @@ -295,16 +295,17 @@ module "devsecops_ci_toolchain" { pr_pipeline_git_tag = (var.pr_pipeline_git_tag == "") ? var.pipeline_git_tag : var.pr_pipeline_git_tag #SECRET PROVIDERS - enable_key_protect = (local.ci_enable_key_protect == "true") ? true : false - enable_secrets_manager = (local.ci_enable_secrets_manager == "true") ? true : false - sm_name = (var.ci_sm_name == "") ? var.sm_name : var.ci_sm_name - sm_location = (var.ci_sm_location == "") ? replace(replace(var.sm_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.ci_sm_location, "ibm:yp:", ""), "ibm:ys1:", "") - sm_resource_group = (var.ci_sm_resource_group != "") ? var.ci_sm_resource_group : (var.sm_resource_group != "") ? var.sm_resource_group : var.toolchain_resource_group - sm_secret_group = (var.ci_sm_secret_group == "") ? var.sm_secret_group : var.ci_sm_secret_group - kp_name = (var.ci_kp_name == "") ? var.kp_name : var.ci_kp_name - kp_location = (var.ci_kp_location == "") ? replace(replace(var.kp_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.ci_kp_location, "ibm:yp:", ""), "ibm:ys1:", "") - kp_resource_group = (var.ci_kp_resource_group != "") ? var.ci_kp_resource_group : (var.kp_resource_group != "") ? var.kp_resource_group : var.toolchain_resource_group - sm_instance_crn = (var.ci_sm_instance_crn != "") ? var.ci_sm_instance_crn : var.sm_instance_crn + enable_key_protect = (local.ci_enable_key_protect == "true") ? true : false + enable_secrets_manager = (local.ci_enable_secrets_manager == "true") ? true : false + sm_name = (var.ci_sm_name == "") ? var.sm_name : var.ci_sm_name + sm_location = (var.ci_sm_location == "") ? replace(replace(var.sm_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.ci_sm_location, "ibm:yp:", ""), "ibm:ys1:", "") + sm_resource_group = (var.ci_sm_resource_group != "") ? var.ci_sm_resource_group : (var.sm_resource_group != "") ? var.sm_resource_group : var.toolchain_resource_group + sm_secret_group = (var.ci_sm_secret_group == "") ? var.sm_secret_group : var.ci_sm_secret_group + kp_name = (var.ci_kp_name == "") ? var.kp_name : var.ci_kp_name + kp_location = (var.ci_kp_location == "") ? replace(replace(var.kp_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.ci_kp_location, "ibm:yp:", ""), "ibm:ys1:", "") + kp_resource_group = (var.ci_kp_resource_group != "") ? var.ci_kp_resource_group : (var.kp_resource_group != "") ? var.kp_resource_group : var.toolchain_resource_group + sm_instance_crn = (var.ci_sm_instance_crn != "") ? var.ci_sm_instance_crn : var.sm_instance_crn + add_pipeline_definitions = var.add_pipeline_definitions #SECRET NAMES pipeline_ibmcloud_api_key_secret_name = (var.ci_pipeline_ibmcloud_api_key_secret_name == "") ? var.pipeline_ibmcloud_api_key_secret_name : var.ci_pipeline_ibmcloud_api_key_secret_name @@ -520,16 +521,17 @@ module "devsecops_cd_toolchain" { pipeline_git_tag = (var.cd_pipeline_git_tag == "") ? var.pipeline_git_tag : var.cd_pipeline_git_tag #SECRET PROVIDERS - enable_key_protect = (local.cd_enable_key_protect == "true") ? true : false - enable_secrets_manager = (local.cd_enable_secrets_manager == "true") ? true : false - sm_name = (var.cd_sm_name == "") ? var.sm_name : var.cd_sm_name - sm_location = (var.cd_sm_location == "") ? replace(replace(var.sm_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.cd_sm_location, "ibm:yp:", ""), "ibm:ys1:", "") - sm_resource_group = (var.cd_sm_resource_group != "") ? var.cd_sm_resource_group : (var.sm_resource_group != "") ? var.sm_resource_group : var.toolchain_resource_group - sm_secret_group = (var.cd_sm_secret_group == "") ? var.sm_secret_group : var.cd_sm_secret_group - kp_name = (var.cd_kp_name == "") ? var.kp_name : var.cd_kp_name - kp_location = (var.cd_kp_location == "") ? replace(replace(var.kp_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.cd_kp_location, "ibm:yp:", ""), "ibm:ys1:", "") - kp_resource_group = (var.cd_kp_resource_group != "") ? var.cd_kp_resource_group : (var.kp_resource_group != "") ? var.kp_resource_group : var.toolchain_resource_group - sm_instance_crn = (var.cd_sm_instance_crn != "") ? var.cd_sm_instance_crn : var.sm_instance_crn + enable_key_protect = (local.cd_enable_key_protect == "true") ? true : false + enable_secrets_manager = (local.cd_enable_secrets_manager == "true") ? true : false + sm_name = (var.cd_sm_name == "") ? var.sm_name : var.cd_sm_name + sm_location = (var.cd_sm_location == "") ? replace(replace(var.sm_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.cd_sm_location, "ibm:yp:", ""), "ibm:ys1:", "") + sm_resource_group = (var.cd_sm_resource_group != "") ? var.cd_sm_resource_group : (var.sm_resource_group != "") ? var.sm_resource_group : var.toolchain_resource_group + sm_secret_group = (var.cd_sm_secret_group == "") ? var.sm_secret_group : var.cd_sm_secret_group + kp_name = (var.cd_kp_name == "") ? var.kp_name : var.cd_kp_name + kp_location = (var.cd_kp_location == "") ? replace(replace(var.kp_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.cd_kp_location, "ibm:yp:", ""), "ibm:ys1:", "") + kp_resource_group = (var.cd_kp_resource_group != "") ? var.cd_kp_resource_group : (var.kp_resource_group != "") ? var.kp_resource_group : var.toolchain_resource_group + sm_instance_crn = (var.cd_sm_instance_crn != "") ? var.cd_sm_instance_crn : var.sm_instance_crn + add_pipeline_definitions = var.add_pipeline_definitions #SECRET NAMES AND SECRET GROUPS pipeline_ibmcloud_api_key_secret_name = (var.cd_pipeline_ibmcloud_api_key_secret_name == "") ? var.pipeline_ibmcloud_api_key_secret_name : var.cd_pipeline_ibmcloud_api_key_secret_name @@ -767,16 +769,17 @@ module "devsecops_cc_toolchain" { pipeline_git_tag = (var.cc_pipeline_git_tag == "") ? var.pipeline_git_tag : var.cc_pipeline_git_tag #SECRET PROVIDERS - enable_key_protect = (local.cc_enable_key_protect == "true") ? true : false - enable_secrets_manager = (local.cc_enable_secrets_manager == "true") ? true : false - sm_name = (var.cc_sm_name == "") ? var.sm_name : var.cc_sm_name - sm_location = (var.cc_sm_location == "") ? replace(replace(var.sm_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.cc_sm_location, "ibm:yp:", ""), "ibm:ys1:", "") - sm_resource_group = (var.cc_sm_resource_group != "") ? var.cc_sm_resource_group : (var.sm_resource_group != "") ? var.sm_resource_group : var.toolchain_resource_group - sm_secret_group = (var.cc_sm_secret_group == "") ? var.sm_secret_group : var.cc_sm_secret_group - kp_name = (var.cc_kp_name == "") ? var.kp_name : var.cc_kp_name - kp_location = (var.cc_sm_location == "") ? replace(replace(var.kp_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.cc_kp_location, "ibm:yp:", ""), "ibm:ys1:", "") - kp_resource_group = (var.cc_kp_resource_group != "") ? var.cc_kp_resource_group : (var.kp_resource_group != "") ? var.kp_resource_group : var.toolchain_resource_group - sm_instance_crn = (var.cc_sm_instance_crn != "") ? var.cc_sm_instance_crn : var.sm_instance_crn + enable_key_protect = (local.cc_enable_key_protect == "true") ? true : false + enable_secrets_manager = (local.cc_enable_secrets_manager == "true") ? true : false + sm_name = (var.cc_sm_name == "") ? var.sm_name : var.cc_sm_name + sm_location = (var.cc_sm_location == "") ? replace(replace(var.sm_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.cc_sm_location, "ibm:yp:", ""), "ibm:ys1:", "") + sm_resource_group = (var.cc_sm_resource_group != "") ? var.cc_sm_resource_group : (var.sm_resource_group != "") ? var.sm_resource_group : var.toolchain_resource_group + sm_secret_group = (var.cc_sm_secret_group == "") ? var.sm_secret_group : var.cc_sm_secret_group + kp_name = (var.cc_kp_name == "") ? var.kp_name : var.cc_kp_name + kp_location = (var.cc_sm_location == "") ? replace(replace(var.kp_location, "ibm:yp:", ""), "ibm:ys1:", "") : replace(replace(var.cc_kp_location, "ibm:yp:", ""), "ibm:ys1:", "") + kp_resource_group = (var.cc_kp_resource_group != "") ? var.cc_kp_resource_group : (var.kp_resource_group != "") ? var.kp_resource_group : var.toolchain_resource_group + sm_instance_crn = (var.cc_sm_instance_crn != "") ? var.cc_sm_instance_crn : var.sm_instance_crn + add_pipeline_definitions = var.add_pipeline_definitions #SECRET NAMES AND SECRET GROUPS pipeline_ibmcloud_api_key_secret_name = (var.cc_pipeline_ibmcloud_api_key_secret_name == "") ? var.pipeline_ibmcloud_api_key_secret_name : var.cc_pipeline_ibmcloud_api_key_secret_name diff --git a/solutions/code-engine/README.md b/solutions/code-engine/README.md index 8aa7b10c..03da0cd8 100644 --- a/solutions/code-engine/README.md +++ b/solutions/code-engine/README.md @@ -75,6 +75,7 @@ No resources. |------|-------------|------|---------|:--------:| | [add\_code\_engine\_prefix](#input\_add\_code\_engine\_prefix) | Set to `true` to use `prefix` to add a prefix to the code engine project names. | `bool` | `true` | no | | [add\_container\_name\_suffix](#input\_add\_container\_name\_suffix) | Set to `true` to add a random suffix to the specified ICR name. | `bool` | `false` | no | +| [add\_pipeline\_definitions](#input\_add\_pipeline\_definitions) | Set to `true` to add pipeline definitions. | `string` | `"true"` | no | | [app\_group](#input\_app\_group) | Specify the Git user or group for the application repository. | `string` | `""` | no | | [app\_repo\_auth\_type](#input\_app\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [app\_repo\_branch](#input\_app\_repo\_branch) | This is the repository branch used by the default sample application. Alternatively if `app_repo_existing_url` is provided, then the branch must reflect the default branch for that repository. Typically these branches are `main` or `master`. | `string` | `"main"` | no | diff --git a/solutions/code-engine/main.tf b/solutions/code-engine/main.tf index 7ce18019..9ecb90c1 100644 --- a/solutions/code-engine/main.tf +++ b/solutions/code-engine/main.tf @@ -4,6 +4,7 @@ module "devsecops_da" { add_code_engine_prefix = var.add_code_engine_prefix add_container_name_suffix = var.add_container_name_suffix app_group = var.app_group + add_pipeline_definitions = var.add_pipeline_definitions app_repo_auth_type = var.app_repo_auth_type app_repo_branch = var.app_repo_branch app_repo_clone_from_url = var.app_repo_clone_from_url diff --git a/solutions/code-engine/variables.tf b/solutions/code-engine/variables.tf index 7add0a1c..8006a0d8 100644 --- a/solutions/code-engine/variables.tf +++ b/solutions/code-engine/variables.tf @@ -3388,3 +3388,9 @@ variable "use_app_repo_for_cd_deploy" { description = "Set to `true` to use the CI sample application repository as the deployment repository in the CD pipeline. This will be set in the pipeline config integration." default = true } + +variable "add_pipeline_definitions" { + type = string + description = "Set to `true` to add pipeline definitions." + default = "true" +} diff --git a/solutions/kubernetes/README.md b/solutions/kubernetes/README.md index 5cd2d8ba..2412ec9c 100644 --- a/solutions/kubernetes/README.md +++ b/solutions/kubernetes/README.md @@ -75,6 +75,7 @@ No resources. |------|-------------|------|---------|:--------:| | [add\_code\_engine\_prefix](#input\_add\_code\_engine\_prefix) | Set to `true` to use `prefix` to add a prefix to the code engine project names. | `bool` | `true` | no | | [add\_container\_name\_suffix](#input\_add\_container\_name\_suffix) | Set to `true` to add a random suffix to the specified ICR name. | `bool` | `false` | no | +| [add\_pipeline\_definitions](#input\_add\_pipeline\_definitions) | Set to `true` to add pipeline definitions. | `string` | `"true"` | no | | [app\_group](#input\_app\_group) | Specify the Git user or group for the application repository. | `string` | `""` | no | | [app\_repo\_auth\_type](#input\_app\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [app\_repo\_branch](#input\_app\_repo\_branch) | This is the repository branch used by the default sample application. Alternatively if `app_repo_existing_url` is provided, then the branch must reflect the default branch for that repository. Typically these branches are `main` or `master`. | `string` | `"master"` | no | diff --git a/solutions/kubernetes/main.tf b/solutions/kubernetes/main.tf index 7ce18019..9ecb90c1 100644 --- a/solutions/kubernetes/main.tf +++ b/solutions/kubernetes/main.tf @@ -4,6 +4,7 @@ module "devsecops_da" { add_code_engine_prefix = var.add_code_engine_prefix add_container_name_suffix = var.add_container_name_suffix app_group = var.app_group + add_pipeline_definitions = var.add_pipeline_definitions app_repo_auth_type = var.app_repo_auth_type app_repo_branch = var.app_repo_branch app_repo_clone_from_url = var.app_repo_clone_from_url diff --git a/solutions/kubernetes/variables.tf b/solutions/kubernetes/variables.tf index df158be1..df1b4acc 100644 --- a/solutions/kubernetes/variables.tf +++ b/solutions/kubernetes/variables.tf @@ -3388,3 +3388,9 @@ variable "use_app_repo_for_cd_deploy" { description = "Set to `true` to use the CI sample application repository as the deployment repository in the CD pipeline. This will be set in the pipeline config integration." default = false } + +variable "add_pipeline_definitions" { + type = string + description = "Set to `true` to add pipeline definitions." + default = "true" +} diff --git a/variables.tf b/variables.tf index 521e6a97..9b7a7e63 100644 --- a/variables.tf +++ b/variables.tf @@ -3400,3 +3400,9 @@ variable "use_app_repo_for_cd_deploy" { description = "Set to `true` to use the CI sample application repository as the deployment repository in the CD pipeline. This will be set in the pipeline config integration." default = false } + +variable "add_pipeline_definitions" { + type = string + description = "Set to `true` to add pipeline definitions." + default = "true" +} From 8d60abe1c33da1555ddea03f3b7e1c175d06ba0c Mon Sep 17 00:00:00 2001 From: huayuenh Date: Mon, 30 Sep 2024 18:59:05 +0100 Subject: [PATCH 6/9] chore: update defaults --- ibm_catalog.json | 16 ++++++++-------- solutions/code-engine/README.md | 2 +- solutions/code-engine/variables.tf | 2 +- solutions/kubernetes/README.md | 2 +- solutions/kubernetes/variables.tf | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index f24f797e..d0a4e030 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -712,7 +712,7 @@ { "key": "cd_deployment_repo_existing_git_provider", "type": "string", - "default_value": "hostedgit", + "default_value": "", "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, @@ -1279,7 +1279,7 @@ { "key": "evidence_repo_existing_git_provider", "type": "string", - "default_value": "hostedgit", + "default_value": "", "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, @@ -1341,7 +1341,7 @@ { "key": "inventory_repo_existing_git_provider", "type": "string", - "default_value": "hostedgit", + "default_value": "", "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, @@ -1403,7 +1403,7 @@ { "key": "issues_repo_existing_git_provider", "type": "string", - "default_value": "hostedgit", + "default_value": "", "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, @@ -2571,7 +2571,7 @@ { "key": "cd_deployment_repo_existing_git_provider", "type": "string", - "default_value": "hostedgit", + "default_value": "", "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, @@ -3138,7 +3138,7 @@ { "key": "evidence_repo_existing_git_provider", "type": "string", - "default_value": "hostedgit", + "default_value": "", "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, @@ -3200,7 +3200,7 @@ { "key": "inventory_repo_existing_git_provider", "type": "string", - "default_value": "hostedgit", + "default_value": "", "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, @@ -3262,7 +3262,7 @@ { "key": "issues_repo_existing_git_provider", "type": "string", - "default_value": "hostedgit", + "default_value": "", "description": "By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories.", "required": false }, diff --git a/solutions/code-engine/README.md b/solutions/code-engine/README.md index 03da0cd8..91b422d8 100644 --- a/solutions/code-engine/README.md +++ b/solutions/code-engine/README.md @@ -94,7 +94,7 @@ No resources. | [cc\_app\_repo\_auth\_type](#input\_cc\_app\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [cc\_app\_repo\_branch](#input\_cc\_app\_repo\_branch) | The default branch of the app repository. | `string` | `""` | no | | [cc\_app\_repo\_git\_id](#input\_cc\_app\_repo\_git\_id) | The Git Id of the repository. | `string` | `""` | no | -| [cc\_app\_repo\_git\_provider](#input\_cc\_app\_repo\_git\_provider) | The type of the Git provider. | `string` | `"hostedgit"` | no | +| [cc\_app\_repo\_git\_provider](#input\_cc\_app\_repo\_git\_provider) | The type of the Git provider. | `string` | `""` | no | | [cc\_app\_repo\_git\_token\_secret\_crn](#input\_cc\_app\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the application repository. | `string` | `""` | no | | [cc\_app\_repo\_git\_token\_secret\_name](#input\_cc\_app\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the sample (or bring your own) application repository. | `string` | `""` | no | | [cc\_app\_repo\_secret\_group](#input\_cc\_app\_repo\_secret\_group) | Secret group for the App repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | diff --git a/solutions/code-engine/variables.tf b/solutions/code-engine/variables.tf index 8006a0d8..2146967d 100644 --- a/solutions/code-engine/variables.tf +++ b/solutions/code-engine/variables.tf @@ -1029,7 +1029,7 @@ variable "cc_app_repo_git_id" { variable "cc_app_repo_git_provider" { type = string description = "The type of the Git provider." - default = "hostedgit" + default = "" } variable "cc_app_repo_git_token_secret_crn" { diff --git a/solutions/kubernetes/README.md b/solutions/kubernetes/README.md index 2412ec9c..9374aefa 100644 --- a/solutions/kubernetes/README.md +++ b/solutions/kubernetes/README.md @@ -94,7 +94,7 @@ No resources. | [cc\_app\_repo\_auth\_type](#input\_cc\_app\_repo\_auth\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `""` | no | | [cc\_app\_repo\_branch](#input\_cc\_app\_repo\_branch) | The default branch of the app repository. | `string` | `""` | no | | [cc\_app\_repo\_git\_id](#input\_cc\_app\_repo\_git\_id) | The Git Id of the repository. | `string` | `""` | no | -| [cc\_app\_repo\_git\_provider](#input\_cc\_app\_repo\_git\_provider) | The type of the Git provider. | `string` | `"hostedgit"` | no | +| [cc\_app\_repo\_git\_provider](#input\_cc\_app\_repo\_git\_provider) | The type of the Git provider. | `string` | `""` | no | | [cc\_app\_repo\_git\_token\_secret\_crn](#input\_cc\_app\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the application repository. | `string` | `""` | no | | [cc\_app\_repo\_git\_token\_secret\_name](#input\_cc\_app\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the sample (or bring your own) application repository. | `string` | `""` | no | | [cc\_app\_repo\_secret\_group](#input\_cc\_app\_repo\_secret\_group) | Secret group for the App repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no | diff --git a/solutions/kubernetes/variables.tf b/solutions/kubernetes/variables.tf index df1b4acc..807c4a0a 100644 --- a/solutions/kubernetes/variables.tf +++ b/solutions/kubernetes/variables.tf @@ -1029,7 +1029,7 @@ variable "cc_app_repo_git_id" { variable "cc_app_repo_git_provider" { type = string description = "The type of the Git provider." - default = "hostedgit" + default = "" } variable "cc_app_repo_git_token_secret_crn" { From 232199618b51a6de10568d3ff76f2bf241b771f2 Mon Sep 17 00:00:00 2001 From: huayuenh Date: Tue, 1 Oct 2024 14:14:29 +0100 Subject: [PATCH 7/9] chore: upgrade defaults --- README.md | 6 ++-- ibm_catalog.json | 88 ++++++++++++++++++++++++------------------------ main.tf | 6 ++-- 3 files changed, 50 insertions(+), 50 deletions(-) diff --git a/README.md b/README.md index bdfaa7a1..c825f684 100644 --- a/README.md +++ b/README.md @@ -65,9 +65,9 @@ statement instead the previous block. | Name | Source | Version | |------|--------|---------| -| [devsecops\_cc\_toolchain](#module\_devsecops\_cc\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain | gitlab | -| [devsecops\_cd\_toolchain](#module\_devsecops\_cd\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain | gitlab | -| [devsecops\_ci\_toolchain](#module\_devsecops\_ci\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain | gitlab | +| [devsecops\_cc\_toolchain](#module\_devsecops\_cc\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain | v2.0.0-gitlabpoc | +| [devsecops\_cd\_toolchain](#module\_devsecops\_cd\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain | v2.0.0-gitlabpoc | +| [devsecops\_ci\_toolchain](#module\_devsecops\_ci\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain | v2.0.0-gitlabpoc | | [prereqs](#module\_prereqs) | ./prereqs | n/a | ### Resources diff --git a/ibm_catalog.json b/ibm_catalog.json index d0a4e030..b1bb53dd 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -272,18 +272,18 @@ } }, { - "key": "app_repo_branch", + "key": "repo_git_token_secret_name", "type": "string", - "default_value": "main", - "description": "This is the repository branch used by the default sample application. Alternatively if `app_repo_existing_url` is provided, then the branch must reflect the default branch for that repository. Typically these branches are `main` or `master`.", - "required": true + "default_value": "", + "description": "Name of the Git token secret in the secret provider. Specifying a secret name for the Git Token automatically sets the authentication type to `pat`.", + "required": false }, { - "key": "app_repo_existing_url", + "key": "repo_group", "type": "string", - "default_value": "__NOTSET__", - "description": "Bring your own existing application repository by providing the URL. This will create an integration for your application repository instead of cloning the default sample. Repositories existing in a different org will require the use of Git token. See `app_repo_git_token_secret_name` under optional variables. ", - "required": true + "default_value": "", + "description": "Specify the Git user or group for your application. This must be set if the repository authentication type is `pat` (personal access token).", + "required": false }, { "key": "repo_git_provider", @@ -341,6 +341,20 @@ "description": "Set to `true` to add the compliance pipelines definitions to the DevSecOps pipelines.", "required": false }, + { + "key": "app_repo_branch", + "type": "string", + "default_value": "main", + "description": "This is the repository branch used by the default sample application. Alternatively if `app_repo_existing_url` is provided, then the branch must reflect the default branch for that repository. Typically these branches are `main` or `master`.", + "required": false + }, + { + "key": "app_repo_existing_url", + "type": "string", + "default_value": "__NOTSET__", + "description": "Bring your own existing application repository by providing the URL. This will create an integration for your application repository instead of cloning the default sample. Repositories existing in a different org will require the use of Git token. See `app_repo_git_token_secret_name` under optional variables. ", + "required": false + }, { "key": "cd_deployment_repo_existing_url", "type": "string", @@ -1563,20 +1577,6 @@ "description": "The CRN for the repositories Git Token.", "required": false }, - { - "key": "repo_git_token_secret_name", - "type": "string", - "default_value": "", - "description": "Name of the Git token secret in the secret provider. Specifying a secret name for the Git Token automatically sets the authentication type to `pat`.", - "required": false - }, - { - "key": "repo_group", - "type": "string", - "default_value": "", - "description": "Specify the Git user or group for your application. This must be set if the repository authentication type is `pat` (personal access token).", - "required": false - }, { "key": "repo_secret_group", "type": "string", @@ -2131,18 +2131,18 @@ } }, { - "key": "app_repo_branch", + "key": "repo_git_token_secret_name", "type": "string", - "default_value": "master", - "description": "This is the repository branch used by the default sample application. Alternatively if `app_repo_existing_url` is provided, then the branch must reflect the default branch for that repository. Typically these branches are `main` or `master`.", - "required": true + "default_value": "", + "description": "Name of the Git token secret in the secret provider. Specifying a secret name for the Git Token automatically sets the authentication type to `pat`.", + "required": false }, { - "key": "app_repo_existing_url", + "key": "repo_group", "type": "string", - "default_value": "__NOTSET__", - "description": "Bring your own existing application repository by providing the URL. This will create an integration for your application repository instead of cloning the default sample. Repositories existing in a different org will require the use of Git token. See `app_repo_git_token_secret_name` under optional variables. ", - "required": true + "default_value": "", + "description": "Specify the Git user or group for your application. This must be set if the repository authentication type is `pat` (personal access token).", + "required": false }, { "key": "repo_git_provider", @@ -2200,6 +2200,20 @@ "description": "Set to `true` to add the compliance pipelines definitions to the DevSecOps pipelines.", "required": false }, + { + "key": "app_repo_branch", + "type": "string", + "default_value": "master", + "description": "This is the repository branch used by the default sample application. Alternatively if `app_repo_existing_url` is provided, then the branch must reflect the default branch for that repository. Typically these branches are `main` or `master`.", + "required": false + }, + { + "key": "app_repo_existing_url", + "type": "string", + "default_value": "__NOTSET__", + "description": "Bring your own existing application repository by providing the URL. This will create an integration for your application repository instead of cloning the default sample. Repositories existing in a different org will require the use of Git token. See `app_repo_git_token_secret_name` under optional variables. ", + "required": false + }, { "key": "cd_deployment_repo_existing_url", "type": "string", @@ -3422,20 +3436,6 @@ "description": "The CRN for the repositories Git Token.", "required": false }, - { - "key": "repo_git_token_secret_name", - "type": "string", - "default_value": "", - "description": "Name of the Git token secret in the secret provider. Specifying a secret name for the Git Token automatically sets the authentication type to `pat`.", - "required": false - }, - { - "key": "repo_group", - "type": "string", - "default_value": "", - "description": "Specify the Git user or group for your application. This must be set if the repository authentication type is `pat` (personal access token).", - "required": false - }, { "key": "repo_secret_group", "type": "string", diff --git a/main.tf b/main.tf index 3632caa1..4ba4497c 100644 --- a/main.tf +++ b/main.tf @@ -282,7 +282,7 @@ module "prereqs" { module "devsecops_ci_toolchain" { count = var.create_ci_toolchain ? 1 : 0 depends_on = [ibm_resource_instance.cd_instance] - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain?ref=gitlab" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain?ref=v2.0.0-gitlabpoc" ibmcloud_api_key = var.ibmcloud_api_key toolchain_name = (var.prefix == "") ? local.ci_toolchain_name : format("${var.prefix}-%s", local.ci_toolchain_name) toolchain_region = (var.ci_toolchain_region == "") ? var.toolchain_region : replace(replace(var.ci_toolchain_region, "ibm:yp:", ""), "ibm:ys1:", "") @@ -510,7 +510,7 @@ module "devsecops_ci_toolchain" { module "devsecops_cd_toolchain" { count = var.create_cd_toolchain ? 1 : 0 depends_on = [ibm_resource_instance.cd_instance] - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain?ref=gitlab" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain?ref=v2.0.0-gitlabpoc" ibmcloud_api_key = var.ibmcloud_api_key toolchain_name = (var.prefix == "") ? local.cd_toolchain_name : format("${var.prefix}-%s", local.cd_toolchain_name) @@ -758,7 +758,7 @@ module "devsecops_cd_toolchain" { module "devsecops_cc_toolchain" { count = var.create_cc_toolchain ? 1 : 0 - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain?ref=gitlab" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain?ref=v2.0.0-gitlabpoc" ibmcloud_api_key = var.ibmcloud_api_key toolchain_name = (var.prefix == "") ? local.cc_toolchain_name : format("${var.prefix}-%s", local.cc_toolchain_name) toolchain_description = var.cc_toolchain_description From 0b56c0b0fcb72921ea162ebaf796001d552a24de Mon Sep 17 00:00:00 2001 From: huayuenh Date: Wed, 2 Oct 2024 15:26:15 +0100 Subject: [PATCH 8/9] chore: add create git trigger --- README.md | 7 ++++--- main.tf | 8 +++++--- solutions/code-engine/README.md | 1 + solutions/code-engine/main.tf | 1 + solutions/code-engine/variables.tf | 6 ++++++ solutions/kubernetes/README.md | 1 + solutions/kubernetes/main.tf | 1 + solutions/kubernetes/variables.tf | 6 ++++++ variables.tf | 6 ++++++ 9 files changed, 31 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c825f684..c1bb1350 100644 --- a/README.md +++ b/README.md @@ -65,9 +65,9 @@ statement instead the previous block. | Name | Source | Version | |------|--------|---------| -| [devsecops\_cc\_toolchain](#module\_devsecops\_cc\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain | v2.0.0-gitlabpoc | -| [devsecops\_cd\_toolchain](#module\_devsecops\_cd\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain | v2.0.0-gitlabpoc | -| [devsecops\_ci\_toolchain](#module\_devsecops\_ci\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain | v2.0.0-gitlabpoc | +| [devsecops\_cc\_toolchain](#module\_devsecops\_cc\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain | v2.0.1-gitlabpoc | +| [devsecops\_cd\_toolchain](#module\_devsecops\_cd\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain | v2.0.1-gitlabpoc | +| [devsecops\_ci\_toolchain](#module\_devsecops\_ci\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain | v2.0.1-gitlabpoc | | [prereqs](#module\_prereqs) | ./prereqs | n/a | ### Resources @@ -485,6 +485,7 @@ statement instead the previous block. | [create\_cd\_toolchain](#input\_create\_cd\_toolchain) | Boolean flag which determines if the DevSecOps CD toolchain is created. | `bool` | `true` | no | | [create\_ci\_toolchain](#input\_create\_ci\_toolchain) | Flag which determines if the DevSecOps CI toolchain is created. If this toolchain is not created then values must be set for the following variables, evidence\_repo\_url, issues\_repo\_url and inventory\_repo\_url. | `bool` | `true` | no | | [create\_cos\_api\_key](#input\_create\_cos\_api\_key) | Set to `true` to create and add a `cos-api-key` to the Secrets Provider. | `bool` | `false` | no | +| [create\_git\_triggers](#input\_create\_git\_triggers) | Set to `true` to create the default Git triggers associated with the compliance repos and sample app. | `string` | `"true"` | no | | [create\_ibmcloud\_api\_key](#input\_create\_ibmcloud\_api\_key) | Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider. | `bool` | `false` | no | | [create\_icr\_namespace](#input\_create\_icr\_namespace) | Set to `true` to have Terraform create the registry namespace. Setting to `false` will have the CI pipeline create the namespace if it does not already exist. Note: If a Terraform destroy is used, the ICR namespace along with all images will be removed. | `bool` | `false` | no | | [create\_secret\_group](#input\_create\_secret\_group) | Set to `true` to create the specified Secrets Manager secret group. | `bool` | `false` | no | diff --git a/main.tf b/main.tf index 4ba4497c..341f8a9f 100644 --- a/main.tf +++ b/main.tf @@ -282,7 +282,7 @@ module "prereqs" { module "devsecops_ci_toolchain" { count = var.create_ci_toolchain ? 1 : 0 depends_on = [ibm_resource_instance.cd_instance] - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain?ref=v2.0.0-gitlabpoc" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain?ref=v2.0.1-gitlabpoc" ibmcloud_api_key = var.ibmcloud_api_key toolchain_name = (var.prefix == "") ? local.ci_toolchain_name : format("${var.prefix}-%s", local.ci_toolchain_name) toolchain_region = (var.ci_toolchain_region == "") ? var.toolchain_region : replace(replace(var.ci_toolchain_region, "ibm:yp:", ""), "ibm:ys1:", "") @@ -492,6 +492,7 @@ module "devsecops_ci_toolchain" { #TRIGGER PROPERTIES create_triggers = var.create_triggers + create_git_triggers = var.create_git_triggers trigger_git_name = var.ci_trigger_git_name trigger_git_enable = var.ci_trigger_git_enable trigger_timed_name = var.ci_trigger_timed_name @@ -510,7 +511,7 @@ module "devsecops_ci_toolchain" { module "devsecops_cd_toolchain" { count = var.create_cd_toolchain ? 1 : 0 depends_on = [ibm_resource_instance.cd_instance] - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain?ref=v2.0.0-gitlabpoc" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain?ref=v2.0.1-gitlabpoc" ibmcloud_api_key = var.ibmcloud_api_key toolchain_name = (var.prefix == "") ? local.cd_toolchain_name : format("${var.prefix}-%s", local.cd_toolchain_name) @@ -737,6 +738,7 @@ module "devsecops_cd_toolchain" { #TRIGGER PROPERTIES create_triggers = var.create_triggers + create_git_triggers = var.create_git_triggers trigger_git_name = var.cd_trigger_git_name trigger_git_enable = var.cd_trigger_git_enable trigger_git_promotion_listener = var.cd_trigger_git_promotion_validation_listener @@ -758,7 +760,7 @@ module "devsecops_cd_toolchain" { module "devsecops_cc_toolchain" { count = var.create_cc_toolchain ? 1 : 0 - source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain?ref=v2.0.0-gitlabpoc" + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain?ref=v2.0.1-gitlabpoc" ibmcloud_api_key = var.ibmcloud_api_key toolchain_name = (var.prefix == "") ? local.cc_toolchain_name : format("${var.prefix}-%s", local.cc_toolchain_name) toolchain_description = var.cc_toolchain_description diff --git a/solutions/code-engine/README.md b/solutions/code-engine/README.md index 91b422d8..f5f9e377 100644 --- a/solutions/code-engine/README.md +++ b/solutions/code-engine/README.md @@ -469,6 +469,7 @@ No resources. | [create\_cd\_toolchain](#input\_create\_cd\_toolchain) | Boolean flag which determines if the DevSecOps CD toolchain is created. | `bool` | `true` | no | | [create\_ci\_toolchain](#input\_create\_ci\_toolchain) | Flag which determines if the DevSecOps CI toolchain is created. If this toolchain is not created then values must be set for the following variables, evidence\_repo\_url, issues\_repo\_url and inventory\_repo\_url. | `bool` | `true` | no | | [create\_cos\_api\_key](#input\_create\_cos\_api\_key) | Set to `true` to create and add a `cos-api-key` to the Secrets Provider. | `bool` | `false` | no | +| [create\_git\_triggers](#input\_create\_git\_triggers) | Set to `true` to create the default Git triggers associated with the compliance repos and sample app. | `string` | `"true"` | no | | [create\_ibmcloud\_api\_key](#input\_create\_ibmcloud\_api\_key) | Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider. | `bool` | `false` | no | | [create\_icr\_namespace](#input\_create\_icr\_namespace) | Set to `true` to have Terraform create the registry namespace. Setting to `false` will have the CI pipeline create the namespace if it does not already exist. Note: If a Terraform destroy is used, the ICR namespace along with all images will be removed. | `bool` | `false` | no | | [create\_secret\_group](#input\_create\_secret\_group) | Set to `true` to create the specified Secrets Manager secret group. | `bool` | `false` | no | diff --git a/solutions/code-engine/main.tf b/solutions/code-engine/main.tf index 9ecb90c1..da812bdd 100644 --- a/solutions/code-engine/main.tf +++ b/solutions/code-engine/main.tf @@ -48,6 +48,7 @@ module "devsecops_da" { create_signing_certificate = var.create_signing_certificate create_signing_key = var.create_signing_key create_triggers = var.create_triggers + create_git_triggers = var.create_git_triggers enable_key_protect = var.enable_key_protect enable_pipeline_notifications = var.enable_pipeline_notifications enable_secrets_manager = var.enable_secrets_manager diff --git a/solutions/code-engine/variables.tf b/solutions/code-engine/variables.tf index 2146967d..06232b47 100644 --- a/solutions/code-engine/variables.tf +++ b/solutions/code-engine/variables.tf @@ -3394,3 +3394,9 @@ variable "add_pipeline_definitions" { description = "Set to `true` to add pipeline definitions." default = "true" } + +variable "create_git_triggers" { + type = string + description = "Set to `true` to create the default Git triggers associated with the compliance repos and sample app." + default = "true" +} diff --git a/solutions/kubernetes/README.md b/solutions/kubernetes/README.md index 9374aefa..d469cee3 100644 --- a/solutions/kubernetes/README.md +++ b/solutions/kubernetes/README.md @@ -469,6 +469,7 @@ No resources. | [create\_cd\_toolchain](#input\_create\_cd\_toolchain) | Boolean flag which determines if the DevSecOps CD toolchain is created. | `bool` | `true` | no | | [create\_ci\_toolchain](#input\_create\_ci\_toolchain) | Flag which determines if the DevSecOps CI toolchain is created. If this toolchain is not created then values must be set for the following variables, evidence\_repo\_url, issues\_repo\_url and inventory\_repo\_url. | `bool` | `true` | no | | [create\_cos\_api\_key](#input\_create\_cos\_api\_key) | Set to `true` to create and add a `cos-api-key` to the Secrets Provider. | `bool` | `false` | no | +| [create\_git\_triggers](#input\_create\_git\_triggers) | Set to `true` to create the default Git triggers associated with the compliance repos and sample app. | `string` | `"true"` | no | | [create\_ibmcloud\_api\_key](#input\_create\_ibmcloud\_api\_key) | Set to `true` to create and add an `ibmcloud-api-key` to the Secrets Provider. | `bool` | `false` | no | | [create\_icr\_namespace](#input\_create\_icr\_namespace) | Set to `true` to have Terraform create the registry namespace. Setting to `false` will have the CI pipeline create the namespace if it does not already exist. Note: If a Terraform destroy is used, the ICR namespace along with all images will be removed. | `bool` | `false` | no | | [create\_secret\_group](#input\_create\_secret\_group) | Set to `true` to create the specified Secrets Manager secret group. | `bool` | `false` | no | diff --git a/solutions/kubernetes/main.tf b/solutions/kubernetes/main.tf index 9ecb90c1..da812bdd 100644 --- a/solutions/kubernetes/main.tf +++ b/solutions/kubernetes/main.tf @@ -48,6 +48,7 @@ module "devsecops_da" { create_signing_certificate = var.create_signing_certificate create_signing_key = var.create_signing_key create_triggers = var.create_triggers + create_git_triggers = var.create_git_triggers enable_key_protect = var.enable_key_protect enable_pipeline_notifications = var.enable_pipeline_notifications enable_secrets_manager = var.enable_secrets_manager diff --git a/solutions/kubernetes/variables.tf b/solutions/kubernetes/variables.tf index 807c4a0a..68297bf7 100644 --- a/solutions/kubernetes/variables.tf +++ b/solutions/kubernetes/variables.tf @@ -3394,3 +3394,9 @@ variable "add_pipeline_definitions" { description = "Set to `true` to add pipeline definitions." default = "true" } + +variable "create_git_triggers" { + type = string + description = "Set to `true` to create the default Git triggers associated with the compliance repos and sample app." + default = "true" +} diff --git a/variables.tf b/variables.tf index 9b7a7e63..30b10ab8 100644 --- a/variables.tf +++ b/variables.tf @@ -3406,3 +3406,9 @@ variable "add_pipeline_definitions" { description = "Set to `true` to add pipeline definitions." default = "true" } + +variable "create_git_triggers" { + type = string + description = "Set to `true` to create the default Git triggers associated with the compliance repos and sample app." + default = "true" +} From 7b0b66bb9e8b8405e4f8c575ba2ca225f24342ab Mon Sep 17 00:00:00 2001 From: huayuenh Date: Wed, 2 Oct 2024 16:11:42 +0100 Subject: [PATCH 9/9] chore: update catalog json --- ibm_catalog.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index b1bb53dd..56a781ae 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -327,6 +327,13 @@ "description": "Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server.", "required": false }, + { + "key": "create_git_triggers", + "type": "string", + "default_value": "true", + "description": "Set to `true` to create the Git triggers used by the DevSecOps pipelines.", + "required": false + }, { "key": "create_triggers", "type": "string", @@ -2186,6 +2193,13 @@ "description": "Setting this value to `true` means the server is not addressable on the public internet. IBM Cloud will not be able to validate the connection details you provide. Certain functionality that requires API access to the git server will be disabled. Delivery pipeline will only work using a private worker that has network access to the git server.", "required": false }, + { + "key": "create_git_triggers", + "type": "string", + "default_value": "true", + "description": "Set to `true` to create the Git triggers used by the DevSecOps pipelines.", + "required": false + }, { "key": "create_triggers", "type": "string",