@ibm-cloud/cd-tools 1.1.1 → 1.2.0

package/README.md

@@ -22,7 +22,6 @@ Provides tools to work with IBM Cloud Continuous Delivery resources, including *
 ## Prerequisites
 - Node.js v20 (or later)
 - Terraform v1.13.3 (or later)
-- Terraformer v0.8.30 (or later)
 - An **IBM Cloud API key** with the following IAM access permissions:
   - **Viewer** for the source Toolchain(s) being copied
   - **Editor** for create new Toolchains in the target region
@@ -30,20 +29,18 @@ Provides tools to work with IBM Cloud Continuous Delivery resources, including *
 - For Git Repos and Issue Tracking projects, Personal Access Tokens (PAT) for the source and destination regions are required, with the `api` scope.
 
 ## Install
-### Install Node.js, Terraform, Terraformer
+### Install Node.js, Terraform
 
 #### MacOS
 ```sh
 brew install node
 brew tap hashicorp/tap
 brew install hashicorp/tap/terraform
-brew install terraformer
 ```
 
 #### Other platfoms
 - Node.js [install instructions](https://nodejs.org/en/download)
 - Terraform [install instructions](https://developer.hashicorp.com/terraform/install)
-- Terraformer [install instructions](https://github.com/GoogleCloudPlatform/terraformer?tab=readme-ov-file#installation)
 
 ## Usage
 
@@ -65,3 +62,6 @@ Commands:
   copy-toolchain [options]      Copies a toolchain, including tool integrations and Tekton pipelines, to another region or resource group.
   help [command]                display help for command
 ```
+
+## Test
+All test setup and usage instructions are documented in [test/README.md](./test/README.md).

package/cmd/check-secrets.js

@@ -13,15 +13,15 @@ import { Command } from 'commander';
 import { parseEnvVar, decomposeCrn, isSecretReference } from './utils/utils.js';
 import { logger, LOG_STAGES } from './utils/logger.js';
 import { getBearerToken, getToolchainTools, getPipelineData } from './utils/requests.js';
-import { UPDATEABLE_SECRET_PROPERTIES_BY_TOOL_TYPE } from '../config.js';
+import { SECRET_KEYS_MAP } from '../config.js';
 
 const command = new Command('check-secrets')
-  .description('Checks if you have any stored secrets in your toolchain or pipelines')
-  .requiredOption('-c, --toolchain-crn <crn>', 'The CRN of the source toolchain to check')
-  .option('-a --apikey <api key>', 'IBM Cloud IAM API key with permissions to read the toolchain.')
-  .showHelpAfterError()
-  .hook('preAction', cmd => cmd.showHelpAfterError(false)) // only show help during validation
-  .action(main);
+    .description('Checks if you have any stored secrets in your toolchain or pipelines')
+    .requiredOption('-c, --toolchain-crn <crn>', 'The CRN of the source toolchain to check')
+    .option('-a --apikey <api key>', 'IBM Cloud IAM API key with permissions to read the toolchain.')
+    .showHelpAfterError()
+    .hook('preAction', cmd => cmd.showHelpAfterError(false)) // only show help during validation
+    .action(main);
 
 async function main(options) {
     const toolchainCrn = options.toolchainCrn;
@@ -50,8 +50,9 @@ async function main(options) {
             const tool = getToolsRes.tools[i];
 
             // Check tool integrations for any plain text secret values
-            if (UPDATEABLE_SECRET_PROPERTIES_BY_TOOL_TYPE[tool.tool_type_id]) {
-                UPDATEABLE_SECRET_PROPERTIES_BY_TOOL_TYPE[tool.tool_type_id].forEach((updateableSecretParam) => {
+            if (SECRET_KEYS_MAP[tool.tool_type_id]) {
+                SECRET_KEYS_MAP[tool.tool_type_id].forEach((entry) => {
+                    const updateableSecretParam = entry.key;
                     if (tool.parameters[updateableSecretParam] && !isSecretReference(tool.parameters[updateableSecretParam])) {
                         toolResults.push({
                             'Tool ID': tool.id,
@@ -64,13 +65,13 @@ async function main(options) {
 
             // For tekton pipelines, check for any plain text secret properties
             if (tool.tool_type_id === 'pipeline' && tool.parameters?.type === 'tekton') {
-                const pipelineData = await getPipelineData (token, tool.id, region);
+                const pipelineData = await getPipelineData(token, tool.id, region);
 
                 pipelineData?.properties.forEach((prop) => {
                     if (prop.type === 'secure' && !isSecretReference(prop.value)) {
                         pipelineResults.push({
                             'Pipeline ID': pipelineData.id,
-                            'Trigger Name': '-', 
+                            'Trigger Name': '-',
                             'Property Name': prop.name
                         });
                     };
@@ -81,7 +82,7 @@ async function main(options) {
                         if (prop.type === 'secure' && !isSecretReference(prop.value)) {
                             pipelineResults.push({
                                 'Pipeline ID': pipelineData.id,
-                                'Trigger Name': trigger.name, 
+                                'Trigger Name': trigger.name,
                                 'Property Name': prop.name
                             });
                         };

package/cmd/copy-toolchain.js

@@ -15,9 +15,10 @@ import { Command, Option } from 'commander';
 
 import { parseEnvVar } from './utils/utils.js';
 import { logger, LOG_STAGES } from './utils/logger.js';
-import { setTerraformerEnv, setTerraformEnv, initProviderFile, runTerraformerImport, setupTerraformFiles, runTerraformInit, getNumResourcesPlanned, runTerraformApply, getNumResourcesCreated, getNewToolchainId } from './utils/terraform.js';
-import { getAccountId, getBearerToken, getResourceGroupId, getToolchain } from './utils/requests.js';
-import { validatePrereqsVersions, validateResourceGroupId, validateTag, validateToolchainId, validateToolchainName, validateTools, validateOAuth, warnDuplicateName, validateGritUrl } from './utils/validate.js';
+import { setTerraformEnv, initProviderFile, setupTerraformFiles, runTerraformInit, getNumResourcesPlanned, runTerraformApply, getNumResourcesCreated, getNewToolchainId } from './utils/terraform.js';
+import { getAccountId, getBearerToken, getIamAuthPolicies, getResourceGroupIdAndName, getToolchain } from './utils/requests.js';
+import { validatePrereqsVersions, validateTag, validateToolchainId, validateToolchainName, validateTools, validateOAuth, warnDuplicateName, validateGritUrl } from './utils/validate.js';
+import { importTerraform } from './utils/import-terraform.js';
 
 import { COPY_TOOLCHAIN_DESC, MIGRATION_DOC_URL, TARGET_REGIONS, SOURCE_REGIONS } from '../config.js';
 
@@ -27,7 +28,8 @@ process.on('exit', (code) => {
 
 const LOGS_DIR = '.logs';
 const TEMP_DIR = '.migration-temp'
-const DEBUG_MODE = false; // when true, temp folder is preserved
+const LOG_DUMP = process.env['LOG_DUMP'] === 'false' ? false : true;	// when true or not specified, logs are also written to a log file in LOGS_DIR
+const DEBUG_MODE = process.env['DEBUG_MODE'] === 'true' ? true : false; // when true, temp folder is preserved
 const OUTPUT_DIR = 'output-' + new Date().getTime();
 const DRY_RUN = false; // when true, terraform apply does not run
 
@@ -74,7 +76,7 @@ async function main(options) {
 	const verbosity = options.silent ? 0 : options.verbose ? 2 : 1;
 
 	logger.setVerbosity(verbosity);
-	logger.createLogStream(`${LOGS_DIR}/copy-toolchain-${new Date().getTime()}.log`);
+	if (LOG_DUMP) logger.createLogStream(`${LOGS_DIR}/copy-toolchain-${new Date().getTime()}.log`);
 	logger.dump(`Options: ${JSON.stringify(options)}\n`);
 
 	let bearer;
@@ -84,11 +86,13 @@ async function main(options) {
 	let targetToolchainName = options.name;
 	let targetTag = options.tag;
 	let targetRgId;
+	let targetRgName;
 	let apiKey = options.apikey;
+	let policyIds; // used to include s2s auth policies
 	let moreTfResources = {};
 	let gritMapping = {};
 
-	// Validate arguments are valid and check if Terraformer and Terraform are installed appropriately
+	// Validate arguments are valid and check if Terraform is installed appropriately
 	try {
 		validatePrereqsVersions();
 
@@ -137,17 +141,11 @@ async function main(options) {
 			exit(1);
 		}
 
-		if (!targetRg) {
-			// reuse resource group if not provided
-			targetRgId = sourceToolchainData['resource_group_id'];
-		} else {
-			targetRgId = await getResourceGroupId(bearer, accountId, targetRg);
-			validateResourceGroupId(targetRgId);
-		}
+		({ id: targetRgId, name: targetRgName } = await getResourceGroupIdAndName(bearer, accountId, targetRg || sourceToolchainData['resource_group_id']));
 
 		// reuse name if not provided
 		if (!targetToolchainName) targetToolchainName = sourceToolchainData['name'];
-		[targetToolchainName, targetTag] = await warnDuplicateName(bearer, accountId, targetToolchainName, sourceRegion, targetRegion, targetRgId, targetTag, skipUserConfirmation);
+		[targetToolchainName, targetTag] = await warnDuplicateName(bearer, accountId, targetToolchainName, sourceRegion, targetRegion, targetRgId, targetRgName, targetTag, skipUserConfirmation);
 
 		const allTools = await logger.withSpinner(validateTools,
 			'Validating Toolchain Tool(s)...',
@@ -173,6 +171,7 @@ async function main(options) {
 		// collect instances of legacy GHE tool integrations
 		const collectGHE = () => {
 			moreTfResources['github_integrated'] = [];
+
 			allTools.forEach((t) => {
 				if (t.tool_type_id === 'github_integrated') {
 					moreTfResources['github_integrated'].push(t);
@@ -182,6 +181,26 @@ async function main(options) {
 
 		collectGHE();
 
+		const collectPolicyIds = async () => {
+			moreTfResources['iam_authorization_policy'] = [];
+
+			const res = await getIamAuthPolicies(bearer, accountId);
+
+			policyIds = res['policies'].filter((p) => p.subjects[0].attributes.find(
+				(a) => a.name === 'serviceInstance' && a.value === sourceToolchainId)
+			);
+			policyIds = policyIds.map((p) => p.id);
+		};
+
+		if (includeS2S) {
+			try {
+				collectPolicyIds();
+			} catch (e) {
+				logger.error('Something went wrong while fetching service-to-service auth policies', LOG_STAGES.setup);
+				throw e;
+			}
+		}
+
 		logger.info('Arguments and required packages verified, proceeding with copying toolchain...', LOG_STAGES.setup);
 
 		// Set up temp folder
@@ -199,24 +218,28 @@ async function main(options) {
 	}
 
 	try {
-		const runTerraformer = async () => {
+		let nonSecretRefs;
+
+		const importTerraformWrapper = async () => {
 			setTimeout(() => {
 				logger.updateSpinnerMsg('Still importing toolchain...');
 			}, 5000);
 
-			setTerraformerEnv(apiKey, sourceToolchainId, includeS2S);
-
 			await initProviderFile(sourceRegion, TEMP_DIR);
 			await runTerraformInit(TEMP_DIR);
 
-			await runTerraformerImport(sourceRegion, TEMP_DIR, isCompact, verbosity);
+			nonSecretRefs = await importTerraform(bearer, apiKey, sourceRegion, sourceToolchainId, targetToolchainName, policyIds, TEMP_DIR, isCompact, verbosity);
 		};
+
 		await logger.withSpinner(
-			runTerraformer,
+			importTerraformWrapper,
 			'Importing toolchain...',
-			'Toolchain successfully imported using Terraformer',
-			LOG_STAGES.terraformer
+			'Toolchain successfully imported',
+			LOG_STAGES.import
 		);
+
+		if (nonSecretRefs.length > 0) logger.warn(`\nWarning! The following generated terraform resource contains a hashed secret, applying without changes may result in error(s):\n${nonSecretRefs.map((entry) => `- ${entry}\n`).join('')}`, '', true);
+
 	} catch (err) {
 		if (err.message && err.stack) {
 			const errMsg = verbosity > 1 ? err.stack : err.message;
@@ -229,10 +252,10 @@ async function main(options) {
 	// Prepare for Terraform
 	try {
 		if (!fs.existsSync(outputDir)) {
-			logger.info(`Creating output directory "${outputDir}"...`, LOG_STAGES.terraformer);
+			logger.info(`Creating output directory "${outputDir}"...`, LOG_STAGES.import);
 			fs.mkdirSync(outputDir);
 		} else {
-			logger.info(`Output directory "${outputDir}" already exists`, LOG_STAGES.terraformer);
+			logger.info(`Output directory "${outputDir}" already exists`, LOG_STAGES.import);
 		}
 
 		await setupTerraformFiles({
@@ -253,7 +276,7 @@ async function main(options) {
 	} catch (err) {
 		if (err.message && err.stack) {
 			const errMsg = verbosity > 1 ? err.stack : err.message;
-			logger.error(errMsg, LOG_STAGES.terraformer);
+			logger.error(errMsg, LOG_STAGES.import);
 		}
 		await handleCleanup();
 		exit(1);
@@ -262,7 +285,7 @@ async function main(options) {
 	// Run Terraform
 	try {
 		if (!dryRun) {
-			setTerraformEnv(verbosity);
+			setTerraformEnv(apiKey, verbosity);
 
 			await logger.withSpinner(runTerraformInit,
 				'Running terraform init...',

package/cmd/utils/import-terraform.js

@@ -0,0 +1,333 @@
+/**
+ * Licensed Materials - Property of IBM
+ * (c) Copyright IBM Corporation 2025. All Rights Reserved.
+ *
+ * Note to U.S. Government Users Restricted Rights:
+ * Use, duplication or disclosure restricted by GSA ADP Schedule
+ * Contract with IBM Corp.
+ */
+
+import fs from 'node:fs';
+import { promisify } from 'node:util';
+
+import { parse as tfToJson } from '@cdktf/hcl2json'
+import { jsonToTf } from 'json-to-tf';
+
+import { getPipelineData, getToolchainTools } from './requests.js';
+import { runTerraformPlanGenerate, setTerraformEnv } from './terraform.js';
+import { getRandChars, isSecretReference, normalizeName } from './utils.js';
+
+import { SECRET_KEYS_MAP, SUPPORTED_TOOLS_MAP } from '../../config.js';
+
+const writeFilePromise = promisify(fs.writeFile);
+
+export async function importTerraform(token, apiKey, region, toolchainId, toolchainName, policyIds, dir, isCompact, verbosity) {
+    // STEP 1/2: set up terraform file with import blocks
+    const importBlocks = []; // an array of objects representing import blocks, used in importBlocksToTf
+    const additionalProps = {}; // maps resource name to array of { property/param, value }, used to override terraform import
+
+    const toolIdMap = {}; // maps tool ids to { type, name }, used to add references
+
+    const repoUrlMap = {}; // maps repo urls to { type, name }, used to add references
+    const repoResources = [
+        'ibm_cd_toolchain_tool_bitbucketgit',
+        'ibm_cd_toolchain_tool_hostedgit',
+        'ibm_cd_toolchain_tool_gitlab',
+        'ibm_cd_toolchain_tool_githubconsolidated'
+    ];
+
+    const nonSecretRefs = [];
+
+    let block = importBlock(toolchainId, toolchainName, 'ibm_cd_toolchain');
+    importBlocks.push(block);
+
+    const toolchainResName = block.name;
+    let pipelineResName;
+
+    // get list of tools
+    const allTools = await getToolchainTools(token, toolchainId, region);
+    for (const tool of allTools.tools) {
+        const toolName = tool.parameters?.name ?? tool.tool_type_id;
+
+        if (tool.tool_type_id in SUPPORTED_TOOLS_MAP) {
+            block = importBlock(`${toolchainId}/${tool.id}`, toolName, SUPPORTED_TOOLS_MAP[tool.tool_type_id]);
+            importBlocks.push(block);
+
+            const toolResName = block.name;
+            pipelineResName = block.name; // used below
+
+            toolIdMap[tool.id] = { type: SUPPORTED_TOOLS_MAP[tool.tool_type_id], name: toolResName };
+
+            // overwrite hard-coded id with reference
+            additionalProps[block.name] = [
+                { property: 'toolchain_id', value: `\${ibm_cd_toolchain.${toolchainResName}.id}` },
+            ];
+
+            // check and add secret refs
+            if (tool.tool_type_id in SECRET_KEYS_MAP) {
+                SECRET_KEYS_MAP[tool.tool_type_id].forEach(({ key, tfKey, prereq, required }) => {
+                    if (prereq) {
+                        if (!prereq.values.includes(tool[prereq.key])) return;
+                    }
+
+                    if (isSecretReference(tool.parameters[key])) {
+                        additionalProps[block.name].push({ param: tfKey, value: tool.parameters[key] });
+                    } else {
+                        nonSecretRefs.push(block.name);
+                        if (required) additionalProps[block.name].push({ param: tfKey, value: `<${tfKey}>` });
+                    }
+                });
+            }
+        }
+
+        if (tool.tool_type_id === 'pipeline' && tool.parameters?.type === 'tekton') {
+            const pipelineData = await getPipelineData(token, tool.id, region);
+
+            block = importBlock(pipelineData.id, toolName, 'ibm_cd_tekton_pipeline');
+            importBlocks.push(block);
+
+            // overwrite hard-coded id with reference
+            additionalProps[block.name] = [
+                { property: 'pipeline_id', value: `\${ibm_cd_toolchain_tool_pipeline.${pipelineResName}.tool_id}` },
+            ];
+
+
+            pipelineData.definitions.forEach((def) => {
+                block = importBlock(`${pipelineData.id}/${def.id}`, 'definition', 'ibm_cd_tekton_pipeline_definition');
+                importBlocks.push(block);
+
+                // overwrite hard-coded id with reference
+                additionalProps[block.name] = [
+                    { property: 'pipeline_id', value: `\${ibm_cd_toolchain_tool_pipeline.${pipelineResName}.tool_id}` },
+                ];
+            });
+
+            pipelineData.properties.forEach((prop) => {
+                block = importBlock(`${pipelineData.id}/${prop.name}`, prop.name, 'ibm_cd_tekton_pipeline_property');
+                importBlocks.push(block);
+
+                // overwrite hard-coded id with reference
+                additionalProps[block.name] = [
+                    { property: 'pipeline_id', value: `\${ibm_cd_toolchain_tool_pipeline.${pipelineResName}.tool_id}` },
+                ];
+            });
+
+            pipelineData.triggers.forEach((trig) => {
+                block = importBlock(`${pipelineData.id}/${trig.id}`, trig.name, 'ibm_cd_tekton_pipeline_trigger');
+                importBlocks.push(block);
+
+                // overwrite hard-coded id with reference
+                additionalProps[block.name] = [
+                    { property: 'pipeline_id', value: `\${ibm_cd_toolchain_tool_pipeline.${pipelineResName}.tool_id}` },
+                ];
+
+                const triggerResName = block.name;
+
+                trig.properties.forEach((trigProp) => {
+                    block = importBlock(`${pipelineData.id}/${trig.id}/${trigProp.name}`, trigProp.name, 'ibm_cd_tekton_pipeline_trigger_property');
+                    importBlocks.push(block);
+
+                    // overwrite hard-coded id with reference
+                    additionalProps[block.name] = [
+                        { property: 'pipeline_id', value: `\${ibm_cd_toolchain_tool_pipeline.${pipelineResName}.tool_id}` },
+                        { property: 'trigger_id', value: `\${ibm_cd_tekton_pipeline_trigger.${triggerResName}.trigger_id}` }
+                    ];
+                });
+            });
+        }
+    }
+
+    // include s2s
+    if (policyIds) {
+        for (const policyId of policyIds) {
+            block = importBlock(policyId, 'iam_authorization_policy', 'ibm_iam_authorization_policy');
+            importBlocks.push(block);
+
+            // overwrite hard-coded id with reference
+            additionalProps[block.name] = [
+                { property: 'source_resource_instance_id', value: `\${ibm_cd_toolchain.${toolchainResName}.id}` },
+            ];
+        }
+    }
+
+    await importBlocksToTf(importBlocks, dir);
+
+    if (!fs.existsSync(`${dir}/generated`)) fs.mkdirSync(`${dir}/generated`);
+
+    // STEP 2/2: run terraform import and post-processing
+    setTerraformEnv(apiKey, verbosity);
+    await runTerraformPlanGenerate(dir, 'generated/draft.tf').catch(() => { }); // temp fix for errors due to bugs in the provider
+
+    const generatedFile = fs.readFileSync(`${dir}/generated/draft.tf`);
+    const generatedFileJson = await tfToJson('draft.tf', generatedFile.toString());
+
+    const newTfFileObj = { 'resource': {} }
+
+    for (const [key, value] of Object.entries(generatedFileJson['resource'])) {
+        for (const [k, v] of Object.entries(value)) {
+            newTfFileObj['resource'][key] = { ...(newTfFileObj['resource'][key] ?? []), [k]: v[0] };
+
+            // remove empty tool, which breaks jsonToTf
+            try {
+                if (Object.keys(newTfFileObj['resource'][key][k]['source'][0]['properties'][0]['tool'][0]).length < 1) {
+                    delete newTfFileObj['resource'][key][k]['source'][0]['properties'][0]['tool'];
+                }
+            } catch {
+                // do nothing
+            }
+
+            // ignore null values
+            for (const [k2, v2] of Object.entries(v[0])) {
+                if (v2 === null) delete newTfFileObj['resource'][key][k][k2];
+            }
+
+            // ignore null values in parameters
+            try {
+                if (Object.keys(v[0]['parameters'][0]).length > 0) {
+                    for (const [k2, v2] of Object.entries(v[0]['parameters'][0])) {
+                        if (v2 === null) delete newTfFileObj['resource'][key][k]['parameters'][0][k2];
+                    }
+                }
+            } catch {
+                // do nothing
+            }
+
+            // ignore null values in source properties
+            try {
+                if (Object.keys(v[0]['source'][0]['properties'][0]).length > 0) {
+                    for (const [k2, v2] of Object.entries(v[0]['source'][0]['properties'][0])) {
+                        if (v2 === null) delete newTfFileObj['resource'][key][k]['source'][0]['properties'][0][k2];
+                    }
+                }
+            } catch {
+                // do nothing
+            }
+
+            // add/overwrite additional props
+            if (k in additionalProps) {
+                additionalProps[k].forEach(({ param, property, value }) => {
+                    if (property) newTfFileObj['resource'][key][k][property] = value;
+                    if (param) {
+                        newTfFileObj['resource'][key][k]['parameters'][0][param] = value;
+                    }
+                })
+            }
+
+            // add relevent references and depends_on
+            if (key === 'ibm_cd_tekton_pipeline') {
+                const workerId = newTfFileObj['resource'][key][k]['worker'][0]['id'];
+                if (workerId != null && workerId != 'public' && workerId in toolIdMap) {
+                    newTfFileObj['resource'][key][k]['worker'][0]['id'] = `\${${toolIdMap[workerId].type}.${toolIdMap[workerId].name}.tool_id}`;
+                }
+            } else if (key === 'ibm_cd_tekton_pipeline_property' || key === 'ibm_cd_tekton_pipeline_trigger_property') {
+                const propValue = newTfFileObj['resource'][key][k]['value'];
+                if (newTfFileObj['resource'][key][k]['type'] === 'integration' && propValue in toolIdMap) {
+                    newTfFileObj['resource'][key][k]['depends_on'] = [`\${${toolIdMap[propValue].type}.${toolIdMap[propValue].name}}`];
+                }
+            }
+
+            // clean up unused/misplaced params
+            if (key === 'ibm_iam_authorization_policy') {
+                const deleteKeys = [
+                    'subject_attributes',
+                    'resource_attributes',
+                    'source_service_account',
+                    'transaction_id'
+                ];
+
+                for (const toDelete of deleteKeys) {
+                    delete newTfFileObj['resource'][key][k][toDelete];
+                }
+            }
+
+            if (repoResources.includes(key)) {
+                const paramsMap = newTfFileObj['resource'][key][k]['parameters'][0];
+
+                // collect repo url references to be added on second pass
+                const repoUrl = paramsMap['repo_url'];
+                repoUrlMap[repoUrl] = { type: key, name: k };
+
+                // set up initialization
+                const initializationMap = {
+                    git_id: paramsMap['git_id'],
+                    type: paramsMap['type'],
+                    repo_url: paramsMap['repo_url'],
+                    private_repo: paramsMap['private_repo'],
+                };
+                newTfFileObj['resource'][key][k]['initialization'] = [initializationMap];
+
+                // clean up parameters
+                const newParamsMap = {};
+                const paramsToInclude = ['api_token', 'auth_type', 'enable_traceability', 'integration_owner', 'toolchain_issues_enabled'];
+                for (const param of paramsToInclude) {
+                    newParamsMap[param] = paramsMap[param];
+                }
+                newTfFileObj['resource'][key][k]['parameters'][0] = newParamsMap;
+            }
+        }
+    }
+
+    // add repo url depends_on on second pass
+    for (const [key, value] of Object.entries(generatedFileJson['resource'])) {
+        for (const [k, _] of Object.entries(value)) {
+            if (key === 'ibm_cd_tekton_pipeline_definition' || key === 'ibm_cd_tekton_pipeline_trigger') {
+                try {
+                    const thisUrl = newTfFileObj['resource'][key][k]['source'][0]['properties'][0]['url'];
+
+                    if (thisUrl in repoUrlMap) {
+                        newTfFileObj['resource'][key][k]['depends_on'] = [`\${${repoUrlMap[thisUrl].type}.${repoUrlMap[thisUrl].name}}`];
+                    }
+                } catch {
+                    // do nothing
+                }
+            }
+        }
+    }
+
+    if (!isCompact) {
+        for (const [key, value] of Object.entries(newTfFileObj['resource'])) {
+            if (!key.startsWith('ibm_')) continue;
+            const newFileName = key.split('ibm_')[1];
+
+            const newFileContents = { 'resource': { [key]: value } };
+            const newFileContentsJson = jsonToTf(JSON.stringify(newFileContents));
+
+            fs.writeFileSync(`${dir}/generated/${newFileName}.tf`, newFileContentsJson);
+        }
+    } else {
+        const generatedFileNew = jsonToTf(JSON.stringify(newTfFileObj));
+        fs.writeFileSync(`${dir}/generated/generated.tf`, generatedFileNew);
+    }
+
+    // remove draft
+    if (fs.existsSync(`${dir}/generated/draft.tf`)) fs.rmSync(`${dir}/generated/draft.tf`, { recursive: true });
+
+    return nonSecretRefs;
+}
+
+// objects have two keys, "id" and "to"
+// e.g. { id: 'bc3d05f1-e6f7-4b5e-8647-8119d8037039', to: 'ibm_cd_toolchain.my_everything_toolchain_e22c' }
+function importBlock(id, name, resourceType) {
+    const newName = `${normalizeName(name)}_${getRandChars(4)}`;
+
+    return {
+        id: id,
+        to: `${resourceType}.${newName}`,
+        name: newName
+    }
+}
+
+// importBlocks array to tf file
+async function importBlocksToTf(blocks, dir) {
+    let fileContent = '';
+
+    blocks.forEach((block) => {
+        const template = `import {
+  id = "${block.id}"
+  to = ${block.to}
+}\n\n`;
+        fileContent += template;
+    });
+
+    return await writeFilePromise(`${dir}/import.tf`, fileContent);
+}

package/cmd/utils/logger.js

@@ -14,6 +14,8 @@ import stripAnsi from 'strip-ansi';
 
 import fs from 'node:fs';
 
+const DISABLE_SPINNER = process.env.DISABLE_SPINNER === 'true';
+
 const COLORS = {
     reset: '\x1b[0m',
     gray: '\x1b[90m',
@@ -84,14 +86,15 @@ class Logger {
 
     close() {
         return new Promise((resolve, reject) => {
-            this.logStream?.on('finish', resolve);
-            this.logStream?.on('error', reject);
-            this.logStream?.end();
+            if (!this.logStream) resolve();
+            this.logStream.on('finish', resolve);
+            this.logStream.on('error', reject);
+            this.logStream.end();
         });
     }
 
     startSpinner(msg, prefix = '') {
-        if (this.verbosity < 1) return;
+        if (this.verbosity < 1 || DISABLE_SPINNER) return;
         this.spinner = ora({
             prefixText: this.#getFullPrefix(prefix),
             text: msg
@@ -103,7 +106,7 @@ class Logger {
     resetSpinner() { if (this.verbosity >= 1) this.spinner = null; }
 
     async withSpinner(asyncFn, loadingMsg, successMsg, prefix, ...args) {
-        if (this.verbosity < 1) {
+        if (this.verbosity < 1 || DISABLE_SPINNER) {
             try {
                 return await asyncFn(...args);
             }
@@ -167,7 +170,7 @@ export const logger = new Logger();
 
 export const LOG_STAGES = {
     setup: 'setup',
-    terraformer: 'terraformer',
+    import: 'import',
     tf: 'terraform',
     info: 'info'
 };