@ibm-cloud/cd-tools 1.2.5 → 1.3.1

package/cmd/copy-toolchain.js

@@ -20,10 +20,10 @@ import { getAccountId, getBearerToken, getCdInstanceByRegion, getIamAuthPolicies
 import { validatePrereqsVersions, validateTag, validateToolchainId, validateToolchainName, validateTools, validateOAuth, warnDuplicateName, validateGritUrl } from './utils/validate.js';
 import { importTerraform } from './utils/import-terraform.js';
 
-import { COPY_TOOLCHAIN_DESC, MIGRATION_DOC_URL, TARGET_REGIONS, SOURCE_REGIONS } from '../config.js';
+import { COPY_TOOLCHAIN_DESC, DOCS_URL, TARGET_REGIONS, SOURCE_REGIONS } from '../config.js';
 
 process.on('exit', (code) => {
-	if (code !== 0) logger.print(`Need help? Visit ${MIGRATION_DOC_URL} for more troubleshooting information.`);
+	if (code !== 0) logger.print(`Need help? Visit ${DOCS_URL} for more troubleshooting information.`);
 });
 
 const TIME_SUFFIX = new Date().getTime();
@@ -45,21 +45,24 @@ const command = new Command('copy-toolchain')
 			.choices(TARGET_REGIONS)
 			.makeOptionMandatory()
 	)
-	.option('-a --apikey <api key>', 'API Key used to perform the copy. Must have IAM permission to read and create toolchains and S2S authorizations in source and target region / resource group')
+	.option('-a, --apikey <api_key>', 'API key used to authenticate. Must have IAM permission to read and create toolchains and service-to-service authorizations in source and target region / resource group')
 	.option('-n, --name <name>', '(Optional) The name of the copied toolchain (default: same name as original)')
-	.option('-g, --resource-group <resource group>', '(Optional) The name or ID of destination resource group of the copied toolchain (default: same resource group as original)')
+	.option('-g, --resource-group <resource_group>', '(Optional) The name or ID of destination resource group of the copied toolchain (default: same resource group as original)')
 	.option('-t, --tag <tag>', '(Optional) The tag to add to the copied toolchain')
 	.helpOption('-h, --help', 'Display help for command')
 	.optionsGroup('Advanced options:')
-	.option('-d, --terraform-dir <directory path>', '(Optional) The target local directory to store the generated Terraform (.tf) files')
-	.option('-D, --dry-run', '(Optional) Skip running terraform apply')
+	.option('-d, --terraform-dir <path>', '(Optional) The target local directory to store the generated Terraform (.tf) files')
+	.option('-D, --dry-run', '(Optional) Skip running terraform apply; only generate the Terraform (.tf) files')
 	.option('-f, --force', '(Optional) Force the copy toolchain command to run without user confirmation')
-	.option('-S, --skip-s2s', '(Optional) Skip importing toolchain-generated S2S authorizations')
-	.option('-T, --skip-disable-triggers', '(Optional) Skip disabling triggers')
-	.option('-C, --compact', '(Optional) Generate all resources in resources.tf')
-	.option('-v --verbose', '(Optional) Increase log output')
-	.option('-s --silent', '(Optional) Suppress non-essential output, only errors and critical warnings are displayed')
-	.option('-G --grit-mapping-file <path>', '(Optional) JSON file mapping GRIT project urls to project urls in the target region')
+	.option('-S, --skip-s2s', '(Optional) Skip importing toolchain-generated service-to-service authorizations')
+	.option('-T, --skip-disable-triggers', '(Optional) Skip disabling Tekton pipeline Git or timed triggers. Note: This may result in duplicate pipeline runs')
+	.option('-C, --compact', '(Optional) Generate all resources in a single resources.tf file')
+	.option('-v, --verbose', '(Optional) Increase log output')
+	.option('-q, --quiet', '(Optional) Suppress non-essential output, only errors and critical warnings are displayed')
+	.addOption(
+		new Option('-G, --grit-mapping-file <path>', '(Optional) JSON file mapping GRIT project urls to project urls in the target region')
+			.hideHelp()
+	)
 	.showHelpAfterError()
 	.hook('preAction', cmd => cmd.showHelpAfterError(false)) // only show help during validation
 	.action(main);
@@ -74,7 +77,7 @@ async function main(options) {
 	const includeS2S = !options.skipS2s;
 	const disableTriggers = !options.skipDisableTriggers;
 	const isCompact = options.compact || false;
-	const verbosity = options.silent ? 0 : options.verbose ? 2 : 1;
+	const verbosity = options.quiet ? 0 : options.verbose ? 2 : 1;
 
 	logger.setVerbosity(verbosity);
 	if (LOG_DUMP) logger.createLogStream(`${LOGS_DIR}/copy-toolchain-${new Date().getTime()}.log`);

package/cmd/utils/requests.js

@@ -302,8 +302,8 @@ async function getGitOAuth(bearer, targetRegion, gitId) {
     switch (response.status) {
         case 200:
             return response.data?.access_token;
-        case 500:
-            throw Error(response.data?.authorizationURI);
+        case 401:
+            throw Error(response.data?.authorizationURI ?? 'Get git OAuth failed');
         default:
             throw Error('Get git OAuth failed');
     }
@@ -332,14 +332,13 @@ async function getGritUserProject(privToken, region, user, projectName) {
 }
 
 async function getGritGroup(privToken, region, groupName) {
-    const url = `https://${region}.git.cloud.ibm.com/api/v4/groups`
+    const url = `https://${region}.git.cloud.ibm.com/api/v4/groups/${groupName}`
     const options = {
         url: url,
         method: 'GET',
         headers: {
             'PRIVATE-TOKEN': privToken
         },
-        params: { simple: true, search: groupName },
         validateStatus: () => true
     };
     const response = await axios(options);

package/cmd/utils/terraform.js

@@ -146,6 +146,13 @@ async function setupTerraformFiles({ token, srcRegion, targetRegion, targetTag,
         if (isCompact || resourceName === 'ibm_cd_toolchain_tool_hostedgit') {
             if (newTfFileObj['resource']['ibm_cd_toolchain_tool_hostedgit']) {
                 for (const [k, v] of Object.entries(newTfFileObj['resource']['ibm_cd_toolchain_tool_hostedgit'])) {
+                    try {
+                        newTfFileObj['resource']['ibm_cd_toolchain_tool_hostedgit'][k]['parameters'][0]['auth_type'] = 'oauth';
+                        delete newTfFileObj['resource']['ibm_cd_toolchain_tool_hostedgit'][k]['parameters'][0]['api_token'];
+                    } catch {
+                        // do nothing
+                    }
+
                     try {
                         const thisUrl = v['initialization'][0]['repo_url'];
                         if (thisUrl in gritMapping) {
@@ -163,6 +170,10 @@ async function setupTerraformFiles({ token, srcRegion, targetRegion, targetTag,
                         } else {
                             // prompt user
                             const validateGritUrlPrompt = async (str) => {
+                                if (!str) {
+                                    logger.print('Skipping... (URL will remain unchanged in the generatedTerraform configuration)');
+                                    return '';
+                                }
                                 const newUrl = `https://${targetRegion}.git.cloud.ibm.com/${str}.git`;
                                 if (usedGritUrls.has(newUrl)) throw Error(`"${newUrl}" has already been used in another mapping entry`);
                                 return validateGritUrl(token, targetRegion, str, false);
@@ -170,15 +181,17 @@ async function setupTerraformFiles({ token, srcRegion, targetRegion, targetTag,
 
                             if (!firstGritPrompt) {
                                 firstGritPrompt = true;
-                                logger.print('Please enter the new URLs for the following GRIT tool(s):\n');
+                                logger.print('Please enter the new URLs for the following GRIT tool(s) (or submit empty input to skip):\n');
                             }
 
                             const newRepoSlug = await promptUserInput(`Old URL: ${thisUrl.slice(0, thisUrl.length - 4)}\nNew URL: https://${targetRegion}.git.cloud.ibm.com/`, '', validateGritUrlPrompt);
 
-                            newUrl = `https://${targetRegion}.git.cloud.ibm.com/${newRepoSlug}.git`;
-                            newTfFileObj['resource']['ibm_cd_toolchain_tool_hostedgit'][k]['initialization'][0]['repo_url'] = newUrl;
-                            attemptAddUsedGritUrl(newUrl);
-                            gritMapping[thisUrl] = newUrl;
+                            if (newRepoSlug) {
+                                newUrl = `https://${targetRegion}.git.cloud.ibm.com/${newRepoSlug}.git`;
+                                newTfFileObj['resource']['ibm_cd_toolchain_tool_hostedgit'][k]['initialization'][0]['repo_url'] = newUrl;
+                                attemptAddUsedGritUrl(newUrl);
+                                gritMapping[thisUrl] = newUrl;
+                            }
                         }
                     }
                     catch (e) {

package/cmd/utils/validate.js

@@ -145,6 +145,7 @@ async function validateTools(token, tcId, region, skipPrompt) {
     const nonConfiguredTools = [];
     const toolsWithHashedParams = [];
     const patTools = [];
+    const gheTools = [];
     const classicPipelines = [];
 
     for (const tool of allTools.tools) {
@@ -195,14 +196,24 @@ async function validateTools(token, tcId, region, skipPrompt) {
                 url: toolUrl
             });
         }
-        else if (tool.tool_type_id === 'pipeline' && tool.parameters?.type === 'classic') { // Check for Classic pipelines
+
+        if (tool.tool_type_id === 'github_integrated') {
+            gheTools.push({
+                tool_name: toolName,
+                type: tool.tool_type_id,
+                url: toolUrl
+            });
+        }
+
+        if (tool.tool_type_id === 'pipeline' && tool.parameters?.type === 'classic') { // Check for Classic pipelines
             classicPipelines.push({
                 tool_name: toolName,
                 type: 'classic pipeline',
                 url: toolUrl
             });
         }
-        else if (['githubconsolidated', 'github_integrated', 'gitlab', 'hostedgit'].includes(tool.tool_type_id) && (tool.parameters?.auth_type === '' || tool.parameters?.auth_type === 'oauth')) { // Skip secret check iff it's GitHub/GitLab/GRIT integration with OAuth
+
+        if (['githubconsolidated', 'github_integrated', 'gitlab', 'hostedgit'].includes(tool.tool_type_id) && (tool.parameters?.auth_type === '' || tool.parameters?.auth_type === 'oauth')) { // Skip secret check iff it's GitHub/GitLab/GRIT integration with OAuth
             continue;
         }
         else {
@@ -240,7 +251,7 @@ async function validateTools(token, tcId, region, skipPrompt) {
             }
         }
     }
-    const hasInvalidConfig = nonConfiguredTools.length > 0 || patTools.length > 0 || toolsWithHashedParams.length > 0;
+    const hasInvalidConfig = nonConfiguredTools.length > 0 || toolsWithHashedParams.length > 0;
 
     if (classicPipelines.length > 0) {
         logger.failSpinner('Unsupported tools found!');
@@ -257,10 +268,15 @@ async function validateTools(token, tcId, region, skipPrompt) {
     }
 
     if (patTools.length > 0) {
-        logger.warn('Warning! The following GRIT integration(s) are using auth_type "pat", please switch to auth_type "oauth" before proceeding: \n', LOG_STAGES.setup, true);
+        logger.warn('Warning! The following GRIT integration(s) with auth_type "pat" are unsupported during migration and will automatically be converted to auth_type "oauth": \n', LOG_STAGES.setup, true);
         logger.table(patTools);
     }
 
+    if (gheTools.length > 0) {
+        logger.warn('Warning! The following legacy GHE integration(s) are unsupported during migration will automatically be converted to equivalent GitHub integrations: \n', LOG_STAGES.setup, true);
+        logger.table(gheTools);
+    }
+
     if (toolsWithHashedParams.length > 0) {
         logger.warn('Warning! The following tools contain secrets that cannot be migrated, please use the \'check-secrets\' command to export the secrets: \n', LOG_STAGES.setup, true);
         logger.table(toolsWithHashedParams);
@@ -353,12 +369,10 @@ async function validateOAuth(token, tools, targetRegion, skipPrompt) {
                     type: tool.tool_type_id + (isGHE ? ' (GHE)' : ''),
                     link: authorizeUrl?.message != 'Get git OAuth failed' ? 'See link below' : 'Get git OAuth failed',
                 })
-                if (authorizeUrl?.message != 'Get git OAuth failed') {
-                    if (isGHE) {
-                        oauthLinks.push({ type: 'githubconsolidated (GHE)', link: authorizeUrl?.message });
-                    } else {
-                        oauthLinks.push({ type: tool.tool_type_id, link: authorizeUrl?.message ?? 'Could not get OAuth link' });
-                    }
+                if (isGHE) {
+                    oauthLinks.push({ type: 'githubconsolidated (GHE)', link: authorizeUrl?.message });
+                } else {
+                    oauthLinks.push({ type: tool.tool_type_id, link: authorizeUrl?.message });
                 }
             }
         }
@@ -376,7 +390,7 @@ async function validateOAuth(token, tools, targetRegion, skipPrompt) {
 
         if (oauthLinks.length > 0) logger.print('Authorize using the following links:\n');
         oauthLinks.forEach((o) => {
-            if (o.link === 'Could not get OAuth link') hasFailedLink = true;
+            if (o.link === 'Get git OAuth failed') hasFailedLink = true;
             logger.print(`${o.type}: \x1b[36m${o.link}\x1b[0m\n`);
         });
 
@@ -447,8 +461,7 @@ async function validateGritUrl(token, region, url, validateFull) {
 
     // try group
     try {
-        const groupId = await getGritGroup(accessToken, region, urlStart);
-        await getGritGroupProject(accessToken, region, groupId, projectName);
+        await getGritGroupProject(accessToken, region, urlStart, projectName);
         return trimmed;
     } catch {
         throw Error('Provided GRIT url not found');

package/config.js

@@ -17,9 +17,9 @@ Examples:
       Copy a toolchain to the Frankfurt region with the specified name and target resource group, using the given API key
 
 Environment Variables:
-  IBMCLOUD_API_KEY                       API Key used to perform the copy. Must have IAM permission to read and create toolchains and S2S authorizations in source and target region / resource group`
+  IBMCLOUD_API_KEY                       API key used to authenticate. Must have IAM permission to read and create toolchains and service-to-service authorizations in source and target region / resource group`
 
-const MIGRATION_DOC_URL = 'https://github.com/IBM/continuous-delivery-tools'; // TODO: replace with docs link
+const DOCS_URL = 'https://github.com/IBM/continuous-delivery-tools';
 
 const SOURCE_REGIONS = [
 	'au-syd',
@@ -220,7 +220,7 @@ const VAULT_REGEX = [
 
 export {
 	COPY_TOOLCHAIN_DESC,
-	MIGRATION_DOC_URL,
+	DOCS_URL,
 	SOURCE_REGIONS,
 	TARGET_REGIONS,
 	TERRAFORM_REQUIRED_VERSION,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ibm-cloud/cd-tools",
-  "version": "1.2.5",
+  "version": "1.3.1",
   "description": "Tools and utilities for the IBM Cloud Continuous Delivery service and resources",
   "repository": {
     "type": "git",

package/test/copy-toolchain/functionalities.test.js

@@ -119,8 +119,8 @@ describe('copy-toolchain: Test functionalities', function () {
             }
         },
         {
-            name: 'Silent flag suppresses info, debug and log messages',
-            cmd: [CLI_PATH, COMMAND, '-c', TEST_TOOLCHAINS['empty'].crn, '-r', TEST_TOOLCHAINS['empty'].region, '-s'],
+            name: 'Quiet flag suppresses info, debug and log messages',
+            cmd: [CLI_PATH, COMMAND, '-c', TEST_TOOLCHAINS['empty'].crn, '-r', TEST_TOOLCHAINS['empty'].region, '-q'],
             expected: null,
             options: {
                 timeout: 100000,