@ibm-cloud/cd-tools 1.5.2 → 1.6.0

package/test/copy-toolchain/functionalities.test.js

@@ -11,8 +11,6 @@ import path from 'node:path';
 import nconf from 'nconf';
 import fs from 'node:fs';
 
-import * as chai from 'chai';
-chai.config.truncateThreshold = 0;
 import { expect, assert } from 'chai';
 
 import { assertPtyOutput, assertExecError, areFilesInDir, deleteCreatedToolchains, parseTcIdAndRegion } from '../utils/testUtils.js';

package/test/copy-toolchain/input-validation.test.js

@@ -11,9 +11,7 @@ import path from 'node:path';
 import nconf from 'nconf';
 import fs from 'node:fs';
 
-import * as chai from 'chai';
 import { expect } from 'chai';
-chai.config.truncateThreshold = 0;
 
 import mocks from '../data/mocks.js';
 import { assertExecError, assertPtyOutput } from '../utils/testUtils.js';
@@ -81,12 +79,12 @@ describe('copy-toolchain: Test user input handling', function () {
         {
             name: 'Invalid Resource Group name is provided',
             cmd: [CLI_PATH, COMMAND, '-c', validCrn, '-r', TARGET_REGIONS[0], '-g', mocks.invalidRgName],
-            expected: /The resource group with provided ID or name was not found or is not accessible/,
+            expected: /No matching resource groups were found for the provided id\(s\) or name\(s\)/,
         },
         {
             name: 'Invalid Resource Group ID is provided',
             cmd: [CLI_PATH, COMMAND, '-c', validCrn, '-r', TARGET_REGIONS[0], '-g', mocks.invalidRgId],
-            expected: /The resource group with provided ID or name was not found or is not accessible/,
+            expected: /No matching resource groups were found for the provided id\(s\) or name\(s\)/,
         },
         {
             name: 'Non-existent GRIT mapping file provided',

package/test/copy-toolchain/tf-import.test.js

@@ -10,9 +10,6 @@
 import path from 'node:path';
 import nconf from 'nconf';
 
-import * as chai from 'chai';
-chai.config.truncateThreshold = 0;
-
 import { assertTfResourcesInDir, assertPtyOutput } from '../utils/testUtils.js';
 import { TEST_TOOLCHAINS } from '../data/test-toolchains.js';
 

package/test/copy-toolchain/tool-validation.test.js

@@ -10,8 +10,6 @@
 import path from 'node:path';
 import nconf from 'nconf';
 
-import * as chai from 'chai';
-chai.config.truncateThreshold = 0;
 import { expect } from 'chai';
 
 import { assertPtyOutput, deleteCreatedToolchains } from '../utils/testUtils.js';
@@ -87,7 +85,7 @@ describe('copy-toolchain: Test tool validation', function () {
                 timeout: 30000
             },
             assertionFunc: (output) => {
-                expect(output).to.match(/Warning! The following GRIT integration\(s\) are using auth_type "pat", please switch to auth_type "oauth" before proceeding/);
+                expect(output).to.match(/Warning! The following GRIT integration\(s\) with auth_type "pat" are unsupported during migration and will automatically be converted to auth_type "oauth"/);
                 expect(output).to.match(/hostedgit/);
                 expect(output).to.match(/Warning! The following tools contain secrets that cannot be migrated/);
                 expect(output).to.match(/githubconsolidated[\s\S]*?api_token/);

package/cmd/check-secrets.js

@@ -1,111 +0,0 @@
-/**
- * Licensed Materials - Property of IBM
- * (c) Copyright IBM Corporation 2025. All Rights Reserved.
- *
- * Note to U.S. Government Users Restricted Rights:
- * Use, duplication or disclosure restricted by GSA ADP Schedule
- * Contract with IBM Corp.
- */
-'use strict';
-
-import { exit } from 'node:process';
-import { Command } from 'commander';
-import { parseEnvVar, decomposeCrn, isSecretReference } from './utils/utils.js';
-import { logger, LOG_STAGES } from './utils/logger.js';
-import { getBearerToken, getToolchainTools, getPipelineData } from './utils/requests.js';
-import { SECRET_KEYS_MAP } from '../config.js';
-
-const command = new Command('check-secrets')
-    .description('Checks if you have any stored secrets in your toolchain or pipelines')
-    .requiredOption('-c, --toolchain-crn <crn>', 'The CRN of the source toolchain to check')
-    .option('-a --apikey <api key>', 'IBM Cloud IAM API key with permissions to read the toolchain.')
-    .showHelpAfterError()
-    .hook('preAction', cmd => cmd.showHelpAfterError(false)) // only show help during validation
-    .action(main);
-
-async function main(options) {
-    const toolchainCrn = options.toolchainCrn;
-    const apiKey = options.apikey || parseEnvVar('IBMCLOUD_API_KEY');
-
-    if (!apiKey) {
-        logger.error('Missing IBM Cloud IAM API key', LOG_STAGES.setup);
-        exit(1);
-    };
-
-    logger.print(`Checking secrets for toolchain ${toolchainCrn}...`);
-
-    const decomposedCrn = decomposeCrn(toolchainCrn);
-
-    const token = await getBearerToken(apiKey);
-    const toolchainId = decomposedCrn.serviceInstance;
-    const region = decomposedCrn.location;
-
-    const getToolsRes = await getToolchainTools(token, toolchainId, region);
-
-    const toolResults = [];
-    const pipelineResults = [];
-
-    if (getToolsRes?.tools?.length > 0) {
-        for (let i = 0; i < getToolsRes.tools.length; i++) {
-            const tool = getToolsRes.tools[i];
-
-            // Skip iff it's GitHub/GitLab/GRIT integration with OAuth
-            if (['githubconsolidated', 'github_integrated', 'gitlab', 'hostedgit'].includes(tool.tool_type_id) && (tool.parameters?.auth_type === '' || tool.parameters?.auth_type === 'oauth'))
-                continue;
-
-            // Check tool integrations for any plain text secret values
-            if (SECRET_KEYS_MAP[tool.tool_type_id]) {
-                SECRET_KEYS_MAP[tool.tool_type_id].forEach((entry) => {
-                    const updateableSecretParam = entry.key;
-                    if (tool.parameters[updateableSecretParam] && !isSecretReference(tool.parameters[updateableSecretParam]) && tool.parameters[updateableSecretParam].length > 0) {
-                        toolResults.push({
-                            'Tool ID': tool.id,
-                            'Tool Type': tool.tool_type_id,
-                            'Property Name': updateableSecretParam
-                        });
-                    };
-                });
-            };
-
-            // For tekton pipelines, check for any plain text secret properties
-            if (tool.tool_type_id === 'pipeline' && tool.parameters?.type === 'tekton') {
-                const pipelineData = await getPipelineData(token, tool.id, region);
-
-                pipelineData?.properties.forEach((prop) => {
-                    if (prop.type === 'secure' && !isSecretReference(prop.value) && prop.value.length > 0) {
-                        pipelineResults.push({
-                            'Pipeline ID': pipelineData.id,
-                            'Trigger Name': '-',
-                            'Property Name': prop.name
-                        });
-                    };
-                });
-
-                pipelineData?.triggers.forEach((trigger) => {
-                    trigger.properties?.forEach((prop) => {
-                        if (prop.type === 'secure' && !isSecretReference(prop.value) && prop.value.length > 0) {
-                            pipelineResults.push({
-                                'Pipeline ID': pipelineData.id,
-                                'Trigger Name': trigger.name,
-                                'Property Name': prop.name
-                            });
-                        };
-                    });
-                });
-            }
-        };
-    };
-
-    if (toolResults.length > 0) {
-        logger.print();
-        logger.print('The following plain text properties were found in tool integrations bound to the toolchain:');
-        logger.table(toolResults);
-    };
-    if (pipelineResults.length > 0) {
-        logger.print();
-        logger.print('The following plain text properties were found in Tekton pipeline(s) bound to the toolchain:');
-        logger.table(pipelineResults);
-    };
-};
-
-export default command;