mas-cli 12.0.0__py3-none-any.whl → 13.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of mas-cli might be problematic. Click here for more details.

Files changed (17) hide show
  1. mas/cli/__init__.py +1 -1
  2. mas/cli/cli.py +16 -6
  3. mas/cli/install/app.py +20 -14
  4. mas/cli/install/argBuilder.py +17 -3
  5. mas/cli/install/argParser.py +37 -2
  6. mas/cli/install/catalogs.py +2 -1
  7. mas/cli/install/params.py +6 -0
  8. mas/cli/install/settings/turbonomicSettings.py +1 -3
  9. mas/cli/install/summarizer.py +1 -2
  10. mas/cli/templates/ibm-mas-tekton.yaml +978 -213
  11. mas/cli/update/app.py +13 -8
  12. mas/cli/upgrade/app.py +14 -16
  13. {mas_cli-12.0.0.dist-info → mas_cli-13.0.0.dist-info}/METADATA +12 -3
  14. {mas_cli-12.0.0.dist-info → mas_cli-13.0.0.dist-info}/RECORD +17 -17
  15. {mas_cli-12.0.0.dist-info → mas_cli-13.0.0.dist-info}/WHEEL +1 -1
  16. {mas_cli-12.0.0.data → mas_cli-13.0.0.data}/scripts/mas-cli +0 -0
  17. {mas_cli-12.0.0.dist-info → mas_cli-13.0.0.dist-info}/top_level.txt +0 -0
mas/cli/templates/ibm-mas-tekton.yaml CHANGED
@@ -231,7 +231,7 @@ spec:
231
231
  command:
232
232
  - /opt/app-root/src/run-role.sh
233
233
  - aibroker
234
- image: quay.io/ibmmas/cli:12.0.0
234
+ image: quay.io/ibmmas/cli:13.0.0
235
235
  imagePullPolicy: $(params.image_pull_policy)
236
236
  # --------------------------------------------------------------------------------
237
237
  # /home/runner/work/cli/cli/tekton/target/tasks/appconnect.yaml
@@ -342,7 +342,7 @@ spec:
342
342
  command:
343
343
  - /opt/app-root/src/run-role.sh
344
344
  - appconnect
345
- image: quay.io/ibmmas/cli:12.0.0
345
+ image: quay.io/ibmmas/cli:13.0.0
346
346
  imagePullPolicy: $(params.image_pull_policy)
347
347
  workingDir: /workspace/configs
348
348
 
@@ -460,7 +460,7 @@ spec:
460
460
  command:
461
461
  - /opt/app-root/src/run-role.sh
462
462
  - arcgis
463
- image: quay.io/ibmmas/cli:12.0.0
463
+ image: quay.io/ibmmas/cli:13.0.0
464
464
  imagePullPolicy: $(params.image_pull_policy)
465
465
  # --------------------------------------------------------------------------------
466
466
  # /home/runner/work/cli/cli/tekton/target/tasks/cert-manager.yaml
@@ -530,7 +530,7 @@ spec:
530
530
  command:
531
531
  - /opt/app-root/src/run-role.sh
532
532
  - cert_manager
533
- image: quay.io/ibmmas/cli:12.0.0
533
+ image: quay.io/ibmmas/cli:13.0.0
534
534
  imagePullPolicy: $(params.image_pull_policy)
535
535
  workingDir: /workspace/configs
536
536
  # --------------------------------------------------------------------------------
@@ -596,7 +596,7 @@ spec:
596
596
  command:
597
597
  - /opt/app-root/src/run-role.sh
598
598
  - common_services
599
- image: quay.io/ibmmas/cli:12.0.0
599
+ image: quay.io/ibmmas/cli:13.0.0
600
600
  imagePullPolicy: $(params.image_pull_policy)
601
601
  workingDir: /workspace/configs
602
602
  # --------------------------------------------------------------------------------
@@ -723,7 +723,7 @@ spec:
723
723
  command:
724
724
  - /opt/app-root/src/run-role.sh
725
725
  - cos
726
- image: quay.io/ibmmas/cli:12.0.0
726
+ image: quay.io/ibmmas/cli:13.0.0
727
727
  imagePullPolicy: $(params.image_pull_policy)
728
728
  workingDir: /workspace/configs
729
729
 
@@ -843,7 +843,7 @@ spec:
843
843
  command:
844
844
  - /opt/app-root/src/run-role.sh
845
845
  - cp4d_service
846
- image: quay.io/ibmmas/cli:12.0.0
846
+ image: quay.io/ibmmas/cli:13.0.0
847
847
  imagePullPolicy: $(params.image_pull_policy)
848
848
  workingDir: /workspace/configs
849
849
  # --------------------------------------------------------------------------------
@@ -960,7 +960,7 @@ spec:
960
960
  command:
961
961
  - /opt/app-root/src/run-role.sh
962
962
  - cp4d_service
963
- image: quay.io/ibmmas/cli:12.0.0
963
+ image: quay.io/ibmmas/cli:13.0.0
964
964
  imagePullPolicy: $(params.image_pull_policy)
965
965
  workingDir: /workspace/configs
966
966
 
@@ -1066,7 +1066,7 @@ spec:
1066
1066
  command:
1067
1067
  - /opt/app-root/src/run-role.sh
1068
1068
  - cp4d
1069
- image: quay.io/ibmmas/cli:12.0.0
1069
+ image: quay.io/ibmmas/cli:13.0.0
1070
1070
  imagePullPolicy: $(params.image_pull_policy)
1071
1071
  # --------------------------------------------------------------------------------
1072
1072
  # /home/runner/work/cli/cli/tekton/target/tasks/db2.yaml
@@ -1388,7 +1388,7 @@ spec:
1388
1388
  command:
1389
1389
  - /opt/app-root/src/run-role.sh
1390
1390
  - db2
1391
- image: quay.io/ibmmas/cli:12.0.0
1391
+ image: quay.io/ibmmas/cli:13.0.0
1392
1392
  imagePullPolicy: $(params.image_pull_policy)
1393
1393
  workingDir: /workspace/configs
1394
1394
 
@@ -1498,7 +1498,7 @@ spec:
1498
1498
  command:
1499
1499
  - /opt/app-root/src/run-role.sh
1500
1500
  - eck
1501
- image: quay.io/ibmmas/cli:12.0.0
1501
+ image: quay.io/ibmmas/cli:13.0.0
1502
1502
  imagePullPolicy: $(params.image_pull_policy)
1503
1503
  # --------------------------------------------------------------------------------
1504
1504
  # /home/runner/work/cli/cli/tekton/target/tasks/gencfg-workspace.yaml
@@ -1587,7 +1587,7 @@ spec:
1587
1587
  command:
1588
1588
  - /opt/app-root/src/run-role.sh
1589
1589
  - gencfg_workspace
1590
- image: quay.io/ibmmas/cli:12.0.0
1590
+ image: quay.io/ibmmas/cli:13.0.0
1591
1591
  imagePullPolicy: $(params.image_pull_policy)
1592
1592
  workingDir: /workspace/configs
1593
1593
 
@@ -1691,7 +1691,7 @@ spec:
1691
1691
  - -c
1692
1692
  name: gitops-bootstrap
1693
1693
  imagePullPolicy: IfNotPresent
1694
- image: quay.io/ibmmas/cli:12.0.0
1694
+ image: quay.io/ibmmas/cli:13.0.0
1695
1695
  workspaces:
1696
1696
  - name: configs
1697
1697
  # --------------------------------------------------------------------------------
@@ -1773,7 +1773,7 @@ spec:
1773
1773
  - -c
1774
1774
  name: gitops-cis-compliance
1775
1775
  imagePullPolicy: IfNotPresent
1776
- image: quay.io/ibmmas/cli:12.0.0
1776
+ image: quay.io/ibmmas/cli:13.0.0
1777
1777
  workspaces:
1778
1778
  - name: configs
1779
1779
  # --------------------------------------------------------------------------------
@@ -1879,9 +1879,17 @@ spec:
1879
1879
  - name: group_sync_operator_isv_groups
1880
1880
  type: string
1881
1881
  default: ''
1882
+
1882
1883
  - name: ibm_rbac_binding_to_group
1883
1884
  type: string
1884
1885
  default: ''
1886
+
1887
+ - name: falcon_operator_cloud_region
1888
+ type: string
1889
+ default: ''
1890
+ - name: falcon_operator_node_sensor
1891
+ type: string
1892
+ default: ''
1885
1893
 
1886
1894
  stepTemplate:
1887
1895
  name: gitops-cluster
@@ -1959,8 +1967,14 @@ spec:
1959
1967
  value: $(params.group_sync_operator_isv_tenant_url)
1960
1968
  - name: GROUP_SYNC_OPERATOR_ISV_GROUPS
1961
1969
  value: $(params.group_sync_operator_isv_groups)
1970
+
1962
1971
  - name: IBM_RBAC_BINDING_TO_GROUP
1963
1972
  value: $(params.ibm_rbac_binding_to_group)
1973
+
1974
+ - name: FALCON_OPERATOR_CLOUD_REGION
1975
+ value: $(params.falcon_operator_cloud_region)
1976
+ - name: FALCON_OPERATOR_NODE_SENSOR
1977
+ value: $(params.falcon_operator_node_sensor)
1964
1978
 
1965
1979
  envFrom:
1966
1980
  - configMapRef:
@@ -2002,6 +2016,13 @@ spec:
2002
2016
  export INSTALL_IBM_RBAC=true
2003
2017
  fi
2004
2018
 
2019
+ if [[ -n "${FALCON_OPERATOR_CLOUD_REGION}" ]];then
2020
+ echo "Setting var INSTALL_FALCON_OPERATOR to true as var FALCON_OPERATOR_CLOUD_REGION is set"
2021
+ export INSTALL_FALCON_OPERATOR=true
2022
+ else
2023
+ echo "Not setting var INSTALL_FALCON_OPERATOR to true as var FALCON_OPERATOR_CLOUD_REGION is not set"
2024
+ fi
2025
+
2005
2026
  mkdir -p /tmp/init-cluster
2006
2027
  mas gitops-cluster -a $ACCOUNT -c $CLUSTER_NAME \
2007
2028
  --dir /tmp/init-cluster \
@@ -2018,7 +2039,7 @@ spec:
2018
2039
  - -c
2019
2040
  name: gitops-cluster
2020
2041
  imagePullPolicy: Always
2021
- image: quay.io/ibmmas/cli:12.0.0
2042
+ image: quay.io/ibmmas/cli:13.0.0
2022
2043
  workspaces:
2023
2044
  - name: configs
2024
2045
  # --------------------------------------------------------------------------------
@@ -2121,7 +2142,7 @@ spec:
2121
2142
  - -c
2122
2143
  name: gitops-cos
2123
2144
  imagePullPolicy: IfNotPresent
2124
- image: quay.io/ibmmas/cli:12.0.0
2145
+ image: quay.io/ibmmas/cli:13.0.0
2125
2146
  workspaces:
2126
2147
  - name: configs
2127
2148
  # --------------------------------------------------------------------------------
@@ -2269,7 +2290,7 @@ spec:
2269
2290
  - -c
2270
2291
  name: gitops-cp4d-service
2271
2292
  imagePullPolicy: IfNotPresent
2272
- image: quay.io/ibmmas/cli:12.0.0
2293
+ image: quay.io/ibmmas/cli:13.0.0
2273
2294
  workspaces:
2274
2295
  - name: configs
2275
2296
  - name: shared-gitops-configs
@@ -2398,7 +2419,7 @@ spec:
2398
2419
  - -c
2399
2420
  name: gitops-cp4d
2400
2421
  imagePullPolicy: IfNotPresent
2401
- image: quay.io/ibmmas/cli:12.0.0
2422
+ image: quay.io/ibmmas/cli:13.0.0
2402
2423
  workspaces:
2403
2424
  - name: configs
2404
2425
  - name: shared-gitops-configs
@@ -2659,7 +2680,7 @@ spec:
2659
2680
  - -c
2660
2681
  name: gitops-db2u-database
2661
2682
  imagePullPolicy: Always
2662
- image: quay.io/ibmmas/cli:12.0.0
2683
+ image: quay.io/ibmmas/cli:13.0.0
2663
2684
  workspaces:
2664
2685
  - name: configs
2665
2686
  - name: shared-gitops-configs
@@ -2757,7 +2778,7 @@ spec:
2757
2778
  - -c
2758
2779
  name: gitops-db2u
2759
2780
  imagePullPolicy: IfNotPresent
2760
- image: quay.io/ibmmas/cli:12.0.0
2781
+ image: quay.io/ibmmas/cli:13.0.0
2761
2782
  workspaces:
2762
2783
  - name: configs
2763
2784
  # --------------------------------------------------------------------------------
@@ -2884,7 +2905,7 @@ spec:
2884
2905
  - -c
2885
2906
  name: gitops-delete-jdbc-config
2886
2907
  imagePullPolicy: IfNotPresent
2887
- image: quay.io/ibmmas/cli:12.0.0
2908
+ image: quay.io/ibmmas/cli:13.0.0
2888
2909
  workspaces:
2889
2910
  - name: configs
2890
2911
  # --------------------------------------------------------------------------------
@@ -2982,7 +3003,7 @@ spec:
2982
3003
  - -c
2983
3004
  name: gitops-delete-kafka-config
2984
3005
  imagePullPolicy: Always
2985
- image: quay.io/ibmmas/cli:12.0.0
3006
+ image: quay.io/ibmmas/cli:13.0.0
2986
3007
  workspaces:
2987
3008
  - name: configs
2988
3009
 
@@ -3074,7 +3095,7 @@ spec:
3074
3095
  - -c
3075
3096
  name: gitops-deprovision-app-config
3076
3097
  imagePullPolicy: IfNotPresent
3077
- image: quay.io/ibmmas/cli:12.0.0
3098
+ image: quay.io/ibmmas/cli:13.0.0
3078
3099
  workspaces:
3079
3100
  - name: configs
3080
3101
  # --------------------------------------------------------------------------------
@@ -3159,7 +3180,7 @@ spec:
3159
3180
  - -c
3160
3181
  name: gitops-deprovision-app-install
3161
3182
  imagePullPolicy: IfNotPresent
3162
- image: quay.io/ibmmas/cli:12.0.0
3183
+ image: quay.io/ibmmas/cli:13.0.0
3163
3184
  workspaces:
3164
3185
  - name: configs
3165
3186
  # --------------------------------------------------------------------------------
@@ -3244,7 +3265,7 @@ spec:
3244
3265
  - -c
3245
3266
  name: gitops-deprovision-cluster
3246
3267
  imagePullPolicy: IfNotPresent
3247
- image: quay.io/ibmmas/cli:12.0.0
3268
+ image: quay.io/ibmmas/cli:13.0.0
3248
3269
  workspaces:
3249
3270
  - name: configs
3250
3271
  # --------------------------------------------------------------------------------
@@ -3363,7 +3384,7 @@ spec:
3363
3384
  - -c
3364
3385
  name: gitops-deprovision-cos
3365
3386
  imagePullPolicy: IfNotPresent
3366
- image: quay.io/ibmmas/cli:12.0.0
3387
+ image: quay.io/ibmmas/cli:13.0.0
3367
3388
  workspaces:
3368
3389
  - name: configs
3369
3390
  # --------------------------------------------------------------------------------
@@ -3451,7 +3472,7 @@ spec:
3451
3472
  - -c
3452
3473
  name: gitops-deprovision-db2u-database
3453
3474
  imagePullPolicy: IfNotPresent
3454
- image: quay.io/ibmmas/cli:12.0.0
3475
+ image: quay.io/ibmmas/cli:13.0.0
3455
3476
  workspaces:
3456
3477
  - name: configs
3457
3478
 
@@ -3534,7 +3555,7 @@ spec:
3534
3555
  - -c
3535
3556
  name: gitops-deprovision-db2u
3536
3557
  imagePullPolicy: IfNotPresent
3537
- image: quay.io/ibmmas/cli:12.0.0
3558
+ image: quay.io/ibmmas/cli:13.0.0
3538
3559
  workspaces:
3539
3560
  - name: configs
3540
3561
 
@@ -3642,7 +3663,7 @@ spec:
3642
3663
  - -c
3643
3664
  name: gitops-deprovision-efs
3644
3665
  imagePullPolicy: IfNotPresent
3645
- image: quay.io/ibmmas/cli:12.0.0
3666
+ image: quay.io/ibmmas/cli:13.0.0
3646
3667
  workspaces:
3647
3668
  - name: configs
3648
3669
 
@@ -3752,7 +3773,7 @@ spec:
3752
3773
  - -c
3753
3774
  name: gitops-deprovision-kafka
3754
3775
  imagePullPolicy: IfNotPresent
3755
- image: quay.io/ibmmas/cli:12.0.0
3776
+ image: quay.io/ibmmas/cli:13.0.0
3756
3777
  workspaces:
3757
3778
  - name: configs
3758
3779
  # --------------------------------------------------------------------------------
@@ -3855,7 +3876,7 @@ spec:
3855
3876
  - -c
3856
3877
  name: gitops-deprovision-mongo
3857
3878
  imagePullPolicy: IfNotPresent
3858
- image: quay.io/ibmmas/cli:12.0.0
3879
+ image: quay.io/ibmmas/cli:13.0.0
3859
3880
  workspaces:
3860
3881
  - name: configs
3861
3882
 
@@ -3912,7 +3933,7 @@ spec:
3912
3933
  - -c
3913
3934
  name: gitops-deprovision-rosa
3914
3935
  imagePullPolicy: IfNotPresent
3915
- image: quay.io/ibmmas/cli:12.0.0
3936
+ image: quay.io/ibmmas/cli:13.0.0
3916
3937
  workspaces:
3917
3938
  - name: configs
3918
3939
  # --------------------------------------------------------------------------------
@@ -4117,7 +4138,7 @@ spec:
4117
4138
  - -c
4118
4139
  name: gitops-deprovision-suite-config
4119
4140
  imagePullPolicy: IfNotPresent
4120
- image: quay.io/ibmmas/cli:12.0.0
4141
+ image: quay.io/ibmmas/cli:13.0.0
4121
4142
  workspaces:
4122
4143
  - name: configs
4123
4144
 
@@ -4215,7 +4236,7 @@ spec:
4215
4236
  - -c
4216
4237
  name: gitops-deprovision-suite-idp-config
4217
4238
  imagePullPolicy: IfNotPresent
4218
- image: quay.io/ibmmas/cli:12.0.0
4239
+ image: quay.io/ibmmas/cli:13.0.0
4219
4240
  workspaces:
4220
4241
  - name: configs
4221
4242
  # --------------------------------------------------------------------------------
@@ -4307,7 +4328,127 @@ spec:
4307
4328
  - -c
4308
4329
  name: gitops-deprovision-suite-objectstorage-config
4309
4330
  imagePullPolicy: IfNotPresent
4310
- image: quay.io/ibmmas/cli:12.0.0
4331
+ image: quay.io/ibmmas/cli:13.0.0
4332
+ workspaces:
4333
+ - name: configs
4334
+ # --------------------------------------------------------------------------------
4335
+ # /home/runner/work/cli/cli/tekton/target/tasks/gitops-deprovision-suite-sendgrid-subuser.yaml
4336
+ # --------------------------------------------------------------------------------
4337
+ ---
4338
+ apiVersion: tekton.dev/v1beta1
4339
+ kind: Task
4340
+ metadata:
4341
+ name: gitops-deprovision-suite-sendgrid-subuser
4342
+ spec:
4343
+ params:
4344
+ - name: cluster_name
4345
+ type: string
4346
+ - name: account
4347
+ type: string
4348
+ - name: mas_instance_id
4349
+ type: string
4350
+ - name: icn
4351
+ type: string
4352
+ - name: cis_mas_domain
4353
+ type: string
4354
+ - name: cis_crn
4355
+ type: string
4356
+ - name: avp_aws_secret_region
4357
+ type: string
4358
+ stepTemplate:
4359
+ name: gitops-deprovision-suite-sendgrid-subuser
4360
+ env:
4361
+ - name: CLUSTER_ID
4362
+ value: $(params.cluster_name)
4363
+ - name: ACCOUNT_ID
4364
+ value: $(params.account)
4365
+ - name: MAS_INSTANCE_ID
4366
+ value: $(params.mas_instance_id)
4367
+
4368
+ - name: ICN
4369
+ value: $(params.icn)
4370
+ - name: CIS_MAS_DOMAIN
4371
+ value: $(params.cis_mas_domain)
4372
+ - name: CIS_CRN
4373
+ value: $(params.cis_crn)
4374
+
4375
+ - name: SM_AWS_REGION
4376
+ value: $(params.avp_aws_secret_region)
4377
+ envFrom:
4378
+ - configMapRef:
4379
+ name: environment-properties
4380
+ optional: true
4381
+ - secretRef:
4382
+ name: secure-properties
4383
+ steps:
4384
+ - args:
4385
+ - |-
4386
+
4387
+ # Expected secure-properties (sourced from IBM Cloud SM):
4388
+ # -------------------
4389
+ # SM_AWS_ACCESS_KEY_ID
4390
+ # SM_AWS_SECRET_ACCESS_KEY
4391
+ # SENDGRID_API_KEY
4392
+
4393
+
4394
+ # Teardown of smtp config in gitops-envs is handled by gitops-deprovision-suite-smtp-config task
4395
+ # All we need to do here is make sure we clean up SendGrid, CIS and the sendgrid_subuser secret in AWS SM (if the subuser was deleted)
4396
+ source /mascli/functions/gitops_utils
4397
+ export AVP_TYPE="aws"
4398
+ sm_login || exit 1
4399
+
4400
+ # Fetch CIS API Key from AWS SM.
4401
+ # This is suitable for use with CIS instances used by MAS instances in the cluster we are targetting
4402
+ # This secret is only required if the instance is configured with CIS
4403
+ if [[ -n "${CIS_CRN}" ]]; then
4404
+ SECRET_NAME_CIS="${ACCOUNT_ID}/${CLUSTER_ID}/cis"
4405
+ echo "Getting ${SECRET_NAME_CIS} from AWS SM"
4406
+ export CIS_APIKEY="$(sm_get_secret_value "${SECRET_NAME_CIS}" "ibm_apikey")" # pragma: allowlist secret
4407
+ if [[ -z "${CIS_APIKEY}" || "${CIS_APIKEY}" == "null" ]]; then
4408
+ echo "Required AWS SM secret "${SECRET_NAME_CIS}" not found or invalid"
4409
+ exit 1
4410
+ fi
4411
+ fi
4412
+
4413
+ mkdir -p /tmp/gitops-deprovision-suite-sendgrid-subuser
4414
+ OUTPUT_FILE="/tmp/gitops-deprovision-suite-sendgrid-subuser/mas-saas-sendgrid-subuser-output.yaml"
4415
+ rm "${OUTPUT_FILE}"
4416
+
4417
+ mas-saas-sendgrid-subuser \
4418
+ --customer-id "${ICN}" \
4419
+ --mas-account-id "${ACCOUNT_ID}" \
4420
+ --mas-cluster-id "${CLUSTER_ID}" \
4421
+ --mas-instance-id "${MAS_INSTANCE_ID}" \
4422
+ --cis-crn "${CIS_CRN}" \
4423
+ --cis-mas-domain "${CIS_MAS_DOMAIN}" \
4424
+ --output-file "${OUTPUT_FILE}" \
4425
+ --action delete
4426
+
4427
+ rc="$?"
4428
+
4429
+ if [[ "${rc}" != "0" ]]; then
4430
+ echo "mas-saas-sendgrid-subuser failed with rc ${rc}"
4431
+ exit ${rc}
4432
+ fi
4433
+
4434
+ # Pull values out of the outfile and set them as environment vars
4435
+ if [[ -f "${OUTPUT_FILE}" ]]; then
4436
+ echo "Reading outputs from ${OUTPUT_FILE}"
4437
+ export DELETED_SUBUSER="$(yq '.deleted_subuser // ""' "${OUTPUT_FILE}")"
4438
+ fi
4439
+
4440
+ if [[ "${DELETED_SUBUSER}" == "true" ]]; then
4441
+ SECRET_NAME_SENDGRID="ibm-customer/${ICN}/sendgrid_subuser"
4442
+ echo "Subuser was deleted, cleaning up ${SECRET_NAME_SENDGRID} secret"
4443
+ sm_delete_secret "${SECRET_NAME_SENDGRID}"
4444
+ fi
4445
+
4446
+ command:
4447
+ - /bin/sh
4448
+ - -c
4449
+ name: gitops-deprovision-suite-sendgrid-subuser
4450
+ imagePullPolicy: IfNotPresent
4451
+ image: docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/mas/saas-task:latest
4311
4452
  workspaces:
4312
4453
  - name: configs
4313
4454
  # --------------------------------------------------------------------------------
@@ -4399,7 +4540,7 @@ spec:
4399
4540
  - -c
4400
4541
  name: gitops-deprovision-suite-smtp-config
4401
4542
  imagePullPolicy: IfNotPresent
4402
- image: quay.io/ibmmas/cli:12.0.0
4543
+ image: quay.io/ibmmas/cli:13.0.0
4403
4544
  workspaces:
4404
4545
  - name: configs
4405
4546
  # --------------------------------------------------------------------------------
@@ -4492,7 +4633,7 @@ spec:
4492
4633
  - -c
4493
4634
  name: gitops-deprovision-suite-watson-studio-config
4494
4635
  imagePullPolicy: IfNotPresent
4495
- image: quay.io/ibmmas/cli:12.0.0
4636
+ image: quay.io/ibmmas/cli:13.0.0
4496
4637
  workspaces:
4497
4638
  - name: configs
4498
4639
  # --------------------------------------------------------------------------------
@@ -4583,7 +4724,7 @@ spec:
4583
4724
  - -c
4584
4725
  name: gitops-deprovision-suite-workspace
4585
4726
  imagePullPolicy: Always
4586
- image: quay.io/ibmmas/cli:12.0.0
4727
+ image: quay.io/ibmmas/cli:13.0.0
4587
4728
  workspaces:
4588
4729
  - name: configs
4589
4730
  # --------------------------------------------------------------------------------
@@ -4676,7 +4817,7 @@ spec:
4676
4817
  - -c
4677
4818
  name: gitops-deprovision-suite
4678
4819
  imagePullPolicy: IfNotPresent
4679
- image: quay.io/ibmmas/cli:12.0.0
4820
+ image: quay.io/ibmmas/cli:13.0.0
4680
4821
  workspaces:
4681
4822
  - name: configs
4682
4823
 
@@ -4789,7 +4930,7 @@ spec:
4789
4930
  - -c
4790
4931
  name: gitops-dro
4791
4932
  imagePullPolicy: IfNotPresent
4792
- image: quay.io/ibmmas/cli:12.0.0
4933
+ image: quay.io/ibmmas/cli:13.0.0
4793
4934
  workspaces:
4794
4935
  - name: configs
4795
4936
  # --------------------------------------------------------------------------------
@@ -4906,7 +5047,7 @@ spec:
4906
5047
  - -c
4907
5048
  name: gitops-efs
4908
5049
  imagePullPolicy: IfNotPresent
4909
- image: quay.io/ibmmas/cli:12.0.0
5050
+ image: quay.io/ibmmas/cli:13.0.0
4910
5051
  workspaces:
4911
5052
  - name: configs
4912
5053
 
@@ -5041,7 +5182,7 @@ spec:
5041
5182
  - -c
5042
5183
  name: gitops-jdbc-config
5043
5184
  imagePullPolicy: Always
5044
- image: quay.io/ibmmas/cli:12.0.0
5185
+ image: quay.io/ibmmas/cli:13.0.0
5045
5186
  workspaces:
5046
5187
  - name: configs
5047
5188
  - name: shared-gitops-configs
@@ -5137,7 +5278,7 @@ spec:
5137
5278
  - -c
5138
5279
  name: gitops-kafka-config
5139
5280
  imagePullPolicy: Always
5140
- image: quay.io/ibmmas/cli:12.0.0
5281
+ image: quay.io/ibmmas/cli:13.0.0
5141
5282
  workspaces:
5142
5283
  - name: configs
5143
5284
 
@@ -5259,7 +5400,7 @@ spec:
5259
5400
  - -c
5260
5401
  name: gitops-kafka
5261
5402
  imagePullPolicy: IfNotPresent
5262
- image: quay.io/ibmmas/cli:12.0.0
5403
+ image: quay.io/ibmmas/cli:13.0.0
5263
5404
  workspaces:
5264
5405
  - name: configs
5265
5406
  # --------------------------------------------------------------------------------
@@ -5385,7 +5526,7 @@ spec:
5385
5526
  - -c
5386
5527
  name: gitops-license
5387
5528
  imagePullPolicy: Always
5388
- image: quay.io/ibmmas/cli:12.0.0
5529
+ image: quay.io/ibmmas/cli:13.0.0
5389
5530
  workspaces:
5390
5531
  - name: shared-entitlement
5391
5532
 
@@ -5559,6 +5700,14 @@ spec:
5559
5700
  type: string
5560
5701
  default: ""
5561
5702
 
5703
+ - name: icn
5704
+ type: string
5705
+ - name: avp_aws_secret_region
5706
+ type: string
5707
+ - name: use_sendgrid
5708
+ type: string
5709
+ default: ""
5710
+
5562
5711
  stepTemplate:
5563
5712
  name: gitops-mas-fvt-preparer
5564
5713
  env:
@@ -5684,6 +5833,13 @@ spec:
5684
5833
  - name: LDAP_CERT_ALIAS
5685
5834
  value: ldap
5686
5835
 
5836
+ - name: ICN
5837
+ value: $(params.icn)
5838
+ - name: SM_AWS_REGION
5839
+ value: $(params.avp_aws_secret_region)
5840
+ - name: USE_SENDGRID
5841
+ value: $(params.use_sendgrid)
5842
+
5687
5843
  envFrom:
5688
5844
  - configMapRef:
5689
5845
  name: environment-properties
@@ -5775,6 +5931,52 @@ spec:
5775
5931
  check_argo_app_healthy "${SUITE_APP_NAME}" 30
5776
5932
  check_argo_app_healthy "${WORKSPACE_APP}" 30
5777
5933
  fi
5934
+
5935
+
5936
+ # If use_sendgrid: true, disable the subuser so we do not accidentally send out real emails when running tests against the instance
5937
+ # NOTE: Many of the FVT suites will fail unless the suite is configured to use Mailhog for SMTP, so we only plan to have smtp.use_sendgrid: true set for fvtsaastran
5938
+ # We only run the catalogapi FVT suite there at present, and that suite does not depend on Mailhog.
5939
+ # NOTE: we deliberately perform this step *after* checking application health, since disabling the sendgrid subuser will cause the validation step in the
5940
+ # SMTP entity manager to fail (unfortunately, there is no way to configure a SendGrid subuser to silently drop emails without the client call reporting failure)
5941
+ # NOTE: although we don't check the health of the SMTP app explicitly, this is not necessary since the WORKSPACE_APP (which we do check above) sync will be blocked until the SMTP
5942
+ # app becomes healthy (if SMTP is configured)
5943
+ if [[ "${USE_SENDGRID}" == "true" ]]; then
5944
+
5945
+ echo "Disabling sendgrid subuser to prevent the suite from sending out emails during test execution"
5946
+
5947
+ export AVP_TYPE="aws" # required by sm_login (only AWS supported at present)
5948
+ sm_login || exit 1
5949
+
5950
+ # lookup ibm-customer/<ICN>/sendgrid_subuser#username from AWS SM
5951
+ SECRET_NAME_SENDGRID="ibm-customer/${ICN}/sendgrid_subuser"
5952
+ echo "Getting ${SECRET_NAME_SENDGRID} from AWS SM"
5953
+ export SENDGRID_SUBUSER_USERNAME="$(sm_get_secret_value "${SECRET_NAME_SENDGRID}" "username")" # pragma: allowlist secret
5954
+ echo "Subuser username: ${SENDGRID_SUBUSER_USERNAME}"
5955
+ if [[ -z "${SENDGRID_SUBUSER_USERNAME}" || "${SENDGRID_SUBUSER_USERNAME}" == "null" ]]; then
5956
+ echo "Required AWS SM secret "${SECRET_NAME_SENDGRID}" not found or invalid"
5957
+ exit 1
5958
+ fi
5959
+
5960
+ curl -X PATCH \
5961
+ https://api.sendgrid.com/v3/subusers/${SENDGRID_SUBUSER_USERNAME} \
5962
+ --fail \
5963
+ -H "Authorization: Bearer ${SENDGRID_API_KEY}" \
5964
+ -H "Content-Type: application/json" \
5965
+ -d '{"disabled": true}'
5966
+ CURL_RC=$?
5967
+ if [ $CURL_RC -ne 0 ]; then
5968
+ echo "Failed to disable SendGrid subuser, aborting test"
5969
+ echo "WARNING: until the SendGrid subuser is disabled, the suite will be capable of sending emails for real!"
5970
+ echo " do not attempt to run any tests against the environment until the subuser is successfully disabled!"
5971
+ exit 1
5972
+ fi
5973
+ echo "SendGrid subuser ${SENDGRID_SUBUSER_USERNAME} disabled successfully!"
5974
+ echo "It is now safe to run tests against the environment; the suite is no longer capable of sending emails for real."
5975
+
5976
+ fi
5977
+
5978
+ # NOTE: verified that subuser teardown (including deletion of its API keys, authenticated domains and DNS records) still works as expected against a disabled subuser
5979
+ # so there is no need to re-enable the subuser before attempting to deprovision the MAS instance.
5778
5980
 
5779
5981
  if [[ "$LAUNCHER_ID" == "apps" ]]; then
5780
5982
  # The following order is defined by the sync wave order in https://github.com/ibm-mas/gitops/tree/main/root-applications/ibm-mas-instance-root/templates
@@ -5888,7 +6090,7 @@ spec:
5888
6090
  - -c
5889
6091
  name: gitops-mas-fvt-preparer
5890
6092
  imagePullPolicy: Always
5891
- image: quay.io/ibmmas/cli:12.0.0
6093
+ image: quay.io/ibmmas/cli:13.0.0
5892
6094
  workspaces:
5893
6095
  - name: configs
5894
6096
  - name: shared-additional-configs
@@ -6330,7 +6532,7 @@ spec:
6330
6532
  - -c
6331
6533
  name: gitops-mas-initiator
6332
6534
  imagePullPolicy: IfNotPresent
6333
- image: quay.io/ibmmas/cli:12.0.0
6535
+ image: quay.io/ibmmas/cli:13.0.0
6334
6536
  workspaces:
6335
6537
  - name: configs
6336
6538
  # --------------------------------------------------------------------------------
@@ -6438,7 +6640,7 @@ spec:
6438
6640
  - -c
6439
6641
  name: gitops-mongo
6440
6642
  imagePullPolicy: IfNotPresent
6441
- image: quay.io/ibmmas/cli:12.0.0
6643
+ image: quay.io/ibmmas/cli:13.0.0
6442
6644
  workspaces:
6443
6645
  - name: configs
6444
6646
 
@@ -6560,7 +6762,7 @@ spec:
6560
6762
  - -c
6561
6763
  name: gitops-nvidia-gpu
6562
6764
  imagePullPolicy: IfNotPresent
6563
- image: quay.io/ibmmas/cli:12.0.0
6765
+ image: quay.io/ibmmas/cli:13.0.0
6564
6766
  workspaces:
6565
6767
  - name: configs
6566
6768
  # --------------------------------------------------------------------------------
@@ -6678,7 +6880,7 @@ spec:
6678
6880
  - -c
6679
6881
  name: gitops-process-mongo-user
6680
6882
  imagePullPolicy: IfNotPresent
6681
- image: quay.io/ibmmas/cli:12.0.0
6883
+ image: quay.io/ibmmas/cli:13.0.0
6682
6884
  workspaces:
6683
6885
  - name: configs
6684
6886
  # --------------------------------------------------------------------------------
@@ -6734,7 +6936,7 @@ spec:
6734
6936
  - -c
6735
6937
  name: gitops-rosa
6736
6938
  imagePullPolicy: IfNotPresent
6737
- image: quay.io/ibmmas/cli:12.0.0
6939
+ image: quay.io/ibmmas/cli:13.0.0
6738
6940
  workspaces:
6739
6941
  - name: configs
6740
6942
  # --------------------------------------------------------------------------------
@@ -6921,7 +7123,7 @@ spec:
6921
7123
  - -c
6922
7124
  name: gitops-suite-app-config
6923
7125
  imagePullPolicy: IfNotPresent
6924
- image: quay.io/ibmmas/cli:12.0.0
7126
+ image: quay.io/ibmmas/cli:13.0.0
6925
7127
  workspaces:
6926
7128
  - name: configs
6927
7129
  - name: shared-gitops-configs
@@ -7079,7 +7281,7 @@ spec:
7079
7281
  - -c
7080
7282
  name: gitops-suite-app-install
7081
7283
  imagePullPolicy: Always
7082
- image: quay.io/ibmmas/cli:12.0.0
7284
+ image: quay.io/ibmmas/cli:13.0.0
7083
7285
  workspaces:
7084
7286
  - name: configs
7085
7287
  - name: shared-gitops-configs
@@ -7185,7 +7387,7 @@ spec:
7185
7387
  - -c
7186
7388
  name: gitops-suite-certs
7187
7389
  imagePullPolicy: IfNotPresent
7188
- image: quay.io/ibmmas/cli:12.0.0
7390
+ image: quay.io/ibmmas/cli:13.0.0
7189
7391
  workspaces:
7190
7392
  - name: configs
7191
7393
  - name: certificates
@@ -7355,7 +7557,7 @@ spec:
7355
7557
  - -c
7356
7558
  name: gitops-suite-config
7357
7559
  imagePullPolicy: IfNotPresent
7358
- image: quay.io/ibmmas/cli:12.0.0
7560
+ image: quay.io/ibmmas/cli:13.0.0
7359
7561
  workspaces:
7360
7562
  - name: configs
7361
7563
  - name: shared-additional-configs
@@ -7455,7 +7657,7 @@ spec:
7455
7657
  - -c
7456
7658
  name: gitops-suite-dns
7457
7659
  imagePullPolicy: IfNotPresent
7458
- image: quay.io/ibmmas/cli:12.0.0
7660
+ image: quay.io/ibmmas/cli:13.0.0
7459
7661
  workspaces:
7460
7662
  - name: configs
7461
7663
 
@@ -7579,7 +7781,7 @@ spec:
7579
7781
  - -c
7580
7782
  name: gitops-suite-idp-config
7581
7783
  imagePullPolicy: IfNotPresent
7582
- image: quay.io/ibmmas/cli:12.0.0
7784
+ image: quay.io/ibmmas/cli:13.0.0
7583
7785
  workspaces:
7584
7786
  - name: configs
7585
7787
  - name: shared-additional-configs
@@ -7680,10 +7882,268 @@ spec:
7680
7882
  - -c
7681
7883
  name: gitops-suite-objectstorage-config
7682
7884
  imagePullPolicy: IfNotPresent
7683
- image: quay.io/ibmmas/cli:12.0.0
7885
+ image: quay.io/ibmmas/cli:13.0.0
7684
7886
  workspaces:
7685
7887
  - name: configs
7686
7888
  - name: shared-gitops-configs
7889
+ # --------------------------------------------------------------------------------
7890
+ # /home/runner/work/cli/cli/tekton/target/tasks/gitops-suite-smtp-config-sendgrid.yaml
7891
+ # --------------------------------------------------------------------------------
7892
+ ---
7893
+ apiVersion: tekton.dev/v1beta1
7894
+ kind: Task
7895
+ metadata:
7896
+ name: gitops-suite-smtp-config-sendgrid
7897
+ spec:
7898
+ params:
7899
+ - name: cluster_name
7900
+ type: string
7901
+ - name: account
7902
+ type: string
7903
+ - name: secrets_path
7904
+ type: string
7905
+ - name: mas_instance_id
7906
+ type: string
7907
+ - name: git_branch
7908
+ type: string
7909
+ - name: github_org
7910
+ type: string
7911
+ - name: github_repo
7912
+ type: string
7913
+ - name: github_host
7914
+ type: string
7915
+ - name: avp_aws_secret_region
7916
+ type: string
7917
+ - name: mas_smtpcfg_pod_template_yaml
7918
+ type: string
7919
+ default: ""
7920
+
7921
+ - name: icn
7922
+ type: string
7923
+ - name: mas_domain
7924
+ type: string
7925
+ - name: cis_mas_domain
7926
+ type: string
7927
+ - name: cis_crn
7928
+ type: string
7929
+ stepTemplate:
7930
+ name: gitops-suite-smtp-config
7931
+ env:
7932
+ - name: CLUSTER_ID
7933
+ value: $(params.cluster_name)
7934
+ - name: ACCOUNT_ID
7935
+ value: $(params.account)
7936
+ - name: SECRETS_PATH
7937
+ value: $(params.secrets_path)
7938
+ - name: MAS_INSTANCE_ID
7939
+ value: $(params.mas_instance_id)
7940
+ - name: GIT_BRANCH
7941
+ value: $(params.git_branch)
7942
+ - name: GITHUB_ORG
7943
+ value: $(params.github_org)
7944
+ - name: GITHUB_HOST
7945
+ value: $(params.github_host)
7946
+ - name: GITHUB_REPO
7947
+ value: $(params.github_repo)
7948
+ - name: SM_AWS_REGION
7949
+ value: $(params.avp_aws_secret_region)
7950
+ - name: MAS_SMTPCFG_POD_TEMPLATE_YAML
7951
+ value: $(params.mas_smtpcfg_pod_template_yaml)
7952
+
7953
+ - name: ICN
7954
+ value: $(params.icn)
7955
+ - name: MAS_DOMAIN
7956
+ value: $(params.mas_domain)
7957
+ - name: CIS_MAS_DOMAIN
7958
+ value: $(params.cis_mas_domain)
7959
+ - name: CIS_CRN
7960
+ value: $(params.cis_crn)
7961
+ envFrom:
7962
+ - configMapRef:
7963
+ name: environment-properties
7964
+ optional: true
7965
+ - secretRef:
7966
+ name: secure-properties
7967
+
7968
+ steps:
7969
+ - args:
7970
+ - |-
7971
+
7972
+ # Expected secure-properties (sourced from IBM Cloud SM):
7973
+ # -------------------
7974
+ # SM_AWS_ACCESS_KEY_ID
7975
+ # SM_AWS_SECRET_ACCESS_KEY
7976
+ # SENDGRID_API_KEY
7977
+ # GITHUB_PAT
7978
+
7979
+ source /mascli/functions/gitops_utils
7980
+
7981
+ export AVP_TYPE="aws"
7982
+ sm_login || exit 1
7983
+
7984
+ # Fetch CIS API Key from AWS SM.
7985
+ # This is suitable for use with CIS instances used by MAS instances in the cluster we are targetting
7986
+ SECRET_NAME_CIS="${ACCOUNT_ID}/${CLUSTER_ID}/cis"
7987
+ echo "Getting ${SECRET_NAME_CIS} from AWS SM"
7988
+ export CIS_APIKEY="$(sm_get_secret_value "${SECRET_NAME_CIS}" "ibm_apikey")" # pragma: allowlist secret
7989
+ if [[ -z "${CIS_APIKEY}" || "${CIS_APIKEY}" == "null" ]]; then
7990
+ echo "Required AWS SM secret "${SECRET_NAME_CIS}" not found or invalid"
7991
+ exit 1
7992
+ fi
7993
+
7994
+ mkdir -p /tmp/init-suite-smtp-config
7995
+
7996
+ git config --global user.name "MAS Automation"
7997
+ git config --global user.email "you@example.com"
7998
+ git config --global user.password "${GITHUB_PAT}"
7999
+
8000
+ OUTPUT_FILE="/tmp/init-suite-smtp-config/mas-saas-sendgrid-subuser-output.yaml"
8001
+ rm "${OUTPUT_FILE}"
8002
+
8003
+ mas-saas-sendgrid-subuser \
8004
+ --customer-id "${ICN}" \
8005
+ --cis-mas-domain "${CIS_MAS_DOMAIN}" \
8006
+ --mas-account-id "${ACCOUNT_ID}" \
8007
+ --mas-cluster-id "${CLUSTER_ID}" \
8008
+ --mas-instance-id "${MAS_INSTANCE_ID}" \
8009
+ --cis-crn "${CIS_CRN}" \
8010
+ --output-file "${OUTPUT_FILE}" \
8011
+ --action create
8012
+
8013
+ rc="$?"
8014
+
8015
+ echo "mas-saas-sendgrid-subuser rc: ${rc}"
8016
+
8017
+ # Pull values out of the outfile and set them as environment vars
8018
+ if [[ -f "${OUTPUT_FILE}" ]]; then
8019
+ echo "Reading outputs from ${OUTPUT_FILE}"
8020
+ export SUBUSER_USERNAME="$(yq '.subuser.username // ""' "${OUTPUT_FILE}")" # pragma: allowlist secret
8021
+ export SUBUSER_PASSWORD="$(yq '.subuser.password // ""' "${OUTPUT_FILE}")" # pragma: allowlist secret
8022
+ export SENDGRID_APIKEY_USERNAME="apikey" # pragma: allowlist secret
8023
+ export SENDGRID_APIKEY_PASSWORD="$(yq '.apikey // ""' "${OUTPUT_FILE}")" # pragma: allowlist secret
8024
+ fi
8025
+
8026
+ # If an API key was generated by the script (even if something went wrong in later step)
8027
+ # this is our only opportunity to obtain its value so we need to register it in secrets manager now
8028
+ # so it'll be present when whatever the issue is resolved and the instance pipeline is rerun
8029
+ update_apikey_secret_rc="0"
8030
+ if [[ -n "${SENDGRID_APIKEY_PASSWORD}" ]]; then
8031
+ SECRET_NAME_SMTP="${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}/smtp"
8032
+ echo "Putting generated API Key in ${SECRET_NAME_SMTP}"
8033
+
8034
+ # NOTE: deliberately not using $SMTP_USERNAME or $SMTP_PASSWORD here, since we don't need/want the gitops-mas-config to repeat this step
8035
+ TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_suite_smtp_config_sendgrid\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
8036
+ # NOTE: running function in a subshell so we don't exit this script if something goes wrong (necessary due to the use of "set +o pipefail" in sm_update_secret)
8037
+ (sm_update_secret "${SECRET_NAME_SMTP}" "{\"username\": \"$SENDGRID_APIKEY_USERNAME\", \"password\": \"$SENDGRID_APIKEY_PASSWORD\"}" "${TAGS}")
8038
+
8039
+ # defer exiting the script if the sm_update_secret call above failed, so we have an opportunity to register other generated secrets
8040
+ update_apikey_secret_rc="$?"
8041
+ fi
8042
+
8043
+ # If a new subuser was created by the script (even if something went wrong in a later step)
8044
+ # this is our only opportunity to store the password we generated for the subuser
8045
+ update_subuser_secret_rc="0"
8046
+ if [[ -n "${SUBUSER_PASSWORD}" ]]; then
8047
+ SECRET_NAME_SENDGRID="ibm-customer/${ICN}/sendgrid_subuser"
8048
+ TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_suite_smtp_config_sendgrid\"}]"
8049
+ echo "Putting generated subuser credentials in ${SECRET_NAME_SENDGRID}"
8050
+ (sm_update_secret "${SECRET_NAME_SENDGRID}" "{\"username\": \"$SUBUSER_USERNAME\", \"password\": \"$SUBUSER_PASSWORD\"}" "${TAGS}")
8051
+
8052
+ # defer exiting the script if the sm_update_secret call above failed, so we have an opportunity to register other generated secrets
8053
+ update_subuser_secret_rc="$?"
8054
+ fi
8055
+
8056
+ echo "update_apikey_secret_rc: ${update_apikey_secret_rc}"
8057
+ echo "update_subuser_secret_rc: ${update_subuser_secret_rc}"
8058
+
8059
+ if [[ "${update_apikey_secret_rc}" != "0" ]]; then
8060
+ # We could add additional automation to deal with the (rare) edge case of the SM update failing.
8061
+ # i.e. add a "force_regenerate_api_key" flag that can be set before rerunning the pipeline
8062
+ # but I think - given the rarity - just documenting the manual resolution steps below will suffice.
8063
+ # another mitigation would be to add retry logic to the sm_update_secret call above
8064
+ echo "Failed to write generated API Key to AWS Secrets Manager!"
8065
+ echo "The API Key value is now lost and cannot be retrieved, manual intervention is required before rerunning the pipeline:"
8066
+ echo " - Log in to the SendGrid parent account"
8067
+ echo " - Switch to the subuser's account (which will start with ${ICN}, the full value will be in the logs above)"
8068
+ echo " - Locate and delete the API Key for this MAS instance - its name will be in the logs above"
8069
+ echo " - A new API Key for the MAS instance will be generated by this Task in the next pipeline run"
8070
+ rc="${update_apikey_secret_rc}"
8071
+ fi
8072
+
8073
+
8074
+
8075
+ if [[ "${update_subuser_secret_rc}" != "0" ]]; then
8076
+ # We could add additional automation to deal with the (rare) edge case of the SM update failing.
8077
+ # but I think - given the rarity - just documenting the manual resolution steps below will suffice.
8078
+ echo "Failed to write generated subuser username and password to AWS Secrets Manager!"
8079
+ echo "The generated password value is now lost and cannot be retrieved, manual intervention is required before rerunning the pipeline:"
8080
+ echo " - Log in to the SendGrid parent account"
8081
+ echo " - Go to Settings -> Subuser management"
8082
+ echo " - Locate and delete the subuser generated by the script above. The username will start with ${ICN}, the full value will be in the logs above."
8083
+ echo " - A new subuser will be created for the customer in the next pipeline run"
8084
+ rc="${update_subuser_secret_rc}"
8085
+ fi
8086
+
8087
+
8088
+ if [[ "${rc}" != "0" ]]; then
8089
+ echo "mas-saas-sendgrid-subuser failed with rc ${rc}"
8090
+ exit ${rc}
8091
+ fi
8092
+
8093
+ export SMTP_DISPLAY_NAME="SendGrid"
8094
+ export SMTP_HOST="smtp.sendgrid.net"
8095
+ export SMTP_PORT="465"
8096
+ export SMTP_SECURITY="SSL"
8097
+ export SMTP_AUTHENTICATION="true"
8098
+ export SMTP_DEFAULT_SENDER_EMAIL="mas.admin@${CIS_MAS_DOMAIN:-${MAS_DOMAIN}}" # use dns.cis.mas_domain if set, otherwise fallback to mas_instance.mas_domain
8099
+ export SMTP_DEFAULT_SENDER_NAME="MASAdmin"
8100
+ export SMTP_DEFAULT_RECIPIENT_EMAIL="mas.ms.smtp@ibm.com"
8101
+ export SMTP_DEFAULT_SHOULD_EMAIL_PASSWORDS="true"
8102
+
8103
+ # Ensure any SMTP_USERNAME/SMTP_PASSWORD values set in pipeline context properties
8104
+ # are not used by the gitops-mas-config script to override the values in the AWS SM Secret
8105
+ unset SMTP_USERNAME
8106
+ unset SMTP_PASSWORD
8107
+
8108
+ mas gitops-mas-config \
8109
+ --account-id "$ACCOUNT_ID" \
8110
+ --cluster-id "$CLUSTER_ID" \
8111
+ --mas-instance-id "$MAS_INSTANCE_ID" \
8112
+ --secrets-path "$SECRETS_PATH" \
8113
+ --github-push \
8114
+ --github-host "$GITHUB_HOST" \
8115
+ --github-org "$GITHUB_ORG" \
8116
+ --github-repo "$GITHUB_REPO" \
8117
+ --git-branch "$GIT_BRANCH" \
8118
+ --config-action upsert \
8119
+ --mas-config-scope system \
8120
+ --mas-config-type smtp \
8121
+ --dir /tmp/init-suite-smtp-config \
8122
+ --smtp-display-name "${SMTP_DISPLAY_NAME}" \
8123
+ --smtp-host "${SMTP_HOST}" \
8124
+ --smtp-port "${SMTP_PORT}" \
8125
+ --smtp-security "${SMTP_SECURITY}" \
8126
+ --smtp-authentication "${SMTP_AUTHENTICATION}" \
8127
+ --smtp-default-sender-email "${SMTP_DEFAULT_SENDER_EMAIL}" \
8128
+ --smtp-default-sender-name "${SMTP_DEFAULT_SENDER_NAME}" \
8129
+ --smtp-default-recipient-email "${SMTP_DEFAULT_RECIPIENT_EMAIL}" \
8130
+ --smtp-default-should-email-passwords "${SMTP_DEFAULT_SHOULD_EMAIL_PASSWORDS}" \
8131
+ --mas-smtpcfg-pod-template-yaml "${MAS_SMTPCFG_POD_TEMPLATE_YAML}"
8132
+
8133
+ exit $?
8134
+
8135
+ command:
8136
+ - /bin/sh
8137
+ - -c
8138
+ name: gitops-suite-smtp-config-sendgrid
8139
+ imagePullPolicy: IfNotPresent
8140
+ image: docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/mas/saas-task:latest
8141
+ workspaces:
8142
+ - name: configs
8143
+
8144
+
8145
+
8146
+
7687
8147
  # --------------------------------------------------------------------------------
7688
8148
  # /home/runner/work/cli/cli/tekton/target/tasks/gitops-suite-smtp-config.yaml
7689
8149
  # --------------------------------------------------------------------------------
@@ -7821,7 +8281,7 @@ spec:
7821
8281
  - -c
7822
8282
  name: gitops-suite-smtp-config
7823
8283
  imagePullPolicy: IfNotPresent
7824
- image: quay.io/ibmmas/cli:12.0.0
8284
+ image: quay.io/ibmmas/cli:13.0.0
7825
8285
  workspaces:
7826
8286
  - name: configs
7827
8287
 
@@ -7930,7 +8390,7 @@ spec:
7930
8390
  - -c
7931
8391
  name: gitops-suite-watson-studio-config
7932
8392
  imagePullPolicy: IfNotPresent
7933
- image: quay.io/ibmmas/cli:12.0.0
8393
+ image: quay.io/ibmmas/cli:13.0.0
7934
8394
  workspaces:
7935
8395
  - name: configs
7936
8396
  - name: shared-gitops-configs
@@ -8027,7 +8487,7 @@ spec:
8027
8487
  - -c
8028
8488
  name: gitops-suite-workspace
8029
8489
  imagePullPolicy: IfNotPresent
8030
- image: quay.io/ibmmas/cli:12.0.0
8490
+ image: quay.io/ibmmas/cli:13.0.0
8031
8491
  workspaces:
8032
8492
  - name: configs
8033
8493
  # --------------------------------------------------------------------------------
@@ -8307,7 +8767,7 @@ spec:
8307
8767
  - -c
8308
8768
  name: gitops-suite
8309
8769
  imagePullPolicy: IfNotPresent
8310
- image: quay.io/ibmmas/cli:12.0.0
8770
+ image: quay.io/ibmmas/cli:13.0.0
8311
8771
  workspaces:
8312
8772
  - name: configs
8313
8773
  - name: shared-gitops-configs
@@ -8357,7 +8817,7 @@ spec:
8357
8817
 
8358
8818
  steps:
8359
8819
  - name: grafana
8360
- image: quay.io/ibmmas/cli:12.0.0
8820
+ image: quay.io/ibmmas/cli:13.0.0
8361
8821
  imagePullPolicy: $(params.image_pull_policy)
8362
8822
  command:
8363
8823
  - /opt/app-root/src/run-role.sh
@@ -8491,7 +8951,7 @@ spec:
8491
8951
  command:
8492
8952
  - /opt/app-root/src/run-role.sh
8493
8953
  - ibm_catalogs
8494
- image: quay.io/ibmmas/cli:12.0.0
8954
+ image: quay.io/ibmmas/cli:13.0.0
8495
8955
  imagePullPolicy: $(params.image_pull_policy)
8496
8956
  workingDir: /workspace/configs
8497
8957
  # --------------------------------------------------------------------------------
@@ -8733,7 +9193,7 @@ spec:
8733
9193
  command:
8734
9194
  - /opt/app-root/src/run-role.sh
8735
9195
  - kafka
8736
- image: quay.io/ibmmas/cli:12.0.0
9196
+ image: quay.io/ibmmas/cli:13.0.0
8737
9197
  imagePullPolicy: $(params.image_pull_policy)
8738
9198
  workingDir: /workspace/configs
8739
9199
 
@@ -8949,7 +9409,7 @@ spec:
8949
9409
  command:
8950
9410
  - /opt/app-root/src/run-role.sh
8951
9411
  - kmodels
8952
- image: quay.io/ibmmas/cli:12.0.0
9412
+ image: quay.io/ibmmas/cli:13.0.0
8953
9413
  imagePullPolicy: $(params.image_pull_policy)
8954
9414
  # --------------------------------------------------------------------------------
8955
9415
  # /home/runner/work/cli/cli/tekton/target/tasks/mongodb.yaml
@@ -9127,7 +9587,7 @@ spec:
9127
9587
  command:
9128
9588
  - /opt/app-root/src/run-role.sh
9129
9589
  - mongodb
9130
- image: quay.io/ibmmas/cli:12.0.0
9590
+ image: quay.io/ibmmas/cli:13.0.0
9131
9591
  imagePullPolicy: $(params.image_pull_policy)
9132
9592
  workingDir: /workspace/configs
9133
9593
 
@@ -9170,7 +9630,7 @@ spec:
9170
9630
  - $(params.base_output_dir)
9171
9631
  - --extra-namespaces
9172
9632
  - selenium
9173
- image: quay.io/ibmmas/cli:12.0.0
9633
+ image: quay.io/ibmmas/cli:13.0.0
9174
9634
  imagePullPolicy: $(params.image_pull_policy)
9175
9635
  env:
9176
9636
  - name: DEVOPS_MONGO_URI
@@ -9287,7 +9747,7 @@ spec:
9287
9747
  command:
9288
9748
  - /opt/app-root/src/run-role.sh
9289
9749
  - nvidia_gpu
9290
- image: quay.io/ibmmas/cli:12.0.0
9750
+ image: quay.io/ibmmas/cli:13.0.0
9291
9751
  imagePullPolicy: $(params.image_pull_policy)
9292
9752
  workingDir: /workspace/configs
9293
9753
 
@@ -9323,7 +9783,7 @@ spec:
9323
9783
  # Verify Cluster
9324
9784
  # -------------------------------------------------------------------------
9325
9785
  - name: ocp-verify-cluster
9326
- image: quay.io/ibmmas/cli:12.0.0
9786
+ image: quay.io/ibmmas/cli:13.0.0
9327
9787
  imagePullPolicy: $(params.image_pull_policy)
9328
9788
  command:
9329
9789
  - /opt/app-root/src/run-role.sh
@@ -9365,7 +9825,7 @@ spec:
9365
9825
  # Verify Catalogs
9366
9826
  # -------------------------------------------------------------------------
9367
9827
  - name: ocp-verify-catalogs
9368
- image: quay.io/ibmmas/cli:12.0.0
9828
+ image: quay.io/ibmmas/cli:13.0.0
9369
9829
  imagePullPolicy: $(params.image_pull_policy)
9370
9830
  command:
9371
9831
  - /opt/app-root/src/run-role.sh
@@ -9407,7 +9867,7 @@ spec:
9407
9867
  # Verify Subscriptions
9408
9868
  # -------------------------------------------------------------------------
9409
9869
  - name: ocp-verify-subscriptions
9410
- image: quay.io/ibmmas/cli:12.0.0
9870
+ image: quay.io/ibmmas/cli:13.0.0
9411
9871
  imagePullPolicy: $(params.image_pull_policy)
9412
9872
  command:
9413
9873
  - /opt/app-root/src/run-role.sh
@@ -9449,7 +9909,7 @@ spec:
9449
9909
  # Verify Workloads
9450
9910
  # -------------------------------------------------------------------------
9451
9911
  - name: ocp-verify-workloads
9452
- image: quay.io/ibmmas/cli:12.0.0
9912
+ image: quay.io/ibmmas/cli:13.0.0
9453
9913
  imagePullPolicy: $(params.image_pull_policy)
9454
9914
  command:
9455
9915
  - /opt/app-root/src/run-role.sh
@@ -9491,7 +9951,7 @@ spec:
9491
9951
  # Verify Catalogs - Ingress TLS
9492
9952
  # -------------------------------------------------------------------------
9493
9953
  - name: ocp-verify-ingress
9494
- image: quay.io/ibmmas/cli:12.0.0
9954
+ image: quay.io/ibmmas/cli:13.0.0
9495
9955
  imagePullPolicy: $(params.image_pull_policy)
9496
9956
  command:
9497
9957
  - /opt/app-root/src/run-role.sh
@@ -9617,7 +10077,7 @@ spec:
9617
10077
  command:
9618
10078
  - /opt/app-root/src/run-role.sh
9619
10079
  - ocp_verify
9620
- image: quay.io/ibmmas/cli:12.0.0
10080
+ image: quay.io/ibmmas/cli:13.0.0
9621
10081
  imagePullPolicy: $(params.image_pull_policy)
9622
10082
  workingDir: /workspace/configs
9623
10083
  # --------------------------------------------------------------------------------
@@ -9685,7 +10145,7 @@ spec:
9685
10145
  command:
9686
10146
  - /opt/app-root/src/run-role.sh
9687
10147
  - ocs
9688
- image: quay.io/ibmmas/cli:12.0.0
10148
+ image: quay.io/ibmmas/cli:13.0.0
9689
10149
  imagePullPolicy: $(params.image_pull_policy)
9690
10150
  workingDir: /workspace/configs
9691
10151
 
@@ -9921,7 +10381,7 @@ spec:
9921
10381
  command:
9922
10382
  - /opt/app-root/src/run-role.sh
9923
10383
  - odh
9924
- image: quay.io/ibmmas/cli:12.0.0
10384
+ image: quay.io/ibmmas/cli:13.0.0
9925
10385
  imagePullPolicy: $(params.image_pull_policy)
9926
10386
  # --------------------------------------------------------------------------------
9927
10387
  # /home/runner/work/cli/cli/tekton/target/tasks/sls-registry-update.yaml
@@ -10097,7 +10557,7 @@ spec:
10097
10557
  command:
10098
10558
  - /opt/app-root/src/run-role.sh
10099
10559
  - sls
10100
- image: quay.io/ibmmas/cli:12.0.0
10560
+ image: quay.io/ibmmas/cli:13.0.0
10101
10561
  imagePullPolicy: $(params.image_pull_policy)
10102
10562
  workingDir: /workspace/configs
10103
10563
 
@@ -10486,12 +10946,12 @@ spec:
10486
10946
  command:
10487
10947
  - /opt/app-root/src/run-role.sh
10488
10948
  - suite_app_config
10489
- image: quay.io/ibmmas/cli:12.0.0
10949
+ image: quay.io/ibmmas/cli:13.0.0
10490
10950
  imagePullPolicy: $(params.image_pull_policy)
10491
10951
 
10492
- # If configmap/approval-app-cfg-$(params.mas_app_id) exists then set CONFIGMAP_KEY=pending and wait for it to be changed to "approved"
10952
+ # If configmap/approval-app-cfg-$(params.mas_app_id) exists then set STATUS=pending and wait for it to be changed to "approved"
10493
10953
  - name: app-cfg-post-verify
10494
- image: quay.io/ibmmas/cli:12.0.0
10954
+ image: quay.io/ibmmas/cli:13.0.0
10495
10955
  imagePullPolicy: $(params.image_pull_policy)
10496
10956
  command:
10497
10957
  - /opt/app-root/src/wait-for-configmap.sh
@@ -10500,12 +10960,6 @@ spec:
10500
10960
  value: $(context.taskRun.namespace)
10501
10961
  - name: CONFIGMAP_NAME
10502
10962
  value: approval-app-cfg-$(params.mas_app_id)
10503
- - name: CONFIGMAP_KEY
10504
- valueFrom:
10505
- configMapKeyRef:
10506
- name: approval-app-cfg-$(params.mas_app_id)
10507
- key: CONFIGMAP_KEY
10508
- optional: true
10509
10963
  - name: CONFIGMAP_INITIAL_VALUE
10510
10964
  value: pending
10511
10965
  - name: CONFIGMAP_TARGET_VALUE
@@ -10692,7 +11146,7 @@ spec:
10692
11146
  command:
10693
11147
  - /opt/app-root/src/run-role.sh
10694
11148
  - suite_app_install
10695
- image: quay.io/ibmmas/cli:12.0.0
11149
+ image: quay.io/ibmmas/cli:13.0.0
10696
11150
  imagePullPolicy: $(params.image_pull_policy)
10697
11151
 
10698
11152
  workspaces:
@@ -10781,7 +11235,7 @@ spec:
10781
11235
  command:
10782
11236
  - /opt/app-root/src/run-role.sh
10783
11237
  - suite_app_rollback
10784
- image: quay.io/ibmmas/cli:12.0.0
11238
+ image: quay.io/ibmmas/cli:13.0.0
10785
11239
  imagePullPolicy: $(params.image_pull_policy)
10786
11240
  # --------------------------------------------------------------------------------
10787
11241
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-app-uninstall.yaml
@@ -10844,7 +11298,7 @@ spec:
10844
11298
  command:
10845
11299
  - /opt/app-root/src/run-role.sh
10846
11300
  - suite_app_uninstall
10847
- image: quay.io/ibmmas/cli:12.0.0
11301
+ image: quay.io/ibmmas/cli:13.0.0
10848
11302
  imagePullPolicy: $(params.image_pull_policy)
10849
11303
  # --------------------------------------------------------------------------------
10850
11304
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-app-upgrade.yaml
@@ -10919,7 +11373,7 @@ spec:
10919
11373
  command:
10920
11374
  - /opt/app-root/src/run-role.sh
10921
11375
  - suite_app_upgrade
10922
- image: quay.io/ibmmas/cli:12.0.0
11376
+ image: quay.io/ibmmas/cli:13.0.0
10923
11377
  imagePullPolicy: $(params.image_pull_policy)
10924
11378
  # --------------------------------------------------------------------------------
10925
11379
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-app-verify.yaml
@@ -11020,7 +11474,7 @@ spec:
11020
11474
  command:
11021
11475
  - /opt/app-root/src/run-role.sh
11022
11476
  - suite_app_verify
11023
- image: quay.io/ibmmas/cli:12.0.0
11477
+ image: quay.io/ibmmas/cli:13.0.0
11024
11478
  imagePullPolicy: $(params.image_pull_policy)
11025
11479
  # --------------------------------------------------------------------------------
11026
11480
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-certs.yaml
@@ -11163,7 +11617,7 @@ spec:
11163
11617
  command:
11164
11618
  - /opt/app-root/src/run-role.sh
11165
11619
  - suite_certs
11166
- image: quay.io/ibmmas/cli:12.0.0
11620
+ image: quay.io/ibmmas/cli:13.0.0
11167
11621
  imagePullPolicy: $(params.image_pull_policy)
11168
11622
 
11169
11623
  workspaces:
@@ -11230,7 +11684,7 @@ spec:
11230
11684
  command:
11231
11685
  - /opt/app-root/src/run-role.sh
11232
11686
  - suite_config
11233
- image: quay.io/ibmmas/cli:12.0.0
11687
+ image: quay.io/ibmmas/cli:13.0.0
11234
11688
  imagePullPolicy: $(params.image_pull_policy)
11235
11689
  workingDir: /workspace/configs
11236
11690
 
@@ -11301,7 +11755,7 @@ spec:
11301
11755
  command:
11302
11756
  - /opt/app-root/src/run-role.sh
11303
11757
  - suite_db2_setup_for_manage
11304
- image: quay.io/ibmmas/cli:12.0.0
11758
+ image: quay.io/ibmmas/cli:13.0.0
11305
11759
  imagePullPolicy: $(params.image_pull_policy)
11306
11760
  # --------------------------------------------------------------------------------
11307
11761
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-dns.yaml
@@ -11491,7 +11945,7 @@ spec:
11491
11945
  command:
11492
11946
  - /opt/app-root/src/run-role.sh
11493
11947
  - suite_dns
11494
- image: quay.io/ibmmas/cli:12.0.0
11948
+ image: quay.io/ibmmas/cli:13.0.0
11495
11949
  imagePullPolicy: $(params.image_pull_policy)
11496
11950
  # --------------------------------------------------------------------------------
11497
11951
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-install.yaml
@@ -11740,7 +12194,7 @@ spec:
11740
12194
  command:
11741
12195
  - /opt/app-root/src/run-role.sh
11742
12196
  - suite_install
11743
- image: quay.io/ibmmas/cli:12.0.0
12197
+ image: quay.io/ibmmas/cli:13.0.0
11744
12198
  imagePullPolicy: $(params.image_pull_policy)
11745
12199
  workingDir: /workspace/configs
11746
12200
 
@@ -11828,7 +12282,7 @@ spec:
11828
12282
  command:
11829
12283
  - /opt/app-root/src/run-role.sh
11830
12284
  - suite_rollback
11831
- image: quay.io/ibmmas/cli:12.0.0
12285
+ image: quay.io/ibmmas/cli:13.0.0
11832
12286
  imagePullPolicy: $(params.image_pull_policy)
11833
12287
  # --------------------------------------------------------------------------------
11834
12288
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-uninstall.yaml
@@ -11893,7 +12347,7 @@ spec:
11893
12347
  command:
11894
12348
  - /opt/app-root/src/run-role.sh
11895
12349
  - suite_uninstall
11896
- image: quay.io/ibmmas/cli:12.0.0
12350
+ image: quay.io/ibmmas/cli:13.0.0
11897
12351
  imagePullPolicy: $(params.image_pull_policy)
11898
12352
  # --------------------------------------------------------------------------------
11899
12353
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-upgrade.yaml
@@ -11963,7 +12417,7 @@ spec:
11963
12417
  command:
11964
12418
  - /opt/app-root/src/run-role.sh
11965
12419
  - suite_upgrade
11966
- image: quay.io/ibmmas/cli:12.0.0
12420
+ image: quay.io/ibmmas/cli:13.0.0
11967
12421
  imagePullPolicy: $(params.image_pull_policy)
11968
12422
  # --------------------------------------------------------------------------------
11969
12423
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-verify.yaml
@@ -12030,12 +12484,12 @@ spec:
12030
12484
  command:
12031
12485
  - /opt/app-root/src/run-role.sh
12032
12486
  - suite_verify
12033
- image: quay.io/ibmmas/cli:12.0.0
12487
+ image: quay.io/ibmmas/cli:13.0.0
12034
12488
  imagePullPolicy: $(params.image_pull_policy)
12035
12489
 
12036
- # If configmap/approval-suite-verify exists then set CONFIGMAP_KEY=pending and wait for it to be changed to "approved"
12490
+ # If configmap/approval-suite-verify exists then set STATUS=pending and wait for it to be changed to "approved"
12037
12491
  - name: suite-post-verify
12038
- image: quay.io/ibmmas/cli:12.0.0
12492
+ image: quay.io/ibmmas/cli:13.0.0
12039
12493
  imagePullPolicy: $(params.image_pull_policy)
12040
12494
  script: |
12041
12495
  #!/usr/bin/env bash
@@ -12047,12 +12501,6 @@ spec:
12047
12501
  value: $(context.taskRun.namespace)
12048
12502
  - name: CONFIGMAP_NAME
12049
12503
  value: approval-suite-verify
12050
- - name: CONFIGMAP_KEY
12051
- valueFrom:
12052
- configMapKeyRef:
12053
- name: approval-suite-verify
12054
- key: CONFIGMAP_KEY
12055
- optional: true
12056
12504
  - name: CONFIGMAP_INITIAL_VALUE
12057
12505
  value: pending
12058
12506
  - name: CONFIGMAP_TARGET_VALUE
@@ -12169,7 +12617,7 @@ spec:
12169
12617
  command:
12170
12618
  - /opt/app-root/src/run-role.sh
12171
12619
  - turbonomic
12172
- image: quay.io/ibmmas/cli:12.0.0
12620
+ image: quay.io/ibmmas/cli:13.0.0
12173
12621
  imagePullPolicy: $(params.image_pull_policy)
12174
12622
  # --------------------------------------------------------------------------------
12175
12623
  # /home/runner/work/cli/cli/tekton/target/tasks/uds.yaml
@@ -12250,7 +12698,7 @@ spec:
12250
12698
  # IBM User Data Services (UDS)
12251
12699
  # -------------------------------------------------------------------------
12252
12700
  - name: uds
12253
- image: quay.io/ibmmas/cli:12.0.0
12701
+ image: quay.io/ibmmas/cli:13.0.0
12254
12702
  imagePullPolicy: $(params.image_pull_policy)
12255
12703
  workingDir: /workspace/configs
12256
12704
  command:
@@ -12313,7 +12761,7 @@ spec:
12313
12761
  # IBM Data Reporter Operator (DRO)
12314
12762
  # -------------------------------------------------------------------------
12315
12763
  - name: dro
12316
- image: quay.io/ibmmas/cli:12.0.0
12764
+ image: quay.io/ibmmas/cli:13.0.0
12317
12765
  imagePullPolicy: $(params.image_pull_policy)
12318
12766
  workingDir: /workspace/configs
12319
12767
  command:
@@ -12387,31 +12835,104 @@ metadata:
12387
12835
  spec:
12388
12836
  params:
12389
12837
  # What configmap to update
12838
+ - name: configmap_namespace
12839
+ type: string
12840
+ description: "The namespace of the configmap to update"
12841
+ default: $(context.taskRun.namespace)
12390
12842
  - name: configmap_name
12391
12843
  type: string
12392
12844
  description: "The name of the configmap to update"
12393
- - name: configmap_key
12394
- type: string
12395
- description: "The key in the configmap to update"
12396
12845
  - name: configmap_value
12397
12846
  type: string
12398
12847
  description: "The value to set"
12848
+ steps:
12849
+ - name: update-configmap
12850
+ image: quay.io/ibmmas/cli:13.0.0
12851
+ command:
12852
+ - /opt/app-root/src/update-configmap.sh
12853
+ env:
12854
+ # What to wait for
12855
+ - name: NAMESPACE
12856
+ value: $(params.configmap_namespace)
12857
+ - name: CONFIGMAP_NAME
12858
+ value: $(params.configmap_name)
12859
+ - name: CONFIGMAP_VALUE
12860
+ value: $(params.configmap_value)
12861
+ # --------------------------------------------------------------------------------
12862
+ # /home/runner/work/cli/cli/tekton/target/tasks/wait-for-configmap-v2.yaml
12863
+ # --------------------------------------------------------------------------------
12864
+ ---
12865
+ apiVersion: tekton.dev/v1beta1
12866
+ kind: Task
12867
+ metadata:
12868
+ name: mas-devops-wait-for-configmap-v2
12869
+ spec:
12870
+ params:
12871
+ - name: configmap_namespace
12872
+ type: string
12873
+ description: "The namespace of the configmap to wait for"
12874
+ default: $(context.taskRun.namespace)
12875
+ - name: configmap_name
12876
+ type: string
12877
+ description: "The name of the configmap to wait for"
12878
+ - name: configmap_initial_value
12879
+ type: string
12880
+ description: "Optional value to initialise the configmap with if it does not already exist"
12881
+ default: ""
12882
+ - name: configmap_target_value
12883
+ type: string
12884
+ description: "The value to wait for the configmap to change to (defaults to 'approved')"
12885
+ default: "approved"
12886
+
12887
+ # Optional escape route
12888
+ - name: escape_configmap_name
12889
+ type: string
12890
+ description: "The name of the configmap wait for"
12891
+ default: ""
12892
+ description: "The key in the configmap to watch for"
12893
+ default: ""
12894
+
12895
+ steps:
12896
+ - name: wait-for-configmap
12897
+ image: quay.io/ibmmas/cli:13.0.0
12898
+ command:
12899
+ - /opt/app-root/src/wait-for-configmap.sh
12900
+ env:
12901
+ # What to wait for
12902
+ - name: NAMESPACE
12903
+ value: $(params.configmap_namespace)
12904
+ - name: CONFIGMAP_NAME
12905
+ value: $(params.configmap_name)
12906
+ - name: CONFIGMAP_INITIAL_VALUE
12907
+ value: $(params.configmap_initial_value)
12908
+ - name: CONFIGMAP_TARGET_VALUE
12909
+ value: $(params.configmap_target_value)
12910
+
12911
+ # How long to wait
12912
+ - name: DELAY
12913
+ valueFrom:
12914
+ configMapKeyRef:
12915
+ name: $(params.configmap_name)
12916
+ key: DELAY
12917
+ optional: true
12918
+ - name: MAX_RETRIES
12919
+ valueFrom:
12920
+ configMapKeyRef:
12921
+ name: $(params.configmap_name)
12922
+ key: MAX_RETRIES
12923
+ optional: true
12399
12924
 
12400
- steps:
12401
- - name: update-configmap
12402
- image: quay.io/ibmmas/cli:12.0.0
12403
- command:
12404
- - /opt/app-root/src/update-configmap.sh
12405
- env:
12406
- # What to wait for
12407
- - name: NAMESPACE
12408
- value: $(context.taskRun.namespace)
12409
- - name: CONFIGMAP_NAME
12410
- value: $(params.configmap_name)
12411
- - name: CONFIGMAP_KEY
12412
- value: $(params.configmap_key)
12413
- - name: CONFIGMAP_VALUE
12414
- value: $(params.configmap_value)
12925
+ # Optional escape route
12926
+ - name: ESCAPE_CONFIGMAP_NAME
12927
+ value: $(params.escape_configmap_name)
12928
+
12929
+ # How to handle errors
12930
+ - name: IGNORE_FAILURE
12931
+ valueFrom:
12932
+ configMapKeyRef:
12933
+ name: $(params.configmap_name)
12934
+ key: IGNORE_FAILURE
12935
+ optional: true
12415
12936
  # --------------------------------------------------------------------------------
12416
12937
  # /home/runner/work/cli/cli/tekton/target/tasks/wait-for-configmap.yaml
12417
12938
  # --------------------------------------------------------------------------------
@@ -12426,9 +12947,6 @@ spec:
12426
12947
  - name: configmap_name
12427
12948
  type: string
12428
12949
  description: "The name of the configmap wait for"
12429
- - name: configmap_key
12430
- type: string
12431
- description: "The key in the configmap to watch for"
12432
12950
  - name: configmap_target_value
12433
12951
  type: string
12434
12952
  description: "The value to wait for the configmap to change to"
@@ -12438,10 +12956,6 @@ spec:
12438
12956
  type: string
12439
12957
  description: "The name of the configmap wait for"
12440
12958
  default: ""
12441
- - name: escape_configmap_key
12442
- type: string
12443
- description: "The key in the configmap to watch for"
12444
- default: ""
12445
12959
 
12446
12960
  # How long to wait
12447
12961
  - name: delay
@@ -12461,7 +12975,7 @@ spec:
12461
12975
 
12462
12976
  steps:
12463
12977
  - name: wait-for-configmap
12464
- image: quay.io/ibmmas/cli:12.0.0
12978
+ image: quay.io/ibmmas/cli:13.0.0
12465
12979
  command:
12466
12980
  - /opt/app-root/src/wait-for-configmap.sh
12467
12981
  env:
@@ -12470,16 +12984,12 @@ spec:
12470
12984
  value: $(context.taskRun.namespace)
12471
12985
  - name: CONFIGMAP_NAME
12472
12986
  value: $(params.configmap_name)
12473
- - name: CONFIGMAP_KEY
12474
- value: $(params.configmap_key)
12475
12987
  - name: CONFIGMAP_TARGET_VALUE
12476
12988
  value: $(params.configmap_target_value)
12477
12989
 
12478
12990
  # Optional escape route
12479
12991
  - name: ESCAPE_CONFIGMAP_NAME
12480
12992
  value: $(params.escape_configmap_name)
12481
- - name: ESCAPE_CONFIGMAP_KEY
12482
- value: $(params.escape_configmap_key)
12483
12993
 
12484
12994
  # How long to wait
12485
12995
  - name: DELAY
@@ -12525,7 +13035,7 @@ spec:
12525
13035
 
12526
13036
  steps:
12527
13037
  - name: wait
12528
- image: quay.io/ibmmas/cli:12.0.0
13038
+ image: quay.io/ibmmas/cli:13.0.0
12529
13039
  command:
12530
13040
  - /opt/app-root/src/wait-for-tekton.sh
12531
13041
  env:
@@ -13464,8 +13974,18 @@ spec:
13464
13974
  - name: jdbc_route_manage
13465
13975
  type: string
13466
13976
  default: ""
13977
+
13978
+ - name: sls_license_icn
13979
+ type: string
13980
+ - name: cis_crn
13981
+ type: string
13982
+ - name: cis_mas_domain
13983
+ type: string
13984
+ - name: smtp_use_sendgrid
13985
+ type: string
13986
+ default: ""
13467
13987
  tasks:
13468
- # 1. Deprovision workspace
13988
+ # Deprovision workspace
13469
13989
  # -------------------------------------------------------------------------
13470
13990
  - name: gitops-deprovision-suite-workspace
13471
13991
  params:
@@ -13506,7 +14026,45 @@ spec:
13506
14026
  - name: configs
13507
14027
  workspace: configs
13508
14028
 
13509
- # 2. Deprovision SMTP config
14029
+ # Deprovision SendGrid subuser
14030
+ # -------------------------------------------------------------------------
14031
+ - name: gitops-deprovision-suite-sendgrid-subuser
14032
+ params:
14033
+ - name: cluster_name
14034
+ value: $(params.cluster_name)
14035
+ - name: account
14036
+ value: $(params.account)
14037
+ - name: mas_instance_id
14038
+ value: $(params.mas_instance_id)
14039
+ - name: icn
14040
+ value: $(params.sls_license_icn)
14041
+ - name: cis_mas_domain
14042
+ value: $(params.cis_mas_domain)
14043
+ - name: cis_crn
14044
+ value: $(params.cis_crn)
14045
+ - name: avp_aws_secret_region
14046
+ value: $(params.avp_aws_secret_region)
14047
+ taskRef:
14048
+ kind: Task
14049
+ name: gitops-deprovision-suite-sendgrid-subuser
14050
+ when:
14051
+ # Task uses an IBM internal image and cannot be used outside of the internal IBM Toolchains
14052
+ # To make sure this task is only run when this is the case, reference a field that
14053
+ # but corresponds to another IBM-internal only feature that will also still be present after smtp config is removed
14054
+ # sls.license.icn is a good choice for this, it also happens to be a required input to the sendgrid scripts
14055
+ - input: "$(params.sls_license_icn)"
14056
+ operator: notin
14057
+ values: [""]
14058
+
14059
+ # only attempt Subuser teardown if the instance was configured to use automated sendgrid subuser management at the time of deprovisioning
14060
+ - input: "$(params.smtp_use_sendgrid)"
14061
+ operator: in
14062
+ values: ["true"]
14063
+ workspaces:
14064
+ - name: configs
14065
+ workspace: configs
14066
+
14067
+ # Deprovision SMTP config
13510
14068
  # -------------------------------------------------------------------------
13511
14069
  - name: gitops-deprovision-suite-smtp-config
13512
14070
  runAfter:
@@ -13545,7 +14103,7 @@ spec:
13545
14103
  - name: configs
13546
14104
  workspace: configs
13547
14105
 
13548
- # 3. Deprovision IDP config
14106
+ # Deprovision IDP config
13549
14107
  # -------------------------------------------------------------------------
13550
14108
  - name: gitops-deprovision-suite-idp-config
13551
14109
  runAfter:
@@ -13584,7 +14142,7 @@ spec:
13584
14142
  - name: configs
13585
14143
  workspace: configs
13586
14144
 
13587
- # 4. Deprovision Suite config
14145
+ # Deprovision Suite config
13588
14146
  # -------------------------------------------------------------------------
13589
14147
  - name: gitops-deprovision-suite-config
13590
14148
  runAfter:
@@ -13634,7 +14192,7 @@ spec:
13634
14192
  name: gitops-deprovision-suite-config
13635
14193
  kind: Task
13636
14194
 
13637
- # 5. Deprovision Suite config
14195
+ # Deprovision Suite config
13638
14196
  # -------------------------------------------------------------------------
13639
14197
  - name: gitops-deprovision-suite
13640
14198
  runAfter:
@@ -13675,7 +14233,7 @@ spec:
13675
14233
  - name: configs
13676
14234
  workspace: configs
13677
14235
 
13678
- # 8. Deprovision Kafka config
14236
+ # Deprovision Kafka config
13679
14237
  # -------------------------------------------------------------------------
13680
14238
  - name: gitops-delete-kafka-config
13681
14239
  runAfter:
@@ -13716,7 +14274,7 @@ spec:
13716
14274
  kind: Task
13717
14275
  name: gitops-delete-kafka-config
13718
14276
 
13719
- # 9. Deprovision Objectstorage config
14277
+ # Deprovision Objectstorage config
13720
14278
  # -------------------------------------------------------------------------
13721
14279
  - name: gitops-deprovision-suite-objectstorage-config
13722
14280
  runAfter:
@@ -13755,7 +14313,7 @@ spec:
13755
14313
  - name: configs
13756
14314
  workspace: configs
13757
14315
 
13758
- # 10. Deprovision Watson Studio config
14316
+ # Deprovision Watson Studio config
13759
14317
  # -------------------------------------------------------------------------
13760
14318
  - name: gitops-deprovision-suite-watson-studio-config
13761
14319
  runAfter:
@@ -13794,7 +14352,7 @@ spec:
13794
14352
  - name: configs
13795
14353
  workspace: configs
13796
14354
 
13797
- # 11. Deprovision DB2U Operator
14355
+ # Deprovision DB2U Operator
13798
14356
  # -------------------------------------------------------------------------
13799
14357
  - name: gitops-deprovision-db2u
13800
14358
  runAfter:
@@ -17634,6 +18192,7 @@ spec:
17634
18192
  - name: ingress
17635
18193
  type: string
17636
18194
  default: "false"
18195
+
17637
18196
  - name: group_sync_operator_cron_schedule
17638
18197
  type: string
17639
18198
  default: ''
@@ -17643,9 +18202,17 @@ spec:
17643
18202
  - name: group_sync_operator_isv_groups
17644
18203
  type: string
17645
18204
  default: ''
18205
+
17646
18206
  - name: ibm_rbac_binding_to_group
17647
18207
  type: string
17648
18208
  default: ''
18209
+
18210
+ - name: falcon_operator_cloud_region
18211
+ type: string
18212
+ default: ''
18213
+ - name: falcon_operator_node_sensor
18214
+ type: string
18215
+ default: ''
17649
18216
  tasks:
17650
18217
  - name: gitops-cluster
17651
18218
  params:
@@ -17718,14 +18285,21 @@ spec:
17718
18285
  value: $(params.dns_provider)
17719
18286
  - name: ingress
17720
18287
  value: $(params.ingress)
18288
+
17721
18289
  - name: group_sync_operator_cron_schedule
17722
18290
  value: $(params.group_sync_operator_cron_schedule)
17723
18291
  - name: group_sync_operator_isv_tenant_url
17724
18292
  value: $(params.group_sync_operator_isv_tenant_url)
17725
18293
  - name: group_sync_operator_isv_groups
17726
18294
  value: $(params.group_sync_operator_isv_groups)
18295
+
17727
18296
  - name: ibm_rbac_binding_to_group
17728
18297
  value: $(params.ibm_rbac_binding_to_group)
18298
+
18299
+ - name: falcon_operator_cloud_region
18300
+ value: $(params.falcon_operator_cloud_region)
18301
+ - name: falcon_operator_node_sensor
18302
+ value: $(params.falcon_operator_node_sensor)
17729
18303
  taskRef:
17730
18304
  kind: Task
17731
18305
  name: gitops-cluster
@@ -18569,6 +19143,12 @@ spec:
18569
19143
  type: string
18570
19144
  default: ""
18571
19145
 
19146
+ - name: sls_license_icn
19147
+ type: string
19148
+ - name: smtp_use_sendgrid
19149
+ type: string
19150
+ default: ""
19151
+
18572
19152
  tasks:
18573
19153
  - name: mas-launchfvt
18574
19154
  params:
@@ -18694,6 +19274,13 @@ spec:
18694
19274
  - name: ldap_userid_map
18695
19275
  value: $(params.ldap_userid_map)
18696
19276
 
19277
+ - name: icn
19278
+ value: $(params.sls_license_icn)
19279
+ - name: avp_aws_secret_region
19280
+ value: $(params.avp_aws_secret_region)
19281
+ - name: use_sendgrid
19282
+ value: $(params.smtp_use_sendgrid)
19283
+
18697
19284
  workspaces:
18698
19285
  - name: configs
18699
19286
  workspace: configs
@@ -19211,6 +19798,9 @@ spec:
19211
19798
  type: string
19212
19799
  - name: smtp_default_should_email_passwords
19213
19800
  type: string
19801
+ - name: smtp_use_sendgrid
19802
+ type: string
19803
+
19214
19804
  - name: ldap_url
19215
19805
  type: string
19216
19806
  - name: ldap_basedn
@@ -19379,7 +19969,7 @@ spec:
19379
19969
  kind: Task
19380
19970
  name: gitops-license
19381
19971
  when:
19382
- - input: "$(params.sls_license_app_points)"
19972
+ - input: "$(params.sls_license_icn)"
19383
19973
  operator: in
19384
19974
  values: [""]
19385
19975
 
@@ -19408,7 +19998,7 @@ spec:
19408
19998
  kind: Task
19409
19999
  name: gitops-license-generator
19410
20000
  when:
19411
- - input: "$(params.sls_license_app_points)"
20001
+ - input: "$(params.sls_license_icn)"
19412
20002
  operator: notin
19413
20003
  values: [""]
19414
20004
 
@@ -19670,6 +20260,56 @@ spec:
19670
20260
  - input: "$(params.smtp_host)"
19671
20261
  operator: notin
19672
20262
  values: [""]
20263
+ - input: "$(params.smtp_use_sendgrid)"
20264
+ operator: notin
20265
+ values: ["true"]
20266
+ workspaces:
20267
+ - name: configs
20268
+ workspace: configs
20269
+
20270
+ - name: gitops-suite-smtp-config-sendgrid
20271
+ runAfter:
20272
+ - gitops-suite-config
20273
+ params:
20274
+ - name: cluster_name
20275
+ value: $(params.cluster_name)
20276
+ - name: account
20277
+ value: $(params.account)
20278
+ - name: secrets_path
20279
+ value: $(params.secrets_path)
20280
+ - name: mas_instance_id
20281
+ value: $(params.mas_instance_id)
20282
+ - name: git_branch
20283
+ value: $(params.git_branch)
20284
+ - name: github_org
20285
+ value: $(params.github_org)
20286
+ - name: github_repo
20287
+ value: $(params.github_repo)
20288
+ - name: github_host
20289
+ value: $(params.github_host)
20290
+ - name: avp_aws_secret_region
20291
+ value: $(params.avp_aws_secret_region)
20292
+ - name: mas_smtpcfg_pod_template_yaml
20293
+ value: $(params.mas_smtpcfg_pod_template_yaml)
20294
+
20295
+ - name: icn
20296
+ value: $(params.sls_license_icn)
20297
+ - name: mas_domain
20298
+ value: $(params.mas_domain)
20299
+ - name: cis_mas_domain
20300
+ value: $(params.cis_mas_domain)
20301
+ - name: cis_crn
20302
+ value: $(params.cis_crn)
20303
+ taskRef:
20304
+ kind: Task
20305
+ name: gitops-suite-smtp-config-sendgrid
20306
+ when:
20307
+ - input: "$(params.smtp_host)"
20308
+ operator: in
20309
+ values: [""]
20310
+ - input: "$(params.smtp_use_sendgrid)"
20311
+ operator: in
20312
+ values: ["true"]
19673
20313
  workspaces:
19674
20314
  - name: configs
19675
20315
  workspace: configs
@@ -19730,6 +20370,45 @@ spec:
19730
20370
  # Deprovision task section
19731
20371
  # -------------------------------------------------------------------------
19732
20372
 
20373
+ # 1. Deprovision SendGrid subuser
20374
+ # -------------------------------------------------------------------------
20375
+ - name: gitops-deprovision-suite-sendgrid-subuser
20376
+ params:
20377
+ - name: cluster_name
20378
+ value: $(params.cluster_name)
20379
+ - name: account
20380
+ value: $(params.account)
20381
+ - name: mas_instance_id
20382
+ value: $(params.mas_instance_id)
20383
+ - name: icn
20384
+ value: $(params.sls_license_icn)
20385
+ - name: cis_mas_domain
20386
+ value: $(params.cis_mas_domain)
20387
+ - name: cis_crn
20388
+ value: $(params.cis_crn)
20389
+ - name: avp_aws_secret_region
20390
+ value: $(params.avp_aws_secret_region)
20391
+ taskRef:
20392
+ kind: Task
20393
+ name: gitops-deprovision-suite-sendgrid-subuser
20394
+ when:
20395
+ # Always run this task when smtp.use_sendgrid is unset (and we're running in an internal IBM toolchain - see below)
20396
+ # Task will still complete successfully even if it is a no-op
20397
+ - input: "$(params.smtp_use_sendgrid)"
20398
+ operator: notin
20399
+ values: ["true"]
20400
+
20401
+ # Task uses an IBM internal image and cannot be used outside of the internal IBM Toolchains
20402
+ # To make sure this task is only run when this is the case, reference a field that
20403
+ # but corresponds to another IBM-internal only feature that will also still be present after smtp config is removed
20404
+ # sls.license.icn is a good choice for this, it also happens to be a required input to the sendgrid scripts
20405
+ - input: "$(params.sls_license_icn)"
20406
+ operator: notin
20407
+ values: [""]
20408
+ workspaces:
20409
+ - name: configs
20410
+ workspace: configs
20411
+
19733
20412
  # 2. Deprovision SMTP config
19734
20413
  # -------------------------------------------------------------------------
19735
20414
  - name: gitops-deprovision-suite-smtp-config
@@ -19767,6 +20446,9 @@ spec:
19767
20446
  - input: "$(params.smtp_host)"
19768
20447
  operator: in
19769
20448
  values: [""]
20449
+ - input: "$(params.smtp_use_sendgrid)"
20450
+ operator: notin
20451
+ values: ["true"]
19770
20452
  workspaces:
19771
20453
  - name: configs
19772
20454
  workspace: configs
@@ -19811,6 +20493,7 @@ spec:
19811
20493
  workspaces:
19812
20494
  - name: configs
19813
20495
  workspace: configs
20496
+
19814
20497
  # --------------------------------------------------------------------------------
19815
20498
  # /home/runner/work/cli/cli/tekton/target/pipelines/install.yaml
19816
20499
  # --------------------------------------------------------------------------------
@@ -22753,6 +23436,7 @@ spec:
22753
23436
  - suite-db2-setup-system
22754
23437
  - suite-db2-setup-manage
22755
23438
  - suite-config-watson-studio
23439
+ - suite-config-cos
22756
23440
 
22757
23441
  # 8.3 Configure Manage workspace
22758
23442
  - name: app-cfg-manage
@@ -23521,8 +24205,6 @@ spec:
23521
24205
  value: $(params.image_pull_policy)
23522
24206
  - name: configmap_name
23523
24207
  value: sync-install
23524
- - name: configmap_key
23525
- value: INSTALL_STATUS
23526
24208
  - name: configmap_value
23527
24209
  # An aggregate status of all the pipelineTasks under the tasks section (excluding the finally section).
23528
24210
  # This variable is only available in the finally tasks and can have any one of the values (Succeeded, Failed, Completed, or None)
@@ -24167,13 +24849,28 @@ spec:
24167
24849
  # 8. Uninstall IBM Catalogs
24168
24850
  # 9. Uninstall Cluster Monitoring
24169
24851
 
24170
- # 1. Uninstall IBM Maximo Application Suite Applications
24852
+
24853
+ # 0. Wait for approval before we change anything
24171
24854
  # -------------------------------------------------------------------------
24172
- # 1.0 Start uninstall
24855
+ - name: waitfor-approval
24856
+ timeout: "0"
24857
+ taskRef:
24858
+ kind: Task
24859
+ name: mas-devops-wait-for-configmap-v2
24860
+ params:
24861
+ - name: image_pull_policy
24862
+ value: $(params.image_pull_policy)
24863
+ - name: configmap_name
24864
+ value: approval-uninstall
24865
+
24173
24866
 
24867
+ # 1. Uninstall IBM Maximo Application Suite Applications
24868
+ # -------------------------------------------------------------------------
24174
24869
  # 1.1 Uninstall Visual Inspection
24175
24870
  - name: app-uninstall-visualinspection
24176
24871
  timeout: "0"
24872
+ runAfter:
24873
+ - waitfor-approval
24177
24874
  taskRef:
24178
24875
  kind: Task
24179
24876
  name: mas-devops-suite-app-uninstall
@@ -24188,6 +24885,8 @@ spec:
24188
24885
  # 1.2 Uninstall Assist
24189
24886
  - name: app-uninstall-assist
24190
24887
  timeout: "0"
24888
+ runAfter:
24889
+ - waitfor-approval
24191
24890
  taskRef:
24192
24891
  kind: Task
24193
24892
  name: mas-devops-suite-app-uninstall
@@ -24202,6 +24901,8 @@ spec:
24202
24901
  # 1.3 Uninstall Optimizer
24203
24902
  - name: app-uninstall-optimizer
24204
24903
  timeout: "0"
24904
+ runAfter:
24905
+ - waitfor-approval
24205
24906
  taskRef:
24206
24907
  kind: Task
24207
24908
  name: mas-devops-suite-app-uninstall
@@ -24216,6 +24917,8 @@ spec:
24216
24917
  # 1.4 Uninstall Predict
24217
24918
  - name: app-uninstall-predict
24218
24919
  timeout: "0"
24920
+ runAfter:
24921
+ - waitfor-approval
24219
24922
  taskRef:
24220
24923
  kind: Task
24221
24924
  name: mas-devops-suite-app-uninstall
@@ -24275,6 +24978,7 @@ spec:
24275
24978
  - name: devops_suite_name
24276
24979
  value: app-iot-uninstall
24277
24980
 
24981
+
24278
24982
  # 2. Uninstall IBM Maximo Application Suite
24279
24983
  # -------------------------------------------------------------------------
24280
24984
  - name: uninstall-suite
@@ -24298,6 +25002,7 @@ spec:
24298
25002
  - name: devops_suite_name
24299
25003
  value: suite-uninstall
24300
25004
 
25005
+
24301
25006
  # 3. Uninstall IBM Suite Licensing Service
24302
25007
  # -------------------------------------------------------------------------
24303
25008
  - name: uninstall-sls
@@ -24319,6 +25024,7 @@ spec:
24319
25024
  runAfter:
24320
25025
  - uninstall-suite
24321
25026
 
25027
+
24322
25028
  # 4. Uninstall MongoDB
24323
25029
  # -------------------------------------------------------------------------
24324
25030
  - name: uninstall-mongodb
@@ -24340,6 +25046,7 @@ spec:
24340
25046
  runAfter:
24341
25047
  - uninstall-sls
24342
25048
 
25049
+
24343
25050
  # 5. Uninstall IBM User Data Services (or DRO)
24344
25051
  # -------------------------------------------------------------------------
24345
25052
  - name: uninstall-uds
@@ -24363,6 +25070,7 @@ spec:
24363
25070
  runAfter:
24364
25071
  - uninstall-mongodb
24365
25072
 
25073
+
24366
25074
  # 6. Uninstall IBM Cert Manager
24367
25075
  # -------------------------------------------------------------------------
24368
25076
  - name: uninstall-cert-manager
@@ -24386,6 +25094,7 @@ spec:
24386
25094
  runAfter:
24387
25095
  - uninstall-uds
24388
25096
 
25097
+
24389
25098
  # 7. Uninstall IBM Common Services
24390
25099
  # -------------------------------------------------------------------------
24391
25100
  - name: uninstall-common-services
@@ -24407,6 +25116,7 @@ spec:
24407
25116
  runAfter:
24408
25117
  - uninstall-cert-manager
24409
25118
 
25119
+
24410
25120
  # 8. Uninstall IBM Catalogs
24411
25121
  # -------------------------------------------------------------------------
24412
25122
  - name: uninstall-ibm-catalogs
@@ -24428,6 +25138,7 @@ spec:
24428
25138
  runAfter:
24429
25139
  - uninstall-common-services
24430
25140
 
25141
+
24431
25142
  # 9. Uninstall Grafana
24432
25143
  # -------------------------------------------------------------------------
24433
25144
  - name: uninstall-grafana
@@ -24462,8 +25173,6 @@ spec:
24462
25173
  value: $(params.image_pull_policy)
24463
25174
  - name: configmap_name
24464
25175
  value: sync-uninstall
24465
- - name: configmap_key
24466
- value: UNINSTALL_STATUS
24467
25176
  - name: configmap_value
24468
25177
  # An aggregate status of all the pipelineTasks under the tasks section (excluding the finally section).
24469
25178
  # This variable is only available in the finally tasks and can have any one of the values (Succeeded, Failed, Completed, or None)
@@ -24477,9 +25186,7 @@ kind: Pipeline
24477
25186
  metadata:
24478
25187
  name: mas-update
24479
25188
  spec:
24480
-
24481
25189
  params:
24482
-
24483
25190
  # Tekton Pipeline Configuration
24484
25191
  # -------------------------------------------------------------------------
24485
25192
  - name: image_pull_policy
@@ -24661,9 +25368,19 @@ spec:
24661
25368
  description: ReadWriteMany storage class
24662
25369
 
24663
25370
  tasks:
24664
-
24665
- # 1. Verify health of the cluster before we change anything
25371
+ # 1. Wait for approval & verify health of the cluster before we change anything
24666
25372
  # -------------------------------------------------------------------------
25373
+ - name: waitfor-approval
25374
+ timeout: "0"
25375
+ taskRef:
25376
+ kind: Task
25377
+ name: mas-devops-wait-for-configmap-v2
25378
+ params:
25379
+ - name: image_pull_policy
25380
+ value: $(params.image_pull_policy)
25381
+ - name: configmap_name
25382
+ value: approval-update
25383
+
24667
25384
  - name: pre-update-check
24668
25385
  timeout: "0"
24669
25386
  taskRef:
@@ -24684,9 +25401,11 @@ spec:
24684
25401
  operator: notin
24685
25402
  values: ["True", "true"]
24686
25403
 
25404
+ runAfter:
25405
+ - waitfor-approval
24687
25406
 
24688
25407
 
24689
- # 3. Run the catalog update
25408
+ # 2. Run the catalog update
24690
25409
  # -------------------------------------------------------------------------
24691
25410
  - name: update-catalog
24692
25411
  timeout: "0"
@@ -24698,7 +25417,6 @@ spec:
24698
25417
  params:
24699
25418
  - name: devops_suite_name
24700
25419
  value: update-catalog
24701
-
24702
25420
  - name: mas_catalog_version
24703
25421
  value: $(params.mas_catalog_version)
24704
25422
 
@@ -24708,7 +25426,8 @@ spec:
24708
25426
  - name: artifactory_token
24709
25427
  value: $(params.artifactory_token)
24710
25428
 
24711
- # 4. Verify health of the cluster before we consider the update complete
25429
+
25430
+ # 3. Verify health of the cluster before we consider the update complete
24712
25431
  # -------------------------------------------------------------------------
24713
25432
  - name: post-update-verify
24714
25433
  timeout: "0"
@@ -24733,7 +25452,8 @@ spec:
24733
25452
  runAfter:
24734
25453
  - update-catalog
24735
25454
 
24736
- # 5. Update Dependencies
25455
+
25456
+ # 4. Update Dependencies
24737
25457
  # ---------------------------------------------------------------------------
24738
25458
  - name: update-ocs
24739
25459
  timeout: "0"
@@ -24886,9 +25606,10 @@ spec:
24886
25606
  - name: devops_suite_name
24887
25607
  value: update-uds
24888
25608
 
24889
- # 6 Update Cloud Pak for Data
25609
+
25610
+ # 5 Update Cloud Pak for Data
24890
25611
  # -------------------------------------------------------------------------
24891
- # 6.1 Cloud Pak for Data Platform
25612
+ # 5.1 Cloud Pak for Data Platform
24892
25613
  - name: update-cp4d
24893
25614
  timeout: "0"
24894
25615
  params:
@@ -24931,7 +25652,7 @@ spec:
24931
25652
  runAfter:
24932
25653
  - update-cert-manager # CP4D requires cert-manager
24933
25654
 
24934
- # 6.2 Watson Studio
25655
+ # 5.2 Watson Studio
24935
25656
  - name: update-watson-studio
24936
25657
  timeout: "0"
24937
25658
  params:
@@ -24961,7 +25682,7 @@ spec:
24961
25682
  runAfter:
24962
25683
  - update-cp4d
24963
25684
 
24964
- # 6.3 Watson Machine Learning
25685
+ # 5.3 Watson Machine Learning
24965
25686
  - name: update-watson-machine-learning
24966
25687
  timeout: "0"
24967
25688
  params:
@@ -24991,7 +25712,7 @@ spec:
24991
25712
  runAfter:
24992
25713
  - update-cp4d
24993
25714
 
24994
- # 6.4 Analytics Service (Spark)
25715
+ # 5.4 Analytics Service (Spark)
24995
25716
  - name: update-analytics-engine
24996
25717
  timeout: "0"
24997
25718
  params:
@@ -25021,7 +25742,7 @@ spec:
25021
25742
  runAfter:
25022
25743
  - update-cp4d
25023
25744
 
25024
- # 6.5 Watson OpenScale
25745
+ # 5.5 Watson OpenScale
25025
25746
  - name: update-aiopenscale
25026
25747
  timeout: "0"
25027
25748
  params:
@@ -25051,7 +25772,7 @@ spec:
25051
25772
  runAfter:
25052
25773
  - update-cp4d
25053
25774
 
25054
- # 6.6 SPSS Statistics
25775
+ # 5.6 SPSS Statistics
25055
25776
  - name: update-spss
25056
25777
  timeout: "0"
25057
25778
  params:
@@ -25081,7 +25802,7 @@ spec:
25081
25802
  runAfter:
25082
25803
  - update-cp4d
25083
25804
 
25084
- # 6.7 Cognos Analytics
25805
+ # 5.7 Cognos Analytics
25085
25806
  - name: update-cognos
25086
25807
  timeout: "0"
25087
25808
  params:
@@ -25111,7 +25832,8 @@ spec:
25111
25832
  runAfter:
25112
25833
  - update-cp4d
25113
25834
 
25114
- # 7. Verify health of the cluster after dependencies updates
25835
+
25836
+ # 6. Verify health of the cluster after dependencies updates
25115
25837
  # -------------------------------------------------------------------------
25116
25838
  - name: post-deps-update-verify
25117
25839
  timeout: "0"
@@ -25146,7 +25868,23 @@ spec:
25146
25868
  - update-spss
25147
25869
  - update-cognos
25148
25870
 
25149
-
25871
+ finally:
25872
+ # Update synchronization configmap
25873
+ # -------------------------------------------------------------------------
25874
+ - name: sync-update
25875
+ timeout: "0"
25876
+ taskRef:
25877
+ kind: Task
25878
+ name: mas-devops-update-configmap
25879
+ params:
25880
+ - name: image_pull_policy
25881
+ value: $(params.image_pull_policy)
25882
+ - name: configmap_name
25883
+ value: sync-update
25884
+ - name: configmap_value
25885
+ # An aggregate status of all the pipelineTasks under the tasks section (excluding the finally section).
25886
+ # This variable is only available in the finally tasks and can have any one of the values (Succeeded, Failed, Completed, or None)
25887
+ value: $(tasks.status)
25150
25888
  # --------------------------------------------------------------------------------
25151
25889
  # /home/runner/work/cli/cli/tekton/target/pipelines/upgrade.yaml
25152
25890
  # --------------------------------------------------------------------------------
@@ -25156,7 +25894,6 @@ kind: Pipeline
25156
25894
  metadata:
25157
25895
  name: mas-upgrade
25158
25896
  spec:
25159
-
25160
25897
  params:
25161
25898
  # 1. Common Parameters
25162
25899
  # -------------------------------------------------------------------------
@@ -25204,7 +25941,6 @@ spec:
25204
25941
  type: string
25205
25942
  default: ""
25206
25943
 
25207
-
25208
25944
  # MAS Configuration - Application Channels
25209
25945
  # -------------------------------------------------------------------------
25210
25946
  - name: mas_app_channel_iot
@@ -25242,9 +25978,19 @@ spec:
25242
25978
 
25243
25979
 
25244
25980
  tasks:
25245
-
25246
- # 1. Verify health of the cluster before we change anything
25981
+ # 1. Wait for approval & verify health of the cluster before we change anything
25247
25982
  # -------------------------------------------------------------------------
25983
+ - name: waitfor-approval
25984
+ timeout: "0"
25985
+ taskRef:
25986
+ kind: Task
25987
+ name: mas-devops-wait-for-configmap-v2
25988
+ params:
25989
+ - name: image_pull_policy
25990
+ value: $(params.image_pull_policy)
25991
+ - name: configmap_name
25992
+ value: approval-upgrade
25993
+
25248
25994
  - name: pre-upgrade-check
25249
25995
  timeout: "0"
25250
25996
  taskRef:
@@ -25265,9 +26011,11 @@ spec:
25265
26011
  operator: notin
25266
26012
  values: ["True", "true"]
25267
26013
 
26014
+ runAfter:
26015
+ - waitfor-approval
25268
26016
 
25269
26017
 
25270
- # 3. Suite Upgrade (Phase 1)
26018
+ # 2. Suite Upgrade (Phase 1)
25271
26019
  # -------------------------------------------------------------------------
25272
26020
  - name: core-upgrade
25273
26021
  timeout: "0"
@@ -25304,9 +26052,9 @@ spec:
25304
26052
  - core-upgrade
25305
26053
 
25306
26054
 
25307
- # 4. IoT Upgrade (Phase 2)
26055
+ # 3. IoT Upgrade (Phase 2)
25308
26056
  # -------------------------------------------------------------------------
25309
- - name: iot-upgrade
26057
+ - name: app-iot-upgrade
25310
26058
  timeout: "0"
25311
26059
  params:
25312
26060
  - name: mas_instance_id
@@ -25318,7 +26066,7 @@ spec:
25318
26066
  - name: skip_compatibility_check
25319
26067
  value: $(params.skip_compatibility_check)
25320
26068
  - name: devops_suite_name
25321
- value: iot-upgrade
26069
+ value: app-iot-upgrade
25322
26070
  taskRef:
25323
26071
  kind: Task
25324
26072
  name: mas-devops-suite-app-upgrade
@@ -25326,9 +26074,9 @@ spec:
25326
26074
  - core-verify
25327
26075
 
25328
26076
 
25329
- # 5. Manage Upgrade (Phase 2)
26077
+ # 4. Manage Upgrade (Phase 2)
25330
26078
  # -------------------------------------------------------------------------
25331
- - name: manage-upgrade
26079
+ - name: app-manage-upgrade
25332
26080
  timeout: "0"
25333
26081
  params:
25334
26082
  - name: mas_instance_id
@@ -25340,7 +26088,7 @@ spec:
25340
26088
  - name: skip_compatibility_check
25341
26089
  value: $(params.skip_compatibility_check)
25342
26090
  - name: devops_suite_name
25343
- value: manage-upgrade
26091
+ value: app-manage-upgrade
25344
26092
  taskRef:
25345
26093
  kind: Task
25346
26094
  name: mas-devops-suite-app-upgrade
@@ -25348,9 +26096,9 @@ spec:
25348
26096
  - core-verify
25349
26097
 
25350
26098
 
25351
- # 6. Visual Inspection Upgrade (Phase 2)
26099
+ # 5. Visual Inspection Upgrade (Phase 2)
25352
26100
  # -------------------------------------------------------------------------
25353
- - name: visualinspection-upgrade
26101
+ - name: app-visualinspection-upgrade
25354
26102
  timeout: "0"
25355
26103
  params:
25356
26104
  - name: mas_instance_id
@@ -25362,7 +26110,7 @@ spec:
25362
26110
  - name: skip_compatibility_check
25363
26111
  value: $(params.skip_compatibility_check)
25364
26112
  - name: devops_suite_name
25365
- value: visualinspection-upgrade
26113
+ value: app-visualinspection-upgrade
25366
26114
  taskRef:
25367
26115
  kind: Task
25368
26116
  name: mas-devops-suite-app-upgrade
@@ -25370,9 +26118,9 @@ spec:
25370
26118
  - core-verify
25371
26119
 
25372
26120
 
25373
- # 7. Assist Upgrade (Phase 2)
26121
+ # 6. Assist Upgrade (Phase 2)
25374
26122
  # -------------------------------------------------------------------------
25375
- - name: assist-upgrade
26123
+ - name: app-assist-upgrade
25376
26124
  timeout: "0"
25377
26125
  params:
25378
26126
  - name: mas_instance_id
@@ -25384,7 +26132,7 @@ spec:
25384
26132
  - name: skip_compatibility_check
25385
26133
  value: $(params.skip_compatibility_check)
25386
26134
  - name: devops_suite_name
25387
- value: assist-upgrade
26135
+ value: app-assist-upgrade
25388
26136
  taskRef:
25389
26137
  kind: Task
25390
26138
  name: mas-devops-suite-app-upgrade
@@ -25392,9 +26140,9 @@ spec:
25392
26140
  - core-verify
25393
26141
 
25394
26142
 
25395
- # 8. Optimizer Upgrade (Phase 2)
26143
+ # 7. Optimizer Upgrade (Phase 2)
25396
26144
  # -------------------------------------------------------------------------
25397
- - name: optimizer-upgrade
26145
+ - name: app-optimizer-upgrade
25398
26146
  timeout: "0"
25399
26147
  params:
25400
26148
  - name: mas_instance_id
@@ -25406,7 +26154,7 @@ spec:
25406
26154
  - name: skip_compatibility_check
25407
26155
  value: $(params.skip_compatibility_check)
25408
26156
  - name: devops_suite_name
25409
- value: optimizer-upgrade
26157
+ value: app-optimizer-upgrade
25410
26158
  taskRef:
25411
26159
  kind: Task
25412
26160
  name: mas-devops-suite-app-upgrade
@@ -25414,9 +26162,9 @@ spec:
25414
26162
  - core-verify
25415
26163
 
25416
26164
 
25417
- # 9. Monitor Upgrade (Phase 3 - after IoT)
26165
+ # 8. Monitor Upgrade (Phase 3 - after IoT)
25418
26166
  # -------------------------------------------------------------------------
25419
- - name: monitor-upgrade
26167
+ - name: app-monitor-upgrade
25420
26168
  timeout: "0"
25421
26169
  params:
25422
26170
  - name: mas_instance_id
@@ -25428,17 +26176,17 @@ spec:
25428
26176
  - name: skip_compatibility_check
25429
26177
  value: $(params.skip_compatibility_check)
25430
26178
  - name: devops_suite_name
25431
- value: monitor-upgrade
26179
+ value: app-monitor-upgrade
25432
26180
  taskRef:
25433
26181
  kind: Task
25434
26182
  name: mas-devops-suite-app-upgrade
25435
26183
  runAfter:
25436
- - iot-upgrade
26184
+ - app-iot-upgrade
25437
26185
 
25438
26186
 
25439
- # 10. Predict Upgrade (Phase 3 - after Manage)
26187
+ # 9. Predict Upgrade (Phase 3 - after Manage)
25440
26188
  # -------------------------------------------------------------------------
25441
- - name: predict-upgrade
26189
+ - name: app-predict-upgrade
25442
26190
  timeout: "0"
25443
26191
  params:
25444
26192
  - name: mas_instance_id
@@ -25450,14 +26198,15 @@ spec:
25450
26198
  - name: skip_compatibility_check
25451
26199
  value: $(params.skip_compatibility_check)
25452
26200
  - name: devops_suite_name
25453
- value: predict-upgrade
26201
+ value: app-predict-upgrade
25454
26202
  taskRef:
25455
26203
  kind: Task
25456
26204
  name: mas-devops-suite-app-upgrade
25457
26205
  runAfter:
25458
- - manage-upgrade
26206
+ - app-manage-upgrade
26207
+
25459
26208
 
25460
- # 11. Verify health of the cluster after upgrade
26209
+ # 10. Verify health of the cluster after upgrade
25461
26210
  # -------------------------------------------------------------------------
25462
26211
  - name: post-upgrade-verify
25463
26212
  timeout: "0"
@@ -25481,11 +26230,27 @@ spec:
25481
26230
 
25482
26231
  runAfter:
25483
26232
  # Phase 2 apps that don't have a phase 3 app following it
25484
- - assist-upgrade
25485
- - optimizer-upgrade
25486
- - visualinspection-upgrade
26233
+ - app-assist-upgrade
26234
+ - app-optimizer-upgrade
26235
+ - app-visualinspection-upgrade
25487
26236
  # Phase 3 apps
25488
- - predict-upgrade
25489
- - monitor-upgrade
25490
-
26237
+ - app-predict-upgrade
26238
+ - app-monitor-upgrade
25491
26239
 
26240
+ finally:
26241
+ # Update synchronization configmap
26242
+ # -------------------------------------------------------------------------
26243
+ - name: sync-upgrade
26244
+ timeout: "0"
26245
+ taskRef:
26246
+ kind: Task
26247
+ name: mas-devops-update-configmap
26248
+ params:
26249
+ - name: image_pull_policy
26250
+ value: $(params.image_pull_policy)
26251
+ - name: configmap_name
26252
+ value: sync-upgrade
26253
+ - name: configmap_value
26254
+ # An aggregate status of all the pipelineTasks under the tasks section (excluding the finally section).
26255
+ # This variable is only available in the finally tasks and can have any one of the values (Succeeded, Failed, Completed, or None)
26256
+ value: $(tasks.status)