mas-cli 12.1.0__py3-none-any.whl → 13.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of mas-cli might be problematic. Click here for more details.

Files changed (17) hide show
  1. mas/cli/__init__.py +1 -1
  2. mas/cli/cli.py +16 -6
  3. mas/cli/install/app.py +20 -14
  4. mas/cli/install/argBuilder.py +17 -3
  5. mas/cli/install/argParser.py +37 -2
  6. mas/cli/install/catalogs.py +2 -1
  7. mas/cli/install/params.py +6 -0
  8. mas/cli/install/settings/turbonomicSettings.py +1 -3
  9. mas/cli/install/summarizer.py +1 -2
  10. mas/cli/templates/ibm-mas-tekton.yaml +872 -205
  11. mas/cli/update/app.py +12 -7
  12. mas/cli/upgrade/app.py +13 -10
  13. {mas_cli-12.1.0.dist-info → mas_cli-13.1.0.dist-info}/METADATA +12 -3
  14. {mas_cli-12.1.0.dist-info → mas_cli-13.1.0.dist-info}/RECORD +17 -17
  15. {mas_cli-12.1.0.dist-info → mas_cli-13.1.0.dist-info}/WHEEL +1 -1
  16. {mas_cli-12.1.0.data → mas_cli-13.1.0.data}/scripts/mas-cli +0 -0
  17. {mas_cli-12.1.0.dist-info → mas_cli-13.1.0.dist-info}/top_level.txt +0 -0
mas/cli/templates/ibm-mas-tekton.yaml CHANGED
@@ -231,7 +231,7 @@ spec:
231
231
  command:
232
232
  - /opt/app-root/src/run-role.sh
233
233
  - aibroker
234
- image: quay.io/ibmmas/cli:12.1.0
234
+ image: quay.io/ibmmas/cli:13.1.0
235
235
  imagePullPolicy: $(params.image_pull_policy)
236
236
  # --------------------------------------------------------------------------------
237
237
  # /home/runner/work/cli/cli/tekton/target/tasks/appconnect.yaml
@@ -342,7 +342,7 @@ spec:
342
342
  command:
343
343
  - /opt/app-root/src/run-role.sh
344
344
  - appconnect
345
- image: quay.io/ibmmas/cli:12.1.0
345
+ image: quay.io/ibmmas/cli:13.1.0
346
346
  imagePullPolicy: $(params.image_pull_policy)
347
347
  workingDir: /workspace/configs
348
348
 
@@ -460,7 +460,7 @@ spec:
460
460
  command:
461
461
  - /opt/app-root/src/run-role.sh
462
462
  - arcgis
463
- image: quay.io/ibmmas/cli:12.1.0
463
+ image: quay.io/ibmmas/cli:13.1.0
464
464
  imagePullPolicy: $(params.image_pull_policy)
465
465
  # --------------------------------------------------------------------------------
466
466
  # /home/runner/work/cli/cli/tekton/target/tasks/cert-manager.yaml
@@ -530,7 +530,7 @@ spec:
530
530
  command:
531
531
  - /opt/app-root/src/run-role.sh
532
532
  - cert_manager
533
- image: quay.io/ibmmas/cli:12.1.0
533
+ image: quay.io/ibmmas/cli:13.1.0
534
534
  imagePullPolicy: $(params.image_pull_policy)
535
535
  workingDir: /workspace/configs
536
536
  # --------------------------------------------------------------------------------
@@ -596,7 +596,7 @@ spec:
596
596
  command:
597
597
  - /opt/app-root/src/run-role.sh
598
598
  - common_services
599
- image: quay.io/ibmmas/cli:12.1.0
599
+ image: quay.io/ibmmas/cli:13.1.0
600
600
  imagePullPolicy: $(params.image_pull_policy)
601
601
  workingDir: /workspace/configs
602
602
  # --------------------------------------------------------------------------------
@@ -723,7 +723,7 @@ spec:
723
723
  command:
724
724
  - /opt/app-root/src/run-role.sh
725
725
  - cos
726
- image: quay.io/ibmmas/cli:12.1.0
726
+ image: quay.io/ibmmas/cli:13.1.0
727
727
  imagePullPolicy: $(params.image_pull_policy)
728
728
  workingDir: /workspace/configs
729
729
 
@@ -843,7 +843,7 @@ spec:
843
843
  command:
844
844
  - /opt/app-root/src/run-role.sh
845
845
  - cp4d_service
846
- image: quay.io/ibmmas/cli:12.1.0
846
+ image: quay.io/ibmmas/cli:13.1.0
847
847
  imagePullPolicy: $(params.image_pull_policy)
848
848
  workingDir: /workspace/configs
849
849
  # --------------------------------------------------------------------------------
@@ -960,7 +960,7 @@ spec:
960
960
  command:
961
961
  - /opt/app-root/src/run-role.sh
962
962
  - cp4d_service
963
- image: quay.io/ibmmas/cli:12.1.0
963
+ image: quay.io/ibmmas/cli:13.1.0
964
964
  imagePullPolicy: $(params.image_pull_policy)
965
965
  workingDir: /workspace/configs
966
966
 
@@ -1066,7 +1066,7 @@ spec:
1066
1066
  command:
1067
1067
  - /opt/app-root/src/run-role.sh
1068
1068
  - cp4d
1069
- image: quay.io/ibmmas/cli:12.1.0
1069
+ image: quay.io/ibmmas/cli:13.1.0
1070
1070
  imagePullPolicy: $(params.image_pull_policy)
1071
1071
  # --------------------------------------------------------------------------------
1072
1072
  # /home/runner/work/cli/cli/tekton/target/tasks/db2.yaml
@@ -1388,7 +1388,7 @@ spec:
1388
1388
  command:
1389
1389
  - /opt/app-root/src/run-role.sh
1390
1390
  - db2
1391
- image: quay.io/ibmmas/cli:12.1.0
1391
+ image: quay.io/ibmmas/cli:13.1.0
1392
1392
  imagePullPolicy: $(params.image_pull_policy)
1393
1393
  workingDir: /workspace/configs
1394
1394
 
@@ -1498,7 +1498,7 @@ spec:
1498
1498
  command:
1499
1499
  - /opt/app-root/src/run-role.sh
1500
1500
  - eck
1501
- image: quay.io/ibmmas/cli:12.1.0
1501
+ image: quay.io/ibmmas/cli:13.1.0
1502
1502
  imagePullPolicy: $(params.image_pull_policy)
1503
1503
  # --------------------------------------------------------------------------------
1504
1504
  # /home/runner/work/cli/cli/tekton/target/tasks/gencfg-workspace.yaml
@@ -1587,7 +1587,7 @@ spec:
1587
1587
  command:
1588
1588
  - /opt/app-root/src/run-role.sh
1589
1589
  - gencfg_workspace
1590
- image: quay.io/ibmmas/cli:12.1.0
1590
+ image: quay.io/ibmmas/cli:13.1.0
1591
1591
  imagePullPolicy: $(params.image_pull_policy)
1592
1592
  workingDir: /workspace/configs
1593
1593
 
@@ -1691,7 +1691,7 @@ spec:
1691
1691
  - -c
1692
1692
  name: gitops-bootstrap
1693
1693
  imagePullPolicy: IfNotPresent
1694
- image: quay.io/ibmmas/cli:12.1.0
1694
+ image: quay.io/ibmmas/cli:13.1.0
1695
1695
  workspaces:
1696
1696
  - name: configs
1697
1697
  # --------------------------------------------------------------------------------
@@ -1773,7 +1773,7 @@ spec:
1773
1773
  - -c
1774
1774
  name: gitops-cis-compliance
1775
1775
  imagePullPolicy: IfNotPresent
1776
- image: quay.io/ibmmas/cli:12.1.0
1776
+ image: quay.io/ibmmas/cli:13.1.0
1777
1777
  workspaces:
1778
1778
  - name: configs
1779
1779
  # --------------------------------------------------------------------------------
@@ -1879,9 +1879,17 @@ spec:
1879
1879
  - name: group_sync_operator_isv_groups
1880
1880
  type: string
1881
1881
  default: ''
1882
+
1882
1883
  - name: ibm_rbac_binding_to_group
1883
1884
  type: string
1884
1885
  default: ''
1886
+
1887
+ - name: falcon_operator_cloud_region
1888
+ type: string
1889
+ default: ''
1890
+ - name: falcon_operator_node_sensor
1891
+ type: string
1892
+ default: ''
1885
1893
 
1886
1894
  stepTemplate:
1887
1895
  name: gitops-cluster
@@ -1959,8 +1967,14 @@ spec:
1959
1967
  value: $(params.group_sync_operator_isv_tenant_url)
1960
1968
  - name: GROUP_SYNC_OPERATOR_ISV_GROUPS
1961
1969
  value: $(params.group_sync_operator_isv_groups)
1970
+
1962
1971
  - name: IBM_RBAC_BINDING_TO_GROUP
1963
1972
  value: $(params.ibm_rbac_binding_to_group)
1973
+
1974
+ - name: FALCON_OPERATOR_CLOUD_REGION
1975
+ value: $(params.falcon_operator_cloud_region)
1976
+ - name: FALCON_OPERATOR_NODE_SENSOR
1977
+ value: $(params.falcon_operator_node_sensor)
1964
1978
 
1965
1979
  envFrom:
1966
1980
  - configMapRef:
@@ -2002,6 +2016,13 @@ spec:
2002
2016
  export INSTALL_IBM_RBAC=true
2003
2017
  fi
2004
2018
 
2019
+ if [[ -n "${FALCON_OPERATOR_CLOUD_REGION}" ]];then
2020
+ echo "Setting var INSTALL_FALCON_OPERATOR to true as var FALCON_OPERATOR_CLOUD_REGION is set"
2021
+ export INSTALL_FALCON_OPERATOR=true
2022
+ else
2023
+ echo "Not setting var INSTALL_FALCON_OPERATOR to true as var FALCON_OPERATOR_CLOUD_REGION is not set"
2024
+ fi
2025
+
2005
2026
  mkdir -p /tmp/init-cluster
2006
2027
  mas gitops-cluster -a $ACCOUNT -c $CLUSTER_NAME \
2007
2028
  --dir /tmp/init-cluster \
@@ -2018,7 +2039,7 @@ spec:
2018
2039
  - -c
2019
2040
  name: gitops-cluster
2020
2041
  imagePullPolicy: Always
2021
- image: quay.io/ibmmas/cli:12.1.0
2042
+ image: quay.io/ibmmas/cli:13.1.0
2022
2043
  workspaces:
2023
2044
  - name: configs
2024
2045
  # --------------------------------------------------------------------------------
@@ -2121,7 +2142,7 @@ spec:
2121
2142
  - -c
2122
2143
  name: gitops-cos
2123
2144
  imagePullPolicy: IfNotPresent
2124
- image: quay.io/ibmmas/cli:12.1.0
2145
+ image: quay.io/ibmmas/cli:13.1.0
2125
2146
  workspaces:
2126
2147
  - name: configs
2127
2148
  # --------------------------------------------------------------------------------
@@ -2269,7 +2290,7 @@ spec:
2269
2290
  - -c
2270
2291
  name: gitops-cp4d-service
2271
2292
  imagePullPolicy: IfNotPresent
2272
- image: quay.io/ibmmas/cli:12.1.0
2293
+ image: quay.io/ibmmas/cli:13.1.0
2273
2294
  workspaces:
2274
2295
  - name: configs
2275
2296
  - name: shared-gitops-configs
@@ -2398,7 +2419,7 @@ spec:
2398
2419
  - -c
2399
2420
  name: gitops-cp4d
2400
2421
  imagePullPolicy: IfNotPresent
2401
- image: quay.io/ibmmas/cli:12.1.0
2422
+ image: quay.io/ibmmas/cli:13.1.0
2402
2423
  workspaces:
2403
2424
  - name: configs
2404
2425
  - name: shared-gitops-configs
@@ -2659,7 +2680,7 @@ spec:
2659
2680
  - -c
2660
2681
  name: gitops-db2u-database
2661
2682
  imagePullPolicy: Always
2662
- image: quay.io/ibmmas/cli:12.1.0
2683
+ image: quay.io/ibmmas/cli:13.1.0
2663
2684
  workspaces:
2664
2685
  - name: configs
2665
2686
  - name: shared-gitops-configs
@@ -2757,7 +2778,7 @@ spec:
2757
2778
  - -c
2758
2779
  name: gitops-db2u
2759
2780
  imagePullPolicy: IfNotPresent
2760
- image: quay.io/ibmmas/cli:12.1.0
2781
+ image: quay.io/ibmmas/cli:13.1.0
2761
2782
  workspaces:
2762
2783
  - name: configs
2763
2784
  # --------------------------------------------------------------------------------
@@ -2884,7 +2905,7 @@ spec:
2884
2905
  - -c
2885
2906
  name: gitops-delete-jdbc-config
2886
2907
  imagePullPolicy: IfNotPresent
2887
- image: quay.io/ibmmas/cli:12.1.0
2908
+ image: quay.io/ibmmas/cli:13.1.0
2888
2909
  workspaces:
2889
2910
  - name: configs
2890
2911
  # --------------------------------------------------------------------------------
@@ -2982,7 +3003,7 @@ spec:
2982
3003
  - -c
2983
3004
  name: gitops-delete-kafka-config
2984
3005
  imagePullPolicy: Always
2985
- image: quay.io/ibmmas/cli:12.1.0
3006
+ image: quay.io/ibmmas/cli:13.1.0
2986
3007
  workspaces:
2987
3008
  - name: configs
2988
3009
 
@@ -3074,7 +3095,7 @@ spec:
3074
3095
  - -c
3075
3096
  name: gitops-deprovision-app-config
3076
3097
  imagePullPolicy: IfNotPresent
3077
- image: quay.io/ibmmas/cli:12.1.0
3098
+ image: quay.io/ibmmas/cli:13.1.0
3078
3099
  workspaces:
3079
3100
  - name: configs
3080
3101
  # --------------------------------------------------------------------------------
@@ -3159,7 +3180,7 @@ spec:
3159
3180
  - -c
3160
3181
  name: gitops-deprovision-app-install
3161
3182
  imagePullPolicy: IfNotPresent
3162
- image: quay.io/ibmmas/cli:12.1.0
3183
+ image: quay.io/ibmmas/cli:13.1.0
3163
3184
  workspaces:
3164
3185
  - name: configs
3165
3186
  # --------------------------------------------------------------------------------
@@ -3244,7 +3265,7 @@ spec:
3244
3265
  - -c
3245
3266
  name: gitops-deprovision-cluster
3246
3267
  imagePullPolicy: IfNotPresent
3247
- image: quay.io/ibmmas/cli:12.1.0
3268
+ image: quay.io/ibmmas/cli:13.1.0
3248
3269
  workspaces:
3249
3270
  - name: configs
3250
3271
  # --------------------------------------------------------------------------------
@@ -3363,7 +3384,7 @@ spec:
3363
3384
  - -c
3364
3385
  name: gitops-deprovision-cos
3365
3386
  imagePullPolicy: IfNotPresent
3366
- image: quay.io/ibmmas/cli:12.1.0
3387
+ image: quay.io/ibmmas/cli:13.1.0
3367
3388
  workspaces:
3368
3389
  - name: configs
3369
3390
  # --------------------------------------------------------------------------------
@@ -3451,7 +3472,7 @@ spec:
3451
3472
  - -c
3452
3473
  name: gitops-deprovision-db2u-database
3453
3474
  imagePullPolicy: IfNotPresent
3454
- image: quay.io/ibmmas/cli:12.1.0
3475
+ image: quay.io/ibmmas/cli:13.1.0
3455
3476
  workspaces:
3456
3477
  - name: configs
3457
3478
 
@@ -3534,7 +3555,7 @@ spec:
3534
3555
  - -c
3535
3556
  name: gitops-deprovision-db2u
3536
3557
  imagePullPolicy: IfNotPresent
3537
- image: quay.io/ibmmas/cli:12.1.0
3558
+ image: quay.io/ibmmas/cli:13.1.0
3538
3559
  workspaces:
3539
3560
  - name: configs
3540
3561
 
@@ -3642,7 +3663,7 @@ spec:
3642
3663
  - -c
3643
3664
  name: gitops-deprovision-efs
3644
3665
  imagePullPolicy: IfNotPresent
3645
- image: quay.io/ibmmas/cli:12.1.0
3666
+ image: quay.io/ibmmas/cli:13.1.0
3646
3667
  workspaces:
3647
3668
  - name: configs
3648
3669
 
@@ -3752,7 +3773,7 @@ spec:
3752
3773
  - -c
3753
3774
  name: gitops-deprovision-kafka
3754
3775
  imagePullPolicy: IfNotPresent
3755
- image: quay.io/ibmmas/cli:12.1.0
3776
+ image: quay.io/ibmmas/cli:13.1.0
3756
3777
  workspaces:
3757
3778
  - name: configs
3758
3779
  # --------------------------------------------------------------------------------
@@ -3855,7 +3876,7 @@ spec:
3855
3876
  - -c
3856
3877
  name: gitops-deprovision-mongo
3857
3878
  imagePullPolicy: IfNotPresent
3858
- image: quay.io/ibmmas/cli:12.1.0
3879
+ image: quay.io/ibmmas/cli:13.1.0
3859
3880
  workspaces:
3860
3881
  - name: configs
3861
3882
 
@@ -3912,7 +3933,7 @@ spec:
3912
3933
  - -c
3913
3934
  name: gitops-deprovision-rosa
3914
3935
  imagePullPolicy: IfNotPresent
3915
- image: quay.io/ibmmas/cli:12.1.0
3936
+ image: quay.io/ibmmas/cli:13.1.0
3916
3937
  workspaces:
3917
3938
  - name: configs
3918
3939
  # --------------------------------------------------------------------------------
@@ -4117,7 +4138,7 @@ spec:
4117
4138
  - -c
4118
4139
  name: gitops-deprovision-suite-config
4119
4140
  imagePullPolicy: IfNotPresent
4120
- image: quay.io/ibmmas/cli:12.1.0
4141
+ image: quay.io/ibmmas/cli:13.1.0
4121
4142
  workspaces:
4122
4143
  - name: configs
4123
4144
 
@@ -4215,7 +4236,7 @@ spec:
4215
4236
  - -c
4216
4237
  name: gitops-deprovision-suite-idp-config
4217
4238
  imagePullPolicy: IfNotPresent
4218
- image: quay.io/ibmmas/cli:12.1.0
4239
+ image: quay.io/ibmmas/cli:13.1.0
4219
4240
  workspaces:
4220
4241
  - name: configs
4221
4242
  # --------------------------------------------------------------------------------
@@ -4307,7 +4328,127 @@ spec:
4307
4328
  - -c
4308
4329
  name: gitops-deprovision-suite-objectstorage-config
4309
4330
  imagePullPolicy: IfNotPresent
4310
- image: quay.io/ibmmas/cli:12.1.0
4331
+ image: quay.io/ibmmas/cli:13.1.0
4332
+ workspaces:
4333
+ - name: configs
4334
+ # --------------------------------------------------------------------------------
4335
+ # /home/runner/work/cli/cli/tekton/target/tasks/gitops-deprovision-suite-sendgrid-subuser.yaml
4336
+ # --------------------------------------------------------------------------------
4337
+ ---
4338
+ apiVersion: tekton.dev/v1beta1
4339
+ kind: Task
4340
+ metadata:
4341
+ name: gitops-deprovision-suite-sendgrid-subuser
4342
+ spec:
4343
+ params:
4344
+ - name: cluster_name
4345
+ type: string
4346
+ - name: account
4347
+ type: string
4348
+ - name: mas_instance_id
4349
+ type: string
4350
+ - name: icn
4351
+ type: string
4352
+ - name: cis_mas_domain
4353
+ type: string
4354
+ - name: cis_crn
4355
+ type: string
4356
+ - name: avp_aws_secret_region
4357
+ type: string
4358
+ stepTemplate:
4359
+ name: gitops-deprovision-suite-sendgrid-subuser
4360
+ env:
4361
+ - name: CLUSTER_ID
4362
+ value: $(params.cluster_name)
4363
+ - name: ACCOUNT_ID
4364
+ value: $(params.account)
4365
+ - name: MAS_INSTANCE_ID
4366
+ value: $(params.mas_instance_id)
4367
+
4368
+ - name: ICN
4369
+ value: $(params.icn)
4370
+ - name: CIS_MAS_DOMAIN
4371
+ value: $(params.cis_mas_domain)
4372
+ - name: CIS_CRN
4373
+ value: $(params.cis_crn)
4374
+
4375
+ - name: SM_AWS_REGION
4376
+ value: $(params.avp_aws_secret_region)
4377
+ envFrom:
4378
+ - configMapRef:
4379
+ name: environment-properties
4380
+ optional: true
4381
+ - secretRef:
4382
+ name: secure-properties
4383
+ steps:
4384
+ - args:
4385
+ - |-
4386
+
4387
+ # Expected secure-properties (sourced from IBM Cloud SM):
4388
+ # -------------------
4389
+ # SM_AWS_ACCESS_KEY_ID
4390
+ # SM_AWS_SECRET_ACCESS_KEY
4391
+ # SENDGRID_API_KEY
4392
+
4393
+
4394
+ # Teardown of smtp config in gitops-envs is handled by gitops-deprovision-suite-smtp-config task
4395
+ # All we need to do here is make sure we clean up SendGrid, CIS and the sendgrid_subuser secret in AWS SM (if the subuser was deleted)
4396
+ source /mascli/functions/gitops_utils
4397
+ export AVP_TYPE="aws"
4398
+ sm_login || exit 1
4399
+
4400
+ # Fetch CIS API Key from AWS SM.
4401
+ # This is suitable for use with CIS instances used by MAS instances in the cluster we are targetting
4402
+ # This secret is only required if the instance is configured with CIS
4403
+ if [[ -n "${CIS_CRN}" ]]; then
4404
+ SECRET_NAME_CIS="${ACCOUNT_ID}/${CLUSTER_ID}/cis"
4405
+ echo "Getting ${SECRET_NAME_CIS} from AWS SM"
4406
+ export CIS_APIKEY="$(sm_get_secret_value "${SECRET_NAME_CIS}" "ibm_apikey")" # pragma: allowlist secret
4407
+ if [[ -z "${CIS_APIKEY}" || "${CIS_APIKEY}" == "null" ]]; then
4408
+ echo "Required AWS SM secret "${SECRET_NAME_CIS}" not found or invalid"
4409
+ exit 1
4410
+ fi
4411
+ fi
4412
+
4413
+ mkdir -p /tmp/gitops-deprovision-suite-sendgrid-subuser
4414
+ OUTPUT_FILE="/tmp/gitops-deprovision-suite-sendgrid-subuser/mas-saas-sendgrid-subuser-output.yaml"
4415
+ rm "${OUTPUT_FILE}"
4416
+
4417
+ mas-saas-sendgrid-subuser \
4418
+ --customer-id "${ICN}" \
4419
+ --mas-account-id "${ACCOUNT_ID}" \
4420
+ --mas-cluster-id "${CLUSTER_ID}" \
4421
+ --mas-instance-id "${MAS_INSTANCE_ID}" \
4422
+ --cis-crn "${CIS_CRN}" \
4423
+ --cis-mas-domain "${CIS_MAS_DOMAIN}" \
4424
+ --output-file "${OUTPUT_FILE}" \
4425
+ --action delete
4426
+
4427
+ rc="$?"
4428
+
4429
+ if [[ "${rc}" != "0" ]]; then
4430
+ echo "mas-saas-sendgrid-subuser failed with rc ${rc}"
4431
+ exit ${rc}
4432
+ fi
4433
+
4434
+ # Pull values out of the outfile and set them as environment vars
4435
+ if [[ -f "${OUTPUT_FILE}" ]]; then
4436
+ echo "Reading outputs from ${OUTPUT_FILE}"
4437
+ export DELETED_SUBUSER="$(yq '.deleted_subuser // ""' "${OUTPUT_FILE}")"
4438
+ fi
4439
+
4440
+ if [[ "${DELETED_SUBUSER}" == "true" ]]; then
4441
+ SECRET_NAME_SENDGRID="ibm-customer/${ICN}/sendgrid_subuser"
4442
+ echo "Subuser was deleted, cleaning up ${SECRET_NAME_SENDGRID} secret"
4443
+ sm_delete_secret "${SECRET_NAME_SENDGRID}"
4444
+ fi
4445
+
4446
+ command:
4447
+ - /bin/sh
4448
+ - -c
4449
+ name: gitops-deprovision-suite-sendgrid-subuser
4450
+ imagePullPolicy: IfNotPresent
4451
+ image: docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/mas/saas-task:latest
4311
4452
  workspaces:
4312
4453
  - name: configs
4313
4454
  # --------------------------------------------------------------------------------
@@ -4399,7 +4540,7 @@ spec:
4399
4540
  - -c
4400
4541
  name: gitops-deprovision-suite-smtp-config
4401
4542
  imagePullPolicy: IfNotPresent
4402
- image: quay.io/ibmmas/cli:12.1.0
4543
+ image: quay.io/ibmmas/cli:13.1.0
4403
4544
  workspaces:
4404
4545
  - name: configs
4405
4546
  # --------------------------------------------------------------------------------
@@ -4492,7 +4633,7 @@ spec:
4492
4633
  - -c
4493
4634
  name: gitops-deprovision-suite-watson-studio-config
4494
4635
  imagePullPolicy: IfNotPresent
4495
- image: quay.io/ibmmas/cli:12.1.0
4636
+ image: quay.io/ibmmas/cli:13.1.0
4496
4637
  workspaces:
4497
4638
  - name: configs
4498
4639
  # --------------------------------------------------------------------------------
@@ -4583,7 +4724,7 @@ spec:
4583
4724
  - -c
4584
4725
  name: gitops-deprovision-suite-workspace
4585
4726
  imagePullPolicy: Always
4586
- image: quay.io/ibmmas/cli:12.1.0
4727
+ image: quay.io/ibmmas/cli:13.1.0
4587
4728
  workspaces:
4588
4729
  - name: configs
4589
4730
  # --------------------------------------------------------------------------------
@@ -4676,7 +4817,7 @@ spec:
4676
4817
  - -c
4677
4818
  name: gitops-deprovision-suite
4678
4819
  imagePullPolicy: IfNotPresent
4679
- image: quay.io/ibmmas/cli:12.1.0
4820
+ image: quay.io/ibmmas/cli:13.1.0
4680
4821
  workspaces:
4681
4822
  - name: configs
4682
4823
 
@@ -4789,7 +4930,7 @@ spec:
4789
4930
  - -c
4790
4931
  name: gitops-dro
4791
4932
  imagePullPolicy: IfNotPresent
4792
- image: quay.io/ibmmas/cli:12.1.0
4933
+ image: quay.io/ibmmas/cli:13.1.0
4793
4934
  workspaces:
4794
4935
  - name: configs
4795
4936
  # --------------------------------------------------------------------------------
@@ -4906,7 +5047,7 @@ spec:
4906
5047
  - -c
4907
5048
  name: gitops-efs
4908
5049
  imagePullPolicy: IfNotPresent
4909
- image: quay.io/ibmmas/cli:12.1.0
5050
+ image: quay.io/ibmmas/cli:13.1.0
4910
5051
  workspaces:
4911
5052
  - name: configs
4912
5053
 
@@ -5041,7 +5182,7 @@ spec:
5041
5182
  - -c
5042
5183
  name: gitops-jdbc-config
5043
5184
  imagePullPolicy: Always
5044
- image: quay.io/ibmmas/cli:12.1.0
5185
+ image: quay.io/ibmmas/cli:13.1.0
5045
5186
  workspaces:
5046
5187
  - name: configs
5047
5188
  - name: shared-gitops-configs
@@ -5137,7 +5278,7 @@ spec:
5137
5278
  - -c
5138
5279
  name: gitops-kafka-config
5139
5280
  imagePullPolicy: Always
5140
- image: quay.io/ibmmas/cli:12.1.0
5281
+ image: quay.io/ibmmas/cli:13.1.0
5141
5282
  workspaces:
5142
5283
  - name: configs
5143
5284
 
@@ -5259,7 +5400,7 @@ spec:
5259
5400
  - -c
5260
5401
  name: gitops-kafka
5261
5402
  imagePullPolicy: IfNotPresent
5262
- image: quay.io/ibmmas/cli:12.1.0
5403
+ image: quay.io/ibmmas/cli:13.1.0
5263
5404
  workspaces:
5264
5405
  - name: configs
5265
5406
  # --------------------------------------------------------------------------------
@@ -5385,7 +5526,7 @@ spec:
5385
5526
  - -c
5386
5527
  name: gitops-license
5387
5528
  imagePullPolicy: Always
5388
- image: quay.io/ibmmas/cli:12.1.0
5529
+ image: quay.io/ibmmas/cli:13.1.0
5389
5530
  workspaces:
5390
5531
  - name: shared-entitlement
5391
5532
 
@@ -5559,6 +5700,14 @@ spec:
5559
5700
  type: string
5560
5701
  default: ""
5561
5702
 
5703
+ - name: icn
5704
+ type: string
5705
+ - name: avp_aws_secret_region
5706
+ type: string
5707
+ - name: use_sendgrid
5708
+ type: string
5709
+ default: ""
5710
+
5562
5711
  stepTemplate:
5563
5712
  name: gitops-mas-fvt-preparer
5564
5713
  env:
@@ -5684,6 +5833,13 @@ spec:
5684
5833
  - name: LDAP_CERT_ALIAS
5685
5834
  value: ldap
5686
5835
 
5836
+ - name: ICN
5837
+ value: $(params.icn)
5838
+ - name: SM_AWS_REGION
5839
+ value: $(params.avp_aws_secret_region)
5840
+ - name: USE_SENDGRID
5841
+ value: $(params.use_sendgrid)
5842
+
5687
5843
  envFrom:
5688
5844
  - configMapRef:
5689
5845
  name: environment-properties
@@ -5775,6 +5931,52 @@ spec:
5775
5931
  check_argo_app_healthy "${SUITE_APP_NAME}" 30
5776
5932
  check_argo_app_healthy "${WORKSPACE_APP}" 30
5777
5933
  fi
5934
+
5935
+
5936
+ # If use_sendgrid: true, disable the subuser so we do not accidentally send out real emails when running tests against the instance
5937
+ # NOTE: Many of the FVT suites will fail unless the suite is configured to use Mailhog for SMTP, so we only plan to have smtp.use_sendgrid: true set for fvtsaastran
5938
+ # We only run the catalogapi FVT suite there at present, and that suite does not depend on Mailhog.
5939
+ # NOTE: we deliberately perform this step *after* checking application health, since disabling the sendgrid subuser will cause the validation step in the
5940
+ # SMTP entity manager to fail (unfortunately, there is no way to configure a SendGrid subuser to silently drop emails without the client call reporting failure)
5941
+ # NOTE: although we don't check the health of the SMTP app explicitly, this is not necessary since the WORKSPACE_APP (which we do check above) sync will be blocked until the SMTP
5942
+ # app becomes healthy (if SMTP is configured)
5943
+ if [[ "${USE_SENDGRID}" == "true" ]]; then
5944
+
5945
+ echo "Disabling sendgrid subuser to prevent the suite from sending out emails during test execution"
5946
+
5947
+ export AVP_TYPE="aws" # required by sm_login (only AWS supported at present)
5948
+ sm_login || exit 1
5949
+
5950
+ # lookup ibm-customer/<ICN>/sendgrid_subuser#username from AWS SM
5951
+ SECRET_NAME_SENDGRID="ibm-customer/${ICN}/sendgrid_subuser"
5952
+ echo "Getting ${SECRET_NAME_SENDGRID} from AWS SM"
5953
+ export SENDGRID_SUBUSER_USERNAME="$(sm_get_secret_value "${SECRET_NAME_SENDGRID}" "username")" # pragma: allowlist secret
5954
+ echo "Subuser username: ${SENDGRID_SUBUSER_USERNAME}"
5955
+ if [[ -z "${SENDGRID_SUBUSER_USERNAME}" || "${SENDGRID_SUBUSER_USERNAME}" == "null" ]]; then
5956
+ echo "Required AWS SM secret "${SECRET_NAME_SENDGRID}" not found or invalid"
5957
+ exit 1
5958
+ fi
5959
+
5960
+ curl -X PATCH \
5961
+ https://api.sendgrid.com/v3/subusers/${SENDGRID_SUBUSER_USERNAME} \
5962
+ --fail \
5963
+ -H "Authorization: Bearer ${SENDGRID_API_KEY}" \
5964
+ -H "Content-Type: application/json" \
5965
+ -d '{"disabled": true}'
5966
+ CURL_RC=$?
5967
+ if [ $CURL_RC -ne 0 ]; then
5968
+ echo "Failed to disable SendGrid subuser, aborting test"
5969
+ echo "WARNING: until the SendGrid subuser is disabled, the suite will be capable of sending emails for real!"
5970
+ echo " do not attempt to run any tests against the environment until the subuser is successfully disabled!"
5971
+ exit 1
5972
+ fi
5973
+ echo "SendGrid subuser ${SENDGRID_SUBUSER_USERNAME} disabled successfully!"
5974
+ echo "It is now safe to run tests against the environment; the suite is no longer capable of sending emails for real."
5975
+
5976
+ fi
5977
+
5978
+ # NOTE: verified that subuser teardown (including deletion of its API keys, authenticated domains and DNS records) still works as expected against a disabled subuser
5979
+ # so there is no need to re-enable the subuser before attempting to deprovision the MAS instance.
5778
5980
 
5779
5981
  if [[ "$LAUNCHER_ID" == "apps" ]]; then
5780
5982
  # The following order is defined by the sync wave order in https://github.com/ibm-mas/gitops/tree/main/root-applications/ibm-mas-instance-root/templates
@@ -5888,7 +6090,7 @@ spec:
5888
6090
  - -c
5889
6091
  name: gitops-mas-fvt-preparer
5890
6092
  imagePullPolicy: Always
5891
- image: quay.io/ibmmas/cli:12.1.0
6093
+ image: quay.io/ibmmas/cli:13.1.0
5892
6094
  workspaces:
5893
6095
  - name: configs
5894
6096
  - name: shared-additional-configs
@@ -6330,7 +6532,7 @@ spec:
6330
6532
  - -c
6331
6533
  name: gitops-mas-initiator
6332
6534
  imagePullPolicy: IfNotPresent
6333
- image: quay.io/ibmmas/cli:12.1.0
6535
+ image: quay.io/ibmmas/cli:13.1.0
6334
6536
  workspaces:
6335
6537
  - name: configs
6336
6538
  # --------------------------------------------------------------------------------
@@ -6438,7 +6640,7 @@ spec:
6438
6640
  - -c
6439
6641
  name: gitops-mongo
6440
6642
  imagePullPolicy: IfNotPresent
6441
- image: quay.io/ibmmas/cli:12.1.0
6643
+ image: quay.io/ibmmas/cli:13.1.0
6442
6644
  workspaces:
6443
6645
  - name: configs
6444
6646
 
@@ -6560,7 +6762,7 @@ spec:
6560
6762
  - -c
6561
6763
  name: gitops-nvidia-gpu
6562
6764
  imagePullPolicy: IfNotPresent
6563
- image: quay.io/ibmmas/cli:12.1.0
6765
+ image: quay.io/ibmmas/cli:13.1.0
6564
6766
  workspaces:
6565
6767
  - name: configs
6566
6768
  # --------------------------------------------------------------------------------
@@ -6678,7 +6880,7 @@ spec:
6678
6880
  - -c
6679
6881
  name: gitops-process-mongo-user
6680
6882
  imagePullPolicy: IfNotPresent
6681
- image: quay.io/ibmmas/cli:12.1.0
6883
+ image: quay.io/ibmmas/cli:13.1.0
6682
6884
  workspaces:
6683
6885
  - name: configs
6684
6886
  # --------------------------------------------------------------------------------
@@ -6734,7 +6936,7 @@ spec:
6734
6936
  - -c
6735
6937
  name: gitops-rosa
6736
6938
  imagePullPolicy: IfNotPresent
6737
- image: quay.io/ibmmas/cli:12.1.0
6939
+ image: quay.io/ibmmas/cli:13.1.0
6738
6940
  workspaces:
6739
6941
  - name: configs
6740
6942
  # --------------------------------------------------------------------------------
@@ -6921,7 +7123,7 @@ spec:
6921
7123
  - -c
6922
7124
  name: gitops-suite-app-config
6923
7125
  imagePullPolicy: IfNotPresent
6924
- image: quay.io/ibmmas/cli:12.1.0
7126
+ image: quay.io/ibmmas/cli:13.1.0
6925
7127
  workspaces:
6926
7128
  - name: configs
6927
7129
  - name: shared-gitops-configs
@@ -7079,7 +7281,7 @@ spec:
7079
7281
  - -c
7080
7282
  name: gitops-suite-app-install
7081
7283
  imagePullPolicy: Always
7082
- image: quay.io/ibmmas/cli:12.1.0
7284
+ image: quay.io/ibmmas/cli:13.1.0
7083
7285
  workspaces:
7084
7286
  - name: configs
7085
7287
  - name: shared-gitops-configs
@@ -7185,7 +7387,7 @@ spec:
7185
7387
  - -c
7186
7388
  name: gitops-suite-certs
7187
7389
  imagePullPolicy: IfNotPresent
7188
- image: quay.io/ibmmas/cli:12.1.0
7390
+ image: quay.io/ibmmas/cli:13.1.0
7189
7391
  workspaces:
7190
7392
  - name: configs
7191
7393
  - name: certificates
@@ -7355,7 +7557,7 @@ spec:
7355
7557
  - -c
7356
7558
  name: gitops-suite-config
7357
7559
  imagePullPolicy: IfNotPresent
7358
- image: quay.io/ibmmas/cli:12.1.0
7560
+ image: quay.io/ibmmas/cli:13.1.0
7359
7561
  workspaces:
7360
7562
  - name: configs
7361
7563
  - name: shared-additional-configs
@@ -7455,7 +7657,7 @@ spec:
7455
7657
  - -c
7456
7658
  name: gitops-suite-dns
7457
7659
  imagePullPolicy: IfNotPresent
7458
- image: quay.io/ibmmas/cli:12.1.0
7660
+ image: quay.io/ibmmas/cli:13.1.0
7459
7661
  workspaces:
7460
7662
  - name: configs
7461
7663
 
@@ -7579,7 +7781,7 @@ spec:
7579
7781
  - -c
7580
7782
  name: gitops-suite-idp-config
7581
7783
  imagePullPolicy: IfNotPresent
7582
- image: quay.io/ibmmas/cli:12.1.0
7784
+ image: quay.io/ibmmas/cli:13.1.0
7583
7785
  workspaces:
7584
7786
  - name: configs
7585
7787
  - name: shared-additional-configs
@@ -7680,10 +7882,268 @@ spec:
7680
7882
  - -c
7681
7883
  name: gitops-suite-objectstorage-config
7682
7884
  imagePullPolicy: IfNotPresent
7683
- image: quay.io/ibmmas/cli:12.1.0
7885
+ image: quay.io/ibmmas/cli:13.1.0
7684
7886
  workspaces:
7685
7887
  - name: configs
7686
7888
  - name: shared-gitops-configs
7889
+ # --------------------------------------------------------------------------------
7890
+ # /home/runner/work/cli/cli/tekton/target/tasks/gitops-suite-smtp-config-sendgrid.yaml
7891
+ # --------------------------------------------------------------------------------
7892
+ ---
7893
+ apiVersion: tekton.dev/v1beta1
7894
+ kind: Task
7895
+ metadata:
7896
+ name: gitops-suite-smtp-config-sendgrid
7897
+ spec:
7898
+ params:
7899
+ - name: cluster_name
7900
+ type: string
7901
+ - name: account
7902
+ type: string
7903
+ - name: secrets_path
7904
+ type: string
7905
+ - name: mas_instance_id
7906
+ type: string
7907
+ - name: git_branch
7908
+ type: string
7909
+ - name: github_org
7910
+ type: string
7911
+ - name: github_repo
7912
+ type: string
7913
+ - name: github_host
7914
+ type: string
7915
+ - name: avp_aws_secret_region
7916
+ type: string
7917
+ - name: mas_smtpcfg_pod_template_yaml
7918
+ type: string
7919
+ default: ""
7920
+
7921
+ - name: icn
7922
+ type: string
7923
+ - name: mas_domain
7924
+ type: string
7925
+ - name: cis_mas_domain
7926
+ type: string
7927
+ - name: cis_crn
7928
+ type: string
7929
+ stepTemplate:
7930
+ name: gitops-suite-smtp-config
7931
+ env:
7932
+ - name: CLUSTER_ID
7933
+ value: $(params.cluster_name)
7934
+ - name: ACCOUNT_ID
7935
+ value: $(params.account)
7936
+ - name: SECRETS_PATH
7937
+ value: $(params.secrets_path)
7938
+ - name: MAS_INSTANCE_ID
7939
+ value: $(params.mas_instance_id)
7940
+ - name: GIT_BRANCH
7941
+ value: $(params.git_branch)
7942
+ - name: GITHUB_ORG
7943
+ value: $(params.github_org)
7944
+ - name: GITHUB_HOST
7945
+ value: $(params.github_host)
7946
+ - name: GITHUB_REPO
7947
+ value: $(params.github_repo)
7948
+ - name: SM_AWS_REGION
7949
+ value: $(params.avp_aws_secret_region)
7950
+ - name: MAS_SMTPCFG_POD_TEMPLATE_YAML
7951
+ value: $(params.mas_smtpcfg_pod_template_yaml)
7952
+
7953
+ - name: ICN
7954
+ value: $(params.icn)
7955
+ - name: MAS_DOMAIN
7956
+ value: $(params.mas_domain)
7957
+ - name: CIS_MAS_DOMAIN
7958
+ value: $(params.cis_mas_domain)
7959
+ - name: CIS_CRN
7960
+ value: $(params.cis_crn)
7961
+ envFrom:
7962
+ - configMapRef:
7963
+ name: environment-properties
7964
+ optional: true
7965
+ - secretRef:
7966
+ name: secure-properties
7967
+
7968
+ steps:
7969
+ - args:
7970
+ - |-
7971
+
7972
+ # Expected secure-properties (sourced from IBM Cloud SM):
7973
+ # -------------------
7974
+ # SM_AWS_ACCESS_KEY_ID
7975
+ # SM_AWS_SECRET_ACCESS_KEY
7976
+ # SENDGRID_API_KEY
7977
+ # GITHUB_PAT
7978
+
7979
+ source /mascli/functions/gitops_utils
7980
+
7981
+ export AVP_TYPE="aws"
7982
+ sm_login || exit 1
7983
+
7984
+ # Fetch CIS API Key from AWS SM.
7985
+ # This is suitable for use with CIS instances used by MAS instances in the cluster we are targetting
7986
+ SECRET_NAME_CIS="${ACCOUNT_ID}/${CLUSTER_ID}/cis"
7987
+ echo "Getting ${SECRET_NAME_CIS} from AWS SM"
7988
+ export CIS_APIKEY="$(sm_get_secret_value "${SECRET_NAME_CIS}" "ibm_apikey")" # pragma: allowlist secret
7989
+ if [[ -z "${CIS_APIKEY}" || "${CIS_APIKEY}" == "null" ]]; then
7990
+ echo "Required AWS SM secret "${SECRET_NAME_CIS}" not found or invalid"
7991
+ exit 1
7992
+ fi
7993
+
7994
+ mkdir -p /tmp/init-suite-smtp-config
7995
+
7996
+ git config --global user.name "MAS Automation"
7997
+ git config --global user.email "you@example.com"
7998
+ git config --global user.password "${GITHUB_PAT}"
7999
+
8000
+ OUTPUT_FILE="/tmp/init-suite-smtp-config/mas-saas-sendgrid-subuser-output.yaml"
8001
+ rm "${OUTPUT_FILE}"
8002
+
8003
+ mas-saas-sendgrid-subuser \
8004
+ --customer-id "${ICN}" \
8005
+ --cis-mas-domain "${CIS_MAS_DOMAIN}" \
8006
+ --mas-account-id "${ACCOUNT_ID}" \
8007
+ --mas-cluster-id "${CLUSTER_ID}" \
8008
+ --mas-instance-id "${MAS_INSTANCE_ID}" \
8009
+ --cis-crn "${CIS_CRN}" \
8010
+ --output-file "${OUTPUT_FILE}" \
8011
+ --action create
8012
+
8013
+ rc="$?"
8014
+
8015
+ echo "mas-saas-sendgrid-subuser rc: ${rc}"
8016
+
8017
+ # Pull values out of the outfile and set them as environment vars
8018
+ if [[ -f "${OUTPUT_FILE}" ]]; then
8019
+ echo "Reading outputs from ${OUTPUT_FILE}"
8020
+ export SUBUSER_USERNAME="$(yq '.subuser.username // ""' "${OUTPUT_FILE}")" # pragma: allowlist secret
8021
+ export SUBUSER_PASSWORD="$(yq '.subuser.password // ""' "${OUTPUT_FILE}")" # pragma: allowlist secret
8022
+ export SENDGRID_APIKEY_USERNAME="apikey" # pragma: allowlist secret
8023
+ export SENDGRID_APIKEY_PASSWORD="$(yq '.apikey // ""' "${OUTPUT_FILE}")" # pragma: allowlist secret
8024
+ fi
8025
+
8026
+ # If an API key was generated by the script (even if something went wrong in later step)
8027
+ # this is our only opportunity to obtain its value so we need to register it in secrets manager now
8028
+ # so it'll be present when whatever the issue is resolved and the instance pipeline is rerun
8029
+ update_apikey_secret_rc="0"
8030
+ if [[ -n "${SENDGRID_APIKEY_PASSWORD}" ]]; then
8031
+ SECRET_NAME_SMTP="${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}/smtp"
8032
+ echo "Putting generated API Key in ${SECRET_NAME_SMTP}"
8033
+
8034
+ # NOTE: deliberately not using $SMTP_USERNAME or $SMTP_PASSWORD here, since we don't need/want the gitops-mas-config to repeat this step
8035
+ TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_suite_smtp_config_sendgrid\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
8036
+ # NOTE: running function in a subshell so we don't exit this script if something goes wrong (necessary due to the use of "set +o pipefail" in sm_update_secret)
8037
+ (sm_update_secret "${SECRET_NAME_SMTP}" "{\"username\": \"$SENDGRID_APIKEY_USERNAME\", \"password\": \"$SENDGRID_APIKEY_PASSWORD\"}" "${TAGS}")
8038
+
8039
+ # defer exiting the script if the sm_update_secret call above failed, so we have an opportunity to register other generated secrets
8040
+ update_apikey_secret_rc="$?"
8041
+ fi
8042
+
8043
+ # If a new subuser was created by the script (even if something went wrong in a later step)
8044
+ # this is our only opportunity to store the password we generated for the subuser
8045
+ update_subuser_secret_rc="0"
8046
+ if [[ -n "${SUBUSER_PASSWORD}" ]]; then
8047
+ SECRET_NAME_SENDGRID="ibm-customer/${ICN}/sendgrid_subuser"
8048
+ TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_suite_smtp_config_sendgrid\"}]"
8049
+ echo "Putting generated subuser credentials in ${SECRET_NAME_SENDGRID}"
8050
+ (sm_update_secret "${SECRET_NAME_SENDGRID}" "{\"username\": \"$SUBUSER_USERNAME\", \"password\": \"$SUBUSER_PASSWORD\"}" "${TAGS}")
8051
+
8052
+ # defer exiting the script if the sm_update_secret call above failed, so we have an opportunity to register other generated secrets
8053
+ update_subuser_secret_rc="$?"
8054
+ fi
8055
+
8056
+ echo "update_apikey_secret_rc: ${update_apikey_secret_rc}"
8057
+ echo "update_subuser_secret_rc: ${update_subuser_secret_rc}"
8058
+
8059
+ if [[ "${update_apikey_secret_rc}" != "0" ]]; then
8060
+ # We could add additional automation to deal with the (rare) edge case of the SM update failing.
8061
+ # i.e. add a "force_regenerate_api_key" flag that can be set before rerunning the pipeline
8062
+ # but I think - given the rarity - just documenting the manual resolution steps below will suffice.
8063
+ # another mitigation would be to add retry logic to the sm_update_secret call above
8064
+ echo "Failed to write generated API Key to AWS Secrets Manager!"
8065
+ echo "The API Key value is now lost and cannot be retrieved, manual intervention is required before rerunning the pipeline:"
8066
+ echo " - Log in to the SendGrid parent account"
8067
+ echo " - Switch to the subuser's account (which will start with ${ICN}, the full value will be in the logs above)"
8068
+ echo " - Locate and delete the API Key for this MAS instance - its name will be in the logs above"
8069
+ echo " - A new API Key for the MAS instance will be generated by this Task in the next pipeline run"
8070
+ rc="${update_apikey_secret_rc}"
8071
+ fi
8072
+
8073
+
8074
+
8075
+ if [[ "${update_subuser_secret_rc}" != "0" ]]; then
8076
+ # We could add additional automation to deal with the (rare) edge case of the SM update failing.
8077
+ # but I think - given the rarity - just documenting the manual resolution steps below will suffice.
8078
+ echo "Failed to write generated subuser username and password to AWS Secrets Manager!"
8079
+ echo "The generated password value is now lost and cannot be retrieved, manual intervention is required before rerunning the pipeline:"
8080
+ echo " - Log in to the SendGrid parent account"
8081
+ echo " - Go to Settings -> Subuser management"
8082
+ echo " - Locate and delete the subuser generated by the script above. The username will start with ${ICN}, the full value will be in the logs above."
8083
+ echo " - A new subuser will be created for the customer in the next pipeline run"
8084
+ rc="${update_subuser_secret_rc}"
8085
+ fi
8086
+
8087
+
8088
+ if [[ "${rc}" != "0" ]]; then
8089
+ echo "mas-saas-sendgrid-subuser failed with rc ${rc}"
8090
+ exit ${rc}
8091
+ fi
8092
+
8093
+ export SMTP_DISPLAY_NAME="SendGrid"
8094
+ export SMTP_HOST="smtp.sendgrid.net"
8095
+ export SMTP_PORT="465"
8096
+ export SMTP_SECURITY="SSL"
8097
+ export SMTP_AUTHENTICATION="true"
8098
+ export SMTP_DEFAULT_SENDER_EMAIL="mas.admin@${CIS_MAS_DOMAIN:-${MAS_DOMAIN}}" # use dns.cis.mas_domain if set, otherwise fallback to mas_instance.mas_domain
8099
+ export SMTP_DEFAULT_SENDER_NAME="MASAdmin"
8100
+ export SMTP_DEFAULT_RECIPIENT_EMAIL="mas.ms.smtp@ibm.com"
8101
+ export SMTP_DEFAULT_SHOULD_EMAIL_PASSWORDS="true"
8102
+
8103
+ # Ensure any SMTP_USERNAME/SMTP_PASSWORD values set in pipeline context properties
8104
+ # are not used by the gitops-mas-config script to override the values in the AWS SM Secret
8105
+ unset SMTP_USERNAME
8106
+ unset SMTP_PASSWORD
8107
+
8108
+ mas gitops-mas-config \
8109
+ --account-id "$ACCOUNT_ID" \
8110
+ --cluster-id "$CLUSTER_ID" \
8111
+ --mas-instance-id "$MAS_INSTANCE_ID" \
8112
+ --secrets-path "$SECRETS_PATH" \
8113
+ --github-push \
8114
+ --github-host "$GITHUB_HOST" \
8115
+ --github-org "$GITHUB_ORG" \
8116
+ --github-repo "$GITHUB_REPO" \
8117
+ --git-branch "$GIT_BRANCH" \
8118
+ --config-action upsert \
8119
+ --mas-config-scope system \
8120
+ --mas-config-type smtp \
8121
+ --dir /tmp/init-suite-smtp-config \
8122
+ --smtp-display-name "${SMTP_DISPLAY_NAME}" \
8123
+ --smtp-host "${SMTP_HOST}" \
8124
+ --smtp-port "${SMTP_PORT}" \
8125
+ --smtp-security "${SMTP_SECURITY}" \
8126
+ --smtp-authentication "${SMTP_AUTHENTICATION}" \
8127
+ --smtp-default-sender-email "${SMTP_DEFAULT_SENDER_EMAIL}" \
8128
+ --smtp-default-sender-name "${SMTP_DEFAULT_SENDER_NAME}" \
8129
+ --smtp-default-recipient-email "${SMTP_DEFAULT_RECIPIENT_EMAIL}" \
8130
+ --smtp-default-should-email-passwords "${SMTP_DEFAULT_SHOULD_EMAIL_PASSWORDS}" \
8131
+ --mas-smtpcfg-pod-template-yaml "${MAS_SMTPCFG_POD_TEMPLATE_YAML}"
8132
+
8133
+ exit $?
8134
+
8135
+ command:
8136
+ - /bin/sh
8137
+ - -c
8138
+ name: gitops-suite-smtp-config-sendgrid
8139
+ imagePullPolicy: IfNotPresent
8140
+ image: docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/mas/saas-task:latest
8141
+ workspaces:
8142
+ - name: configs
8143
+
8144
+
8145
+
8146
+
7687
8147
  # --------------------------------------------------------------------------------
7688
8148
  # /home/runner/work/cli/cli/tekton/target/tasks/gitops-suite-smtp-config.yaml
7689
8149
  # --------------------------------------------------------------------------------
@@ -7821,7 +8281,7 @@ spec:
7821
8281
  - -c
7822
8282
  name: gitops-suite-smtp-config
7823
8283
  imagePullPolicy: IfNotPresent
7824
- image: quay.io/ibmmas/cli:12.1.0
8284
+ image: quay.io/ibmmas/cli:13.1.0
7825
8285
  workspaces:
7826
8286
  - name: configs
7827
8287
 
@@ -7930,7 +8390,7 @@ spec:
7930
8390
  - -c
7931
8391
  name: gitops-suite-watson-studio-config
7932
8392
  imagePullPolicy: IfNotPresent
7933
- image: quay.io/ibmmas/cli:12.1.0
8393
+ image: quay.io/ibmmas/cli:13.1.0
7934
8394
  workspaces:
7935
8395
  - name: configs
7936
8396
  - name: shared-gitops-configs
@@ -8027,7 +8487,7 @@ spec:
8027
8487
  - -c
8028
8488
  name: gitops-suite-workspace
8029
8489
  imagePullPolicy: IfNotPresent
8030
- image: quay.io/ibmmas/cli:12.1.0
8490
+ image: quay.io/ibmmas/cli:13.1.0
8031
8491
  workspaces:
8032
8492
  - name: configs
8033
8493
  # --------------------------------------------------------------------------------
@@ -8157,6 +8617,8 @@ spec:
8157
8617
  - name: mas_wipe_mongo_data
8158
8618
  type: string
8159
8619
  default: "false"
8620
+ - name: oidc
8621
+ type: string
8160
8622
  stepTemplate:
8161
8623
  name: gitops-suite
8162
8624
  env:
@@ -8252,6 +8714,9 @@ spec:
8252
8714
  value: $(params.mas_pod_template_yaml)
8253
8715
  - name: MAS_WIPE_MONGO_DATA
8254
8716
  value: $(params.mas_wipe_mongo_data)
8717
+
8718
+ - name: OIDC_CONFIG
8719
+ value: $(params.oidc)
8255
8720
  envFrom:
8256
8721
  - configMapRef:
8257
8722
  name: environment-properties
@@ -8307,7 +8772,7 @@ spec:
8307
8772
  - -c
8308
8773
  name: gitops-suite
8309
8774
  imagePullPolicy: IfNotPresent
8310
- image: quay.io/ibmmas/cli:12.1.0
8775
+ image: quay.io/ibmmas/cli:13.1.0
8311
8776
  workspaces:
8312
8777
  - name: configs
8313
8778
  - name: shared-gitops-configs
@@ -8357,7 +8822,7 @@ spec:
8357
8822
 
8358
8823
  steps:
8359
8824
  - name: grafana
8360
- image: quay.io/ibmmas/cli:12.1.0
8825
+ image: quay.io/ibmmas/cli:13.1.0
8361
8826
  imagePullPolicy: $(params.image_pull_policy)
8362
8827
  command:
8363
8828
  - /opt/app-root/src/run-role.sh
@@ -8491,7 +8956,7 @@ spec:
8491
8956
  command:
8492
8957
  - /opt/app-root/src/run-role.sh
8493
8958
  - ibm_catalogs
8494
- image: quay.io/ibmmas/cli:12.1.0
8959
+ image: quay.io/ibmmas/cli:13.1.0
8495
8960
  imagePullPolicy: $(params.image_pull_policy)
8496
8961
  workingDir: /workspace/configs
8497
8962
  # --------------------------------------------------------------------------------
@@ -8733,7 +9198,7 @@ spec:
8733
9198
  command:
8734
9199
  - /opt/app-root/src/run-role.sh
8735
9200
  - kafka
8736
- image: quay.io/ibmmas/cli:12.1.0
9201
+ image: quay.io/ibmmas/cli:13.1.0
8737
9202
  imagePullPolicy: $(params.image_pull_policy)
8738
9203
  workingDir: /workspace/configs
8739
9204
 
@@ -8949,7 +9414,7 @@ spec:
8949
9414
  command:
8950
9415
  - /opt/app-root/src/run-role.sh
8951
9416
  - kmodels
8952
- image: quay.io/ibmmas/cli:12.1.0
9417
+ image: quay.io/ibmmas/cli:13.1.0
8953
9418
  imagePullPolicy: $(params.image_pull_policy)
8954
9419
  # --------------------------------------------------------------------------------
8955
9420
  # /home/runner/work/cli/cli/tekton/target/tasks/mongodb.yaml
@@ -9127,7 +9592,7 @@ spec:
9127
9592
  command:
9128
9593
  - /opt/app-root/src/run-role.sh
9129
9594
  - mongodb
9130
- image: quay.io/ibmmas/cli:12.1.0
9595
+ image: quay.io/ibmmas/cli:13.1.0
9131
9596
  imagePullPolicy: $(params.image_pull_policy)
9132
9597
  workingDir: /workspace/configs
9133
9598
 
@@ -9170,7 +9635,7 @@ spec:
9170
9635
  - $(params.base_output_dir)
9171
9636
  - --extra-namespaces
9172
9637
  - selenium
9173
- image: quay.io/ibmmas/cli:12.1.0
9638
+ image: quay.io/ibmmas/cli:13.1.0
9174
9639
  imagePullPolicy: $(params.image_pull_policy)
9175
9640
  env:
9176
9641
  - name: DEVOPS_MONGO_URI
@@ -9287,7 +9752,7 @@ spec:
9287
9752
  command:
9288
9753
  - /opt/app-root/src/run-role.sh
9289
9754
  - nvidia_gpu
9290
- image: quay.io/ibmmas/cli:12.1.0
9755
+ image: quay.io/ibmmas/cli:13.1.0
9291
9756
  imagePullPolicy: $(params.image_pull_policy)
9292
9757
  workingDir: /workspace/configs
9293
9758
 
@@ -9323,7 +9788,7 @@ spec:
9323
9788
  # Verify Cluster
9324
9789
  # -------------------------------------------------------------------------
9325
9790
  - name: ocp-verify-cluster
9326
- image: quay.io/ibmmas/cli:12.1.0
9791
+ image: quay.io/ibmmas/cli:13.1.0
9327
9792
  imagePullPolicy: $(params.image_pull_policy)
9328
9793
  command:
9329
9794
  - /opt/app-root/src/run-role.sh
@@ -9365,7 +9830,7 @@ spec:
9365
9830
  # Verify Catalogs
9366
9831
  # -------------------------------------------------------------------------
9367
9832
  - name: ocp-verify-catalogs
9368
- image: quay.io/ibmmas/cli:12.1.0
9833
+ image: quay.io/ibmmas/cli:13.1.0
9369
9834
  imagePullPolicy: $(params.image_pull_policy)
9370
9835
  command:
9371
9836
  - /opt/app-root/src/run-role.sh
@@ -9407,7 +9872,7 @@ spec:
9407
9872
  # Verify Subscriptions
9408
9873
  # -------------------------------------------------------------------------
9409
9874
  - name: ocp-verify-subscriptions
9410
- image: quay.io/ibmmas/cli:12.1.0
9875
+ image: quay.io/ibmmas/cli:13.1.0
9411
9876
  imagePullPolicy: $(params.image_pull_policy)
9412
9877
  command:
9413
9878
  - /opt/app-root/src/run-role.sh
@@ -9449,7 +9914,7 @@ spec:
9449
9914
  # Verify Workloads
9450
9915
  # -------------------------------------------------------------------------
9451
9916
  - name: ocp-verify-workloads
9452
- image: quay.io/ibmmas/cli:12.1.0
9917
+ image: quay.io/ibmmas/cli:13.1.0
9453
9918
  imagePullPolicy: $(params.image_pull_policy)
9454
9919
  command:
9455
9920
  - /opt/app-root/src/run-role.sh
@@ -9491,7 +9956,7 @@ spec:
9491
9956
  # Verify Catalogs - Ingress TLS
9492
9957
  # -------------------------------------------------------------------------
9493
9958
  - name: ocp-verify-ingress
9494
- image: quay.io/ibmmas/cli:12.1.0
9959
+ image: quay.io/ibmmas/cli:13.1.0
9495
9960
  imagePullPolicy: $(params.image_pull_policy)
9496
9961
  command:
9497
9962
  - /opt/app-root/src/run-role.sh
@@ -9617,7 +10082,7 @@ spec:
9617
10082
  command:
9618
10083
  - /opt/app-root/src/run-role.sh
9619
10084
  - ocp_verify
9620
- image: quay.io/ibmmas/cli:12.1.0
10085
+ image: quay.io/ibmmas/cli:13.1.0
9621
10086
  imagePullPolicy: $(params.image_pull_policy)
9622
10087
  workingDir: /workspace/configs
9623
10088
  # --------------------------------------------------------------------------------
@@ -9685,7 +10150,7 @@ spec:
9685
10150
  command:
9686
10151
  - /opt/app-root/src/run-role.sh
9687
10152
  - ocs
9688
- image: quay.io/ibmmas/cli:12.1.0
10153
+ image: quay.io/ibmmas/cli:13.1.0
9689
10154
  imagePullPolicy: $(params.image_pull_policy)
9690
10155
  workingDir: /workspace/configs
9691
10156
 
@@ -9921,7 +10386,7 @@ spec:
9921
10386
  command:
9922
10387
  - /opt/app-root/src/run-role.sh
9923
10388
  - odh
9924
- image: quay.io/ibmmas/cli:12.1.0
10389
+ image: quay.io/ibmmas/cli:13.1.0
9925
10390
  imagePullPolicy: $(params.image_pull_policy)
9926
10391
  # --------------------------------------------------------------------------------
9927
10392
  # /home/runner/work/cli/cli/tekton/target/tasks/sls-registry-update.yaml
@@ -10097,7 +10562,7 @@ spec:
10097
10562
  command:
10098
10563
  - /opt/app-root/src/run-role.sh
10099
10564
  - sls
10100
- image: quay.io/ibmmas/cli:12.1.0
10565
+ image: quay.io/ibmmas/cli:13.1.0
10101
10566
  imagePullPolicy: $(params.image_pull_policy)
10102
10567
  workingDir: /workspace/configs
10103
10568
 
@@ -10486,12 +10951,12 @@ spec:
10486
10951
  command:
10487
10952
  - /opt/app-root/src/run-role.sh
10488
10953
  - suite_app_config
10489
- image: quay.io/ibmmas/cli:12.1.0
10954
+ image: quay.io/ibmmas/cli:13.1.0
10490
10955
  imagePullPolicy: $(params.image_pull_policy)
10491
10956
 
10492
- # If configmap/approval-app-cfg-$(params.mas_app_id) exists then set CONFIGMAP_KEY=pending and wait for it to be changed to "approved"
10957
+ # If configmap/approval-app-cfg-$(params.mas_app_id) exists then set STATUS=pending and wait for it to be changed to "approved"
10493
10958
  - name: app-cfg-post-verify
10494
- image: quay.io/ibmmas/cli:12.1.0
10959
+ image: quay.io/ibmmas/cli:13.1.0
10495
10960
  imagePullPolicy: $(params.image_pull_policy)
10496
10961
  command:
10497
10962
  - /opt/app-root/src/wait-for-configmap.sh
@@ -10500,12 +10965,6 @@ spec:
10500
10965
  value: $(context.taskRun.namespace)
10501
10966
  - name: CONFIGMAP_NAME
10502
10967
  value: approval-app-cfg-$(params.mas_app_id)
10503
- - name: CONFIGMAP_KEY
10504
- valueFrom:
10505
- configMapKeyRef:
10506
- name: approval-app-cfg-$(params.mas_app_id)
10507
- key: CONFIGMAP_KEY
10508
- optional: true
10509
10968
  - name: CONFIGMAP_INITIAL_VALUE
10510
10969
  value: pending
10511
10970
  - name: CONFIGMAP_TARGET_VALUE
@@ -10692,7 +11151,7 @@ spec:
10692
11151
  command:
10693
11152
  - /opt/app-root/src/run-role.sh
10694
11153
  - suite_app_install
10695
- image: quay.io/ibmmas/cli:12.1.0
11154
+ image: quay.io/ibmmas/cli:13.1.0
10696
11155
  imagePullPolicy: $(params.image_pull_policy)
10697
11156
 
10698
11157
  workspaces:
@@ -10781,7 +11240,7 @@ spec:
10781
11240
  command:
10782
11241
  - /opt/app-root/src/run-role.sh
10783
11242
  - suite_app_rollback
10784
- image: quay.io/ibmmas/cli:12.1.0
11243
+ image: quay.io/ibmmas/cli:13.1.0
10785
11244
  imagePullPolicy: $(params.image_pull_policy)
10786
11245
  # --------------------------------------------------------------------------------
10787
11246
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-app-uninstall.yaml
@@ -10844,7 +11303,7 @@ spec:
10844
11303
  command:
10845
11304
  - /opt/app-root/src/run-role.sh
10846
11305
  - suite_app_uninstall
10847
- image: quay.io/ibmmas/cli:12.1.0
11306
+ image: quay.io/ibmmas/cli:13.1.0
10848
11307
  imagePullPolicy: $(params.image_pull_policy)
10849
11308
  # --------------------------------------------------------------------------------
10850
11309
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-app-upgrade.yaml
@@ -10919,7 +11378,7 @@ spec:
10919
11378
  command:
10920
11379
  - /opt/app-root/src/run-role.sh
10921
11380
  - suite_app_upgrade
10922
- image: quay.io/ibmmas/cli:12.1.0
11381
+ image: quay.io/ibmmas/cli:13.1.0
10923
11382
  imagePullPolicy: $(params.image_pull_policy)
10924
11383
  # --------------------------------------------------------------------------------
10925
11384
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-app-verify.yaml
@@ -11020,7 +11479,7 @@ spec:
11020
11479
  command:
11021
11480
  - /opt/app-root/src/run-role.sh
11022
11481
  - suite_app_verify
11023
- image: quay.io/ibmmas/cli:12.1.0
11482
+ image: quay.io/ibmmas/cli:13.1.0
11024
11483
  imagePullPolicy: $(params.image_pull_policy)
11025
11484
  # --------------------------------------------------------------------------------
11026
11485
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-certs.yaml
@@ -11163,7 +11622,7 @@ spec:
11163
11622
  command:
11164
11623
  - /opt/app-root/src/run-role.sh
11165
11624
  - suite_certs
11166
- image: quay.io/ibmmas/cli:12.1.0
11625
+ image: quay.io/ibmmas/cli:13.1.0
11167
11626
  imagePullPolicy: $(params.image_pull_policy)
11168
11627
 
11169
11628
  workspaces:
@@ -11230,7 +11689,7 @@ spec:
11230
11689
  command:
11231
11690
  - /opt/app-root/src/run-role.sh
11232
11691
  - suite_config
11233
- image: quay.io/ibmmas/cli:12.1.0
11692
+ image: quay.io/ibmmas/cli:13.1.0
11234
11693
  imagePullPolicy: $(params.image_pull_policy)
11235
11694
  workingDir: /workspace/configs
11236
11695
 
@@ -11301,7 +11760,7 @@ spec:
11301
11760
  command:
11302
11761
  - /opt/app-root/src/run-role.sh
11303
11762
  - suite_db2_setup_for_manage
11304
- image: quay.io/ibmmas/cli:12.1.0
11763
+ image: quay.io/ibmmas/cli:13.1.0
11305
11764
  imagePullPolicy: $(params.image_pull_policy)
11306
11765
  # --------------------------------------------------------------------------------
11307
11766
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-dns.yaml
@@ -11491,7 +11950,7 @@ spec:
11491
11950
  command:
11492
11951
  - /opt/app-root/src/run-role.sh
11493
11952
  - suite_dns
11494
- image: quay.io/ibmmas/cli:12.1.0
11953
+ image: quay.io/ibmmas/cli:13.1.0
11495
11954
  imagePullPolicy: $(params.image_pull_policy)
11496
11955
  # --------------------------------------------------------------------------------
11497
11956
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-install.yaml
@@ -11740,7 +12199,7 @@ spec:
11740
12199
  command:
11741
12200
  - /opt/app-root/src/run-role.sh
11742
12201
  - suite_install
11743
- image: quay.io/ibmmas/cli:12.1.0
12202
+ image: quay.io/ibmmas/cli:13.1.0
11744
12203
  imagePullPolicy: $(params.image_pull_policy)
11745
12204
  workingDir: /workspace/configs
11746
12205
 
@@ -11828,7 +12287,7 @@ spec:
11828
12287
  command:
11829
12288
  - /opt/app-root/src/run-role.sh
11830
12289
  - suite_rollback
11831
- image: quay.io/ibmmas/cli:12.1.0
12290
+ image: quay.io/ibmmas/cli:13.1.0
11832
12291
  imagePullPolicy: $(params.image_pull_policy)
11833
12292
  # --------------------------------------------------------------------------------
11834
12293
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-uninstall.yaml
@@ -11893,7 +12352,7 @@ spec:
11893
12352
  command:
11894
12353
  - /opt/app-root/src/run-role.sh
11895
12354
  - suite_uninstall
11896
- image: quay.io/ibmmas/cli:12.1.0
12355
+ image: quay.io/ibmmas/cli:13.1.0
11897
12356
  imagePullPolicy: $(params.image_pull_policy)
11898
12357
  # --------------------------------------------------------------------------------
11899
12358
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-upgrade.yaml
@@ -11963,7 +12422,7 @@ spec:
11963
12422
  command:
11964
12423
  - /opt/app-root/src/run-role.sh
11965
12424
  - suite_upgrade
11966
- image: quay.io/ibmmas/cli:12.1.0
12425
+ image: quay.io/ibmmas/cli:13.1.0
11967
12426
  imagePullPolicy: $(params.image_pull_policy)
11968
12427
  # --------------------------------------------------------------------------------
11969
12428
  # /home/runner/work/cli/cli/tekton/target/tasks/suite-verify.yaml
@@ -12030,12 +12489,12 @@ spec:
12030
12489
  command:
12031
12490
  - /opt/app-root/src/run-role.sh
12032
12491
  - suite_verify
12033
- image: quay.io/ibmmas/cli:12.1.0
12492
+ image: quay.io/ibmmas/cli:13.1.0
12034
12493
  imagePullPolicy: $(params.image_pull_policy)
12035
12494
 
12036
- # If configmap/approval-suite-verify exists then set CONFIGMAP_KEY=pending and wait for it to be changed to "approved"
12495
+ # If configmap/approval-suite-verify exists then set STATUS=pending and wait for it to be changed to "approved"
12037
12496
  - name: suite-post-verify
12038
- image: quay.io/ibmmas/cli:12.1.0
12497
+ image: quay.io/ibmmas/cli:13.1.0
12039
12498
  imagePullPolicy: $(params.image_pull_policy)
12040
12499
  script: |
12041
12500
  #!/usr/bin/env bash
@@ -12047,12 +12506,6 @@ spec:
12047
12506
  value: $(context.taskRun.namespace)
12048
12507
  - name: CONFIGMAP_NAME
12049
12508
  value: approval-suite-verify
12050
- - name: CONFIGMAP_KEY
12051
- valueFrom:
12052
- configMapKeyRef:
12053
- name: approval-suite-verify
12054
- key: CONFIGMAP_KEY
12055
- optional: true
12056
12509
  - name: CONFIGMAP_INITIAL_VALUE
12057
12510
  value: pending
12058
12511
  - name: CONFIGMAP_TARGET_VALUE
@@ -12169,7 +12622,7 @@ spec:
12169
12622
  command:
12170
12623
  - /opt/app-root/src/run-role.sh
12171
12624
  - turbonomic
12172
- image: quay.io/ibmmas/cli:12.1.0
12625
+ image: quay.io/ibmmas/cli:13.1.0
12173
12626
  imagePullPolicy: $(params.image_pull_policy)
12174
12627
  # --------------------------------------------------------------------------------
12175
12628
  # /home/runner/work/cli/cli/tekton/target/tasks/uds.yaml
@@ -12250,7 +12703,7 @@ spec:
12250
12703
  # IBM User Data Services (UDS)
12251
12704
  # -------------------------------------------------------------------------
12252
12705
  - name: uds
12253
- image: quay.io/ibmmas/cli:12.1.0
12706
+ image: quay.io/ibmmas/cli:13.1.0
12254
12707
  imagePullPolicy: $(params.image_pull_policy)
12255
12708
  workingDir: /workspace/configs
12256
12709
  command:
@@ -12313,7 +12766,7 @@ spec:
12313
12766
  # IBM Data Reporter Operator (DRO)
12314
12767
  # -------------------------------------------------------------------------
12315
12768
  - name: dro
12316
- image: quay.io/ibmmas/cli:12.1.0
12769
+ image: quay.io/ibmmas/cli:13.1.0
12317
12770
  imagePullPolicy: $(params.image_pull_policy)
12318
12771
  workingDir: /workspace/configs
12319
12772
  command:
@@ -12387,29 +12840,27 @@ metadata:
12387
12840
  spec:
12388
12841
  params:
12389
12842
  # What configmap to update
12843
+ - name: configmap_namespace
12844
+ type: string
12845
+ description: "The namespace of the configmap to update"
12846
+ default: $(context.taskRun.namespace)
12390
12847
  - name: configmap_name
12391
12848
  type: string
12392
12849
  description: "The name of the configmap to update"
12393
- - name: configmap_key
12394
- type: string
12395
- description: "The key in the configmap to update (defaults to 'STATUS')"
12396
- default: "STATUS"
12397
12850
  - name: configmap_value
12398
12851
  type: string
12399
12852
  description: "The value to set"
12400
12853
  steps:
12401
12854
  - name: update-configmap
12402
- image: quay.io/ibmmas/cli:12.1.0
12855
+ image: quay.io/ibmmas/cli:13.1.0
12403
12856
  command:
12404
12857
  - /opt/app-root/src/update-configmap.sh
12405
12858
  env:
12406
12859
  # What to wait for
12407
12860
  - name: NAMESPACE
12408
- value: $(context.taskRun.namespace)
12861
+ value: $(params.configmap_namespace)
12409
12862
  - name: CONFIGMAP_NAME
12410
12863
  value: $(params.configmap_name)
12411
- - name: CONFIGMAP_KEY
12412
- value: $(params.configmap_key)
12413
12864
  - name: CONFIGMAP_VALUE
12414
12865
  value: $(params.configmap_value)
12415
12866
  # --------------------------------------------------------------------------------
@@ -12422,6 +12873,10 @@ metadata:
12422
12873
  name: mas-devops-wait-for-configmap-v2
12423
12874
  spec:
12424
12875
  params:
12876
+ - name: configmap_namespace
12877
+ type: string
12878
+ description: "The namespace of the configmap to wait for"
12879
+ default: $(context.taskRun.namespace)
12425
12880
  - name: configmap_name
12426
12881
  type: string
12427
12882
  description: "The name of the configmap to wait for"
@@ -12439,28 +12894,20 @@ spec:
12439
12894
  type: string
12440
12895
  description: "The name of the configmap wait for"
12441
12896
  default: ""
12442
- - name: escape_configmap_key
12443
- type: string
12444
12897
  description: "The key in the configmap to watch for"
12445
12898
  default: ""
12446
12899
 
12447
12900
  steps:
12448
12901
  - name: wait-for-configmap
12449
- image: quay.io/ibmmas/cli:12.1.0
12902
+ image: quay.io/ibmmas/cli:13.1.0
12450
12903
  command:
12451
12904
  - /opt/app-root/src/wait-for-configmap.sh
12452
12905
  env:
12453
12906
  # What to wait for
12454
12907
  - name: NAMESPACE
12455
- value: $(context.taskRun.namespace)
12908
+ value: $(params.configmap_namespace)
12456
12909
  - name: CONFIGMAP_NAME
12457
12910
  value: $(params.configmap_name)
12458
- - name: CONFIGMAP_KEY
12459
- valueFrom:
12460
- configMapKeyRef:
12461
- name: $(params.configmap_name)
12462
- key: CONFIGMAP_KEY
12463
- optional: true
12464
12911
  - name: CONFIGMAP_INITIAL_VALUE
12465
12912
  value: $(params.configmap_initial_value)
12466
12913
  - name: CONFIGMAP_TARGET_VALUE
@@ -12483,8 +12930,6 @@ spec:
12483
12930
  # Optional escape route
12484
12931
  - name: ESCAPE_CONFIGMAP_NAME
12485
12932
  value: $(params.escape_configmap_name)
12486
- - name: ESCAPE_CONFIGMAP_KEY
12487
- value: $(params.escape_configmap_key)
12488
12933
 
12489
12934
  # How to handle errors
12490
12935
  - name: IGNORE_FAILURE
@@ -12507,9 +12952,6 @@ spec:
12507
12952
  - name: configmap_name
12508
12953
  type: string
12509
12954
  description: "The name of the configmap wait for"
12510
- - name: configmap_key
12511
- type: string
12512
- description: "The key in the configmap to watch for"
12513
12955
  - name: configmap_target_value
12514
12956
  type: string
12515
12957
  description: "The value to wait for the configmap to change to"
@@ -12519,10 +12961,6 @@ spec:
12519
12961
  type: string
12520
12962
  description: "The name of the configmap wait for"
12521
12963
  default: ""
12522
- - name: escape_configmap_key
12523
- type: string
12524
- description: "The key in the configmap to watch for"
12525
- default: ""
12526
12964
 
12527
12965
  # How long to wait
12528
12966
  - name: delay
@@ -12542,7 +12980,7 @@ spec:
12542
12980
 
12543
12981
  steps:
12544
12982
  - name: wait-for-configmap
12545
- image: quay.io/ibmmas/cli:12.1.0
12983
+ image: quay.io/ibmmas/cli:13.1.0
12546
12984
  command:
12547
12985
  - /opt/app-root/src/wait-for-configmap.sh
12548
12986
  env:
@@ -12551,16 +12989,12 @@ spec:
12551
12989
  value: $(context.taskRun.namespace)
12552
12990
  - name: CONFIGMAP_NAME
12553
12991
  value: $(params.configmap_name)
12554
- - name: CONFIGMAP_KEY
12555
- value: $(params.configmap_key)
12556
12992
  - name: CONFIGMAP_TARGET_VALUE
12557
12993
  value: $(params.configmap_target_value)
12558
12994
 
12559
12995
  # Optional escape route
12560
12996
  - name: ESCAPE_CONFIGMAP_NAME
12561
12997
  value: $(params.escape_configmap_name)
12562
- - name: ESCAPE_CONFIGMAP_KEY
12563
- value: $(params.escape_configmap_key)
12564
12998
 
12565
12999
  # How long to wait
12566
13000
  - name: DELAY
@@ -12606,7 +13040,7 @@ spec:
12606
13040
 
12607
13041
  steps:
12608
13042
  - name: wait
12609
- image: quay.io/ibmmas/cli:12.1.0
13043
+ image: quay.io/ibmmas/cli:13.1.0
12610
13044
  command:
12611
13045
  - /opt/app-root/src/wait-for-tekton.sh
12612
13046
  env:
@@ -13545,8 +13979,18 @@ spec:
13545
13979
  - name: jdbc_route_manage
13546
13980
  type: string
13547
13981
  default: ""
13982
+
13983
+ - name: sls_license_icn
13984
+ type: string
13985
+ - name: cis_crn
13986
+ type: string
13987
+ - name: cis_mas_domain
13988
+ type: string
13989
+ - name: smtp_use_sendgrid
13990
+ type: string
13991
+ default: ""
13548
13992
  tasks:
13549
- # 1. Deprovision workspace
13993
+ # Deprovision workspace
13550
13994
  # -------------------------------------------------------------------------
13551
13995
  - name: gitops-deprovision-suite-workspace
13552
13996
  params:
@@ -13587,7 +14031,45 @@ spec:
13587
14031
  - name: configs
13588
14032
  workspace: configs
13589
14033
 
13590
- # 2. Deprovision SMTP config
14034
+ # Deprovision SendGrid subuser
14035
+ # -------------------------------------------------------------------------
14036
+ - name: gitops-deprovision-suite-sendgrid-subuser
14037
+ params:
14038
+ - name: cluster_name
14039
+ value: $(params.cluster_name)
14040
+ - name: account
14041
+ value: $(params.account)
14042
+ - name: mas_instance_id
14043
+ value: $(params.mas_instance_id)
14044
+ - name: icn
14045
+ value: $(params.sls_license_icn)
14046
+ - name: cis_mas_domain
14047
+ value: $(params.cis_mas_domain)
14048
+ - name: cis_crn
14049
+ value: $(params.cis_crn)
14050
+ - name: avp_aws_secret_region
14051
+ value: $(params.avp_aws_secret_region)
14052
+ taskRef:
14053
+ kind: Task
14054
+ name: gitops-deprovision-suite-sendgrid-subuser
14055
+ when:
14056
+ # Task uses an IBM internal image and cannot be used outside of the internal IBM Toolchains
14057
+ # To make sure this task is only run when this is the case, reference a field that
14058
+ # but corresponds to another IBM-internal only feature that will also still be present after smtp config is removed
14059
+ # sls.license.icn is a good choice for this, it also happens to be a required input to the sendgrid scripts
14060
+ - input: "$(params.sls_license_icn)"
14061
+ operator: notin
14062
+ values: [""]
14063
+
14064
+ # only attempt Subuser teardown if the instance was configured to use automated sendgrid subuser management at the time of deprovisioning
14065
+ - input: "$(params.smtp_use_sendgrid)"
14066
+ operator: in
14067
+ values: ["true"]
14068
+ workspaces:
14069
+ - name: configs
14070
+ workspace: configs
14071
+
14072
+ # Deprovision SMTP config
13591
14073
  # -------------------------------------------------------------------------
13592
14074
  - name: gitops-deprovision-suite-smtp-config
13593
14075
  runAfter:
@@ -13626,7 +14108,7 @@ spec:
13626
14108
  - name: configs
13627
14109
  workspace: configs
13628
14110
 
13629
- # 3. Deprovision IDP config
14111
+ # Deprovision IDP config
13630
14112
  # -------------------------------------------------------------------------
13631
14113
  - name: gitops-deprovision-suite-idp-config
13632
14114
  runAfter:
@@ -13665,7 +14147,7 @@ spec:
13665
14147
  - name: configs
13666
14148
  workspace: configs
13667
14149
 
13668
- # 4. Deprovision Suite config
14150
+ # Deprovision Suite config
13669
14151
  # -------------------------------------------------------------------------
13670
14152
  - name: gitops-deprovision-suite-config
13671
14153
  runAfter:
@@ -13715,7 +14197,7 @@ spec:
13715
14197
  name: gitops-deprovision-suite-config
13716
14198
  kind: Task
13717
14199
 
13718
- # 5. Deprovision Suite config
14200
+ # Deprovision Suite config
13719
14201
  # -------------------------------------------------------------------------
13720
14202
  - name: gitops-deprovision-suite
13721
14203
  runAfter:
@@ -13756,7 +14238,7 @@ spec:
13756
14238
  - name: configs
13757
14239
  workspace: configs
13758
14240
 
13759
- # 8. Deprovision Kafka config
14241
+ # Deprovision Kafka config
13760
14242
  # -------------------------------------------------------------------------
13761
14243
  - name: gitops-delete-kafka-config
13762
14244
  runAfter:
@@ -13797,7 +14279,7 @@ spec:
13797
14279
  kind: Task
13798
14280
  name: gitops-delete-kafka-config
13799
14281
 
13800
- # 9. Deprovision Objectstorage config
14282
+ # Deprovision Objectstorage config
13801
14283
  # -------------------------------------------------------------------------
13802
14284
  - name: gitops-deprovision-suite-objectstorage-config
13803
14285
  runAfter:
@@ -13836,7 +14318,7 @@ spec:
13836
14318
  - name: configs
13837
14319
  workspace: configs
13838
14320
 
13839
- # 10. Deprovision Watson Studio config
14321
+ # Deprovision Watson Studio config
13840
14322
  # -------------------------------------------------------------------------
13841
14323
  - name: gitops-deprovision-suite-watson-studio-config
13842
14324
  runAfter:
@@ -13875,7 +14357,7 @@ spec:
13875
14357
  - name: configs
13876
14358
  workspace: configs
13877
14359
 
13878
- # 11. Deprovision DB2U Operator
14360
+ # Deprovision DB2U Operator
13879
14361
  # -------------------------------------------------------------------------
13880
14362
  - name: gitops-deprovision-db2u
13881
14363
  runAfter:
@@ -17715,6 +18197,7 @@ spec:
17715
18197
  - name: ingress
17716
18198
  type: string
17717
18199
  default: "false"
18200
+
17718
18201
  - name: group_sync_operator_cron_schedule
17719
18202
  type: string
17720
18203
  default: ''
@@ -17724,9 +18207,17 @@ spec:
17724
18207
  - name: group_sync_operator_isv_groups
17725
18208
  type: string
17726
18209
  default: ''
18210
+
17727
18211
  - name: ibm_rbac_binding_to_group
17728
18212
  type: string
17729
18213
  default: ''
18214
+
18215
+ - name: falcon_operator_cloud_region
18216
+ type: string
18217
+ default: ''
18218
+ - name: falcon_operator_node_sensor
18219
+ type: string
18220
+ default: ''
17730
18221
  tasks:
17731
18222
  - name: gitops-cluster
17732
18223
  params:
@@ -17799,14 +18290,21 @@ spec:
17799
18290
  value: $(params.dns_provider)
17800
18291
  - name: ingress
17801
18292
  value: $(params.ingress)
18293
+
17802
18294
  - name: group_sync_operator_cron_schedule
17803
18295
  value: $(params.group_sync_operator_cron_schedule)
17804
18296
  - name: group_sync_operator_isv_tenant_url
17805
18297
  value: $(params.group_sync_operator_isv_tenant_url)
17806
18298
  - name: group_sync_operator_isv_groups
17807
18299
  value: $(params.group_sync_operator_isv_groups)
18300
+
17808
18301
  - name: ibm_rbac_binding_to_group
17809
18302
  value: $(params.ibm_rbac_binding_to_group)
18303
+
18304
+ - name: falcon_operator_cloud_region
18305
+ value: $(params.falcon_operator_cloud_region)
18306
+ - name: falcon_operator_node_sensor
18307
+ value: $(params.falcon_operator_node_sensor)
17810
18308
  taskRef:
17811
18309
  kind: Task
17812
18310
  name: gitops-cluster
@@ -18650,6 +19148,12 @@ spec:
18650
19148
  type: string
18651
19149
  default: ""
18652
19150
 
19151
+ - name: sls_license_icn
19152
+ type: string
19153
+ - name: smtp_use_sendgrid
19154
+ type: string
19155
+ default: ""
19156
+
18653
19157
  tasks:
18654
19158
  - name: mas-launchfvt
18655
19159
  params:
@@ -18775,6 +19279,13 @@ spec:
18775
19279
  - name: ldap_userid_map
18776
19280
  value: $(params.ldap_userid_map)
18777
19281
 
19282
+ - name: icn
19283
+ value: $(params.sls_license_icn)
19284
+ - name: avp_aws_secret_region
19285
+ value: $(params.avp_aws_secret_region)
19286
+ - name: use_sendgrid
19287
+ value: $(params.smtp_use_sendgrid)
19288
+
18778
19289
  workspaces:
18779
19290
  - name: configs
18780
19291
  workspace: configs
@@ -19292,6 +19803,9 @@ spec:
19292
19803
  type: string
19293
19804
  - name: smtp_default_should_email_passwords
19294
19805
  type: string
19806
+ - name: smtp_use_sendgrid
19807
+ type: string
19808
+
19295
19809
  - name: ldap_url
19296
19810
  type: string
19297
19811
  - name: ldap_basedn
@@ -19400,6 +19914,11 @@ spec:
19400
19914
  - name: sls_license_icn
19401
19915
  type: string
19402
19916
 
19917
+ # oidc parameters
19918
+ # -------------------------------------------------------------------------
19919
+ - name: oidc
19920
+ type: string
19921
+
19403
19922
  tasks:
19404
19923
 
19405
19924
  # 0. Per-instance DB2U Operator
@@ -19460,7 +19979,7 @@ spec:
19460
19979
  kind: Task
19461
19980
  name: gitops-license
19462
19981
  when:
19463
- - input: "$(params.sls_license_app_points)"
19982
+ - input: "$(params.sls_license_icn)"
19464
19983
  operator: in
19465
19984
  values: [""]
19466
19985
 
@@ -19489,7 +20008,7 @@ spec:
19489
20008
  kind: Task
19490
20009
  name: gitops-license-generator
19491
20010
  when:
19492
- - input: "$(params.sls_license_app_points)"
20011
+ - input: "$(params.sls_license_icn)"
19493
20012
  operator: notin
19494
20013
  values: [""]
19495
20014
 
@@ -19588,6 +20107,8 @@ spec:
19588
20107
  value: $(params.mas_pod_template_yaml)
19589
20108
  - name: mas_wipe_mongo_data
19590
20109
  value: $(params.mas_wipe_mongo_data)
20110
+ - name: oidc
20111
+ value: $(params.oidc)
19591
20112
  taskRef:
19592
20113
  kind: Task
19593
20114
  name: gitops-suite
@@ -19751,6 +20272,56 @@ spec:
19751
20272
  - input: "$(params.smtp_host)"
19752
20273
  operator: notin
19753
20274
  values: [""]
20275
+ - input: "$(params.smtp_use_sendgrid)"
20276
+ operator: notin
20277
+ values: ["true"]
20278
+ workspaces:
20279
+ - name: configs
20280
+ workspace: configs
20281
+
20282
+ - name: gitops-suite-smtp-config-sendgrid
20283
+ runAfter:
20284
+ - gitops-suite-config
20285
+ params:
20286
+ - name: cluster_name
20287
+ value: $(params.cluster_name)
20288
+ - name: account
20289
+ value: $(params.account)
20290
+ - name: secrets_path
20291
+ value: $(params.secrets_path)
20292
+ - name: mas_instance_id
20293
+ value: $(params.mas_instance_id)
20294
+ - name: git_branch
20295
+ value: $(params.git_branch)
20296
+ - name: github_org
20297
+ value: $(params.github_org)
20298
+ - name: github_repo
20299
+ value: $(params.github_repo)
20300
+ - name: github_host
20301
+ value: $(params.github_host)
20302
+ - name: avp_aws_secret_region
20303
+ value: $(params.avp_aws_secret_region)
20304
+ - name: mas_smtpcfg_pod_template_yaml
20305
+ value: $(params.mas_smtpcfg_pod_template_yaml)
20306
+
20307
+ - name: icn
20308
+ value: $(params.sls_license_icn)
20309
+ - name: mas_domain
20310
+ value: $(params.mas_domain)
20311
+ - name: cis_mas_domain
20312
+ value: $(params.cis_mas_domain)
20313
+ - name: cis_crn
20314
+ value: $(params.cis_crn)
20315
+ taskRef:
20316
+ kind: Task
20317
+ name: gitops-suite-smtp-config-sendgrid
20318
+ when:
20319
+ - input: "$(params.smtp_host)"
20320
+ operator: in
20321
+ values: [""]
20322
+ - input: "$(params.smtp_use_sendgrid)"
20323
+ operator: in
20324
+ values: ["true"]
19754
20325
  workspaces:
19755
20326
  - name: configs
19756
20327
  workspace: configs
@@ -19811,6 +20382,45 @@ spec:
19811
20382
  # Deprovision task section
19812
20383
  # -------------------------------------------------------------------------
19813
20384
 
20385
+ # 1. Deprovision SendGrid subuser
20386
+ # -------------------------------------------------------------------------
20387
+ - name: gitops-deprovision-suite-sendgrid-subuser
20388
+ params:
20389
+ - name: cluster_name
20390
+ value: $(params.cluster_name)
20391
+ - name: account
20392
+ value: $(params.account)
20393
+ - name: mas_instance_id
20394
+ value: $(params.mas_instance_id)
20395
+ - name: icn
20396
+ value: $(params.sls_license_icn)
20397
+ - name: cis_mas_domain
20398
+ value: $(params.cis_mas_domain)
20399
+ - name: cis_crn
20400
+ value: $(params.cis_crn)
20401
+ - name: avp_aws_secret_region
20402
+ value: $(params.avp_aws_secret_region)
20403
+ taskRef:
20404
+ kind: Task
20405
+ name: gitops-deprovision-suite-sendgrid-subuser
20406
+ when:
20407
+ # Always run this task when smtp.use_sendgrid is unset (and we're running in an internal IBM toolchain - see below)
20408
+ # Task will still complete successfully even if it is a no-op
20409
+ - input: "$(params.smtp_use_sendgrid)"
20410
+ operator: notin
20411
+ values: ["true"]
20412
+
20413
+ # Task uses an IBM internal image and cannot be used outside of the internal IBM Toolchains
20414
+ # To make sure this task is only run when this is the case, reference a field that
20415
+ # but corresponds to another IBM-internal only feature that will also still be present after smtp config is removed
20416
+ # sls.license.icn is a good choice for this, it also happens to be a required input to the sendgrid scripts
20417
+ - input: "$(params.sls_license_icn)"
20418
+ operator: notin
20419
+ values: [""]
20420
+ workspaces:
20421
+ - name: configs
20422
+ workspace: configs
20423
+
19814
20424
  # 2. Deprovision SMTP config
19815
20425
  # -------------------------------------------------------------------------
19816
20426
  - name: gitops-deprovision-suite-smtp-config
@@ -19848,6 +20458,9 @@ spec:
19848
20458
  - input: "$(params.smtp_host)"
19849
20459
  operator: in
19850
20460
  values: [""]
20461
+ - input: "$(params.smtp_use_sendgrid)"
20462
+ operator: notin
20463
+ values: ["true"]
19851
20464
  workspaces:
19852
20465
  - name: configs
19853
20466
  workspace: configs
@@ -19892,6 +20505,7 @@ spec:
19892
20505
  workspaces:
19893
20506
  - name: configs
19894
20507
  workspace: configs
20508
+
19895
20509
  # --------------------------------------------------------------------------------
19896
20510
  # /home/runner/work/cli/cli/tekton/target/pipelines/install.yaml
19897
20511
  # --------------------------------------------------------------------------------
@@ -22834,6 +23448,7 @@ spec:
22834
23448
  - suite-db2-setup-system
22835
23449
  - suite-db2-setup-manage
22836
23450
  - suite-config-watson-studio
23451
+ - suite-config-cos
22837
23452
 
22838
23453
  # 8.3 Configure Manage workspace
22839
23454
  - name: app-cfg-manage
@@ -23602,8 +24217,6 @@ spec:
23602
24217
  value: $(params.image_pull_policy)
23603
24218
  - name: configmap_name
23604
24219
  value: sync-install
23605
- - name: configmap_key
23606
- value: INSTALL_STATUS
23607
24220
  - name: configmap_value
23608
24221
  # An aggregate status of all the pipelineTasks under the tasks section (excluding the finally section).
23609
24222
  # This variable is only available in the finally tasks and can have any one of the values (Succeeded, Failed, Completed, or None)
@@ -24248,13 +24861,28 @@ spec:
24248
24861
  # 8. Uninstall IBM Catalogs
24249
24862
  # 9. Uninstall Cluster Monitoring
24250
24863
 
24251
- # 1. Uninstall IBM Maximo Application Suite Applications
24864
+
24865
+ # 0. Wait for approval before we change anything
24252
24866
  # -------------------------------------------------------------------------
24253
- # 1.0 Start uninstall
24867
+ - name: waitfor-approval
24868
+ timeout: "0"
24869
+ taskRef:
24870
+ kind: Task
24871
+ name: mas-devops-wait-for-configmap-v2
24872
+ params:
24873
+ - name: image_pull_policy
24874
+ value: $(params.image_pull_policy)
24875
+ - name: configmap_name
24876
+ value: approval-uninstall
24877
+
24254
24878
 
24879
+ # 1. Uninstall IBM Maximo Application Suite Applications
24880
+ # -------------------------------------------------------------------------
24255
24881
  # 1.1 Uninstall Visual Inspection
24256
24882
  - name: app-uninstall-visualinspection
24257
24883
  timeout: "0"
24884
+ runAfter:
24885
+ - waitfor-approval
24258
24886
  taskRef:
24259
24887
  kind: Task
24260
24888
  name: mas-devops-suite-app-uninstall
@@ -24269,6 +24897,8 @@ spec:
24269
24897
  # 1.2 Uninstall Assist
24270
24898
  - name: app-uninstall-assist
24271
24899
  timeout: "0"
24900
+ runAfter:
24901
+ - waitfor-approval
24272
24902
  taskRef:
24273
24903
  kind: Task
24274
24904
  name: mas-devops-suite-app-uninstall
@@ -24283,6 +24913,8 @@ spec:
24283
24913
  # 1.3 Uninstall Optimizer
24284
24914
  - name: app-uninstall-optimizer
24285
24915
  timeout: "0"
24916
+ runAfter:
24917
+ - waitfor-approval
24286
24918
  taskRef:
24287
24919
  kind: Task
24288
24920
  name: mas-devops-suite-app-uninstall
@@ -24297,6 +24929,8 @@ spec:
24297
24929
  # 1.4 Uninstall Predict
24298
24930
  - name: app-uninstall-predict
24299
24931
  timeout: "0"
24932
+ runAfter:
24933
+ - waitfor-approval
24300
24934
  taskRef:
24301
24935
  kind: Task
24302
24936
  name: mas-devops-suite-app-uninstall
@@ -24356,6 +24990,7 @@ spec:
24356
24990
  - name: devops_suite_name
24357
24991
  value: app-iot-uninstall
24358
24992
 
24993
+
24359
24994
  # 2. Uninstall IBM Maximo Application Suite
24360
24995
  # -------------------------------------------------------------------------
24361
24996
  - name: uninstall-suite
@@ -24379,6 +25014,7 @@ spec:
24379
25014
  - name: devops_suite_name
24380
25015
  value: suite-uninstall
24381
25016
 
25017
+
24382
25018
  # 3. Uninstall IBM Suite Licensing Service
24383
25019
  # -------------------------------------------------------------------------
24384
25020
  - name: uninstall-sls
@@ -24400,6 +25036,7 @@ spec:
24400
25036
  runAfter:
24401
25037
  - uninstall-suite
24402
25038
 
25039
+
24403
25040
  # 4. Uninstall MongoDB
24404
25041
  # -------------------------------------------------------------------------
24405
25042
  - name: uninstall-mongodb
@@ -24421,6 +25058,7 @@ spec:
24421
25058
  runAfter:
24422
25059
  - uninstall-sls
24423
25060
 
25061
+
24424
25062
  # 5. Uninstall IBM User Data Services (or DRO)
24425
25063
  # -------------------------------------------------------------------------
24426
25064
  - name: uninstall-uds
@@ -24444,6 +25082,7 @@ spec:
24444
25082
  runAfter:
24445
25083
  - uninstall-mongodb
24446
25084
 
25085
+
24447
25086
  # 6. Uninstall IBM Cert Manager
24448
25087
  # -------------------------------------------------------------------------
24449
25088
  - name: uninstall-cert-manager
@@ -24467,6 +25106,7 @@ spec:
24467
25106
  runAfter:
24468
25107
  - uninstall-uds
24469
25108
 
25109
+
24470
25110
  # 7. Uninstall IBM Common Services
24471
25111
  # -------------------------------------------------------------------------
24472
25112
  - name: uninstall-common-services
@@ -24488,6 +25128,7 @@ spec:
24488
25128
  runAfter:
24489
25129
  - uninstall-cert-manager
24490
25130
 
25131
+
24491
25132
  # 8. Uninstall IBM Catalogs
24492
25133
  # -------------------------------------------------------------------------
24493
25134
  - name: uninstall-ibm-catalogs
@@ -24509,6 +25150,7 @@ spec:
24509
25150
  runAfter:
24510
25151
  - uninstall-common-services
24511
25152
 
25153
+
24512
25154
  # 9. Uninstall Grafana
24513
25155
  # -------------------------------------------------------------------------
24514
25156
  - name: uninstall-grafana
@@ -24543,8 +25185,6 @@ spec:
24543
25185
  value: $(params.image_pull_policy)
24544
25186
  - name: configmap_name
24545
25187
  value: sync-uninstall
24546
- - name: configmap_key
24547
- value: UNINSTALL_STATUS
24548
25188
  - name: configmap_value
24549
25189
  # An aggregate status of all the pipelineTasks under the tasks section (excluding the finally section).
24550
25190
  # This variable is only available in the finally tasks and can have any one of the values (Succeeded, Failed, Completed, or None)
@@ -24558,9 +25198,7 @@ kind: Pipeline
24558
25198
  metadata:
24559
25199
  name: mas-update
24560
25200
  spec:
24561
-
24562
25201
  params:
24563
-
24564
25202
  # Tekton Pipeline Configuration
24565
25203
  # -------------------------------------------------------------------------
24566
25204
  - name: image_pull_policy
@@ -24742,9 +25380,19 @@ spec:
24742
25380
  description: ReadWriteMany storage class
24743
25381
 
24744
25382
  tasks:
24745
-
24746
- # 1. Verify health of the cluster before we change anything
25383
+ # 1. Wait for approval & verify health of the cluster before we change anything
24747
25384
  # -------------------------------------------------------------------------
25385
+ - name: waitfor-approval
25386
+ timeout: "0"
25387
+ taskRef:
25388
+ kind: Task
25389
+ name: mas-devops-wait-for-configmap-v2
25390
+ params:
25391
+ - name: image_pull_policy
25392
+ value: $(params.image_pull_policy)
25393
+ - name: configmap_name
25394
+ value: approval-update
25395
+
24748
25396
  - name: pre-update-check
24749
25397
  timeout: "0"
24750
25398
  taskRef:
@@ -24765,9 +25413,11 @@ spec:
24765
25413
  operator: notin
24766
25414
  values: ["True", "true"]
24767
25415
 
25416
+ runAfter:
25417
+ - waitfor-approval
24768
25418
 
24769
25419
 
24770
- # 3. Run the catalog update
25420
+ # 2. Run the catalog update
24771
25421
  # -------------------------------------------------------------------------
24772
25422
  - name: update-catalog
24773
25423
  timeout: "0"
@@ -24779,7 +25429,6 @@ spec:
24779
25429
  params:
24780
25430
  - name: devops_suite_name
24781
25431
  value: update-catalog
24782
-
24783
25432
  - name: mas_catalog_version
24784
25433
  value: $(params.mas_catalog_version)
24785
25434
 
@@ -24789,7 +25438,8 @@ spec:
24789
25438
  - name: artifactory_token
24790
25439
  value: $(params.artifactory_token)
24791
25440
 
24792
- # 4. Verify health of the cluster before we consider the update complete
25441
+
25442
+ # 3. Verify health of the cluster before we consider the update complete
24793
25443
  # -------------------------------------------------------------------------
24794
25444
  - name: post-update-verify
24795
25445
  timeout: "0"
@@ -24814,7 +25464,8 @@ spec:
24814
25464
  runAfter:
24815
25465
  - update-catalog
24816
25466
 
24817
- # 5. Update Dependencies
25467
+
25468
+ # 4. Update Dependencies
24818
25469
  # ---------------------------------------------------------------------------
24819
25470
  - name: update-ocs
24820
25471
  timeout: "0"
@@ -24967,9 +25618,10 @@ spec:
24967
25618
  - name: devops_suite_name
24968
25619
  value: update-uds
24969
25620
 
24970
- # 6 Update Cloud Pak for Data
25621
+
25622
+ # 5 Update Cloud Pak for Data
24971
25623
  # -------------------------------------------------------------------------
24972
- # 6.1 Cloud Pak for Data Platform
25624
+ # 5.1 Cloud Pak for Data Platform
24973
25625
  - name: update-cp4d
24974
25626
  timeout: "0"
24975
25627
  params:
@@ -25012,7 +25664,7 @@ spec:
25012
25664
  runAfter:
25013
25665
  - update-cert-manager # CP4D requires cert-manager
25014
25666
 
25015
- # 6.2 Watson Studio
25667
+ # 5.2 Watson Studio
25016
25668
  - name: update-watson-studio
25017
25669
  timeout: "0"
25018
25670
  params:
@@ -25042,7 +25694,7 @@ spec:
25042
25694
  runAfter:
25043
25695
  - update-cp4d
25044
25696
 
25045
- # 6.3 Watson Machine Learning
25697
+ # 5.3 Watson Machine Learning
25046
25698
  - name: update-watson-machine-learning
25047
25699
  timeout: "0"
25048
25700
  params:
@@ -25072,7 +25724,7 @@ spec:
25072
25724
  runAfter:
25073
25725
  - update-cp4d
25074
25726
 
25075
- # 6.4 Analytics Service (Spark)
25727
+ # 5.4 Analytics Service (Spark)
25076
25728
  - name: update-analytics-engine
25077
25729
  timeout: "0"
25078
25730
  params:
@@ -25102,7 +25754,7 @@ spec:
25102
25754
  runAfter:
25103
25755
  - update-cp4d
25104
25756
 
25105
- # 6.5 Watson OpenScale
25757
+ # 5.5 Watson OpenScale
25106
25758
  - name: update-aiopenscale
25107
25759
  timeout: "0"
25108
25760
  params:
@@ -25132,7 +25784,7 @@ spec:
25132
25784
  runAfter:
25133
25785
  - update-cp4d
25134
25786
 
25135
- # 6.6 SPSS Statistics
25787
+ # 5.6 SPSS Statistics
25136
25788
  - name: update-spss
25137
25789
  timeout: "0"
25138
25790
  params:
@@ -25162,7 +25814,7 @@ spec:
25162
25814
  runAfter:
25163
25815
  - update-cp4d
25164
25816
 
25165
- # 6.7 Cognos Analytics
25817
+ # 5.7 Cognos Analytics
25166
25818
  - name: update-cognos
25167
25819
  timeout: "0"
25168
25820
  params:
@@ -25192,7 +25844,8 @@ spec:
25192
25844
  runAfter:
25193
25845
  - update-cp4d
25194
25846
 
25195
- # 7. Verify health of the cluster after dependencies updates
25847
+
25848
+ # 6. Verify health of the cluster after dependencies updates
25196
25849
  # -------------------------------------------------------------------------
25197
25850
  - name: post-deps-update-verify
25198
25851
  timeout: "0"
@@ -25227,7 +25880,23 @@ spec:
25227
25880
  - update-spss
25228
25881
  - update-cognos
25229
25882
 
25230
-
25883
+ finally:
25884
+ # Update synchronization configmap
25885
+ # -------------------------------------------------------------------------
25886
+ - name: sync-update
25887
+ timeout: "0"
25888
+ taskRef:
25889
+ kind: Task
25890
+ name: mas-devops-update-configmap
25891
+ params:
25892
+ - name: image_pull_policy
25893
+ value: $(params.image_pull_policy)
25894
+ - name: configmap_name
25895
+ value: sync-update
25896
+ - name: configmap_value
25897
+ # An aggregate status of all the pipelineTasks under the tasks section (excluding the finally section).
25898
+ # This variable is only available in the finally tasks and can have any one of the values (Succeeded, Failed, Completed, or None)
25899
+ value: $(tasks.status)
25231
25900
  # --------------------------------------------------------------------------------
25232
25901
  # /home/runner/work/cli/cli/tekton/target/pipelines/upgrade.yaml
25233
25902
  # --------------------------------------------------------------------------------
@@ -25323,7 +25992,7 @@ spec:
25323
25992
  tasks:
25324
25993
  # 1. Wait for approval & verify health of the cluster before we change anything
25325
25994
  # -------------------------------------------------------------------------
25326
- - name: approval
25995
+ - name: waitfor-approval
25327
25996
  timeout: "0"
25328
25997
  taskRef:
25329
25998
  kind: Task
@@ -25355,7 +26024,7 @@ spec:
25355
26024
  values: ["True", "true"]
25356
26025
 
25357
26026
  runAfter:
25358
- - approval
26027
+ - waitfor-approval
25359
26028
 
25360
26029
 
25361
26030
  # 2. Suite Upgrade (Phase 1)
@@ -25397,7 +26066,7 @@ spec:
25397
26066
 
25398
26067
  # 3. IoT Upgrade (Phase 2)
25399
26068
  # -------------------------------------------------------------------------
25400
- - name: iot-upgrade
26069
+ - name: app-iot-upgrade
25401
26070
  timeout: "0"
25402
26071
  params:
25403
26072
  - name: mas_instance_id
@@ -25409,7 +26078,7 @@ spec:
25409
26078
  - name: skip_compatibility_check
25410
26079
  value: $(params.skip_compatibility_check)
25411
26080
  - name: devops_suite_name
25412
- value: iot-upgrade
26081
+ value: app-iot-upgrade
25413
26082
  taskRef:
25414
26083
  kind: Task
25415
26084
  name: mas-devops-suite-app-upgrade
@@ -25419,7 +26088,7 @@ spec:
25419
26088
 
25420
26089
  # 4. Manage Upgrade (Phase 2)
25421
26090
  # -------------------------------------------------------------------------
25422
- - name: manage-upgrade
26091
+ - name: app-manage-upgrade
25423
26092
  timeout: "0"
25424
26093
  params:
25425
26094
  - name: mas_instance_id
@@ -25431,7 +26100,7 @@ spec:
25431
26100
  - name: skip_compatibility_check
25432
26101
  value: $(params.skip_compatibility_check)
25433
26102
  - name: devops_suite_name
25434
- value: manage-upgrade
26103
+ value: app-manage-upgrade
25435
26104
  taskRef:
25436
26105
  kind: Task
25437
26106
  name: mas-devops-suite-app-upgrade
@@ -25441,7 +26110,7 @@ spec:
25441
26110
 
25442
26111
  # 5. Visual Inspection Upgrade (Phase 2)
25443
26112
  # -------------------------------------------------------------------------
25444
- - name: visualinspection-upgrade
26113
+ - name: app-visualinspection-upgrade
25445
26114
  timeout: "0"
25446
26115
  params:
25447
26116
  - name: mas_instance_id
@@ -25453,7 +26122,7 @@ spec:
25453
26122
  - name: skip_compatibility_check
25454
26123
  value: $(params.skip_compatibility_check)
25455
26124
  - name: devops_suite_name
25456
- value: visualinspection-upgrade
26125
+ value: app-visualinspection-upgrade
25457
26126
  taskRef:
25458
26127
  kind: Task
25459
26128
  name: mas-devops-suite-app-upgrade
@@ -25463,7 +26132,7 @@ spec:
25463
26132
 
25464
26133
  # 6. Assist Upgrade (Phase 2)
25465
26134
  # -------------------------------------------------------------------------
25466
- - name: assist-upgrade
26135
+ - name: app-assist-upgrade
25467
26136
  timeout: "0"
25468
26137
  params:
25469
26138
  - name: mas_instance_id
@@ -25475,7 +26144,7 @@ spec:
25475
26144
  - name: skip_compatibility_check
25476
26145
  value: $(params.skip_compatibility_check)
25477
26146
  - name: devops_suite_name
25478
- value: assist-upgrade
26147
+ value: app-assist-upgrade
25479
26148
  taskRef:
25480
26149
  kind: Task
25481
26150
  name: mas-devops-suite-app-upgrade
@@ -25485,7 +26154,7 @@ spec:
25485
26154
 
25486
26155
  # 7. Optimizer Upgrade (Phase 2)
25487
26156
  # -------------------------------------------------------------------------
25488
- - name: optimizer-upgrade
26157
+ - name: app-optimizer-upgrade
25489
26158
  timeout: "0"
25490
26159
  params:
25491
26160
  - name: mas_instance_id
@@ -25497,7 +26166,7 @@ spec:
25497
26166
  - name: skip_compatibility_check
25498
26167
  value: $(params.skip_compatibility_check)
25499
26168
  - name: devops_suite_name
25500
- value: optimizer-upgrade
26169
+ value: app-optimizer-upgrade
25501
26170
  taskRef:
25502
26171
  kind: Task
25503
26172
  name: mas-devops-suite-app-upgrade
@@ -25507,7 +26176,7 @@ spec:
25507
26176
 
25508
26177
  # 8. Monitor Upgrade (Phase 3 - after IoT)
25509
26178
  # -------------------------------------------------------------------------
25510
- - name: monitor-upgrade
26179
+ - name: app-monitor-upgrade
25511
26180
  timeout: "0"
25512
26181
  params:
25513
26182
  - name: mas_instance_id
@@ -25519,17 +26188,17 @@ spec:
25519
26188
  - name: skip_compatibility_check
25520
26189
  value: $(params.skip_compatibility_check)
25521
26190
  - name: devops_suite_name
25522
- value: monitor-upgrade
26191
+ value: app-monitor-upgrade
25523
26192
  taskRef:
25524
26193
  kind: Task
25525
26194
  name: mas-devops-suite-app-upgrade
25526
26195
  runAfter:
25527
- - iot-upgrade
26196
+ - app-iot-upgrade
25528
26197
 
25529
26198
 
25530
26199
  # 9. Predict Upgrade (Phase 3 - after Manage)
25531
26200
  # -------------------------------------------------------------------------
25532
- - name: predict-upgrade
26201
+ - name: app-predict-upgrade
25533
26202
  timeout: "0"
25534
26203
  params:
25535
26204
  - name: mas_instance_id
@@ -25541,12 +26210,12 @@ spec:
25541
26210
  - name: skip_compatibility_check
25542
26211
  value: $(params.skip_compatibility_check)
25543
26212
  - name: devops_suite_name
25544
- value: predict-upgrade
26213
+ value: app-predict-upgrade
25545
26214
  taskRef:
25546
26215
  kind: Task
25547
26216
  name: mas-devops-suite-app-upgrade
25548
26217
  runAfter:
25549
- - manage-upgrade
26218
+ - app-manage-upgrade
25550
26219
 
25551
26220
 
25552
26221
  # 10. Verify health of the cluster after upgrade
@@ -25573,12 +26242,12 @@ spec:
25573
26242
 
25574
26243
  runAfter:
25575
26244
  # Phase 2 apps that don't have a phase 3 app following it
25576
- - assist-upgrade
25577
- - optimizer-upgrade
25578
- - visualinspection-upgrade
26245
+ - app-assist-upgrade
26246
+ - app-optimizer-upgrade
26247
+ - app-visualinspection-upgrade
25579
26248
  # Phase 3 apps
25580
- - predict-upgrade
25581
- - monitor-upgrade
26249
+ - app-predict-upgrade
26250
+ - app-monitor-upgrade
25582
26251
 
25583
26252
  finally:
25584
26253
  # Update synchronization configmap
@@ -25593,8 +26262,6 @@ spec:
25593
26262
  value: $(params.image_pull_policy)
25594
26263
  - name: configmap_name
25595
26264
  value: sync-upgrade
25596
- - name: configmap_key
25597
- value: UPGRADE_STATUS
25598
26265
  - name: configmap_value
25599
26266
  # An aggregate status of all the pipelineTasks under the tasks section (excluding the finally section).
25600
26267
  # This variable is only available in the finally tasks and can have any one of the values (Succeeded, Failed, Completed, or None)