diff --git a/src/mas/devops/tekton.py b/src/mas/devops/tekton.py index b915cac1..d9041f2f 100644 --- a/src/mas/devops/tekton.py +++ b/src/mas/devops/tekton.py @@ -598,7 +598,7 @@ def prepareRestoreSecrets(dynClient: DynamicClient, namespace: str, restoreConfi secretsAPI.create(body=restoreConfigs, namespace=namespace) -def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFile: str = None, additionalConfigs: dict = None, certs: str = None, podTemplates: str = None, slack_token: str = None, slack_channel: str = None, aiserviceConfig: str = None, db2LicenseFile: dict | None = None, facilitiesProperties: dict | None = None) -> None: +def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFile: str = None, additionalConfigs: dict = None, certs: str = None, podTemplates: str = None, slack_token: str = None, slack_channel: str = None, aiserviceConfig: str = None, db2LicenseFile: dict | None = None, facilitiesProperties: dict | None = None, ibm_entitlement_key: str = None) -> None: """ Create or update secrets required for MAS installation pipelines. @@ -618,6 +618,7 @@ def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFi slack_channel (str, optional): Slack channel ID for notifications. Defaults to None. aiserviceConfig (str, optional): AI Service tenant config data. Defaults to None (empty secret). facilitiesProperties (dict, optional): Facilities properties file content. Defaults to None (empty secret). + ibm_entitlement_key (str, optional): IBM entitlement key for authentication. Defaults to None. Returns: None @@ -685,6 +686,19 @@ def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFi "name": "pipeline-additional-configs" } } + + additionalConfigs.setdefault("apiVersion", "v1") + additionalConfigs.setdefault("kind", "Secret") + additionalConfigs.setdefault("type", "Opaque") + additionalConfigs.setdefault("metadata", {}) + additionalConfigs["metadata"]["name"] = "pipeline-additional-configs" + + # Add IBM_ENTITLEMENT_KEY to the secret if provided + if ibm_entitlement_key: + if "data" not in additionalConfigs: + additionalConfigs["data"] = {} + additionalConfigs["data"]["IBM_ENTITLEMENT_KEY"] = base64.b64encode(ibm_entitlement_key.encode()).decode() + secretsAPI.create(body=additionalConfigs, namespace=namespace) # 2. Secret/pipeline-sls-entitlement diff --git a/src/mas/devops/templates/pipelinerun-aiservice-upgrade.yml.j2 b/src/mas/devops/templates/pipelinerun-aiservice-upgrade.yml.j2 index 47bfe1d6..b00ad613 100644 --- a/src/mas/devops/templates/pipelinerun-aiservice-upgrade.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-aiservice-upgrade.yml.j2 @@ -21,11 +21,6 @@ spec: - name: aiservice_channel value: "{{ aiservice_channel }}" - # IBM Entitlement Key - # ------------------------------------------------------------------------- - - name: ibm_entitlement_key - value: "{{ ibm_entitlement_key }}" - {%- if skip_pre_check is defined and skip_pre_check != "" %} # Skip pre-check # ------------------------------------------------------------------------- diff --git a/src/mas/devops/templates/pipelinerun-install.yml.j2 b/src/mas/devops/templates/pipelinerun-install.yml.j2 index d716ecb5..a7fae260 100644 --- a/src/mas/devops/templates/pipelinerun-install.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-install.yml.j2 @@ -18,10 +18,6 @@ spec: pipeline: "0" params: - # IBM Entitlement Key - # ------------------------------------------------------------------------- - - name: ibm_entitlement_key - value: "{{ ibm_entitlement_key }}" {%- if skip_pre_check is defined and skip_pre_check != "" %} # Pipeline config @@ -1005,3 +1001,5 @@ spec: secret: secretName: pipeline-facilities-properties {% endif %} + + diff --git a/src/mas/devops/templates/pipelinerun-restore.yml.j2 b/src/mas/devops/templates/pipelinerun-restore.yml.j2 index 849c61be..0186968d 100644 --- a/src/mas/devops/templates/pipelinerun-restore.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-restore.yml.j2 @@ -98,10 +98,6 @@ spec: - name: dro_contact_lastname value: "{{ dro_contact_lastname }}" {% endif %} - {% if ibm_entitlement_key is defined and ibm_entitlement_key != "" %} - - name: ibm_entitlement_key - value: "{{ ibm_entitlement_key }}" - {% endif %} {% if dro_namespace is defined and dro_namespace != "" %} - name: dro_namespace value: "{{ dro_namespace }}" diff --git a/src/mas/devops/templates/pipelinerun-update.yml.j2 b/src/mas/devops/templates/pipelinerun-update.yml.j2 index 6ffdce28..fdd5d6e3 100644 --- a/src/mas/devops/templates/pipelinerun-update.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-update.yml.j2 @@ -27,11 +27,6 @@ spec: - name: mas_catalog_version value: "{{ mas_catalog_version }}" -{%- if ibm_entitlement_key is defined and ibm_entitlement_key != "" %} - # TODO: What even uses this, nothing in the update pipeline should be using this - - name: ibm_entitlement_key - value: "{{ ibm_entitlement_key }}" -{%- endif %} {%- if artifactory_username is defined and artifactory_username != "" %} # Enable development catalogs # ------------------------------------------------------------------------- diff --git a/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 b/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 index 0d7b8af4..058a6258 100644 --- a/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 @@ -29,11 +29,6 @@ spec: - name: mas_channel value: "{{ mas_channel }}" - # IBM Entitlement Key - # ------------------------------------------------------------------------- - - name: ibm_entitlement_key - value: "{{ ibm_entitlement_key }}" - {%- if skip_pre_check is defined and skip_pre_check != "" %} # Skip pre-check # -------------------------------------------------------------------------