[patch] move ibm_entitlement_key from pipeline runs to kubernetes secrets

src/mas/devops/tekton.py

@@ -598,7 +598,7 @@ def prepareRestoreSecrets(dynClient: DynamicClient, namespace: str, restoreConfi
     secretsAPI.create(body=restoreConfigs, namespace=namespace)
 
 
-def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFile: str = None, additionalConfigs: dict = None, certs: str = None, podTemplates: str = None, slack_token: str = None, slack_channel: str = None, aiserviceConfig: str = None, db2LicenseFile: dict | None = None, facilitiesProperties: dict | None = None) -> None:
+def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFile: str = None, additionalConfigs: dict = None, certs: str = None, podTemplates: str = None, slack_token: str = None, slack_channel: str = None, aiserviceConfig: str = None, db2LicenseFile: dict | None = None, facilitiesProperties: dict | None = None, ibm_entitlement_key: str = None) -> None:
     """
     Create or update secrets required for MAS installation pipelines.
 
@@ -618,6 +618,7 @@ def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFi
         slack_channel (str, optional): Slack channel ID for notifications. Defaults to None.
         aiserviceConfig (str, optional): AI Service tenant config data. Defaults to None (empty secret).
         facilitiesProperties (dict, optional): Facilities properties file content. Defaults to None (empty secret).
+        ibm_entitlement_key (str, optional): IBM entitlement key for authentication. Defaults to None.
 
     Returns:
         None
@@ -685,6 +686,19 @@ def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFi
                 "name": "pipeline-additional-configs"
             }
         }
+
+    additionalConfigs.setdefault("apiVersion", "v1")
+    additionalConfigs.setdefault("kind", "Secret")
+    additionalConfigs.setdefault("type", "Opaque")
+    additionalConfigs.setdefault("metadata", {})
+    additionalConfigs["metadata"]["name"] = "pipeline-additional-configs"
+
+    # Add IBM_ENTITLEMENT_KEY to the secret if provided
+    if ibm_entitlement_key:
+        if "data" not in additionalConfigs:
+            additionalConfigs["data"] = {}
+        additionalConfigs["data"]["IBM_ENTITLEMENT_KEY"] = base64.b64encode(ibm_entitlement_key.encode()).decode()
+
     secretsAPI.create(body=additionalConfigs, namespace=namespace)
 
     # 2. Secret/pipeline-sls-entitlement

src/mas/devops/templates/pipelinerun-aiservice-upgrade.yml.j2

@@ -21,11 +21,6 @@ spec:
     - name: aiservice_channel
       value: "{{ aiservice_channel }}"
 
-    # IBM Entitlement Key
-    # -------------------------------------------------------------------------
-    - name: ibm_entitlement_key
-      value: "{{ ibm_entitlement_key }}"
-
 {%- if skip_pre_check is defined and skip_pre_check != "" %}
     # Skip pre-check
     # -------------------------------------------------------------------------

src/mas/devops/templates/pipelinerun-install.yml.j2

@@ -18,10 +18,6 @@ spec:
     pipeline: "0"
 
   params:
-    # IBM Entitlement Key
-    # -------------------------------------------------------------------------
-    - name: ibm_entitlement_key
-      value: "{{ ibm_entitlement_key }}"
 {%- if skip_pre_check is defined and skip_pre_check != "" %}
 
     # Pipeline config
@@ -1005,3 +1001,5 @@ spec:
       secret:
         secretName: pipeline-facilities-properties
     {% endif %}
+
+

src/mas/devops/templates/pipelinerun-restore.yml.j2

@@ -98,10 +98,6 @@ spec:
     - name: dro_contact_lastname
       value: "{{ dro_contact_lastname }}"
     {% endif %}
-    {% if ibm_entitlement_key is defined and ibm_entitlement_key != "" %}
-    - name: ibm_entitlement_key
-      value: "{{ ibm_entitlement_key }}"
-    {% endif %}
     {% if dro_namespace is defined and dro_namespace != "" %}
     - name: dro_namespace
       value: "{{ dro_namespace }}"

src/mas/devops/templates/pipelinerun-update.yml.j2

@@ -27,11 +27,6 @@ spec:
     - name: mas_catalog_version
       value: "{{ mas_catalog_version }}"
 
-{%- if ibm_entitlement_key is defined and ibm_entitlement_key != "" %}
-    # TODO: What even uses this, nothing in the update pipeline should be using this
-    - name: ibm_entitlement_key
-      value: "{{ ibm_entitlement_key }}"
-{%- endif %}
 {%- if artifactory_username is defined and artifactory_username != "" %}
     # Enable development catalogs
     # -------------------------------------------------------------------------

src/mas/devops/templates/pipelinerun-upgrade.yml.j2

@@ -29,11 +29,6 @@ spec:
     - name: mas_channel
       value: "{{ mas_channel }}"
 
-    # IBM Entitlement Key
-    # -------------------------------------------------------------------------
-    - name: ibm_entitlement_key
-      value: "{{ ibm_entitlement_key }}"
-
 {%- if skip_pre_check is defined and skip_pre_check != "" %}
     # Skip pre-check
     # -------------------------------------------------------------------------