diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 056db4632f0..f4b526b27f0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,7 +10,7 @@ repos: hooks: - id: flake8 - repo: https://github.com/ibm/detect-secrets - rev: 0.13.1+ibm.62.dss + rev: 0.13.1+ibm.64.dss hooks: - id: detect-secrets args: [--baseline, .secrets.baseline, --use-all-plugins, --fail-on-unaudited] diff --git a/.secrets.baseline b/.secrets.baseline index d7f3edb9660..43e196823ba 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,8 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2025-10-14T06:43:10Z", - + "generated_at": "2025-11-26T08:43:04Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -676,6 +675,16 @@ "verified_result": null } ], + "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-dbs-rds-databases.yaml.j2": [ + { + "hashed_secret": "146abac680841f15b3e7b5259e1dfcdd9de49fdd", + "is_secret": false, + "is_verified": false, + "line_number": 6, + "type": "Secret Keyword", + "verified_result": null + } + ], "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2": [ { "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd", @@ -857,7 +866,7 @@ } ] }, - "version": "0.13.1+ibm.62.dss", + "version": "0.13.1+ibm.64.dss", "word_list": { "file": null, "hash": null diff --git a/image/cli/mascli/functions/gitops_db2rds b/image/cli/mascli/functions/gitops_db2rds new file mode 100644 index 00000000000..9dae6716ed6 --- /dev/null +++ b/image/cli/mascli/functions/gitops_db2rds @@ -0,0 +1,252 @@ +#!/usr/bin/env bash + +function gitops_db2rds_help() { + [[ -n "$1" ]] && echo_warning "$1" + reset_colors + cat << EOM +Usage: + mas gitops_db2rds [options] +Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable. +When no options are specified on the command line, interactive-mode will be enabled by default. + +GitOps Configuration: + -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET} Directory for GitOps repository + -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET} Account name that the cluster belongs to + -r, --region-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET} Region ID + -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET} Cluster ID + -m, --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET} IBM Suite Maximo Application Suite Instance ID + +Secrets Manager: + --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET} Secrets Manager path + --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET} Secrets Manager key seperator string + +IBM DB2RDS: + --instance_name ${COLOR_YELLOW}INSTANCE_NAME${TEXT_RESET} db2rds instance name + --connection_string ${COLOR_YELLOW}CONNECTION_STRING{TEXT_RESET} db2rds connection string + +Automatic GitHub Push: + -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET} Enable automatic push to GitHub + -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET} GitHub Hostname for your GitOps repository + -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET} Github org for your GitOps repository + -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET} Github repo for your GitOps repository + -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET} Git branch to commit to of your GitOps repository + -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET} Git commit message to use when committing to of your GitOps repository + -S , --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET} Git ssh key path + +Other Commands: + -h, --help Show this help message +EOM + [[ -n "$1" ]] && exit 1 || exit 0 +} + +function gitops_db2rds_noninteractive() { + GITOPS_WORKING_DIR=$PWD/working-dir + SECRETS_KEY_SEPERATOR="/" + GIT_COMMIT_MSG="gitops-DB2RDS commit" + + while [[ $# -gt 0 ]] + do + key="$1" + shift + case $key in + # GitOps Configuration + -d|--dir) + export GITOPS_WORKING_DIR=$1 && shift + ;; + -a|--account-id) + export ACCOUNT_ID=$1 && shift + ;; + -c|--cluster-id) + export CLUSTER_ID=$1 && shift + ;; + -m|--mas-instance-id) + export MAS_INSTANCE_ID=$1 && shift + ;; + -r|--region) + export REGION=$1 && shift + ;; + + # Secrets Manager + --secrets-path) + export SECRETS_PATH=$1 && shift + ;; + --secrets-key-seperator) + export SECRETS_KEY_SEPERATOR=$1 && shift + ;; + + # DB2RDS + --instance_name) + export INSTANCE_NAME=$1 && shift + ;; + --connection_string) + export CONNECTION_STRING=$1 && shift + ;; + + # Automatic GitHub Push + -P|--github-push) + export GITHUB_PUSH=true + ;; + -H|--github-host) + export GITHUB_HOST=$1 && shift + ;; + -O|--github-org) + export GITHUB_ORG=$1 && shift + ;; + -R|--github-repo) + export GITHUB_REPO=$1 && shift + ;; + -B|--git-branch) + export GIT_BRANCH=$1 && shift + ;; + -M|--git-commit-msg) + export GIT_COMMIT_MSG=$1 && shift + ;; + + -S|--github-ssh) + export GIT_SSH=$1 && shift + ;; + + # Other Commands + -h|--help) + gitops_db2rds_help + ;; + *) + # unknown option + echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n" + gitops_db2rds_help "Usage Error: Unsupported option \"${key}\" " + exit 1 + ;; + esac + done + + [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_db2rds_help "GITOPS_WORKING_DIR is not set" + [[ -z "$ACCOUNT_ID" ]] && gitops_db2rds_help "ACCOUNT_ID is not set" + [[ -z "$REGION" ]] && gitops_db2rds_help "REGION is not set" + [[ -z "$CLUSTER_ID" ]] && gitops_db2rds_help "CLUSTER_ID is not set" + [[ -z "$MAS_INSTANCE_ID" ]] && gitops_db2rds_help "MAS_INSTANCE_ID is not set" + + + if [[ "$GITHUB_PUSH" == "true" ]]; then + [[ -z "$GITHUB_HOST" ]] && gitops_db2rds_help "GITHUB_HOST is not set" + [[ -z "$GITHUB_ORG" ]] && gitops_db2rds_help "GITHUB_ORG is not set" + [[ -z "$GITHUB_REPO" ]] && gitops_db2rds_help "GITHUB_REPO is not set" + [[ -z "$GIT_BRANCH" ]] && gitops_db2rds_help "GIT_BRANCH is not set" + fi + +} + +function gitops_db2rds() { + # Take the first parameter off (it will be create-gitops) + shift + if [[ $# -gt 0 ]]; then + gitops_db2rds_noninteractive "$@" + else + echo "Not supported yet" + exit 1 + gitops_db2rds_interactive + fi + + # catch errors + set -o pipefail + trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR + + mkdir -p ${GITOPS_WORKING_DIR} + GITOPS_INSTANCE_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID} + + export DB2_NAMESPACE="DB2RDS-${MAS_INSTANCE_ID}" + + echo + reset_colors + echo_h2 "Review Settings" + + echo "${TEXT_DIM}" + echo_h2 "Target" " " + echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}" + echo_reset_dim "Region ................................ ${COLOR_MAGENTA}${REGION}" + echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}" + echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}" + echo_reset_dim "Instance name ..........................${COLOR_MAGENTA}${INSTANCE_NAME}" + echo_reset_dim "Connection String ......................${COLOR_MAGENTA}${CONNECTION_STRING}" + echo_reset_dim "USER .................................. ${COLOR_MAGENTA}${USER}" + echo_reset_dim "PASSWORD ...............................${COLOR_MAGENTA}${PASSWORD}" + echo_reset_dim "Instance Config Directory ............. ${COLOR_MAGENTA}${GITOPS_INSTANCE_DIR}" + reset_colors + + echo "${TEXT_DIM}" + echo_h2 "Secrets Manager" " " + echo_reset_dim "Secrets Path .......................... ${COLOR_MAGENTA}${SECRETS_PATH}" + reset_colors + + echo "${TEXT_DIM}" + if [[ "$GITHUB_PUSH" == "true" ]]; then + echo_h2 "GitOps Target" " " + echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled" + echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}" + echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}" + echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}" + echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}" + echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}" + else + echo_h2 "GitOps Target" " " + echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled" + echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}" + fi + reset_colors + + CURRENT_DIR=$PWD + TEMP_DIR=$CURRENT_DIR/tmp-DB2RDS + mkdir -p $TEMP_DIR + + # Define cluster-level secrets used + # --------------------------------------------------------------------------- + # Note that this cluster-level secret is set up by gitops-cluster + SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPARATOR}${CLUSTER_ID}${SECRETS_KEY_SEPARATOR}${MAS_INSTANCE_ID}${SECRETS_KEY_SEPARATOR}" + # db2rds + export USER=${SECRETS_PREFIX}rds-db2-endpoint-config#username + export PASSWORD=${SECRETS_PREFIX}rds-db2-endpoint-config#password + + if [ -z $GIT_SSH ]; then + export GIT_SSH=false + fi + + + # Set and Validate App Names + # --------------------------------------------------------------------------- + ROOT_APP_NAME="root.${ACCOUNT_ID}" + CLUSTER_APP_NAME="cluster.${CLUSTER_ID}" + DB2RDS_APP_NAME="DB2RDS.${CLUSTER_ID}.${MAS_INSTANCE_ID}" + + validate_app_name "${ROOT_APP_NAME}" + validate_app_name "${CLUSTER_APP_NAME}" + validate_app_name "${DB2RDS_APP_NAME}" + + + # Clone github target repo + # --------------------------------------------------------------------------- + if [ "$GITHUB_PUSH" == "true" ]; then + echo + echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO" + clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH + fi + mkdir -p ${GITOPS_INSTANCE_DIR} + + + # Generate ArgoApps + # --------------------------------------------------------------------------- + echo + echo_h2 "Generating DB2RDS operator Applications" + echo "- DB2RDS operator" + + echo "Generating DB2RDS file ${GITOPS_INSTANCE_DIR}/ibm-dbs-rds-database.yaml" + jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-dbs-rds-database.yaml.j2 ${GITOPS_INSTANCE_DIR}/ibm-dbs-rds-database.yaml + + # Commit and push to github target repo + # --------------------------------------------------------------------------- + if [ "$GITHUB_PUSH" == "true" ]; then + echo + echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO" + save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}" + remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO + fi + +} diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-dbs-rds-databases.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-dbs-rds-databases.yaml.j2 new file mode 100644 index 00000000000..77a919e6bc9 --- /dev/null +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-dbs-rds-databases.yaml.j2 @@ -0,0 +1,6 @@ +merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}" +ibm_dbs_rds_databases: + - instance_name: {{INSTANCE_NAME}} + connection_string: {{CONNECTION_STRING}} + user: + password: