Add Code Engine binding resource and service_access secret format (…

…#4622)

* Add support for CE service bindings

* Add CE secret format service_access

* Make CE build source_url optional #4480

.secrets.baseline

@@ -5,6 +5,9 @@
   },
   "generated_at": "2023-06-14T09:18:54Z",
   "plugins_used": [
+    {
+      "name": "AWSKeyDetector"
+    },
     {
       "name": "ArtifactoryDetector"
     },
@@ -18,6 +21,12 @@
     {
       "name": "BasicAuthDetector"
     },
+    {
+      "name": "BoxDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
     {
       "ghe_instance": "github.ibm.com",
       "name": "GheDetector"
@@ -42,6 +51,9 @@
       "keyword_exclude": null,
       "name": "KeywordDetector"
     },
+    {
+      "name": "MailchimpDetector"
+    },
     {
       "name": "NpmDetector"
     },
@@ -56,6 +68,12 @@
     },
     {
       "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
     }
   ],
   "results": {
@@ -410,7 +428,7 @@
         "hashed_secret": "dc61ac50e6f36d09340d8ca062da1f0d4215004f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 60,
+        "line_number": 61,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -1778,31 +1796,31 @@
         "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 80,
+        "line_number": 74,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 392,
+        "line_number": 391,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "e8dc1fe90828a509bfa71eeccb5234a9bedb10e2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 483,
+        "line_number": 494,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d4ee3538b3b38ad8931e35bbe9db217fbd6687c1",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 502,
+        "line_number": 511,
         "type": "Secret Keyword",
         "verified_result": null
       }

examples/ibm-code-engine/main.tf

@@ -1,3 +1,17 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.ibmcloud_region
+}
+
+terraform {
+  required_providers {
+    ibm = {
+      source  = "github.ibm.com/coligo/ibm"
+      version = "0.0.1"
+    }
+  }
+}
+
 //////////////////
 // Resources
 
@@ -50,6 +64,38 @@ resource "ibm_code_engine_job" "code_engine_job_instance" {
   name            = var.code_engine_job_name
 }
 
+// Provision code_engine_secret resource instance for format service_access
+
+resource "ibm_code_engine_secret" "code_engine_secret_service_access" {
+  project_id = ibm_code_engine_project.code_engine_project_instance.project_id
+  name       = var.code_engine_secret_service_access_name
+  format     = "service_access"
+  service_access {
+    resource_key {
+      id = var.code_engine_secret_service_access_resource_key
+    }
+    service_instance {
+      id = var.code_engine_secret_service_access_service_instance
+
+    }
+  }
+  lifecycle {
+    ignore_changes = [data]
+  }
+}
+
+// Provision code_engine_binding resource instance
+
+resource "ibm_code_engine_binding" "code_engine_binding_instance" {
+  project_id = ibm_code_engine_project.code_engine_project_instance.project_id
+  component {
+    name          = ibm_code_engine_app.code_engine_app_instance.name
+    resource_type = ibm_code_engine_app.code_engine_app_instance.resource_type
+  }
+  prefix      = var.code_engine_binding_prefix
+  secret_name = ibm_code_engine_secret.code_engine_secret_instance.name
+}
+
 //////////////////
 // Data sources
 
@@ -87,3 +133,9 @@ data "ibm_code_engine_job" "code_engine_job_data" {
   project_id = data.ibm_code_engine_project.code_engine_project_data.project_id
   name       = var.code_engine_job_name
 }
+
+// Create code_engine_binding data source
+data "ibm_code_engine_binding" "code_engine_binding_data" {
+  project_id = data.ibm_code_engine_project.code_engine_project_data.project_id
+  binding_id = ibm_code_engine_binding.code_engine_binding_instance.binding_id
+}

examples/ibm-code-engine/outputs.tf

@@ -36,3 +36,9 @@ output "ibm_code_engine_secret" {
   description = "code_engine_secret resource instance"
   sensitive   = true
 }
+// This allows code_engine_binding data to be referenced by other resources and the terraform CLI
+// Modify this if only certain data should be exposed
+output "ibm_code_engine_binding" {
+  value       = ibm_code_engine_binding.code_engine_binding_instance
+  description = "code_engine_binding resource instance"
+}

examples/ibm-code-engine/variables.tf

@@ -3,6 +3,11 @@ variable "ibmcloud_api_key" {
   type        = string
 }
 
+variable "ibmcloud_region" {
+  description = "IBM Cloud Region"
+  type        = string
+}
+
 // Resource arguments for code_engine_project
 variable "code_engine_project_name" {
   description = "The name of the project."
@@ -90,6 +95,30 @@ variable "code_engine_job_name" {
   default     = "my-job"
 }
 
+// Resource arguments for code_engine_secret with format service_access
+variable "code_engine_secret_service_access_name" {
+  description = "The name of the service access secret"
+  type        = string
+  default     = "my-service-access"
+}
+
+variable "code_engine_secret_service_access_resource_key" {
+  description = "The ID of a resource key to access a resource instance."
+  type        = string
+}
+
+variable "code_engine_secret_service_access_service_instance" {
+  description = "The ID of a service instance."
+  type        = string
+}
+
+// Resource arguments for code_engine_binding
+variable "code_engine_binding_prefix" {
+  description = "The name of the service access secret"
+  type        = string
+  default     = "MY_PREFIX"
+}
+
 // Data source arguments for code_engine_project
 variable "code_engine_project_id" {
   description = "The ID of the project."

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/IBM/appid-management-go-sdk v0.0.0-20210908164609-dd0e0eaf732f
 	github.com/IBM/cloud-databases-go-sdk v0.3.2
 	github.com/IBM/cloudant-go-sdk v0.0.43
-	github.com/IBM/code-engine-go-sdk v0.0.0-20230324212854-743a707334f6
+	github.com/IBM/code-engine-go-sdk v0.0.0-20230606173928-4863db061918
 	github.com/IBM/container-registry-go-sdk v0.0.15
 	github.com/IBM/continuous-delivery-go-sdk v1.1.1
 	github.com/IBM/event-notifications-go-admin-sdk v0.2.2

go.sum

@@ -117,8 +117,8 @@ github.com/IBM/cloud-databases-go-sdk v0.3.2 h1:AUi7/xswqCwuXIlSyuXtDZJIm4d0ZicU
 github.com/IBM/cloud-databases-go-sdk v0.3.2/go.mod h1:nCIVfeZnhBYIiwByT959dFP4VWUeNLxomDYy63tTC6M=
 github.com/IBM/cloudant-go-sdk v0.0.43 h1:YxTy4RpAEezX32YIWnds76hrBREmO4u6IkBz1WylNuQ=
 github.com/IBM/cloudant-go-sdk v0.0.43/go.mod h1:WeYrJPaHTw19943ndWnVfwMIlZ5z0XUM2uEXNBrwZ1M=
-github.com/IBM/code-engine-go-sdk v0.0.0-20230324212854-743a707334f6 h1:PlYtJ+VZ1CLuhDiB1ldGW5uJBbnKG6CBIEblgU5b5mY=
-github.com/IBM/code-engine-go-sdk v0.0.0-20230324212854-743a707334f6/go.mod h1:IP6U/1NxgxzPeYdyiEwMaZyzelTw82JGHWl7bY78eQM=
+github.com/IBM/code-engine-go-sdk v0.0.0-20230606173928-4863db061918 h1:RfHezAVs3HegiGOcMmTXqsBPqZqfwZZHqje1EMriHBQ=
+github.com/IBM/code-engine-go-sdk v0.0.0-20230606173928-4863db061918/go.mod h1:IP6U/1NxgxzPeYdyiEwMaZyzelTw82JGHWl7bY78eQM=
 github.com/IBM/container-registry-go-sdk v0.0.15 h1:sfEXm4qNj9ZCwTlFOsdjF5P/lvajU/Sc22yNlzg0F9I=
 github.com/IBM/container-registry-go-sdk v0.0.15/go.mod h1:KqSZFO4VIK9QAyF8O1JW6jkyzkfE/BNKUIo+OdzIDk4=
 github.com/IBM/continuous-delivery-go-sdk v1.1.1 h1:bYrK0+rJgoWfBmIJAlAfo/AxI5vOr8DSLJPrM3iEOzQ=

ibm/acctest/acctest.go

@@ -268,6 +268,8 @@ var COSApiKey string
 
 var CeResourceGroupID string
 var CeProjectId string
+var CeServiceInstanceID string
+var CeResourceKeyID string
 
 func init() {
 	testlogger := os.Getenv("TF_LOG")
@@ -1434,6 +1436,18 @@ func init() {
 		fmt.Println("[WARN] Set the environment variable IBM_CODE_ENGINE_PROJECT_INSTANCE_ID with the ID of a Code Engine project instance")
 	}
 
+	CeServiceInstanceID = os.Getenv("IBM_CODE_ENGINE_SERVICE_INSTANCE_ID")
+	if CeServiceInstanceID == "" {
+		CeServiceInstanceID = ""
+		fmt.Println("[WARN] Set the environment variable IBM_CODE_ENGINE_SERVICE_INSTANCE_ID with the ID of a IBM Cloud service instance, e.g. for COS")
+	}
+
+	CeResourceKeyID = os.Getenv("IBM_CODE_ENGINE_RESOURCE_KEY_ID")
+	if CeResourceKeyID == "" {
+		CeResourceKeyID = ""
+		fmt.Println("[WARN] Set the environment variable IBM_CODE_ENGINE_RESOURCE_KEY_ID with the ID of a resource key to access a service instance")
+	}
+
 }
 
 var TestAccProviders map[string]*schema.Provider

ibm/provider/provider.go

@@ -806,6 +806,7 @@ func Provider() *schema.Provider {
 
 			// Added for Code Engine
 			"ibm_code_engine_app":        codeengine.DataSourceIbmCodeEngineApp(),
+			"ibm_code_engine_binding":    codeengine.DataSourceIbmCodeEngineBinding(),
 			"ibm_code_engine_build":      codeengine.DataSourceIbmCodeEngineBuild(),
 			"ibm_code_engine_config_map": codeengine.DataSourceIbmCodeEngineConfigMap(),
 			"ibm_code_engine_job":        codeengine.DataSourceIbmCodeEngineJob(),
@@ -1289,6 +1290,7 @@ func Provider() *schema.Provider {
 
 			// // Added for Code Engine
 			"ibm_code_engine_app":        codeengine.ResourceIbmCodeEngineApp(),
+			"ibm_code_engine_binding":    codeengine.ResourceIbmCodeEngineBinding(),
 			"ibm_code_engine_build":      codeengine.ResourceIbmCodeEngineBuild(),
 			"ibm_code_engine_config_map": codeengine.ResourceIbmCodeEngineConfigMap(),
 			"ibm_code_engine_job":        codeengine.ResourceIbmCodeEngineJob(),
@@ -1533,6 +1535,7 @@ func Validator() validate.ValidatorDict {
 
 				// // Added for Code Engine
 				"ibm_code_engine_app":        codeengine.ResourceIbmCodeEngineAppValidator(),
+				"ibm_code_engine_binding":    codeengine.ResourceIbmCodeEngineBindingValidator(),
 				"ibm_code_engine_build":      codeengine.ResourceIbmCodeEngineBuildValidator(),
 				"ibm_code_engine_config_map": codeengine.ResourceIbmCodeEngineConfigMapValidator(),
 				"ibm_code_engine_job":        codeengine.ResourceIbmCodeEngineJobValidator(),