cloudbees · carlosrodlop · May 21, 2024 · May 15, 2024 · May 15, 2024 · May 15, 2024
diff --git a/blueprints/02-at-scale/casc/oc/bundle.yaml b/blueprints/02-at-scale/casc/oc/bundle.yaml
@@ -7,7 +7,7 @@ items:
   - items
 plugins:
   - plugins
-# rbac:
-#  - rbac
+rbac:
+ - rbac
 variables:
   - variables
@@ -19,7 +19,7 @@ OperationsCenter:
     Retriever:
       Enabled: true
       scmRepo: https://github.com/cloudbees/terraform-aws-cloudbees-ci-eks-addon.git
-      scmBranch: main
+      scmBranch: ldap
       scmBundlePath: blueprints/02-at-scale/casc/oc
       scmPollingInterval: PT20M
 Persistence:

@@ -14,7 +14,7 @@ customLdifFiles:
     o: Example, Inc
     objectclass: dcObject
     objectclass: organization
-
+  #CloudBees RBAC groups (in Casc) are mapped to the following LDAP groups.
   01-groups.ldif: |-
     dn: ou=Groups,dc=example,dc=org
     changetype: add
@@ -41,7 +41,7 @@ customLdifFiles:
     objectclass: groupOfUniqueNames
     uniqueMember: cn=developer_3,dc=example,dc=org
     uniqueMember: cn=developer_4,dc=example,dc=org
-
+  #Use these users cn and global password for logging into CloudBees CI. 
   02-users.ldif: |-
     dn: cn=developer_1,dc=example,dc=org
     changetype: add

@@ -1,7 +1,9 @@
 # Copyright (c) CloudBees, Inc.
 
-secGithubUser: "exampleUser" #Required for OC casc security.yaml
-secGithubToken: "ExampleToken" #Required for OC casc security.yaml
+sec_ldapPassword: ${ldap_password} # Do not change this variable name
+
+sec_githubUser: "exampleUser"
+sec_githubToken: "ExampleToken"
 # secLicenseCert: |
 #   License certificate from CloudBees
 # secLicenseKey: |

@@ -88,8 +88,9 @@ resource "time_static" "epoch" {
 # CloudBees CI Add-ons
 
 module "eks_blueprints_addon_cbci" {
-  source  = "cloudbees/cloudbees-ci-eks-addon/aws"
-  version = ">= 3.17108.0"
+  source = "../../"
+  #source  = "cloudbees/cloudbees-ci-eks-addon/aws"
+  #version = ">= 3.17108.0"
 
   hosted_zone   = var.hosted_zone
   cert_arn      = module.acm.acm_certificate_arn
@@ -105,7 +106,9 @@ module "eks_blueprints_addon_cbci" {
   }
 
   create_k8s_secrets = true
-  k8s_secrets_file   = "k8s/secrets-values.yml"
+  k8s_secrets = templatefile("k8s/secrets-values.yml", {
+      ldap_password = local.global_password
+    })
 
   prometheus_target = true
 

@@ -3,8 +3,7 @@
 locals {
   cbci_ns           = "cbci"
   cbci_secrets_name = "cbci-secrets"
-  secret_data       = fileexists(var.k8s_secrets_file) ? yamldecode(file(var.k8s_secrets_file)) : {}
-  create_secret     = alltrue([var.create_k8s_secrets, length(local.secret_data) > 0])
+  create_secret     = alltrue([var.create_k8s_secrets, length(var.k8s_secrets) > 0])
   oc_secrets_mount = [
     <<-EOT
       OperationsCenter:
@@ -57,7 +56,7 @@ resource "kubernetes_secret" "oc_secrets" {
     namespace = kubernetes_namespace.cbci[0].metadata[0].name
   }
 
-  data = yamldecode(file(var.k8s_secrets_file))
+  data = yamldecode(var.k8s_secrets)
 }
 
 resource "kubectl_manifest" "service_monitor_cb_controllers" {

@@ -41,8 +41,8 @@ variable "create_k8s_secrets" {
   type        = bool
 }
 
-variable "k8s_secrets_file" {
-  description = "Secrets file .yml path containing the secrets names:values for cbci-secrets."
+variable "k8s_secrets" {
+  description = "Secrets file .yml as String containing the secrets names:values. It is required when create_k8s_secrets is enabled."
   default     = "secrets-values.yml"
   type        = string
 }