Skip to content

terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

112 Commits
customizations
customizations
 
 
integrations
integrations
 
 
pipeline-cd
pipeline-cd
 
 
services
services
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.secrets.baseline
.secrets.baseline
 
 
.whitesource
.whitesource
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
properties-code-engine.json
properties-code-engine.json
 
 
properties-kube.json
properties-kube.json
 
 
properties-zos.json
properties-zos.json
 
 
provider.tf.example
provider.tf.example
 
 
repositories.json.example
repositories.json.example
 
 
variables.tf
variables.tf
 
 
variables.tfvars.example
variables.tfvars.example
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Terraform IBM DevSecOps CD Toolchain

Stable (With quality checks) pre-commit latest release semantic-release

A Terraform module for provisioning the DevSecOps CD toolchain.

Requirements

Name Version
terraform >= 1.0.0
ibm >= 1.67.0, < 2.0.0

Modules

Name Source Version
change_management_repo ./customizations/repositories n/a
compliance_pipelines_repo ./customizations/repositories n/a
deployment_repo ./customizations/repositories n/a
evidence_repo ./customizations/repositories n/a
integrations ./integrations n/a
inventory_repo ./customizations/repositories n/a
issues_repo ./customizations/repositories n/a
pipeline_cd ./pipeline-cd n/a
pipeline_config_repo ./customizations/repositories n/a
pipeline_properties ./customizations/pipeline-property-adder n/a
repository_properties ./customizations/repository-adder n/a
services ./services n/a

Resources

Name Type
ibm_cd_toolchain.toolchain_instance resource
ibm_cd_toolchain_tool_pipeline.cd_pipeline resource
ibm_resource_group.resource_group data source

Inputs

Name Description Type Default Required
artifact_signature_verification Set to 1 to enable artifact signature verification. string "" no
artifactory_dashboard_url Type the URL that you want to navigate to when you click the Artifactory integration tile. string "" no
artifactory_integration_name The name of the Artifactory tool integration. string "artifactory-dockerconfigjson" no
artifactory_repo_name Type the name of your Artifactory repository where your docker images are located. string "wcp-compliance-automation-team-docker-local" no
artifactory_repo_url Type the URL for your Artifactory release repository. string "" no
artifactory_token_secret_crn The CRN for the Artifactory secret. string "" no
artifactory_token_secret_group Secret group prefix for the Artifactory token secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
artifactory_token_secret_name Name of the artifactory token secret in the secret provider. string "artifactory-token" no
artifactory_user Type the User ID or email for your Artifactory repository. string "" no
authorization_policy_creation Set to disabled if you do not want this policy auto created. string "" no
change_management_group Specify Git user/group for change management repo. string "" no
change_management_repo_auth_type Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. string "oauth" no
change_management_repo_git_id Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. string "" no
change_management_repo_git_provider Choose the default git provider for change management repo string "hostedgit" no
change_management_repo_git_token_secret_crn The CRN for the Change Managemenrt repository Git Token. string "" no
change_management_repo_git_token_secret_name Name of the Git token secret in the secret provider. string "git-token" no
change_management_repo_initialization_type The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. string "" no
change_management_repo_integration_owner The name of the integration owner. string "" no
change_management_repo_is_private_repo Set to true to make repository private. bool true no
change_management_repo_issues_enabled Set to true to enable issues. bool true no
change_management_repo_name The repository name. string "" no
change_management_repo_secret_group Secret group prefix for the Change Management repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
change_management_repo_traceability_enabled Set to true to enable traceability. bool false no
change_repo_clone_from_url Override the default management repo , which will be cloned into the app repo. Note, using clone_if_not_exists mode, so if the app repo already exists the repo contents are unchanged. string "" no
cluster_name Name of the Kubernetes cluster where the application is deployed. string "" no
cluster_namespace Namespace of the Kubernetes cluster where the application is deployed. string "default" no
cluster_region Region of the Kubernetes cluster where the application is deployed. string "ibm:yp:us-south" no
code_engine_project The name of the Code Engine project to use. Created if it does not exist. string "" no
code_engine_region The region to create/lookup for the Code Engine project. string "" no
code_engine_resource_group The resource group of the Code Engine project. string "" no
code_signing_cert The base64 encoded GPG public key. Setting this will add the public signing cert to the pipeline properties. Alternatively see enable_signing_validation to store the cert in a Secrets provider . string "" no
code_signing_cert_secret_crn The CRN for the public signing key cert in the secrets provider. string "" no
code_signing_cert_secret_group Secret group prefix for the pipeline Public signing key cert secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
code_signing_cert_secret_name This is the optional alternative to using code_signing_cert for storing the GPG public signing key. Set this variable with the name of the secret containing the GPG public key from the Secrets Provider. string "" no
compliance_pipeline_group Specify Git user/group for compliance pipeline repo. string "" no
compliance_pipeline_repo_auth_type Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. string "oauth" no
compliance_pipeline_repo_git_provider Choose the default git provider for change management repo string "hostedgit" no
compliance_pipeline_repo_git_token_secret_crn The CRN for the Compliance Pipeline repository Git Token. string "" no
compliance_pipeline_repo_git_token_secret_name Name of the Git token secret in the secret provider. string "git-token" no
compliance_pipeline_repo_integration_owner The name of the integration owner. string "" no
compliance_pipeline_repo_issues_enabled Set to true to enable issues. bool false no
compliance_pipeline_repo_secret_group Secret group prefix for the Compliance Pipeline repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
compliance_pipeline_repo_url URL of pipeline repo template to be cloned. string "" no
compliance_pipelines_repo_git_id Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. string "" no
cos_api_key_secret_crn The CRN for the Cloud Object Storage apikey. string "" no
cos_api_key_secret_group Secret group prefix for the COS API key secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
cos_api_key_secret_name Name of the IBM Cloud Storage api-key secret in the secret provider. string "cos-api-key" no
cos_bucket_name COS bucket name. string "" no
cos_dashboard_url The dashboard URL for the COS toolcard. string "https://cloud.ibm.com/objectstorage" no
cos_description The COS description on the tool card. string "Cloud Object Storage to store evidences within DevSecOps Pipelines" no
cos_documentation_url The documentation URL that appears on the tool card. string "https://cloud.ibm.com/objectstorage" no
cos_endpoint COS endpoint name. string "" no
cos_integration_name The name of the COS integration. string "Evidence Store" no
create_triggers Set to true to create all the default triggers. bool true no
default_git_provider Choose the default git provider for app repo string "hostedgit" no
deployment_group Specify Git user/group for deployment repo. string "" no
deployment_repo_auth_type Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat. string "oauth" no
deployment_repo_clone_from_branch Used when deployment_repo_clone_from_url is provided, the default branch that will be used by the CD build, usually either main or master. string "" no
deployment_repo_clone_from_url Override the default sample app by providing your own sample deployment url, which will be cloned into the app repo. Note, using clone_if_not_exists mode, so if the app repo already exists the repo contents are unchanged. string "" no
deployment_repo_clone_to_git_id By default absent, else custom server GUID, or other options for 'git_id' field in the browser UI. string "" no
deployment_repo_clone_to_git_provider By default 'hostedgit', else use 'githubconsolidated' or 'gitlab'. string "" no
deployment_repo_existing_branch Used when deployment_repo_existing_url is provided, the default branch that will be used by the CD build, usually either main or master. string "" no
deployment_repo_existing_git_id By default absent, else custom server GUID, or other options for 'git_id' field in the browser UI. string "" no
deployment_repo_existing_git_provider By default 'hostedgit', else use 'githubconsolidated' or 'gitlab'. string "hostedgit" no
deployment_repo_existing_url Override to bring your own existing deployment repository URL, which will be used directly instead of cloning the default deployment sample. string "" no
deployment_repo_git_token_secret_crn The CRN for the Deployment repository Git Token. string "" no
deployment_repo_git_token_secret_name Name of the Git token secret in the secret provider. string "git-token" no
deployment_repo_initialization_type The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. string "" no
deployment_repo_integration_owner The name of the integration owner. string "" no
deployment_repo_is_private_repo Set to true to make repository private. bool true no
deployment_repo_issues_enabled Set to true to enable issues. bool false no
deployment_repo_name The repository name. string "" no
deployment_repo_secret_group Secret group prefix for the Deployment repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
deployment_repo_traceability_enabled Set to true to enable traceability. bool false no
deployment_source_repo_url Url of deployment repo template string "" no
devsecops_flavor The deployment target, 'kube', 'code-engine' or 'zos'. string "kube" no
doi_toolchain_id DevOps Insights Toolchain ID to link to. string "" no
enable_artifactory Set true to enable artifacory for devsecops. bool false no
enable_change_management_repo Set to true to enable the Change Management Repo integration. string true no
enable_insights Set to true to enable the DevOps Insights integration. bool true no
enable_key_protect Set to enable Key Protect Integration. bool false no
enable_pipeline_git_token Enable to add git-token to the pipeline properties. bool false no
enable_pipeline_notifications When enabled, pipeline run events will be sent to the Event Notifications and Slack integrations in the enclosing toolchain. bool false no
enable_secrets_manager Set to enable Secrets Manager Integration. bool true no
enable_slack Set to true to create the integration. bool false no
event_notifications_crn The CRN for the Event Notifications instance. string "" no
event_notifications_tool_name The name of the Event Notifications integration. string "Event Notifications" no
evidence_group Specify Git user/group for evidence repo. string "" no
evidence_repo_auth_type Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. string "oauth" no
evidence_repo_git_id Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. string "" no
evidence_repo_git_provider Git provider for evidence repo string "hostedgit" no
evidence_repo_git_token_secret_crn The CRN for the Evidence repository Git Token. string "" no
evidence_repo_git_token_secret_name Name of the Git token secret in the secret provider. string "git-token" no
evidence_repo_initialization_type The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. string "" no
evidence_repo_integration_owner The name of the integration owner. string "" no
evidence_repo_is_private_repo Set to true to make repository private. bool true no
evidence_repo_issues_enabled Set to true to enable issues. bool false no
evidence_repo_name The repository name. string "" no
evidence_repo_secret_group Secret group prefix for the Evidence repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
evidence_repo_traceability_enabled Set to true to enable traceability. bool false no
evidence_repo_url This is a template repository to clone compliance-evidence-locker for reference DevSecOps toolchain templates. string "" no
ibmcloud_api_key API key used to create the toolchains. string n/a yes
inventory_group Specify Git user/group for inventory repo. string "" no
inventory_repo_auth_type Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. string "oauth" no
inventory_repo_git_id Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. string "" no
inventory_repo_git_provider Git provider for inventory repo string "hostedgit" no
inventory_repo_git_token_secret_crn The CRN for the Inventory repository Git Token. string "" no
inventory_repo_git_token_secret_name Name of the Git token secret in the secret provider. string "git-token" no
inventory_repo_initialization_type The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. string "" no
inventory_repo_integration_owner The name of the integration owner. string "" no
inventory_repo_is_private_repo Set to true to make repository private. bool true no
inventory_repo_issues_enabled Set to true to enable issues. bool false no
inventory_repo_name The repository name. string "" no
inventory_repo_secret_group Secret group prefix for the Inventory repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
inventory_repo_traceability_enabled Set to true to enable traceability. bool false no
inventory_repo_url This is a template repository to clone compliance-inventory-locker for reference DevSecOps toolchain templates. string "" no
issues_group Specify Git user/group for issues repo. string "" no
issues_repo_auth_type Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. string "oauth" no
issues_repo_git_id Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. string "" no
issues_repo_git_provider Git provider for issue repo string "hostedgit" no
issues_repo_git_token_secret_crn The CRN for the Issues repository Git Token. string "" no
issues_repo_git_token_secret_name Name of the Git token secret in the secret provider. string "git-token" no
issues_repo_initialization_type The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. string "" no
issues_repo_integration_owner The name of the integration owner. string "" no
issues_repo_is_private_repo Set to true to make repository private. bool true no
issues_repo_issues_enabled Set to true to enable issues. bool true no
issues_repo_name The repository name. string "" no
issues_repo_secret_group Secret group prefix for the Issues repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
issues_repo_traceability_enabled Set to true to enable traceability. bool false no
issues_repo_url This is a template repository to clone compliance-issues for reference DevSecOps toolchain templates. string "" no
kp_integration_name The name of the Key Protect integration. string "kp-compliance-secrets" no
kp_location IBM Cloud location/region containing the Key Protect instance. string "us-south" no
kp_name Name of the Key Protect instance where the secrets are stored. string "kp-compliance-secrets" no
kp_resource_group The resource group containing the Key Protect instance. string "Default" no
link_to_doi_toolchain Enable a link to a DevOpsInsights instance in another toolchain, true or false. bool false no
pipeline_branch The branch within pipeline definitions repository for Compliance CD Toolchain. string "open-v10" no
pipeline_config_group Specify Git user/group for pipeline config repo. string "" no
pipeline_config_repo_auth_type Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. string "oauth" no
pipeline_config_repo_clone_from_url Specify a repository to clone that contains a custom pipeline-config.yaml file. string "" no
pipeline_config_repo_existing_url Specify a repository containing a custom pipeline-config.yaml file. string "" no
pipeline_config_repo_git_id Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. string "" no
pipeline_config_repo_git_provider Git provider for pipeline repo config string "hostedgit" no
pipeline_config_repo_git_token_secret_crn The CRN for the Config repository Git Token. string "" no
pipeline_config_repo_git_token_secret_name Name of the Git token secret in the secret provider. string "git-token" no
pipeline_config_repo_initialization_type The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. string "" no
pipeline_config_repo_integration_owner The name of the integration owner. string "" no
pipeline_config_repo_is_private_repo Set to true to make repository private. bool true no
pipeline_config_repo_issues_enabled Set to true to enable issues. bool false no
pipeline_config_repo_name The repository name. string "" no
pipeline_config_repo_secret_group Secret group prefix for the Pipeline Config repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
pipeline_config_repo_traceability_enabled Set to true to enable traceability. bool false no
pipeline_doi_api_key_secret_crn The CRN for the DOI apikey. string "" no
pipeline_doi_api_key_secret_group Secret group prefix for the pipeline DOI api key. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
pipeline_doi_api_key_secret_name Name of the Cloud API key secret in the secret provider to access the toolchain containing the Devops Insights instance. string "" no
pipeline_git_tag The GIT tag within the pipeline definitions repository for Compliance CD Toolchain. string "" no
pipeline_ibmcloud_api_key_secret_crn The CRN for the pipeline apikey. string "" no
pipeline_ibmcloud_api_key_secret_group Secret group prefix for the pipeline ibmcloud API key secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
pipeline_ibmcloud_api_key_secret_name Name of the Cloud API key secret in the secret provider. string "ibmcloud-api-key" no
pipeline_properties Stringified JSON containing the properties. This takes precedence over the properties JSON. string "" no
pipeline_properties_filepath The path to the file containing the property JSON. If this is not set, it will by default read the properties.json file at the root of the module. string "" no
privateworker_credentials_secret_crn The CRN for the Private Worker apikey. string "" no
privateworker_credentials_secret_group Secret group prefix for the Private Worker secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
privateworker_credentials_secret_name Name of the privateworker secret in the secret provider. string "private-worker-service-api" no
region IBM Cloud region used to prefix the prod_latest inventory repo branch. string "" no
repositories_prefix Prefix name for the cloned compliance repos. string "compliance" no
repository_properties Stringified JSON containing the repositories and triggers. This takes precedence over the repositories JSON. string "" no
repository_properties_filepath The path to the file containing the repository and triggers JSON. If this is not set, it will by default read the repositories.json file at the root of the module. string "" no
scc_attachment_id An attachment ID. An attachment is configured under a profile to define how a scan will be run. To find the attachment ID, in the browser, in the attachments list, click on the attachment link, and a panel appears with a button to copy the attachment ID. This parameter is only relevant when the scc_use_profile_attachment parameter is enabled. string "" no
scc_enable_scc Enable the SCC integration. bool true no
scc_instance_crn The Security and Compliance Center service instance CRN (Cloud Resource Name). This parameter is only relevant when the scc_use_profile_attachment parameter is enabled. The value must match the regular expression. string "" no
scc_integration_name The name of the SCC integration name. string "Devsecops Scope" no
scc_profile_name The name of a Security and Compliance Center profile. Use the IBM Cloud Framework for Financial Services profile, which contains the DevSecOps Toolchain rules. Or use a user-authored customized profile that has been configured to contain those rules. This parameter is only relevant when the scc_use_profile_attachment parameter is enabled. string "" no
scc_profile_version The version of a Security and Compliance Center profile, in SemVer format, like 0.0.0. This parameter is only relevant when the scc_use_profile_attachment parameter is enabled. string "" no
scc_scc_api_key_secret_crn The CRN for the SCC apikey. string "" no
scc_scc_api_key_secret_group Secret group prefix for the Security and Compliance tool secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
scc_scc_api_key_secret_name The Security and Compliance Center api-key secret in the secret provider. string "scc-api-key" no
scc_use_profile_attachment Set to enabled to enable use profile with attachment, so that the scripts in the pipeline can interact with the Security and Compliance Center service. When enabled, other parameters become relevant; scc_scc_api_key_secret_name, scc_instance_crn, scc_profile_name, scc_profile_version, scc_attachment_id. string "disabled" no
slack_channel_name The Slack channel that notifications will be posted to. string "my-channel" no
slack_integration_name The name of the Slack integration. string "slack-compliance" no
slack_pipeline_fail Generate pipeline failed notifications. bool true no
slack_pipeline_start Generate pipeline start notifications. bool true no
slack_pipeline_success Generate pipeline succeeded notifications. bool true no
slack_team_name The Slack team name, which is the word or phrase before .slack.com in the team URL. string "my-team" no
slack_toolchain_bind Generate tool added to toolchain notifications. bool true no
slack_toolchain_unbind Generate tool removed from toolchain notifications. bool true no
slack_webhook_secret_crn The CRN for the Slack webhook secret. string "" no
slack_webhook_secret_group Secret group prefix for the Slack webhook secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. string "" no
slack_webhook_secret_name Name of the webhook secret in the secret provider. string "slack-webhook" no
sm_instance_crn The CRN of the Secrets Manager instance. string "" no
sm_integration_name The name of the Secrets Manager integration. string "sm-compliance-secrets" no
sm_location IBM Cloud location/region containing the Secrets Manager instance. Not required if using a Secrets Manager CRN instance. string "us-south" no
sm_name Name of the Secrets Manager instance where the secrets are stored. string "sm-compliance-secrets" no
sm_resource_group The resource group containing the Secrets Manager instance. Not required if using a Secrets Manager CRN instance. string "default" no
sm_secret_group Group in Secrets Manager for organizing/grouping secrets. string "Default" no
toolchain_description Description for the CD oolchain. string "Toolchain created with Terraform template for DevSecOps CD Best Practices" no
toolchain_name Name of CD the Toolchain. string "DevSecOps CD Toolchain - Terraform" no
toolchain_region IBM Cloud Region for the toolchain. string "us-south" no
toolchain_resource_group The resource group within which the toolchain is created. string "Default" no
trigger_git_enable Set to true to enable the CD pipeline Git trigger. bool false no
trigger_git_name The name of the CD pipeline GIT trigger. string "Git CD Trigger" no
trigger_git_promotion_branch Branch for Git promotion validation listener. string "prod" no
trigger_git_promotion_enable Enable Git promotion validation for Git promotion listener. bool false no
trigger_git_promotion_listener Select a Tekton EventListener to use when Git promotion validation listener trigger is fired. string "promotion-validation-listener-gitlab" no
trigger_git_promotion_validation_name Name of Git Promotion Validation Trigger string "Git Promotion Validation Trigger" no
trigger_manual_enable Set to true to enable the CD pipeline Manual trigger. bool true no
trigger_manual_name The name of the CI pipeline Manual trigger. string "Manual CD Trigger" no
trigger_manual_promotion_enable Set to true to enable the CD pipeline Manual Promotion trigger. bool true no
trigger_manual_promotion_name The name of the CD pipeline Manual Promotion trigger. string "Manual Promotion Trigger" no
trigger_manual_pruner_enable Set to true to enable the manual Pruner trigger. bool true no
trigger_manual_pruner_name The name of the manual Pruner trigger. string "Evidence Pruner Manual Trigger" no
trigger_timed_cron_schedule Only needed for timed triggers. Cron expression that indicates when this trigger will activate. Maximum frequency is every 5 minutes. The string is based on UNIX crontab syntax: minute, hour, day of month, month, day of week. Example: 0 *_/2 * * * - every 2 hours. string "0 4 * * *" no
trigger_timed_enable Set to true to enable the CD pipeline Timed trigger. bool false no
trigger_timed_name The name of the CD pipeline Timed trigger. string "Git CD Timed Trigger" no
trigger_timed_pruner_enable Set to true to enable the timed Pruner trigger. bool false no
trigger_timed_pruner_name The name of the timed Pruner trigger. string "Evidence Pruner Timed Trigger" no
worker_id The identifier for the Managed Pipeline worker. string "public" no

Outputs

Name Description
cd_pipeline_id The CD pipeline ID.
change_management_repo The Change Management repository.
change_management_repo_url The change management repository instance URL.
deployment_repo_url The deployment repo URL.
evidence_repo The Evidence repo.
evidence_repo_url The evidence repository instance URL, where evidence of the builds and scans are stored, ready for any compliance audit.
inventory_repo The Inventory repo.
inventory_repo_url The inventory repository instance URL, with details of which artifact has been built and will be deployed.
issues_repo The Issues repo.
issues_repo_url The incident issues repository instance URL, where issues are created when vulnerabilities and CVEs are detected.
key_protect_instance_id The Key Protect instance ID.
pipeline_repo_url This repository URL contains the tekton definitions for compliance pipelines.
secret_tool The secret tool.
secret_tool_v1 The legacy secret tool. Used as part of secret references to point to the secret tool integration. This is the legacy version of the secrets tool. The new version was updated to support using different secret groups with Secrests Manager. This only effects Secrets Manager. The net difference is that the legacy secret tool returns the tool name and the secret group name whereas the new tool returns only the tool name.
secrets_manager_instance_id The Secrets Manager instance ID.
toolchain_id The CD toolchain ID.
toolchain_url The CD toolchain URL.

Additional Information

Locking Pipeline properties

  • To make a variable locked, we need to provide the locked key as true for that variable.
    Example
  {
    "name": "example_variable",
    "type": "text",
    "value": "example_data",
    "locked": "true"
  }

The variable example_variable is locked by providing locked to true.If you want to unlock it, provide locked to false.

  • Pipeline properties that are locked by default are stored in default_locked_properties.
  • Overriding of pipeline properties
    • The code will first check if the locked key provides any value. If it is set, then it will take that value.
    • If no locked value is provided for the variable, it will check if it is inside the default set of locked property default_locked_properties.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

About

Toolchain created with Terraform template for DevSecOps CC Best Practices

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

19 watching

Forks

2 forks
Report repository

Releases 49

v2.1.0 Latest
Oct 22, 2024
+ 48 releases

Packages

No packages published

Contributors 9

Languages