From 06365943cb7fce3258656551c4b72cf9001feecb Mon Sep 17 00:00:00 2001 From: Jignesh Chauhan Date: Mon, 15 Jun 2026 20:00:16 +0530 Subject: [PATCH 1/3] [patch] remove ibm_entitlement_key from pipeline runs to kubernetes secrets --- src/mas/devops/tekton.py | 16 +++++++++++++++- .../pipelinerun-aiservice-upgrade.yml.j2 | 5 ----- .../devops/templates/pipelinerun-install.yml.j2 | 4 ---- .../devops/templates/pipelinerun-restore.yml.j2 | 4 ---- .../devops/templates/pipelinerun-update.yml.j2 | 5 ----- .../devops/templates/pipelinerun-upgrade.yml.j2 | 5 ----- 6 files changed, 15 insertions(+), 24 deletions(-) diff --git a/src/mas/devops/tekton.py b/src/mas/devops/tekton.py index b915cac1..d9041f2f 100644 --- a/src/mas/devops/tekton.py +++ b/src/mas/devops/tekton.py @@ -598,7 +598,7 @@ def prepareRestoreSecrets(dynClient: DynamicClient, namespace: str, restoreConfi secretsAPI.create(body=restoreConfigs, namespace=namespace) -def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFile: str = None, additionalConfigs: dict = None, certs: str = None, podTemplates: str = None, slack_token: str = None, slack_channel: str = None, aiserviceConfig: str = None, db2LicenseFile: dict | None = None, facilitiesProperties: dict | None = None) -> None: +def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFile: str = None, additionalConfigs: dict = None, certs: str = None, podTemplates: str = None, slack_token: str = None, slack_channel: str = None, aiserviceConfig: str = None, db2LicenseFile: dict | None = None, facilitiesProperties: dict | None = None, ibm_entitlement_key: str = None) -> None: """ Create or update secrets required for MAS installation pipelines. @@ -618,6 +618,7 @@ def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFi slack_channel (str, optional): Slack channel ID for notifications. Defaults to None. aiserviceConfig (str, optional): AI Service tenant config data. Defaults to None (empty secret). facilitiesProperties (dict, optional): Facilities properties file content. Defaults to None (empty secret). + ibm_entitlement_key (str, optional): IBM entitlement key for authentication. Defaults to None. Returns: None @@ -685,6 +686,19 @@ def prepareInstallSecrets(dynClient: DynamicClient, namespace: str, slsLicenseFi "name": "pipeline-additional-configs" } } + + additionalConfigs.setdefault("apiVersion", "v1") + additionalConfigs.setdefault("kind", "Secret") + additionalConfigs.setdefault("type", "Opaque") + additionalConfigs.setdefault("metadata", {}) + additionalConfigs["metadata"]["name"] = "pipeline-additional-configs" + + # Add IBM_ENTITLEMENT_KEY to the secret if provided + if ibm_entitlement_key: + if "data" not in additionalConfigs: + additionalConfigs["data"] = {} + additionalConfigs["data"]["IBM_ENTITLEMENT_KEY"] = base64.b64encode(ibm_entitlement_key.encode()).decode() + secretsAPI.create(body=additionalConfigs, namespace=namespace) # 2. Secret/pipeline-sls-entitlement diff --git a/src/mas/devops/templates/pipelinerun-aiservice-upgrade.yml.j2 b/src/mas/devops/templates/pipelinerun-aiservice-upgrade.yml.j2 index 47bfe1d6..b00ad613 100644 --- a/src/mas/devops/templates/pipelinerun-aiservice-upgrade.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-aiservice-upgrade.yml.j2 @@ -21,11 +21,6 @@ spec: - name: aiservice_channel value: "{{ aiservice_channel }}" - # IBM Entitlement Key - # ------------------------------------------------------------------------- - - name: ibm_entitlement_key - value: "{{ ibm_entitlement_key }}" - {%- if skip_pre_check is defined and skip_pre_check != "" %} # Skip pre-check # ------------------------------------------------------------------------- diff --git a/src/mas/devops/templates/pipelinerun-install.yml.j2 b/src/mas/devops/templates/pipelinerun-install.yml.j2 index d716ecb5..c634b233 100644 --- a/src/mas/devops/templates/pipelinerun-install.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-install.yml.j2 @@ -18,10 +18,6 @@ spec: pipeline: "0" params: - # IBM Entitlement Key - # ------------------------------------------------------------------------- - - name: ibm_entitlement_key - value: "{{ ibm_entitlement_key }}" {%- if skip_pre_check is defined and skip_pre_check != "" %} # Pipeline config diff --git a/src/mas/devops/templates/pipelinerun-restore.yml.j2 b/src/mas/devops/templates/pipelinerun-restore.yml.j2 index 849c61be..0186968d 100644 --- a/src/mas/devops/templates/pipelinerun-restore.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-restore.yml.j2 @@ -98,10 +98,6 @@ spec: - name: dro_contact_lastname value: "{{ dro_contact_lastname }}" {% endif %} - {% if ibm_entitlement_key is defined and ibm_entitlement_key != "" %} - - name: ibm_entitlement_key - value: "{{ ibm_entitlement_key }}" - {% endif %} {% if dro_namespace is defined and dro_namespace != "" %} - name: dro_namespace value: "{{ dro_namespace }}" diff --git a/src/mas/devops/templates/pipelinerun-update.yml.j2 b/src/mas/devops/templates/pipelinerun-update.yml.j2 index 6ffdce28..fdd5d6e3 100644 --- a/src/mas/devops/templates/pipelinerun-update.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-update.yml.j2 @@ -27,11 +27,6 @@ spec: - name: mas_catalog_version value: "{{ mas_catalog_version }}" -{%- if ibm_entitlement_key is defined and ibm_entitlement_key != "" %} - # TODO: What even uses this, nothing in the update pipeline should be using this - - name: ibm_entitlement_key - value: "{{ ibm_entitlement_key }}" -{%- endif %} {%- if artifactory_username is defined and artifactory_username != "" %} # Enable development catalogs # ------------------------------------------------------------------------- diff --git a/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 b/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 index 0d7b8af4..058a6258 100644 --- a/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 @@ -29,11 +29,6 @@ spec: - name: mas_channel value: "{{ mas_channel }}" - # IBM Entitlement Key - # ------------------------------------------------------------------------- - - name: ibm_entitlement_key - value: "{{ ibm_entitlement_key }}" - {%- if skip_pre_check is defined and skip_pre_check != "" %} # Skip pre-check # ------------------------------------------------------------------------- From 92aeb7eca547b3fb8b2c3217e098789d9bc2b2c0 Mon Sep 17 00:00:00 2001 From: Jignesh Chauhan Date: Tue, 16 Jun 2026 09:59:57 +0530 Subject: [PATCH 2/3] [patch] trigger builds --- src/mas/devops/templates/pipelinerun-install.yml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/src/mas/devops/templates/pipelinerun-install.yml.j2 b/src/mas/devops/templates/pipelinerun-install.yml.j2 index c634b233..bdf87c55 100644 --- a/src/mas/devops/templates/pipelinerun-install.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-install.yml.j2 @@ -1001,3 +1001,4 @@ spec: secret: secretName: pipeline-facilities-properties {% endif %} + From cf8ac33af58a20af766b08a1f7d88e7628cc22f1 Mon Sep 17 00:00:00 2001 From: Jignesh Chauhan Date: Tue, 16 Jun 2026 13:37:23 +0530 Subject: [PATCH 3/3] [patch] trigger empty commit --- src/mas/devops/templates/pipelinerun-install.yml.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/mas/devops/templates/pipelinerun-install.yml.j2 b/src/mas/devops/templates/pipelinerun-install.yml.j2 index bdf87c55..a7fae260 100644 --- a/src/mas/devops/templates/pipelinerun-install.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-install.yml.j2 @@ -1001,4 +1001,5 @@ spec: secret: secretName: pipeline-facilities-properties {% endif %} - + +