feat: Enable IAM integration for Cloud Pak for Data

Signed-off-by: Denilson Nastacio <[email protected]>
IBM · Jun 29, 2023 · fbb0264 · fbb0264
1 parent 76ad087
commit fbb0264
Show file tree

Hide file tree

Showing 7 changed files with 69 additions and 3 deletions.
diff --git a/config/argocd-cloudpaks/cp4d/Chart.yaml b/config/argocd-cloudpaks/cp4d/Chart.yaml
@@ -16,9 +16,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.6.1
+version: 0.7.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "1.4.1"
+appVersion: "1.4.2"
diff --git a/config/argocd-cloudpaks/cp4d/templates/0100-cp4d-app.yaml b/config/argocd-cloudpaks/cp4d/templates/0100-cp4d-app.yaml
@@ -25,6 +25,8 @@ spec:
           value: ${ARGOCD_APP_NAMESPACE}
         - name: components
           value: {{.Values.components}}
+        - name: iam_integration
+          value: "{{.Values.iam_integration}}"
         - name: metadata.argocd_app_namespace
           value: {{.Values.metadata.argocd_app_namespace}}
         - name: metadata.common_services_namespace

diff --git a/config/argocd-cloudpaks/cp4d/templates/0200-cp4d-platform-app.yaml b/config/argocd-cloudpaks/cp4d/templates/0200-cp4d-platform-app.yaml
@@ -20,6 +20,8 @@ spec:
           value: ${ARGOCD_APP_NAMESPACE}
         - name: components
           value: {{.Values.components}}
+        - name: iam_integration
+          value: "{{.Values.iam_integration}}"
         - name: metadata.argocd_app_namespace
           value: {{.Values.metadata.argocd_app_namespace}}
         - name: metadata.common_services_namespace

diff --git a/config/argocd-cloudpaks/cp4d/values.yaml b/config/argocd-cloudpaks/cp4d/values.yaml
@@ -16,4 +16,6 @@ storageclass:
   rwo: ocs-storagecluster-ceph-rbd
   rwx: ocs-storagecluster-cephfs
 
+iam_integration: true
+
 version: 4.6.6
diff --git a/config/cloudpaks/cp4d/Chart.yaml b/config/cloudpaks/cp4d/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.2
+version: 0.6.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/config/cloudpaks/cp4d/templates/0402-postsync-integrate-iam.yaml b/config/cloudpaks/cp4d/templates/0402-postsync-integrate-iam.yaml
@@ -0,0 +1,58 @@
+---
+# https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=environment-integrating-iam-service
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/sync-wave: "402"
+  name: post-cp4d-integrate-iam
+  namespace: {{.Values.metadata.argocd_namespace}}
+spec:
+  template:
+    spec:
+      containers:
+        - name: install-olm
+          image: icr.io/cpopen/cpd/olm-utils:latest
+          env:
+            - name: PROJECT_CPFS_OPS
+              value: {{.Values.metadata.common_services_namespace}}
+            - name: PROJECT_CPD_INSTANCE
+              value: {{.Values.metadata.argocd_app_namespace}}
+            - name: IAM_INTEGRATION
+              value: "{{.Values.iam_integration}}"
+          command:
+            - /bin/bash
+            - -c
+            - |
+              set -eo pipefail
+              set -x
+
+              result=0
+
+              # https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=cluster-creating-custom-sccs-services
+              iam_enabled=$(oc get zenservice lite-cr \
+                    -n "${PROJECT_CPD_INSTANCE}" \
+                    -o jsonpath='{.spec.iamIntegration}')
+              if [ "${iam_enabled}" == "${IAM_INTEGRATION}" ]; then
+                  echo "INFO: IAM integration is already configured to ${IAM_INTEGRATION}."
+                  exit
+              fi
+
+              echo "INFO: Setting IAM integration to ${IAM_INTEGRATION}."
+              bin/setup-iam-integration \
+                  --enable="${IAM_INTEGRATION}" \
+                  --cpd_instance_ns="${PROJECT_CPD_INSTANCE}" \
+              result=1
+
+              echo "INFO: IAM integration status" \
+              && oc get zenservice lite-cr \
+                    -n "${PROJECT_CPD_INSTANCE}" \
+                    -o jsonpath='{.spec.iamIntegration}'
+
+              exit ${result}
+
+      restartPolicy: Never
+      serviceAccountName: {{.Values.serviceaccount.argocd_application_controller}}
+
+  backoffLimit: 2
diff --git a/config/cloudpaks/cp4d/values.yaml b/config/cloudpaks/cp4d/values.yaml
@@ -16,4 +16,6 @@ storageclass:
   rwx: "set in presync-hook of parent app"
 targetRevision: main
 
+iam_integration: "set in presync-hook of parent app"
+
 version: "set in parent app"