Changes logic from ibmcloud cli to the api

.github/workflows/verify-workflow.yaml

@@ -33,6 +33,7 @@ jobs:
         with:
           clusterId: ${{ matrix.testcase }}
           validateDeployScript: .github/scripts/validate-deploy.sh
+          testPlan: "true"
         env:
           TF_VAR_ibmcloud_api_key: ${{ secrets.IBMCLOUD_API_KEY }}
           IBMCLOUD_API_KEY: ${{ secrets.IBMCLOUD_API_KEY }}

main.tf

@@ -8,7 +8,7 @@ locals {
 module setup_clis {
   source = "cloud-native-toolkit/clis/util"
 
-  clis = ["ibmcloud-ob"]
+  clis = ["jq"]
 }
 
 resource null_resource print_names {
@@ -38,41 +38,32 @@ resource "ibm_resource_key" "logdna_instance_key" {
   }
 }
 
-resource null_resource ibmcloud_login {
-  provisioner "local-exec" {
-    command = "${path.module}/scripts/ibmcloud-login.sh ${var.region} ${var.resource_group_name}"
-
-    environment = {
-      BIN_DIR = module.setup_clis.bin_dir
-      APIKEY = var.ibmcloud_api_key
-    }
-  }
-}
-
 resource "null_resource" "logdna_bind" {
   count = local.bind ? 1 : 0
-  depends_on = [null_resource.ibmcloud_login]
 
   triggers = {
     bin_dir = module.setup_clis.bin_dir
     cluster_id  = var.cluster_id
     instance_id = var.logdna_id
+    ibmcloud_api_key = var.ibmcloud_api_key
   }
 
   provisioner "local-exec" {
-    command = "${path.module}/scripts/bind-instance.sh ${self.triggers.cluster_id} ${self.triggers.instance_id} ${ibm_resource_key.logdna_instance_key[0].name} ${var.private_endpoint}"
+    command = "${path.module}/scripts/bind-instance.sh '${self.triggers.cluster_id}' '${self.triggers.instance_id}' '${ibm_resource_key.logdna_instance_key[0].name}' '${var.private_endpoint}'"
 
     environment = {
+      IBMCLOUD_API_KEY = nonsensitive(self.triggers.ibmcloud_api_key)
       BIN_DIR = self.triggers.bin_dir
       SYNC = var.sync
     }
   }
 
   provisioner "local-exec" {
     when    = destroy
-    command = "${path.module}/scripts/unbind-instance.sh ${self.triggers.cluster_id} ${self.triggers.instance_id}"
+    command = "${path.module}/scripts/unbind-instance.sh '${self.triggers.cluster_id}' '${self.triggers.instance_id}'"
 
     environment = {
+      IBMCLOUD_API_KEY = nonsensitive(self.triggers.ibmcloud_api_key)
       BIN_DIR = self.triggers.bin_dir
     }
   }

scripts/bind-instance.sh

@@ -6,46 +6,74 @@ MODULE_DIR=$(cd ${SCRIPT_DIR}/..; pwd -P)
 CLUSTER_ID="$1"
 INSTANCE_ID="$2"
 INGESTION_KEY="$3"
-PRIVATE="$4"
-
-if [[ "${PRIVATE}" == "true" ]]; then
-  PRIVATE="--private-endpoint"
-else
-  PRIVATE=""
-fi
+PRIVATE="${4:-false}"
 
 if [[ -n "${BIN_DIR}" ]]; then
   export PATH="${BIN_DIR}:${PATH}"
 fi
 
+if [[ -z "${IBMCLOUD_API_KEY}" ]]; then
+  echo "IBMCLOUD_API_KEY must be provided as an environment variable" >&2
+  exit 1
+fi
+
+TOKEN_RESULT=$(curl -s -X POST "https://iam.cloud.ibm.com/identity/token" \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -d "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey=${IBMCLOUD_API_KEY}")
+TOKEN=$(echo "${TOKEN_RESULT}" | jq -r '.access_token')
+REFRESH_TOKEN=$(echo "${TOKEN_RESULT}" | jq -r '.refresh_token')
+
+BASE_URL="https://containers.cloud.ibm.com/global/v2/observe/logging"
+
 echo "Configuring LogDNA for ${CLUSTER_ID} cluster and ${INSTANCE_ID} LogDNA instance"
 
-ibmcloud target
-if ibmcloud ob logging config ls --cluster "${CLUSTER_ID}" | grep -q "Instance ID"; then
-  EXISTING_INSTANCE_ID=$(ibmcloud ob logging config ls --cluster "${CLUSTER_ID}" | grep "Instance ID" | sed -E "s/Instance ID: +([^ ]+)/\1/g")
+EXISTING_INSTANCE_ID=$(curl -s -X GET "${BASE_URL}/getConfigs?query=${CLUSTER_ID}" \
+  -H "Authorization: Bearer ${TOKEN}" \
+  -H "X-Auth-Refresh-Token: ${REFRESH_TOKEN}" \
+  jq -r '.[] | .instanceId // empty')
+
+echo "Existing instance id: ${EXISTING_INSTANCE_ID}"
+
+if [[ -n "${EXISTING_INSTANCE_ID}" ]]; then
   if [[ "${EXISTING_INSTANCE_ID}" == "${INSTANCE_ID}" ]]; then
     echo "LogDNA configuration already exists on this cluster"
     exit 0
   else
     echo "Existing LogDNA configuration found on this cluster for a different LogDNA instance: ${EXISTING_INSTANCE_ID}."
     echo "Removing the config before creating the new one"
-    ibmcloud ob logging config delete \
-      --cluster "${CLUSTER_ID}" \
-      --instance "${EXISTING_INSTANCE_ID}" \
-      --force
+
+    curl -s -X POST "${URL}/removeConfig" \
+      -H "Authorization: Bearer ${TOKEN}" \
+      -H "Content-Type: application/json" \
+      -H "X-Auth-Refresh-Token: ${REFRESH_TOKEN}" \
+      -d $(jq -n --arg CLUSTER "${CLUSTER_ID}" --arg INSTANCE "${EXISTING_INSTANCE_ID}" '{"cluster": $CLUSTER, "instance": $INSTANCE}')
 
     echo "  Waiting for the old configuration to be removed..."
-    sleep 300
+    while true; do
+      RESPONSE=$(curl -s -X GET "${BASE_URL}/getConfigs?query=${CLUSTER_ID}" \
+                   -H "Authorization: Bearer ${TOKEN}" \
+                   -H "X-Auth-Refresh-Token: ${REFRESH_TOKEN}" \
+                   jq -r '.[] | .instanceId // empty')
+
+      if [[ -z "${RESPONSE}" ]]; then
+        echo "    LogDNA instances removed"
+        break
+      else
+        echo "    LogDNA instance still exists. Waiting..."
+        echo "    ${RESPONSE}"
+        sleep 30
+      fi
+    done
   fi
 else
   echo "No existing logging config found for ${CLUSTER_ID} cluster"
-  ibmcloud ob logging config ls --cluster "${CLUSTER_ID}"
 fi
 
 set -e
 
 echo "Creating LogDNA configuration for ${CLUSTER_ID} cluster and ${INSTANCE_ID} LogDNA instance"
-ibmcloud ob logging config create \
-  --cluster "${CLUSTER_ID}" \
-  --instance "${INSTANCE_ID}" \
-  --logdna-ingestion-key "${INGESTION_KEY}" ${PRIVATE}
+curl -s -X POST "${URL}/createConfig" \
+  -H "Authorization: Bearer ${TOKEN}" \
+  -H "X-Auth-Refresh-Token: ${REFRESH_TOKEN}" \
+  -H "Content-Type: application/json" \
+  -d $(jq -n --arg CLUSTER "${CLUSTER_ID}" --arg INGESTION "${INGESTION_KEY}" --arg INSTANCE "${INSTANCE_ID}" --argjson PRIVATE "${PRIVATE}" '{"cluster": $CLUSTER, "instance": $INSTANCE, "ingestionKey": $INGESTION, "privateEndpoint": $PRIVATE}')

scripts/unbind-instance.sh

@@ -10,8 +10,37 @@ if [[ -n "${BIN_DIR}" ]]; then
   export PATH="${BIN_DIR}:${PATH}"
 fi
 
-ibmcloud ob logging config delete \
-  --cluster "${CLUSTER_ID}" \
-  --instance "${INSTANCE_ID}" \
-  --force || \
-  echo "Error deleting logging instance from cluster"
+if [[ -z "${IBMCLOUD_API_KEY}" ]]; then
+  echo "IBMCLOUD_API_KEY must be provided as an environment variable" >&2
+  exit 1
+fi
+
+TOKEN_RESULT=$(curl -s -X POST "https://iam.cloud.ibm.com/identity/token" \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -d "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey=${IBMCLOUD_API_KEY}")
+TOKEN=$(echo "${TOKEN_RESULT}" | jq -r '.access_token')
+REFRESH_TOKEN=$(echo "${TOKEN_RESULT}" | jq -r '.refresh_token')
+
+BASE_URL="https://containers.cloud.ibm.com/global/v2/observe/logging"
+
+curl -s -X POST "${BASE_URL}/removeConfig" \
+  -H "Authorization: Bearer ${TOKEN}" \
+  -H "Content-Type: application/json" \
+  -H "X-Auth-Refresh-Token: ${REFRESH_TOKEN}" \
+  -d $(jq -n --arg CLUSTER "${CLUSTER_ID}" --arg INSTANCE "${INSTANCE_ID}" '{"cluster": $CLUSTER, "instance": $INSTANCE}')
+
+echo "  Waiting for the instance to be removed..."
+while true; do
+  RESPONSE=$(curl -s -X GET "${BASE_URL}/getConfigs?query=${CLUSTER_ID}" \
+               -H "Authorization: Bearer ${TOKEN}" \
+               -H "X-Auth-Refresh-Token: ${REFRESH_TOKEN}" \
+               jq -r '.[] | .instanceId // empty')
+
+  if [[ -z "${RESPONSE}" ]]; then
+    echo "    LogDNA instances removed"
+    break
+  else
+    echo "    LogDNA instance still exists. Waiting..."
+    sleep 30
+  fi
+done

test/stages/stage1-resource-group.tf

@@ -2,5 +2,5 @@ module "resource_group" {
   source = "github.com/cloud-native-toolkit/terraform-ibm-resource-group.git"
 
   resource_group_name = var.resource_group_name
-  provision           = false
+  ibmcloud_api_key    = var.ibmcloud_api_key
 }