update

Author: Nivedithaa Mahendran

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-05-04T19:55:23Z",
+  "generated_at": "2026-05-04T20:14:43Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -472,15 +472,15 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 673,
+        "line_number": 677,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "c2a0bd05f2ebbdd505fc3ed2981c36a5b6050ea8",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 766,
+        "line_number": 770,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -736,7 +736,7 @@
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 25,
+        "line_number": 27,
         "type": "Secret Keyword",
         "verified_result": null
       }

image/cli/mascli/functions/gitops_suite

@@ -27,6 +27,7 @@ AWS Secrets Manager Configuration (Required):
 
 MongoDb Provider Selection (Required):
       --mongo-provider ${COLOR_YELLOW}MONGODB_PROVIDER${TEXT_RESET}                              The mongodb provider to install ('aws' or 'yaml')
+      --mongo-action ${COLOR_YELLOW}MONGO_ACTION${TEXT_RESET}                                    The mongo action ('install' or 'uninstall', optional)
       --mongo-reset-instance-password ${COLOR_YELLOW}MONGO_RESET_INSTANCE_PASSWORD${TEXT_RESET}      Reset MongoDB instance password (true/false, default: false)
       --mongo-update-instance-secret ${COLOR_YELLOW}MONGO_UPDATE_INSTANCE_MONGO_SECRET${TEXT_RESET}  Update MongoDB instance secret (true/false, default: false)
 
@@ -235,6 +236,9 @@ function gitops_suite_noninteractive() {
       --mongo-provider)
         export MONGODB_PROVIDER=$1 && shift
         ;;
+      --mongo-action)
+        export MONGO_ACTION=$1 && shift
+        ;;
 
       # SLS
       --sls-channel)

image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-sls.yaml.j2

@@ -8,19 +8,21 @@ ibm_sls:
   sls_channel: {{ SLS_CHANNEL }}
   sls_entitlement_file: <path:{{ SECRETS_PATH }}:{{ SECRET_KEY_LICENSE_FILE }}>
   ibm_entitlement_key: <path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IBM_ENTITLEMENT }}>
-{%- if MONGO_UPDATE_INSTANCE_MONGO_SECRET == "true" %}
+{%- if MONGO_UPDATE_INSTANCE_MONGO_SECRET == "true" and MONGO_ACTION == "install" %}
   mongo:
     mongo_reset_instance_password: {{ MONGO_RESET_INSTANCE_PASSWORD }}
     mongo_update_instance_mongo_secret: {{ MONGO_UPDATE_INSTANCE_MONGO_SECRET }}
 {%- endif %}
-  # aws docdb
   mongodb_provider: "{{ MONGODB_PROVIDER }}"
+{%- if not (MONGODB_PROVIDER == "yaml" and MONGO_ACTION == "install") %}
+  # aws docdb - only used when NOT MongoDB Atlas
   user_action: "{{ USER_ACTION }}"
   docdb_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DOCDB_HOST }}>"
   docdb_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DOCDB_PORT }}>"
   docdb_master_username: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DOCDB_MASTER_USERNAME }}>"
   docdb_master_password: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DOCDB_MASTER_PASSWORD }}>"
   docdb_master_info: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DOCDB_MASTER_INFO }}>"
+{%- endif %}
   sls_mongo_username: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MONGO_USERNAME }}>"
   sls_mongo_password: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MONGO_PASSWORD }}>"
 

tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2

@@ -404,6 +404,8 @@ spec:
           value: $(params.mas_instance_id)
         - name: mongo_provider
           value: $(params.mongo_provider)
+        - name: mongo_action
+          value: $(params.mongo_action)
         - name: mongo_reset_instance_password
           value: $(params.mongo_reset_instance_password)
         - name: mongo_update_instance_mongo_secret

tekton/src/tasks/gitops/gitops-suite.yml.j2

@@ -22,6 +22,9 @@ spec:
     - name: mongo_provider
       type: string
       default: aws
+    - name: mongo_action
+      type: string
+      default: ""
     - name: mongo_reset_instance_password
       type: string
       default: "false"
@@ -201,6 +204,8 @@ spec:
         value: $(params.mas_instance_id)
       - name: MONGODB_PROVIDER
         value: $(params.mongo_provider)
+      - name: MONGO_ACTION
+        value: $(params.mongo_action)
       - name: MONGO_RESET_INSTANCE_PASSWORD
         value: $(params.mongo_reset_instance_password)
       - name: MONGO_UPDATE_INSTANCE_MONGO_SECRET
@@ -392,7 +397,8 @@ spec:
         --github-org  $GITHUB_ORG \
         --github-repo $GITHUB_REPO \
         --git-branch $GIT_BRANCH \
-        --mas-wipe-mongo-data "$MAS_WIPE_MONGO_DATA" 
+        --mas-wipe-mongo-data "$MAS_WIPE_MONGO_DATA" \
+        --mongo-action "$MONGO_ACTION"
 
         exit $?
       command: