Merge branch 'stable' into cli1511

Author: durera

README.md

@@ -37,3 +37,55 @@ updateTektonDefinitions(pipelinesNamespace, "/mascli/templates/ibm-mas-tekton.ya
 pipelineURL = launchUpgradePipeline(self.dynamicClient, instanceId)
 print(pipelineURL)
 ```
+
+mas-devops-create-initial-users
+---------------------------------------------
+
+
+Add to /etc/hosts
+```
+127.0.0.1               tgk01-masdev.mas-tgk01-manage.svc.cluster.local
+127.0.0.1               coreapi.mas-tgk01-core.svc.cluster.local
+127.0.0.1               admin-dashboard.mas-tgk01-core.svc.cluster.local
+```
+
+```bash
+SM_AWS_REGION=""
+SM_AWS_ACCESS_KEY_ID=""
+SM_AWS_SECRET_ACCESS_KEY=""
+
+aws configure set default.region ${SM_AWS_REGION}
+aws configure set aws_access_key_id ${SM_AWS_ACCESS_KEY_ID}
+aws configure set aws_secret_access_key ${SM_AWS_SECRET_ACCESS_KEY}
+
+
+oc login --token=sha256~xxx --server=https://xxx:6443
+
+oc port-forward service/admin-dashboard 8445:443 -n mas-tgk01-core
+oc port-forward service/coreapi 8444:443 -n mas-tgk01-core
+oc port-forward service/tgk01-masdev 8443:443 -n mas-tgk01-manage
+
+mas-devops-create-initial-users-for-saas \
+    --mas-instance-id tgk01 \
+    --mas-workspace-id masdev \
+    --log-level INFO \
+    --initial-users-secret-name "aws-dev/noble4/tgk01/initial_users" \
+    --manage-api-port 8443 \
+    --coreapi-port 8444 \
+    --admin-dashboard-port 8445
+    
+
+mas-devops-create-initial-users-for-saas \
+    --mas-instance-id tgk01 \
+    --mas-workspace-id masdev \
+    --log-level INFO \
+    --initial-users-yaml-file /home/tom/workspaces/notes/mascore3423/example-users-single.yaml \
+    --manage-api-port 8443 \
+    --coreapi-port 8444 \
+    --admin-dashboard-port 8445
+```
+
+Example of initial_users secret:
+```json
+{"john.smith1@example.com":"primary,john1,smith1","john.smith2@example.com":"primary,john2,smith2","john.smith3@example.com":"secondary,john3,smith3"}
+```

bin/mas-devops-create-initial-users-for-saas

@@ -0,0 +1,146 @@
+#!/usr/bin/env python3
+
+# *****************************************************************************
+# Copyright (c) 2025 IBM Corporation and other Contributors.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+# *****************************************************************************
+
+from kubernetes import client, config
+from kubernetes.config.config_exception import ConfigException
+import argparse
+import logging
+import urllib3
+urllib3.disable_warnings()
+import yaml
+import json
+import sys
+
+import boto3
+from botocore.exceptions import ClientError
+
+from mas.devops.users import MASUserUtils
+
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+
+    # Primary Options
+    parser.add_argument("--mas-instance-id", required=True)
+    parser.add_argument("--mas-workspace-id", required=True)
+    parser.add_argument("--log-level", required=False, choices=["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"], default="INFO")
+    parser.add_argument("--coreapi-port", required=False, default=443)
+    parser.add_argument("--admin-dashboard-port", required=False, default=443)
+    parser.add_argument("--manage-api-port", required=False, default=443)
+
+
+    group = parser.add_mutually_exclusive_group(required=True)
+    group.add_argument("--initial-users-yaml-file")
+    group.add_argument("--initial-users-secret-name")
+
+    args, unknown = parser.parse_known_args()
+
+    log_level = getattr(logging, args.log_level)
+
+    logger = logging.getLogger()
+    logger.setLevel(log_level)
+
+    ch = logging.StreamHandler()
+    ch.setLevel(log_level)
+    chFormatter = logging.Formatter(
+        "%(asctime)-25s %(name)-50s [%(threadName)s] %(levelname)-8s %(message)s"
+    )
+    ch.setFormatter(chFormatter)
+    logger.addHandler(ch)
+
+    mas_instance_id = args.mas_instance_id
+    mas_workspace_id = args.mas_workspace_id
+    initial_users_yaml_file = args.initial_users_yaml_file
+    initial_users_secret_name = args.initial_users_secret_name
+    coreapi_port = args.coreapi_port
+    admin_dashboard_port = args.admin_dashboard_port
+    manage_api_port = args.manage_api_port
+
+
+    logger.info("Configuration:")
+    logger.info("--------------")
+    logger.info(f"mas_instance_id:           {mas_instance_id}")
+    logger.info(f"mas_workspace_id:          {mas_workspace_id}")
+    logger.info(f"initial_users_yaml_file:   {initial_users_yaml_file}")
+    logger.info(f"initial_users_secret_name: {initial_users_secret_name}")
+    logger.info(f"log_level:                 {log_level}")
+    logger.info(f"coreapi_port:              {coreapi_port}")
+    logger.info(f"admin_dashboard_port:      {admin_dashboard_port}")
+    logger.info(f"manage_api_port:           {manage_api_port}")
+    logger.info("")
+
+    try:
+        # Try to load in-cluster configuration
+        config.load_incluster_config()
+        logger.debug("Loaded in-cluster configuration")
+    except ConfigException:
+        # If that fails, fall back to kubeconfig file
+        config.load_kube_config()
+        logger.debug("Loaded kubeconfig file")
+
+
+    user_utils = MASUserUtils(mas_instance_id, mas_workspace_id, client.api_client.ApiClient(), coreapi_port=coreapi_port, admin_dashboard_port=admin_dashboard_port, manage_api_port=manage_api_port)
+
+    if initial_users_secret_name is not None:
+
+        logger.info(f"Loading initial_users configuration from secret {initial_users_secret_name}")
+
+        session = boto3.session.Session()
+        aws_sm_client = session.client(
+            service_name='secretsmanager',
+        )
+        try:
+            initial_users_secret = aws_sm_client.get_secret_value( # pragma: allowlist secret
+                SecretId=initial_users_secret_name
+            )
+        except ClientError as e:
+            if e.response['Error']['Code'] == 'ResourceNotFoundException':
+                logger.info(f"Secret {initial_users_secret_name} was not found, nothing to do, exiting now.")
+                sys.exit(0)
+
+            raise Exception(f"Failed to fetch secret {initial_users_secret_name}: {str(e)}")
+        
+        secret_json = json.loads(initial_users_secret['SecretString'])
+        initial_users = user_utils.parse_initial_users_from_aws_secret_json(secret_json)
+    elif initial_users_yaml_file is not None:
+        with open(initial_users_yaml_file, 'r') as file:
+            initial_users = yaml.safe_load(file)
+    else:
+        raise Exception("Something unexpected happened")
+    
+    
+    result = user_utils.create_initial_users_for_saas(initial_users)
+
+    # if user details were sourced from an AWS SM secret, remove the completed entries from the secret
+    # so we don't try and resync them the next time round (and potentially undo an update made by a customer)
+    if initial_users_secret_name is not None:
+        has_updates = False
+        for completed_user in result["completed"]:
+            logger.info(f"Removing synced user {completed_user['email']} from {initial_users_secret_name} secret")
+            secret_json.pop(completed_user["email"])
+            has_updates = True
+
+        if has_updates:
+            logger.info(f"Updating secret {initial_users_secret_name}")
+            try:
+                aws_sm_client.update_secret( # pragma: allowlist secret
+                    SecretId=initial_users_secret_name,
+                    SecretString=json.dumps(secret_json)
+                )
+            except ClientError as e:
+                raise Exception(f"Failed to update secret {initial_users_secret_name}: {str(e)}")
+            
+
+    if len(result["failed"]) > 0:
+        failed_user_ids = list(map(lambda u : u["email"], result["failed"]))
+        raise Exception(f"Sync failed for the following user IDs {failed_user_ids}")

setup.py

@@ -60,14 +60,17 @@ def get_version(rel_path):
         'kubernetes',              # Apache Software License
         'kubeconfig',              # BSD License
         'jinja2',                  # BSD License
-        'jinja2-base64-filters'    # MIT License
+        'jinja2-base64-filters',   # MIT License
+        'semver',                  # BSD License
+        'boto3'                    # Apache Software License
     ],
     extras_require={
         'dev': [
-            'build',       # MIT License
-            'flake8',      # MIT License
-            'pytest',      # MIT License
-            'pytest-mock'  # MIT License
+            'build',        # MIT License
+            'flake8',       # MIT License
+            'pytest',       # MIT License
+            'pytest-mock',  # MIT License
+            'requests-mock'  # Apache Software License
         ]
     },
     classifiers=[
@@ -85,6 +88,7 @@ def get_version(rel_path):
     ],
     scripts=[
         'bin/mas-devops-db2-validate-config',
+        'bin/mas-devops-create-initial-users-for-saas',
         'bin/mas-devops-saas-job-cleaner'
     ]
 )

src/mas/devops/data/catalogs/v9-250403-amd64.yaml

@@ -77,7 +77,7 @@ mas_visualinspection_version:
   9.0.x: 9.0.8    # updated
   8.10.x: 8.8.4   # No Update
   8.11.x: 8.9.11  # updated
-
+ 
 # Extra Images for UDS
 # ------------------------------------------------------------------------------
 uds_extras_version: 1.5.0

src/mas/devops/data/catalogs/v9-250501-amd64.yaml

@@ -0,0 +1,110 @@
+---
+# Case bundle configuration for IBM Maximo Operator Catalog 250501
+# -----------------------------------------------------------------------------
+# In the future this won't be necessary as we'll be able to mirror from the
+# catalog itself, but not everything in the catalog supports this yet (including MAS)
+# so we need to use the CASE bundle mirror process still.
+
+catalog_digest: sha256:152bb3a71e029d2215a14816ac928bc28054d85d6123a3813c9679fd7eb91650
+
+# Dependencies
+# -----------------------------------------------------------------------------
+ibm_licensing_version: 4.2.12                 # Operator version 4.2.11 (https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-licensing)
+common_svcs_version: 4.7.0                   # check once why we have 4.3.0 in all previous versions since so long it's 4.3.0   # Operator version 4.3.1 (https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-cp-common-services)
+common_svcs_version_2: 4.8.0
+common_svcs_version_1: 4.3.0 #+20240702.100000 # common_svcs is a mess
+
+cp4d_platform_version: 5.0.0 #+20240716.101015 # Operator version 5.0.0 (https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-cp-datacore/4.0.0%2B20231213.115030)
+
+ibm_zen_version: 6.0.1+20240708.121250.32 # For CPD5 ibm-zen has to be explicitily mirrored
+
+db2u_version: 6.0.1+20240704.142950.9960     # Operator version 110509.0.2 to find the version 6.0.1, search CASE_VERSION in db2u, catalog.yaml into ibm-maximo-operator-catalog (https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-db2uoperator)
+events_version: 5.0.1                        # Operator version 5.0.1 (https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-events-operator)
+uds_version: 2.0.12                          # Operator version 2.0.12 # sticking to 2.0.12 version # Please do Not Change
+sls_version: 3.11.1 # No update              # Operator version 3.10.0 (https://github.ibm.com/maximoappsuite/ibm-sls/releases)
+tsm_version: 1.6.2  # No update              # Operator version 1.5.4 (https://github.ibm.com/maximoappsuite/ibm-truststore-mgr/releases)
+dd_version: 1.1.18  # Updated                # Operator version 1.1.14 (https://github.ibm.com/maximoappsuite/ibm-data-dictionary/releases)
+appconnect_version: 6.2.0                    # Operator version 6.2.0 # sticking to 6.2.0 version # Please do Not Change
+wsl_version: 9.0.0                           # Operator version 9.0.0
+wml_version: 9.0.0                           # Operator version 5.0.0
+# ccs_build: +20240528.144404.460              # ibm-ccs from version 9.0.0 requires the build version
+# datarefinery_build: +20240517.202103.146
+spark_version: 9.0.0                         # Operator version 5.0.0
+cognos_version: 25.0.0                       # Operator version 25.0.0
+couchdb_version: 1.0.13                      # Operator version 2.2.1 (This is required for Assist 9.0, https://github.com/IBM/cloud-pak/blob/master/repo/case/ibm-couchdb/index.yaml)
+elasticsearch_version: 1.1.2570              # Operator version 1.1.2470
+
+
+# Maximo Application Suite
+# -----------------------------------------------------------------------------
+mas_core_version:
+  9.1.x-feature: 9.1.0-pre.stable_9718 # Updated
+  9.0.x: 9.0.11   # Updated
+  8.10.x: 8.10.25 # Updated
+  8.11.x: 8.11.22 # Updated
+mas_assist_version:
+  9.0.x: 9.0.5    # Updated
+  8.10.x: 8.7.8   # No Update
+  8.11.x: 8.8.7   # No Update
+mas_hputilities_version:
+  9.0.x: ""       # Not Supported
+  8.10.x: 8.6.7   # tbc
+  8.11.x: ""      # Not Supported
+mas_iot_version:
+  9.0.x: 9.0.8    # Updated
+  8.10.x: 8.7.22  # Updated
+  8.11.x: 8.8.18  # Updated
+mas_manage_version:
+  9.1.x-feature: 9.1.0-pre.stable_10993 # Updated
+  9.0.x: 9.0.13   # Updated
+  8.10.x: 8.6.26  # Updated
+  8.11.x: 8.7.20  # Updated
+mas_monitor_version:
+  9.0.x: 9.0.9    # Updated
+  8.10.x: 8.10.19 # Updated
+  8.11.x: 8.11.17 # Updated
+mas_optimizer_version:
+  9.1.x-feature: 9.1.0-pre.stable_1943 # Updated
+  9.0.x: 9.0.10   # Updated
+  8.10.x: 8.4.17  # Updated
+  8.11.x: 8.5.16  # Updated
+mas_predict_version:
+  9.0.x: 9.0.7    # Updated
+  8.10.x: 8.8.8   # Updated
+  8.11.x: 8.9.10  # Updated
+mas_visualinspection_version:
+  9.1.x-feature: 9.1.0-pre.stable_2405 # Updated
+  9.0.x: 9.0.9    # Updated
+  8.10.x: 8.8.4   # No Update
+  8.11.x: 8.9.12  # Updated
+
+# Extra Images for UDS
+# ------------------------------------------------------------------------------
+uds_extras_version: 1.5.0
+
+# Extra Images for Mongo
+# ------------------------------------------------------------------------------
+mongo_extras_version_default: 7.0.12
+
+# Variables used to mirror additional mongo image versions
+mongo_extras_version_4: 4.4.21
+mongo_extras_version_5: 5.0.23
+mongo_extras_version_6: 6.0.12
+mongo_extras_version_7: 7.0.12
+
+# Extra Images for Db2u
+# ------------------------------------------------------------------------------
+db2u_extras_version: 1.0.6 # No Update
+db2u_filter: db2
+
+# Extra Images for IBM Watson Discovery
+# ------------------------------------------------------------------------------
+#wd_extras_version: 1.0.4
+
+# Extra Images for Amlen
+# ------------------------------------------------------------------------------
+amlen_extras_version: 1.1.2
+
+# Default Cloud Pak for Data version
+# ------------------------------------------------------------------------------
+cpd_product_version_default: 5.0.0

src/mas/devops/data/catalogs/v9-250501-s390x.yaml

@@ -0,0 +1,40 @@
+---
+# Case bundle configuration for IBM Maximo Operator Catalog 250501
+# -----------------------------------------------------------------------------
+# In the future this won't be necessary as we'll be able to mirror from the
+# catalog itself, but not everything in the catalog supports this yet (including MAS)
+# so we need to use the CASE bundle mirror process still.
+
+catalog_digest: sha256:9d0437b2e7391fb4e28ba42294c442fea5d157bd1699d7d7a415dd7a5a27a6f9
+
+uds_version: 2.0.12                          # Operator version 2.0.12 # sticking to 2.0.12 version # Please do Not Change
+sls_version: 3.11.1 # tbc                    # Operator version 3.10.0 (https://github.ibm.com/maximoappsuite/ibm-sls/releases)
+tsm_version: 1.6.2  # No Update              # Operator version 1.5.4 (https://github.ibm.com/maximoappsuite/ibm-truststore-mgr/releases)
+
+
+# Maximo Application Suite
+# -----------------------------------------------------------------------------
+mas_core_version:
+  9.1.x-feature: 9.1.0-pre.stable_9718 # tbc
+  9.0.x: 9.0.11    # tbc
+  8.10.x: "" # Not Supported
+  8.11.x: "" # Not Supported
+mas_manage_version:
+  9.1.x-feature: 9.1.0-pre.stable_10993 # tbc
+  9.0.x: 9.0.13    # tbc
+  8.10.x: ""  # Not Supported
+  8.11.x: ""  # Not Supported
+
+# Extra Images for UDS
+# ------------------------------------------------------------------------------
+uds_extras_version: 1.5.0
+
+# Extra Images for Mongo
+# ------------------------------------------------------------------------------
+mongo_extras_version_default: 7.0.12
+
+# Variables used to mirror additional mongo image versions
+mongo_extras_version_4: 4.4.21
+mongo_extras_version_5: 5.0.23
+mongo_extras_version_6: 6.0.12
+mongo_extras_version_7: 7.0.12