From 1378d5105c2615d537a9e26f87a34204992cc7c8 Mon Sep 17 00:00:00 2001 From: Hardik-Prajapati Date: Tue, 20 Jan 2026 16:14:36 +0530 Subject: [PATCH 1/5] MASCORE-11697 sls_service code change added. --- .secrets.baseline | 4 +- .../mascli/functions/gitops_aiservice_tenant | 40 ++++++++++++++++--- .../gitops-aiservice-tenant-pipeline.yml.j2 | 8 +++- .../gitops/gitops-aiservice-tenant.yml.j2 | 5 +++ 4 files changed, 49 insertions(+), 8 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index a06ded19236..20132d594d6 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$", "lines": null }, - "generated_at": "2026-01-12T15:19:33Z", + "generated_at": "2026-01-20T10:44:09Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -232,7 +232,7 @@ "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", "is_secret": false, "is_verified": false, - "line_number": 337, + "line_number": 355, "type": "Secret Keyword", "verified_result": null } diff --git a/image/cli/mascli/functions/gitops_aiservice_tenant b/image/cli/mascli/functions/gitops_aiservice_tenant index 34c481f3b57..2e5b1967f2f 100644 --- a/image/cli/mascli/functions/gitops_aiservice_tenant +++ b/image/cli/mascli/functions/gitops_aiservice_tenant @@ -41,9 +41,10 @@ DRO : --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET} URL of the DRO configuration service SLS : ---slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET} URL of the SLS configuration service +--slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET} URL of the SLS configuration service --aiservice-sls-subscription-id ${COLOR_YELLOW}AISERVICE_SLS_SUBSCRIPTION_ID${TEXT_RESET} Subscription ID associated with SLS - +-s, --sls-service ${COLOR_YELLOW}STANDALONE_SLS_SERVICE${TEXT_RESET} for ibm internal use only. + Watsonx : --aiservice-watsonxai-url ${COLOR_YELLOW}AISERVICE_WATSONXAI_URL${TEXT_RESET} Endpoint URL for Watsonx.ai --aiservice-watsonx-full ${COLOR_YELLOW}AISERVICE_WATSONX_FULL${TEXT_RESET} Full URL for Watsonx.ai including API key @@ -77,6 +78,19 @@ function gitops_aiservice_tenant_noninteractive() { SECRETS_KEY_SEPERATOR="/" GIT_COMMIT_MSG="gitops-aiservice-tenant commit" + if [ ! -z "$STANDALONE_SLS_SERVICE" ]; then + CLEAN_PATH=$(echo "$STANDALONE_SLS_SERVICE" | sed 's###') + IFS='/' read -r -a PARTS <<< "$CLEAN_PATH" + if [ ${#PARTS[@]} -lt 6 ]; then + echo "Error: Invalid SLS service parameter file Path $STANDALONE_SLS_SERVICE format." >&2 + exit 1 + fi + ICN="${PARTS[3]}" + SAAS_SUB_ID="${PARTS[4]}" + fi + export ICN=${ICN:-""} + export SAAS_SUB_ID=${SAAS_SUB_ID:-""} + # adding default values # all generic values should to put here # check with ansible playbook/gitops envs @@ -170,6 +184,10 @@ function gitops_aiservice_tenant_noninteractive() { --slscfg-url) export SLSCFG_URL=$1 && shift ;; + # Standalone Server configuration + -s|--sls-service) + export STANDALONE_SLS_SERVICE=$1 && shift + ;; --aiservice-sls-subscription-id ) export AISERVICE_SLS_SUBSCRIPTION_ID=$1 && shift @@ -370,6 +388,7 @@ function gitops_aiservice_tenant() { # -- SLS echo_reset_dim "SLS subscription ID .......................... ${COLOR_MAGENTA}${AISERVICE_SLS_SUBSCRIPTION_ID}" + echo_reset_dim "sls service param file path .................. ${COLOR_MAGENTA}${STANDALONE_SLS_SERVICE}" # -- Watsonx echo_reset_dim "Watsonx.ai URL ............................... ${COLOR_MAGENTA}${AISERVICE_WATSONXAI_URL}" @@ -394,9 +413,15 @@ function gitops_aiservice_tenant() { export SECRET_KEY_DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}droai#drocfg_registration_key # sls - SLS_SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${AISERVICE_INSTANCE_ID}${SECRETS_KEY_SEPERATOR}${TENANT_ID}${SECRETS_KEY_SEPERATOR}" - export SECRET_KEY_SLSCFG_REGISTRATION_KEY=${SLS_SECRETS_PREFIX}sls#slscfg_registration_key - export SECRET_KEY_SLSCFG_CA_B64ENC=${SLS_SECRETS_PREFIX}sls#slscfg_ca_b64enc + if [ -z "$STANDALONE_SLS_SERVICE" ]; then + export SLS_SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${AISERVICE_INSTANCE_ID}${SECRETS_KEY_SEPERATOR}${TENANT_ID}${SECRETS_KEY_SEPERATOR}" + export SECRET_KEY_SLSCFG_REGISTRATION_KEY=${SLS_SECRETS_PREFIX}sls#slscfg_registration_key + export SECRET_KEY_SLSCFG_CA_B64ENC=${SLS_SECRETS_PREFIX}sls#slscfg_ca_b64enc + else + export SLS_SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${ICN}${SECRETS_KEY_SEPERATOR}${SAAS_SUB_ID}${SECRETS_KEY_SEPERATOR}" + export SECRET_KEY_SLSCFG_REGISTRATION_KEY=${SLS_SECRETS_PREFIX}sls#registration_key + export SECRET_KEY_SLSCFG_CA_B64ENC=${SLS_SECRETS_PREFIX}sls#ca_b64 + fi export SECRET_KEY_RSL_ORG_ID=${SECRETS_PREFIX}rsl#rsl_org_id export SECRET_KEY_RSL_TOKEN=${SECRETS_PREFIX}rsl#rsl_token @@ -416,6 +441,11 @@ function gitops_aiservice_tenant() { sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key" sm_verify_secret_exists ${SECRETS_PREFIX}droai "drocfg_registration_key,drocfg_ca_b64enc" + if [ -z "$STANDALONE_SLS_SERVICE" ]; then + sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc" + else + sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "registration_key,ca_b64" + fi sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc" sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token" sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id" diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-tenant-pipeline.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-tenant-pipeline.yml.j2 index 19178244cb4..a12730cd730 100644 --- a/tekton/src/pipelines/gitops/gitops-aiservice-tenant-pipeline.yml.j2 +++ b/tekton/src/pipelines/gitops/gitops-aiservice-tenant-pipeline.yml.j2 @@ -85,6 +85,11 @@ spec: - name: tenant_entitlement_end_date type: string + # standalone sls + - name: sls_service + type: string + default: "" + workspaces: - name: configs tasks: @@ -173,4 +178,5 @@ spec: value: $(params.tenant_entitlement_start_date) - name: tenant_entitlement_end_date value: $(params.tenant_entitlement_end_date) - \ No newline at end of file + - name: sls_service + value: $(params.sls_service) \ No newline at end of file diff --git a/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 index 9d5c256023d..50e8bfcdf5a 100644 --- a/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 @@ -81,6 +81,9 @@ spec: type: string - name: tenant_entitlement_end_date type: string + - name: sls_service + type: string + default: "" stepTemplate: name: gitops-aiservice-tenant env: @@ -158,6 +161,8 @@ spec: value: $(params.tenant_entitlement_start_date) - name: TENANT_ENTITLEMENT_END_DATE value: $(params.tenant_entitlement_end_date) + - name: STANDALONE_SLS_SERVICE + value: $(params.sls_service) envFrom: - configMapRef: name: environment-properties From c45ee552c7a38868c35f234000a0f9772a0ce574 Mon Sep 17 00:00:00 2001 From: Hardik-Prajapati Date: Tue, 20 Jan 2026 21:35:09 +0530 Subject: [PATCH 2/5] Update gitops_aiservice_tenant --- image/cli/mascli/functions/gitops_aiservice_tenant | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/image/cli/mascli/functions/gitops_aiservice_tenant b/image/cli/mascli/functions/gitops_aiservice_tenant index 2e5b1967f2f..0e155c9e0af 100644 --- a/image/cli/mascli/functions/gitops_aiservice_tenant +++ b/image/cli/mascli/functions/gitops_aiservice_tenant @@ -388,8 +388,11 @@ function gitops_aiservice_tenant() { # -- SLS echo_reset_dim "SLS subscription ID .......................... ${COLOR_MAGENTA}${AISERVICE_SLS_SUBSCRIPTION_ID}" - echo_reset_dim "sls service param file path .................. ${COLOR_MAGENTA}${STANDALONE_SLS_SERVICE}" - + echo_reset_dim "SLS service param file path .................. ${COLOR_MAGENTA}${STANDALONE_SLS_SERVICE}" + if [ ! -z "$STANDALONE_SLS_SERVICE" ]; then + echo_reset_dim "ICN ........................................ ${COLOR_MAGENTA}${ICN}" + echo_reset_dim "SAAS_SUB_ID ........................................ ${COLOR_MAGENTA}${SAAS_SUB_ID}" + fi # -- Watsonx echo_reset_dim "Watsonx.ai URL ............................... ${COLOR_MAGENTA}${AISERVICE_WATSONXAI_URL}" echo_reset_dim "Watsonx.ai full URL .......................... ${COLOR_MAGENTA}${AISERVICE_WATSONX_FULL}" @@ -445,8 +448,7 @@ function gitops_aiservice_tenant() { sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc" else sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "registration_key,ca_b64" - fi - sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc" + fi sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token" sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id" From 731b8f25a3a58e4526a40811d071e5bf2d654398 Mon Sep 17 00:00:00 2001 From: Hardik-Prajapati Date: Wed, 21 Jan 2026 12:46:53 +0530 Subject: [PATCH 3/5] condition added --- .secrets.baseline | 4 ++-- image/cli/mascli/functions/gitops_aiservice_tenant | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 20132d594d6..eaeb97cd5df 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$", "lines": null }, - "generated_at": "2026-01-20T10:44:09Z", + "generated_at": "2026-01-21T07:16:13Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -232,7 +232,7 @@ "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", "is_secret": false, "is_verified": false, - "line_number": 355, + "line_number": 357, "type": "Secret Keyword", "verified_result": null } diff --git a/image/cli/mascli/functions/gitops_aiservice_tenant b/image/cli/mascli/functions/gitops_aiservice_tenant index 0e155c9e0af..169168461ce 100644 --- a/image/cli/mascli/functions/gitops_aiservice_tenant +++ b/image/cli/mascli/functions/gitops_aiservice_tenant @@ -304,7 +304,9 @@ function gitops_aiservice_tenant_noninteractive() { [[ -z "$DROCFG_URL" ]] && gitops_aiservice_tenant_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg-url." # -- SLS - [[ -z "$SLSCFG_URL" ]] && gitops_aiservice_tenant_help "SLSCFG_URL is not set. Please specify the SLS configuration URL using --slscfg-url." + if [ -z "$STANDALONE_SLS_SERVICE" ]; then + [[ -z "$SLSCFG_URL" ]] && gitops_aiservice_tenant_help "SLSCFG_URL is not set. Please specify the SLS configuration URL using --slscfg-url." + fi # -- Watsonx [[ -z "$AISERVICE_WATSONXAI_URL" ]] && gitops_aiservice_tenant_help "AISERVICE_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --aiservice-watsonxai-url." From 332b49e097a3bccb8275fd216a9e7e7bf1f3c627 Mon Sep 17 00:00:00 2001 From: Hardik-Prajapati Date: Wed, 21 Jan 2026 14:34:48 +0530 Subject: [PATCH 4/5] url validation added --- .secrets.baseline | 4 ++-- image/cli/mascli/functions/gitops_aiservice_tenant | 3 ++- .../cluster/instance/ibm-aiservice-tenant.yaml.j2 | 4 ++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index eaeb97cd5df..c4eebd62dde 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$", "lines": null }, - "generated_at": "2026-01-21T07:16:13Z", + "generated_at": "2026-01-21T09:03:12Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -652,7 +652,7 @@ "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd", "is_secret": false, "is_verified": false, - "line_number": 37, + "line_number": 41, "type": "Secret Keyword", "verified_result": null } diff --git a/image/cli/mascli/functions/gitops_aiservice_tenant b/image/cli/mascli/functions/gitops_aiservice_tenant index 169168461ce..02f775c92a1 100644 --- a/image/cli/mascli/functions/gitops_aiservice_tenant +++ b/image/cli/mascli/functions/gitops_aiservice_tenant @@ -426,6 +426,7 @@ function gitops_aiservice_tenant() { export SLS_SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${ICN}${SECRETS_KEY_SEPERATOR}${SAAS_SUB_ID}${SECRETS_KEY_SEPERATOR}" export SECRET_KEY_SLSCFG_REGISTRATION_KEY=${SLS_SECRETS_PREFIX}sls#registration_key export SECRET_KEY_SLSCFG_CA_B64ENC=${SLS_SECRETS_PREFIX}sls#ca_b64 + export SECRET_KEY_SLS_URL=${SLS_SECRETS_PREFIX}sls#sls_url fi export SECRET_KEY_RSL_ORG_ID=${SECRETS_PREFIX}rsl#rsl_org_id @@ -449,7 +450,7 @@ function gitops_aiservice_tenant() { if [ -z "$STANDALONE_SLS_SERVICE" ]; then sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc" else - sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "registration_key,ca_b64" + sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "registration_key,ca_b64,sls_url" fi sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token" sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id" diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 index 28c614b0b3b..b297edd40ca 100644 --- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 @@ -17,7 +17,11 @@ ibm_aiservice_tenant: # sls slscfg_ca_b64enc: "" + {%- if STANDALONE_SLS_SERVICE %} + slscfg_url: + {%- else %} slscfg_url: "{{ SLSCFG_URL }}" + {%- endif %} slscfg_registration_key: "" aiservice_sls_subscription_id: "{{ AISERVICE_SLS_SUBSCRIPTION_ID }}" From 35bb29045bf01e81b1bb9cfec3cb79992657ed7d Mon Sep 17 00:00:00 2001 From: Hardik-Prajapati Date: Thu, 22 Jan 2026 17:50:01 +0530 Subject: [PATCH 5/5] Update gitops_deprovision_aiservice_tenant --- image/cli/mascli/functions/gitops_deprovision_aiservice_tenant | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/cli/mascli/functions/gitops_deprovision_aiservice_tenant b/image/cli/mascli/functions/gitops_deprovision_aiservice_tenant index 7ef673ec0ea..6d8c1c4be39 100644 --- a/image/cli/mascli/functions/gitops_deprovision_aiservice_tenant +++ b/image/cli/mascli/functions/gitops_deprovision_aiservice_tenant @@ -222,7 +222,7 @@ function gitops_deprovision_aiservice_tenant() { export SECRET_S3_AUTH=${SECRETS_PREFIX}s3 - deleting secrets from aws + # deleting secrets from aws echo -e "Deleting ibm_entitlement secrets $SECRET_IBM_ENTITLEMENT_AUTH" sm_delete_secret $SECRET_IBM_ENTITLEMENT_AUTH