Updates to SCC tool

IBM-Cloud · Nov 14, 2023 · 19f1bb1 · 19f1bb1
1 parent 588d5d9
commit 19f1bb1
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 73 deletions.
diff --git a/ibm/service/cdtoolchain/data_source_ibm_cd_toolchain_tool_securitycompliance.go b/ibm/service/cdtoolchain/data_source_ibm_cd_toolchain_tool_securitycompliance.go
@@ -96,31 +96,6 @@ func DataSourceIBMCdToolchainToolSecuritycompliance() *schema.Resource {
 							Computed:    true,
 							Description: "The kind of pipeline evidence to be displayed in Security and Compliance Center for this toolchain. The values are; `cd` which will use evidence generated by a Continuous Deployment pipeline, or `cc` which will use evidence generated by a Continuous Compliance pipeline.",
 						},
-						"trigger_scan": &schema.Schema{
-							Type:        schema.TypeString,
-							Computed:    true,
-							Deprecated:  "This argument is deprecated and may be removed in a future release",
-							Description: "Set to `enabled` to indicate that a DevSecOps pipeline task should trigger a Security and Compliance Center run of a Hybrid cloud validation scan. Note, each scan may incur charges. When enabled, other parameters become relevant that are needed to trigger that scan; `api_key`, `scope`, `profile`. Hybrid cloud scans are deprecated and are planned to be removed. This option will stop working at that time. For more information see the [Security and Compliance Center Release Notes](https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-release-notes#security-compliance-march312023).",
-						},
-						"api_key": &schema.Schema{
-							Type:        schema.TypeString,
-							Computed:    true,
-							Sensitive:   true,
-							Deprecated:  "This argument is deprecated and may be removed in a future release",
-							Description: "The IBM Cloud API key used to access the Security and Compliance Center API. This parameter is only relevant when the `trigger_scan` parameter is `enabled`. For information about the deprecation see the `trigger_scan` parameter. You can use a toolchain secret reference for this parameter. For more information, see [Protecting your sensitive data in Continuous Delivery](https://cloud.ibm.com/docs/ContinuousDelivery?topic=ContinuousDelivery-cd_data_security#cd_secure_credentials).",
-						},
-						"scope": &schema.Schema{
-							Type:        schema.TypeString,
-							Computed:    true,
-							Deprecated:  "This argument is deprecated and may be removed in a future release",
-							Description: "The name of a Security and Compliance Center scope, which has previously been created in that service. When the `trigger_scan` parameter is set to `enabled`, then the Validation scan will scan all the resources in that scope. Select a scope that contains this toolchain, so that the scan will find the evidence that has been recently updated by the DevSecOps pipeline-run. This parameter is only relevant when the `trigger_scan` parameter is `enabled`. For information about the deprecation see the `trigger_scan` parameter.",
-						},
-						"profile": &schema.Schema{
-							Type:        schema.TypeString,
-							Computed:    true,
-							Deprecated:  "This argument is deprecated and may be removed in a future release",
-							Description: "The name of a Security and Compliance Center, Hybrid cloud profile. Usually, use the predefined profile \"IBM Cloud Security Best Practices v1.0.0\", which contains the DevSecOps toolchain goals. Or use a user-authored customized profile that has been configured to contain those goals. When the `trigger_scan` parameter is set to `enabled`, then the Validation scan will use the controls and goals in the configured profile. If configured with a profile that does not check the DevSecOps toolchain goals, it might incorrectly indicate that the toolchain status is passed even though some of the DevSecOps scans had actually failed. This parameter is only relevant when the `trigger_scan` parameter is `enabled`. For information about the deprecation see the `trigger_scan` parameter.",
-						},
 						"use_profile_attachment": &schema.Schema{
 							Type:        schema.TypeString,
 							Computed:    true,
@@ -140,7 +115,7 @@ func DataSourceIBMCdToolchainToolSecuritycompliance() *schema.Resource {
 						"profile_name": &schema.Schema{
 							Type:        schema.TypeString,
 							Computed:    true,
-							Description: "The name of a Security and Compliance Center profile. Usually, use one of the predefined profiles \"IBM Cloud Security Best Practices\" or \"IBM Cloud for Financial Services\", which contain the DevSecOps Toolchain rules. Or use a user-authored customized profile that has been configured to contain those rules. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.",
+							Description: "The name of a Security and Compliance Center profile. Usually, use the \"IBM Cloud Framework for Financial Services\" predefined profile, which contains the DevSecOps Toolchain rules. Or use a user-authored customized profile that has been configured to contain those rules. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.",
 						},
 						"profile_version": &schema.Schema{
 							Type:        schema.TypeString,
@@ -232,7 +207,6 @@ func dataSourceIBMCdToolchainToolSecuritycomplianceRead(context context.Context,
 	if toolchainTool.Parameters != nil {
 		remapFields := map[string]string{
 			"evidence_repo_url": "evidence_repo_name",
-			"api_key":           "api-key",
 		}
 		modelMap := GetParametersFromRead(toolchainTool.Parameters, DataSourceIBMCdToolchainToolSecuritycompliance(), remapFields)
 		parameters = append(parameters, modelMap)

diff --git a/ibm/service/cdtoolchain/resource_ibm_cd_toolchain_tool_securitycompliance.go b/ibm/service/cdtoolchain/resource_ibm_cd_toolchain_tool_securitycompliance.go
@@ -56,35 +56,9 @@ func ResourceIBMCdToolchainToolSecuritycompliance() *schema.Resource {
 							Description: "The name for this tool integration, shown on the toolchain page.",
 						},
 						"evidence_namespace": &schema.Schema{
-							Type:        schema.TypeString,
-							Required:    true,
-							Description: "The kind of pipeline evidence to be displayed in Security and Compliance Center for this toolchain. The values are; `cd` which will use evidence generated by a Continuous Deployment pipeline, or `cc` which will use evidence generated by a Continuous Compliance pipeline.",
-						},
-						"trigger_scan": &schema.Schema{
-							Type:        schema.TypeString,
-							Optional:    true,
-							Deprecated:  "This argument is deprecated and may be removed in a future release",
-							Description: "Set to `enabled` to indicate that a DevSecOps pipeline task should trigger a Security and Compliance Center run of a Hybrid cloud validation scan. Note, each scan may incur charges. When enabled, other parameters become relevant that are needed to trigger that scan; `api_key`, `scope`, `profile`. Hybrid cloud scans are deprecated and are planned to be removed. This option will stop working at that time. For more information see the [Security and Compliance Center Release Notes](https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-release-notes#security-compliance-march312023).",
-						},
-						"api_key": &schema.Schema{
-							Type:             schema.TypeString,
-							Optional:         true,
-							DiffSuppressFunc: flex.SuppressHashedRawSecret,
-							Sensitive:        true,
-							Deprecated:       "This argument is deprecated and may be removed in a future release",
-							Description:      "The IBM Cloud API key used to access the Security and Compliance Center API. This parameter is only relevant when the `trigger_scan` parameter is `enabled`. For information about the deprecation see the `trigger_scan` parameter. You can use a toolchain secret reference for this parameter. For more information, see [Protecting your sensitive data in Continuous Delivery](https://cloud.ibm.com/docs/ContinuousDelivery?topic=ContinuousDelivery-cd_data_security#cd_secure_credentials).",
-						},
-						"scope": &schema.Schema{
 							Type:        schema.TypeString,
 							Optional:    true,
-							Deprecated:  "This argument is deprecated and may be removed in a future release",
-							Description: "The name of a Security and Compliance Center scope, which has previously been created in that service. When the `trigger_scan` parameter is set to `enabled`, then the Validation scan will scan all the resources in that scope. Select a scope that contains this toolchain, so that the scan will find the evidence that has been recently updated by the DevSecOps pipeline-run. This parameter is only relevant when the `trigger_scan` parameter is `enabled`. For information about the deprecation see the `trigger_scan` parameter.",
-						},
-						"profile": &schema.Schema{
-							Type:        schema.TypeString,
-							Optional:    true,
-							Deprecated:  "This argument is deprecated and may be removed in a future release",
-							Description: "The name of a Security and Compliance Center, Hybrid cloud profile. Usually, use the predefined profile \"IBM Cloud Security Best Practices v1.0.0\", which contains the DevSecOps toolchain goals. Or use a user-authored customized profile that has been configured to contain those goals. When the `trigger_scan` parameter is set to `enabled`, then the Validation scan will use the controls and goals in the configured profile. If configured with a profile that does not check the DevSecOps toolchain goals, it might incorrectly indicate that the toolchain status is passed even though some of the DevSecOps scans had actually failed. This parameter is only relevant when the `trigger_scan` parameter is `enabled`. For information about the deprecation see the `trigger_scan` parameter.",
+							Description: "The kind of pipeline evidence to be displayed in Security and Compliance Center for this toolchain. The values are; `cd` which will use evidence generated by a Continuous Deployment pipeline, or `cc` which will use evidence generated by a Continuous Compliance pipeline.",
 						},
 						"use_profile_attachment": &schema.Schema{
 							Type:        schema.TypeString,
@@ -106,7 +80,7 @@ func ResourceIBMCdToolchainToolSecuritycompliance() *schema.Resource {
 						"profile_name": &schema.Schema{
 							Type:        schema.TypeString,
 							Optional:    true,
-							Description: "The name of a Security and Compliance Center profile. Usually, use one of the predefined profiles \"IBM Cloud Security Best Practices\" or \"IBM Cloud for Financial Services\", which contain the DevSecOps Toolchain rules. Or use a user-authored customized profile that has been configured to contain those rules. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.",
+							Description: "The name of a Security and Compliance Center profile. Usually, use the \"IBM Cloud Framework for Financial Services\" predefined profile, which contains the DevSecOps Toolchain rules. Or use a user-authored customized profile that has been configured to contain those rules. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.",
 						},
 						"profile_version": &schema.Schema{
 							Type:        schema.TypeString,
@@ -223,7 +197,6 @@ func resourceIBMCdToolchainToolSecuritycomplianceCreate(context context.Context,
 	createToolOptions.SetToolTypeID("security_compliance")
 	remapFields := map[string]string{
 		"evidence_repo_url": "evidence_repo_name",
-		"api_key":           "api-key",
 	}
 	parametersModel := GetParametersForCreate(d, ResourceIBMCdToolchainToolSecuritycompliance(), remapFields)
 	createToolOptions.SetParameters(parametersModel)
@@ -292,7 +265,6 @@ func resourceIBMCdToolchainToolSecuritycomplianceRead(context context.Context, d
 	}
 	remapFields := map[string]string{
 		"evidence_repo_url": "evidence_repo_name",
-		"api_key":           "api-key",
 	}
 	parametersMap := GetParametersFromRead(toolchainTool.Parameters, ResourceIBMCdToolchainToolSecuritycompliance(), remapFields)
 	if err = d.Set("parameters", []map[string]interface{}{parametersMap}); err != nil {
@@ -361,7 +333,6 @@ func resourceIBMCdToolchainToolSecuritycomplianceUpdate(context context.Context,
 	if d.HasChange("parameters") {
 		remapFields := map[string]string{
 			"evidence_repo_url": "evidence_repo_name",
-			"api_key":           "api-key",
 		}
 		parameters := GetParametersForUpdate(d, ResourceIBMCdToolchainToolSecuritycompliance(), remapFields)
 		patchVals.Parameters = parameters

diff --git a/website/docs/d/cd_toolchain_tool_securitycompliance.html.markdown b/website/docs/d/cd_toolchain_tool_securitycompliance.html.markdown
@@ -44,8 +44,6 @@ After your data source is created, you can read values from the following attrib
 
 * `parameters` - (List) Unique key-value pairs representing parameters to be used to create the tool. A list of parameters for each tool integration can be found in the <a href="https://cloud.ibm.com/docs/ContinuousDelivery?topic=ContinuousDelivery-integrations">Configuring tool integrations page</a>.
 Nested schema for **parameters**:
-	* `api_key` - (Deprecated, String) The IBM Cloud API key used to access the Security and Compliance Center API. This parameter is only relevant when the `trigger_scan` parameter is `enabled`. For information about the deprecation see the `trigger_scan` parameter. You can use a toolchain secret reference for this parameter. For more information, see [Protecting your sensitive data in Continuous Delivery](https://cloud.ibm.com/docs/ContinuousDelivery?topic=ContinuousDelivery-cd_data_security#cd_secure_credentials).
-	  * Constraints: The value must match regular expression `/\\S/`.
 	* `attachment_id` - (String) An attachment ID. An attachment is configured under a profile to define how a scan will be run. To find the attachment ID, in the browser, in the attachments list, click on the attachment link, and a panel appears with a button to copy the attachment ID. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.
 	  * Constraints: The value must match regular expression `/^[-0-9a-f]{32,36}$/`.
 	* `evidence_namespace` - (String) The kind of pipeline evidence to be displayed in Security and Compliance Center for this toolchain. The values are; `cd` which will use evidence generated by a Continuous Deployment pipeline, or `cc` which will use evidence generated by a Continuous Compliance pipeline.
@@ -54,13 +52,9 @@ Nested schema for **parameters**:
 	* `instance_crn` - (String) The Security and Compliance Center service instance CRN (Cloud Resource Name). It is recommended to provide an instance CRN, but when absent, the oldest service instance will be used. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.
 	  * Constraints: The value must match regular expression `/^crn:v1:(?:bluemix|staging):public:compliance:[a-zA-Z0-9-]*\\b:a\/[0-9a-fA-F]*\\b:[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}\\b::$/`.
 	* `name` - (String) The name for this tool integration, shown on the toolchain page.
-	* `profile` - (Deprecated, String) The name of a Security and Compliance Center, Hybrid cloud profile. Usually, use the predefined profile "IBM Cloud Security Best Practices v1.0.0", which contains the DevSecOps toolchain goals. Or use a user-authored customized profile that has been configured to contain those goals. When the `trigger_scan` parameter is set to `enabled`, then the Validation scan will use the controls and goals in the configured profile. If configured with a profile that does not check the DevSecOps toolchain goals, it might incorrectly indicate that the toolchain status is passed even though some of the DevSecOps scans had actually failed. This parameter is only relevant when the `trigger_scan` parameter is `enabled`. For information about the deprecation see the `trigger_scan` parameter.
-	* `profile_name` - (String) The name of a Security and Compliance Center profile. Usually, use one of the predefined profiles "IBM Cloud Security Best Practices" or "IBM Cloud for Financial Services", which contain the DevSecOps Toolchain rules. Or use a user-authored customized profile that has been configured to contain those rules. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.
+	* `profile_name` - (String) The name of a Security and Compliance Center profile. Usually, use the "IBM Cloud Framework for Financial Services" predefined profile, which contains the DevSecOps Toolchain rules. Or use a user-authored customized profile that has been configured to contain those rules. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.
 	* `profile_version` - (String) The version of a Security and Compliance Center profile, in SemVer format, like '0.0.0'. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`.
 	* `scc_api_key` - (String) The IBM Cloud API key used to access the Security and Compliance Center service, for the use profile with attachment setting. This parameter is only relevant when the `use_profile_attachment` parameter is `enabled`. You can use a toolchain secret reference for this parameter. For more information, see [Protecting your sensitive data in Continuous Delivery](https://cloud.ibm.com/docs/ContinuousDelivery?topic=ContinuousDelivery-cd_data_security#cd_secure_credentials).
-	* `scope` - (Deprecated, String) The name of a Security and Compliance Center scope, which has previously been created in that service. When the `trigger_scan` parameter is set to `enabled`, then the Validation scan will scan all the resources in that scope. Select a scope that contains this toolchain, so that the scan will find the evidence that has been recently updated by the DevSecOps pipeline-run. This parameter is only relevant when the `trigger_scan` parameter is `enabled`. For information about the deprecation see the `trigger_scan` parameter.
-	* `trigger_scan` - (Deprecated, String) Set to `enabled` to indicate that a DevSecOps pipeline task should trigger a Security and Compliance Center run of a Hybrid cloud validation scan. Note, each scan may incur charges. When enabled, other parameters become relevant that are needed to trigger that scan; `api_key`, `scope`, `profile`. Hybrid cloud scans are deprecated and are planned to be removed. This option will stop working at that time. For more information see the [Security and Compliance Center Release Notes](https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-release-notes#security-compliance-march312023).
-	  * Constraints: Allowable values are: `disabled`, `enabled`.
 	* `use_profile_attachment` - (String) Set to `enabled` to enable use profile with attachment, so that the scripts in the pipeline can interact with the Security and Compliance Center service. When enabled, other parameters become relevant; `scc_api_key`, `instance_crn`, `profile_name`, `profile_version`, `attachment_id`.
 	  * Constraints: Allowable values are: `disabled`, `enabled`.