Merge branch 'master' into HARV-5764

Author: FrankYang0529

.github/workflows/pull_request.yaml

@@ -99,16 +99,18 @@ jobs:
           # This format enables automatic generation of changelogs and versioning
           filter() {
             COMMIT="$1"
-            ouput="$(echo "$COMMIT" | grep -e '^fix: ' -e '^feature: ' -e '^feat: ' -e 'refactor!: ' -e 'feature!: ' -e 'feat!: ' -e '^chore(main): ')"
+            output="$(echo "$COMMIT" | grep -v -e '^fix: ' -e '^feature: ' -e '^feat: ' -e '^refactor!: ' -e '^feature!: ' -e '^feat!: ' -e '^chore(main): ' -e '^Merge branch ')"
             echo "$output"
           }
           prefix_check() {
             message="$1"
             if [ "" != "$(filter "$message")" ]; then
-              echo "...Commit message does not start with the required prefix.
-              Please use one of the following prefixes: "fix:", "feature:", "feat:", "refactor!:", "feature!:", or "feat!:".
-              This enables release-please to automatically determine the type of release (major, minor, patch) based on the commit message.
-              $message"
+              cat <<EOF
+          ...Commit message does not start with the required prefix.
+          Please use one of the following prefixes: "fix:", "feature:", "feat:", "refactor!:", "feature!:", or "feat!:".
+          This enables release-please to automatically determine the type of release (major, minor, patch) based on the commit message.
+          $message
+          EOF
               exit 1
             else
               echo "...Commit message starts with the required prefix."
@@ -125,16 +127,17 @@ jobs:
           }
           length_check() {
             message="$1"
-            if [ "$(wc -m <<<"$message")" -gt 50 ]; then
-              echo "...Commit message subject line should be less than 50 characters, found $(wc -m "$message")."
+            length="$(wc -m <<<"$message")"
+            if [ $length -gt 50 ]; then
+              echo "...Commit message subject line should be less than 50 characters, found $length."
               exit 1
             else
               echo "...Commit message subject line is less than 50 characters."
             fi
           }
           spell_check() {
             message="$1"
-            WORDS="$(aspell list <<<"$message")"
+            WORDS="$(aspell list --dont-validate-words <<<"$message")"
             if [ "" != "$WORDS" ]; then
               echo "...Commit message contains spelling errors on: ^$WORDS\$"
               echo "...Also try updating the PR title."

.github/workflows/release.yaml

@@ -28,29 +28,48 @@ jobs:
         uses: rancher-eio/read-vault-secrets@main
         with:
           secrets: |
-            secret/data/github/repo/${{ github.repository }}/key/app-credentials passphrase | GPG_PASSPHRASE ;
-            secret/data/github/repo/${{ github.repository }}/key/app-credentials privateKey | GPG_KEY
+            secret/data/github/repo/${{ github.repository }}/signing/gpg passphrase | GPG_PASSPHRASE ;
+            secret/data/github/repo/${{ github.repository }}/signing/gpg privateKeyId | GPG_KEY_ID ;
+            secret/data/github/repo/${{ github.repository }}/signing/gpg privateKey | GPG_KEY
 
       - name: sign shasum
         env:
-          GPG_KEY: ${{ env.GPG_KEY }}
           GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
+          GPG_KEY_ID: ${{ env.GPG_KEY_ID }}
+          GPG_KEY: ${{ env.GPG_KEY }}
         run: |
+          cleanup() {
+            # clear history just in case
+            history -c
+          }
+          trap cleanup EXIT TERM
+
+          # sanitize variables
+          GPG_PASSPHRASE="$(echo "${GPG_PASSPHRASE}" | xargs)"
+          GPG_KEY_ID="$(echo "${GPG_KEY_ID}" | xargs)"
+          GPG_KEY="$(echo -n "${GPG_KEY}" | awk '/-----BEGIN PGP PRIVATE KEY BLOCK-----/,/-----END PGP PRIVATE KEY BLOCK-----/')"
+
+          if [ -z "${GPG_PASSPHRASE}" ]; then echo "gpg passphrase empty"; exit 1; fi
+          if [ -z "${GPG_KEY_ID}" ]; then echo "key id empty"; exit 1; fi
+          if [ -z "${GPG_KEY}" ]; then echo "key contents empty"; exit 1; fi
+
           echo "Importing gpg key"
-          echo -n '${{ env.GPG_KEY }}' | gpg --import --batch > /dev/null
-          echo "signing SHASUM file"
-          VERSION_NO_V="$(echo ${{ github.ref_name }} | tr -d 'v')"
+          echo "${GPG_KEY}" | gpg --import --batch > /dev/null || { echo "Failed to import GPG key"; exit 1; }
+
+          echo "Signing SHASUM file"
+          VERSION_NO_V="$(echo "${{ github.ref_name }}" | tr -d 'v')"
           SHASUM_FILE="dist/artifacts/${{ github.ref_name }}/terraform-provider-rancher2_${VERSION_NO_V}_SHA256SUMS"
-          echo '${{ env.GPG_PASSPHRASE }}' | gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --output "${SHASUM_FILE}.sig" --sign "${SHASUM_FILE}"
 
-          echo "Validating signature..."
+          gpg --detach-sig \
+              --pinentry-mode loopback \
+              --passphrase "${GPG_PASSPHRASE}" \
+              --local-user "${GPG_KEY_ID}" \
+              --output "${SHASUM_FILE}.sig" \
+              --sign "${SHASUM_FILE}" || { echo "Failed to sign checksum."; exit 1; }
 
-          if ! gpg --verify "${SHASUM_FILE}.sig" "${SHASUM_FILE}"; then
-            echo "Signature is valid..."
-          else
-            echo "Signature verification failed!"
-            exit 1
-          fi
+          echo "Validating signature..."
+          gpg --verify "${SHASUM_FILE}.sig" "${SHASUM_FILE}" || { echo "Signature verification failed!"; exit 1; }
+          echo "Signature is valid..."
       - name: GH release
         env:
           GH_TOKEN: ${{ github.token }}

aspell_custom.txt

@@ -0,0 +1,15 @@
+rancher
+rke
+rke2
+oci
+oke
+aws
+azure
+aks
+eks
+kubernetes
+kubeconfig
+config
+git
+variablize
+terraform

docs/data-sources/rancher2_pod_security_admission_configuration_template.md

@@ -0,0 +1,32 @@
+---
+page_title: "rancher2_pod_security_admission_configuration_template Data Source"
+---
+
+# rancher2\_pod\_security\_admission\_configuration\_template Resource
+
+Use this data source to retrieve information about a rancher v2 pod security admission configration template.
+
+## Example Usage
+
+```hcl
+data "rancher2_pod_security_admission_configuration_template" "foo" {
+    name = "foo"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the pod security admission configuration template (string)
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `description` - (Computed) The description of the pod security admission configuration template (string)
+* `defaults` - (Computed) The default level labels and version labels to be applied when labels for a mode is not set (list maxitems:1)
+* `exemptions`- (Computed) The authenticated usernames, runtime class names, and namespaces to exempt (list maxitems:1)
+* `annotations` - (Computed) Annotations of the resource (map)
+* `labels` - (Computed) Labels of the resource (map)
+

docs/guides/apps_marketplace.md

@@ -189,6 +189,59 @@ resource "rancher2_app_v2" "rancher-istio" {
 }
 ```
 
+* `prometheus-federator` - Deploy Prometheus Federator
+
+```hcl
+resource "rancher2_app_v2" "prometheus-federator" {  
+  cluster_id = "<CLUSTER_ID>"
+  name = "prometheus-federator"
+  namespace = "cattle-monitoring-system"
+  repo_name = "rancher-charts"
+  chart_name = "prometheus-federator"
+  chart_version = "104.0.2+up0.4.2" 
+  values = <<EOF
+global:
+  cattle:
+    clusterId: <CLUSTER_ID>
+    projectLabel: field.cattle.io/projectId
+    psp:
+      enabled: false
+    systemDefaultRegistry: registry.rancher.com
+    systemProjectId: <PROJECT_ID>
+    url: <RANCHER_SERVER_URL>
+    clusterName: custom
+    rkePathPrefix: ''
+    rkeWindowsPathPrefix: ''
+  imagePullSecrets: []
+  rbac:
+    pspAnnotations: {}
+    pspEnabled: true
+  systemDefaultRegistry: registry.rancher.com
+EOF
+}
+
+# About the variables of the values.yaml file
+#
+# CLUSTER_ID
+# When viewing a specific cluster in the Rancher UI, the cluster ID (formatted as c-xxxxx) is visible in the browser's URL bar
+# You can also get the ID through Rancher API:
+#
+#  curl -s "https://${RANCHER_SERVER}/v3/clusters?name=${CLUSTER_NAME}" \
+#  -H 'content-type: application/json' \
+#  -H "Authorization: Bearer $APITOKEN" \
+#  --insecure | jq -r .data[0].id
+#
+#
+# PROJECT_ID
+# Go to Cluster Management>Explore>Cluster>Projects/Namespaces 
+# then go to the ellipsis button (three dots) to the right of the project name and select "View YAML." 
+# In the displayed YAML, the metadata.name field contains the Rancher Project ID (formatted as p-xxxxx)
+#
+#
+# RANCHER_SERVER_URL
+# It's the protocol and hostname of your Rancher server, e.g. https://rancher.my.org, configured during the installation with Helm
+```
+
 * `rancher-cis-benchmark` - Deploy Rancher cis benchmark
 
 ```hcl