first of all: Invitation via https://cloud.ibm.com/schematics/slack appears to be not working. I did not get an invitation for schematics@slack on any on my mail accounts, so I post my questions here:
Terraform 0.13, ibm provider 1.23.1
1.) while trying to run the sample ibm-app (the CloudFoundry sample) from https://github.com/IBM-Cloud/terraform-provider-ibm/tree/master/examples/ibm-app, I noticed it needs an API key to run. Why is that? Why can't the schematics workspace provide its own? There are samples which run fine without the need of an IAM key. What's so special with CloudFoundry that I have to provide a key?
2.) A CloudFoundry service instance (see: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/service_instance) creates a service instance in CloudFoundry and a service outside with an arbitrary name. "terraform destroy" destroys only the service instance, but keeps the service outside of CloudFoundry untouched. Is that a bug? Is there a way to create a resource, then a CF service, and then bind that service to the resource (using terraform)?
3.) ibm_app (see: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/app) takes a zip file as input. Why no resource (some github repo)? Furthermore, how do I access a private git repository @git.cloud.ibm.com? There appears a JWT token in terraform environment which can be fetched via data "ibm_iam_auth_token". But how do I use that to access a git repo? -- Of course I can always provide an access token, which is probably the right way to do it. But why can a devops pipeline access a private git.cloud.ibm.com repo but terraform can't? Which brings me to the last question:
4.) How do I create a devops pipeline via terraform in ibm cloud? -- Creating a toolchain works fine in aws. but what about ibm cloud?
Due to IAM limitations, for CF and classic infrastructure resources, you need to provide the API key. More info here: https://cloud.ibm.com/docs/schematics?topic=schematics-schematics-limitations#provider-block
Sounds like it could be a bug - can you open an issue for that here?: https://github.com/IBM-Cloud/terraform-provider-ibm/issues/. It appears there isn't a way to bind a service to a Cloud Foundry app with Terraform alone. We can treat this as a feature request.
This sample shows how you can use a provisioner "local-exec" to prepare a app zip from a GitHub repo: https://github.com/IBM-Cloud/terraform-provider-ibm/blob/master/examples/ibm-app/main.tf. You'll need to use access tokens to access private repos.
Use Schematics to first create a workspace based on your GitHub repo that holds your Terraform code. Next, navigate to the "settings" tab and press "Enable Continuous Delivery". This will create a toolchain for you powered by IBM DevOps Toolchains.