From 0b9b0a2032166819c3cf11428ed0914f6d2f9207 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <drashti.malviya@ibm.com>
Date: Fri, 8 Aug 2025 13:19:37 +0530
Subject: [PATCH 001/258] remove oc delete cmd

---
 image/cli/mascli/functions/gitops_deprovision_odh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index b12d71ae5f8..0f7f27b598d 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -253,6 +253,18 @@ function gitops_deprovision_odh() {
   echo "Deleting: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml"
   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
   
+  echo "connecting to openshift............. ${COLOR_MAGENTA}"
+  
+  #load_config
+  #connect
+  
+  #echo_reset_dim "Deleting  authorino operaotr ............. ${COLOR_MAGENTA}"
+  #oc delete $(oc get csv -n openshift-operators -o name | grep authorino) -n openshift-operators --wait=true --timeout=5m 2>/dev/null
+  #oc delete $(oc get crd -o name | grep authorino) 2>/dev/null; \
+  #oc delete deployment $(oc get deployment -n openshift-operators -o name | grep authorino) -n openshift-operators 2>/dev/null
+
+
+
   if [ "$GITHUB_PUSH" == "true" ]; then
     echo
     echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"

From 0194083be44096485458902953f2027aacbb2796 Mon Sep 17 00:00:00 2001
From: Anil Prajapati <169060963+anilprajapatiibm@users.noreply.github.com>
Date: Fri, 13 Feb 2026 14:10:19 +0530
Subject: [PATCH 002/258] [patch] update buildx version (#2065)


From fa91374b8cf32af8d0df83fe339dd5ff7fe5bb59 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 24 Mar 2025 17:16:31 +0530
Subject: [PATCH 003/258] cherry-pick 262253cde2 conflict

---
 .../templates/gitops/bootstrap/argocd.yaml.j2 | 57 +++++++++----------
 1 file changed, 26 insertions(+), 31 deletions(-)

diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
index 8fe1c58717f..1b183c15b89 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
@@ -209,13 +209,13 @@ spec:
           if obj.status ~= nil then
             if obj.status.conditions ~= nil then
               for i, condition in ipairs(obj.status.conditions) do
-                if (condition.type == "Ready" or condition.type == "kserveReady" or condition.type == "Available") and condition.status == "True" then
-                  hs.status = "Healthy"
+                if condition.type == "Degraded" and condition.status == "True" then
+                  hs.status = "Degraded"
                   hs.message = condition.message
                   return hs
                 end
-                if condition.type == "Degraded" and condition.status == "True" then
-                  hs.status = "Degraded"
+                if condition.type == "Ready" and condition.status == "True" then
+                  hs.status = "Healthy"
                   hs.message = condition.message
                   return hs
                 end
@@ -228,30 +228,6 @@ spec:
           
       
       datasciencepipelinesapplications.opendatahub.io/DataSciencePipelinesApplication:
-        health.lua: |
-          hs = {}
-          if obj.status ~= nil then
-            if obj.status.conditions ~= nil then
-              for i, condition in ipairs(obj.status.conditions) do
-                if condition.type == "Ready" then
-                  if condition.status == "True" then
-                    hs.status = "Healthy"
-                    hs.message = condition.message
-                    return hs
-                  elseif condition.status == "false" then
-                    hs.status = "Degraded"
-                    hs.message = condition.message
-                    return hs
-                  end
-                end
-              end
-            end
-          end
-          hs.status = "Progressing"
-          hs.message = ""
-          return hs  
-
-      apps.mas.ibm.com/AIServiceApp:
         health.lua: |
           hs = {}
           if obj.status ~= nil then
@@ -262,18 +238,37 @@ spec:
                   hs.message = condition.message
                   return hs
                 end
-                if (condition.type == "Successful"  or condition.type == "Ready" ) and condition.status == "True" then
+                if condition.type == "Ready" and condition.status == "True" then
                   hs.status = "Healthy"
                   hs.message = condition.message
                   return hs
                 end
-                
               end
             end
           end
           hs.status = "Progressing"
           hs.message = ""
-          return hs
+          return hs  
+    
+      # dscinitialization.opendatahub.io/DSCInitialization:
+      #   health.lua: |
+      #     hs = {}
+      #     if obj.status ~= nil then
+      #       if obj.status.phase ~= nil then
+      #         if obj.status.phase == "Ready" then
+      #           hs.status = "Healthy"
+      #           hs.message = "DSCInitialization instance is ready"
+      #           return hs
+      #         else
+      #           hs.status = "Progressing"
+      #           hs.message = "DSCInitialization instance is not ready yet"
+      #           return hs
+      #         end
+      #       end
+      #     end
+      #     hs.status = "Unknown"
+      #     hs.message = "Status phase not found"
+      #     return hs
 
       apps.mas.ibm.com/AssistWorkspace:
         health.lua: |

From d36181f001131f370fdd7e73b39822d45c1556a5 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 24 Mar 2025 17:17:02 +0530
Subject: [PATCH 004/258] removed commented block

---
 .../templates/gitops/bootstrap/argocd.yaml.j2 | 22 +------------------
 1 file changed, 1 insertion(+), 21 deletions(-)

diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
index 1b183c15b89..3724b9f0676 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
@@ -249,27 +249,7 @@ spec:
           hs.status = "Progressing"
           hs.message = ""
           return hs  
-    
-      # dscinitialization.opendatahub.io/DSCInitialization:
-      #   health.lua: |
-      #     hs = {}
-      #     if obj.status ~= nil then
-      #       if obj.status.phase ~= nil then
-      #         if obj.status.phase == "Ready" then
-      #           hs.status = "Healthy"
-      #           hs.message = "DSCInitialization instance is ready"
-      #           return hs
-      #         else
-      #           hs.status = "Progressing"
-      #           hs.message = "DSCInitialization instance is not ready yet"
-      #           return hs
-      #         end
-      #       end
-      #     end
-      #     hs.status = "Unknown"
-      #     hs.message = "Status phase not found"
-      #     return hs
-
+          
       apps.mas.ibm.com/AssistWorkspace:
         health.lua: |
           hs = {}

From 78c175b209216e89d350107d9829dc590f62b0fb Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 26 Mar 2025 14:37:59 +0530
Subject: [PATCH 005/258] updated degraded condition for the healthcheck

---
 .../templates/gitops/bootstrap/argocd.yaml.j2 | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
index 3724b9f0676..f7b5d8db017 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
@@ -233,15 +233,16 @@ spec:
           if obj.status ~= nil then
             if obj.status.conditions ~= nil then
               for i, condition in ipairs(obj.status.conditions) do
-                if condition.type == "Failure" and condition.status == "True" then
-                  hs.status = "Degraded"
-                  hs.message = condition.message
-                  return hs
-                end
-                if condition.type == "Ready" and condition.status == "True" then
-                  hs.status = "Healthy"
-                  hs.message = condition.message
-                  return hs
+                if condition.type == "Ready" then
+                  if condition.status == "True" then
+                    hs.status = "Healthy"
+                    hs.message = condition.message
+                    return hs
+                  elseif condition.status == "false" then
+                    hs.status = "Degraded"
+                    hs.message = condition.message
+                    return hs
+                  end
                 end
               end
             end
@@ -249,7 +250,7 @@ spec:
           hs.status = "Progressing"
           hs.message = ""
           return hs  
-          
+
       apps.mas.ibm.com/AssistWorkspace:
         health.lua: |
           hs = {}

From 982b0b048fabb9c924ca7d97cd4daa3fa24ab8ed Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 2 Apr 2025 17:05:37 +0530
Subject: [PATCH 006/258] health check added for the AiBrokerApp

---
 .../templates/gitops/bootstrap/argocd.yaml.j2 | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
index f7b5d8db017..37da44b24aa 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
@@ -251,6 +251,30 @@ spec:
           hs.message = ""
           return hs  
 
+      apps.mas.ibm.com/AiBrokerApp:
+        health.lua: |
+          hs = {}
+          if obj.status ~= nil then
+            if obj.status.conditions ~= nil then
+              for i, condition in ipairs(obj.status.conditions) do
+                if condition.type == "Failure" and condition.status == "True" then
+                  hs.status = "Degraded"
+                  hs.message = condition.message
+                  return hs
+                end
+                if (condition.type == "Successful"  or condition.type == "Ready" ) and condition.status == "True" then
+                  hs.status = "Healthy"
+                  hs.message = condition.message
+                  return hs
+                end
+                
+              end
+            end
+          end
+          hs.status = "Progressing"
+          hs.message = ""
+          return hs
+
       apps.mas.ibm.com/AssistWorkspace:
         health.lua: |
           hs = {}

From ed4668750cb9b04414f8f1c502e121fd6c5a3fe3 Mon Sep 17 00:00:00 2001
From: Yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Tue, 15 Apr 2025 19:34:12 +0530
Subject: [PATCH 007/258] Update argocd.yaml

MASSREMAT-102 Update health check for datasciencecluster
---
 image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
index 37da44b24aa..6c4cad767d1 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
@@ -209,7 +209,7 @@ spec:
           if obj.status ~= nil then
             if obj.status.conditions ~= nil then
               for i, condition in ipairs(obj.status.conditions) do
-                if condition.type == "Degraded" and condition.status == "True" then
+                if (condition.type == "Ready" or condition.type == "kserveReady" or condition.type == "Available") and condition.status == "True" then
                   hs.status = "Degraded"
                   hs.message = condition.message
                   return hs

From b51313e576500d12c4ca761127ea0165f9364198 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Fri, 18 Apr 2025 14:37:53 +0530
Subject: [PATCH 008/258] update cli status

---
 image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
index 6c4cad767d1..ae492d1a7cc 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
@@ -210,12 +210,12 @@ spec:
             if obj.status.conditions ~= nil then
               for i, condition in ipairs(obj.status.conditions) do
                 if (condition.type == "Ready" or condition.type == "kserveReady" or condition.type == "Available") and condition.status == "True" then
-                  hs.status = "Degraded"
+                  hs.status = "Healthy"
                   hs.message = condition.message
                   return hs
                 end
-                if condition.type == "Ready" and condition.status == "True" then
-                  hs.status = "Healthy"
+                if condition.type == "Degraded" and condition.status == "True" then
+                  hs.status = "Degraded"
                   hs.message = condition.message
                   return hs
                 end

From a84d36d9abadf7f04f18a73d0ec3fcf749572c2c Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Tue, 6 May 2025 14:27:17 +0530
Subject: [PATCH 009/258] cherry-pick 064a9f3c5c conflict

---
 image/cli/mascli/functions/gitops_odh         | 298 ++++--------------
 image/cli/mascli/mas                          |   1 -
 .../instance/ibm-mas-odh-install.yaml.j2      |  89 ++++--
 tekton/src/tasks/gitops/gitops-odh.yml.j2     |  84 +++--
 4 files changed, 176 insertions(+), 296 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 6b8ff721dae..80beb610052 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -15,16 +15,12 @@ GitOps Configuration:
   -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}            Account name that the cluster belongs to
   -r, --region-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}             Region ID
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}            Cluster ID
-  -m, --aiservice-instance-id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET}  AI Service Instance ID
+  -m, --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}  IBM Suite Maximo Application Suite Instance ID
 
 Secrets Manager:
       --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                    Secrets Manager path
       --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}  Secrets Manager key seperator string
 
-ibm aiservice(required):
-      --aiservice-namespace ${TEXT_RESET}AISERVICE_NAMESPACE${TEXT_RESET}
-      --aiservice-instance-id ${TEXT_RESET}AISERVICE_INSTANCE_ID${TEXT_RESET}
-
 ODH Configuration:
       --odh-channel
       --odh-catalog-source
@@ -33,11 +29,11 @@ ODH Configuration:
       --pull-secret-name
       --opendatahub-name
       --opendatahub-operator-group
-      --odh-install-plan
+      --opendatahub-installplan
       --opendatahub-channel
       --opendatahub-source
       --opendatahub-source-namespace
-      --aiservice-odh-model-deployment-type
+
 Pipeline Configuration:
       --odh-pipeline-name
       --odh-pipeline-namespace
@@ -100,159 +96,64 @@ EOM
 
 
 function gitops_odh_noninteractive() {
-  GITOPS_WORKING_DIR=$PWD/working-dir  
-  SECRETS_KEY_SEPERATOR="/"
   GIT_COMMIT_MSG="gitops-odh commit"
-
-
-
-  export OPENSHIFT_NAMESPACE="${OPENSHIFT_NAMESPACE:-"openshift-operators"}"
-  export ODH_PIPELINE_CHANNEL="${ODH_PIPELINE_CHANNEL:-"latest"}"
-  export ODH_PIPELINE_INSTALLPLAN="${ODH_PIPELINE_INSTALLPLAN:-"manual"}"
-  export PIPELINE_CATALOG_SOURCE="${PIPELINE_CATALOG_SOURCE:-"redhat-operators"}"
-  export SERVICE_MESH_NAMESPACE="${SERVICE_MESH_NAMESPACE:-"openshift-operators"}"
-  export SERVICE_MESH_CHANNEL="${SERVICE_MESH_CHANNEL:-"stable"}"
-  export SERVICE_MESH_CATALOG_SOURCE="${SERVICE_MESH_CATALOG_SOURCE:-"redhat-operators"}"
-  export SERVICE_MESH_SOURCENAMESPACE="${SERVICE_MESH_SOURCENAMESPACE:-"openshift-marketplace"}"
-  export OPERATOR_NAME="${OPERATOR_NAME:-"openshift-pipelines-operator-rh"}"
-  export SERVERLESS_CHANNEL="${SERVERLESS_CHANNEL:-"stable"}"
-  export AUTHORINO_CATALOG_SOURCE="${AUTHORINO_CATALOG_SOURCE:-"community-operators"}"
-  export ODH_CHANNEL="${ODH_CHANNEL:-"fast"}"
-  export ODH_CATALOG_SOURCE="${ODH_CATALOG_SOURCE:-"community-operators"}"
-  export ODH_OPERATOR_VERSION="${ODH_OPERATOR_VERSION:-"opendatahub-operator.v2.19.0"}"
-  export ODH_NAMESPACE="${ODH_NAMESPACE:-"opendatahub"}"
-
-  export AISERVICE_NAMESPACE="${AISERVICE_NAMESPACE:-"${AISERVICE_INSTANCE_ID}-aiservice"}"
-
-  export SERVERLESS_NAMESPACE="${SERVERLESS_NAMESPACE:-"openshift-serverless"}"
-  export SERVERLESS_OPERATOR_NAME="${SERVERLESS_OPERATOR_NAME:-"serverless-operator"}"
-  export SERVERLESS_OPERATOR_SOURCE="${SERVERLESS_OPERATOR_SOURCE:-"redhat-operators"}"
-  export SERVERLESS_OPERATOR_SOURCE_NAMESPACE="${SERVERLESS_OPERATOR_SOURCE_NAMESPACE:-"openshift-marketplace"}"
-
-  export OPENDATAHUB_OPERATORGROUP_NAME="${OPENDATAHUB_OPERATORGROUP_NAME:-"opendatahub-operator-group"}"
-  export OPENDATAHUB_NAME="${OPENDATAHUB_NAME:-"opendatahub-operator"}"
-  export OPENDATAHUB_NAMESPACE="${OPENDATAHUB_NAMESPACE:-"opendatahub"}"
-  export ODH_INSTALL_PLAN="${ODH_INSTALL_PLAN:-"Automatic"}"
-  export OPENDATAHUB_CHANNEL="${OPENDATAHUB_CHANNEL:-"fast"}"
-  export OPENDATAHUB_SOURCE="${OPENDATAHUB_SOURCE:-"community-operators"}"
-  export OPENDATAHUB_SOURCE_NAMESPACE="${OPENDATAHUB_SOURCE_NAMESPACE:-"openshift-marketplace"}"
-  export AISERVICE_STORAGE_PROVIDER="${AISERVICE_STORAGE_PROVIDER:-"aws"}"
-  export AISERVICE_STORAGE_SSL="${AISERVICE_STORAGE_SSL:-"true"}"
-  export AISERVICE_STORAGE_REGION="${AISERVICE_STORAGE_REGION:-""}"
-  export PRIMARY_STORAGE_CLASS="${PRIMARY_STORAGE_CLASS:-"nfs-client"}"
-  export AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE="${AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE:-"serverless"}"
-
-
   while [[ $# -gt 0 ]]; do
     key="$1"; shift
     case $key in
       -d|--dir|--gitops-working-dir) export GITOPS_WORKING_DIR="$1"; shift ;;
       -a|--account-id) export ACCOUNT_ID="$1"; shift ;;
       -c|--cluster-id) export CLUSTER_ID="$1"; shift ;;
-      -m|--aiservice-instance-id) export AISERVICE_INSTANCE_ID="$1"; shift ;;
-
-      # AWS Secrets Manager Configuration
-      --sm-aws-secret-region)
-        export SM_AWS_REGION=$1
-        export REGION_ID=$1
-        shift
-        ;;
-      --sm-aws-access-key)
-        export SM_AWS_ACCESS_KEY_ID=$1 && shift
-        ;;
-      --sm-aws-secret-key)
-        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
-        ;;
-      --secrets-path)
-        export SECRETS_PATH=$1 && shift
-        ;;
-
-            # Automatic GitHub Push
-      -P|--github-push)
-        export GITHUB_PUSH=true
-        ;;
-      -H|--github-host)
-        export GITHUB_HOST=$1 && shift
-        ;;
-      -O|--github-org)
-        export GITHUB_ORG=$1 && shift
-        ;;
-      -R|--github-repo)
-        export GITHUB_REPO=$1 && shift
-        ;;
-      -S|--github-ssh)
-        export GIT_SSH=$1 && shift
-        ;;
-      -B|--git-branch)
-        export GIT_BRANCH=$1 && shift
-        ;;
-      -M|--git-commit-msg)
-        export GIT_COMMIT_MSG=$1 && shift
-        ;;
-
-
-      --odh-channel)
-        export ODH_CHANNEL=$1 && shift
-        ;;
-      --odh-catalog-source)
-        export ODH_CATALOG_SOURCE=$1 && shift
-        ;;
-      --odh-operator-version)
-        export ODH_OPERATOR_VERSION=$1 && shift
-        ;;
-      --odh-namespace)
-        export ODH_NAMESPACE=$1 && shift
-        ;;
-      --openshift-namespace)
-        export OPENSHIFT_NAMESPACE=$1 && shift
-        ;;
-      --pull-secret-name)
-        export PULL_SECRET_NAME=$1 && shift
-        ;;
-
-      --opendatahub-name)
-        export OPENDATAHUB_NAME=$1 && shift
-        ;;
-      --opendatahub-operator-group)
-        export OPENDATAHUB_OPERATORGROUP_NAME=$1 && shift
-        ;;
-      --odh-install-plan)
-        export ODH_INSTALL_PLAN=$1 && shift
-        ;;
-      --opendatahub-channel)
-        export OPENDATAHUB_CHANNEL=$1 && shift
-        ;;
-      --opendatahub-source)
-        export OPENDATAHUB_SOURCE=$1 && shift
-        ;;
-      --opendatahub-namespace)
-        export OPENDATAHUB_NAMESPACE=$1 && shift
-        ;;
-      --opendatahub-source-namespace)
-        export OPENDATAHUB_SOURCE_NAMESPACE=$1 && shift
-        ;;
-      --odh-pipeline-channel)
-        export ODH_PIPELINE_CHANNEL=$1 && shift
-        ;;
-      --odh-pipeline-installplan)
-        export ODH_PIPELINE_INSTALLPLAN=$1 && shift
-        ;;
-      --pipeline-catalog-source)
-        export PIPELINE_CATALOG_SOURCE=$1 && shift
-        ;;
-
-      --service-mesh-namespace)
-        export SERVICE_MESH_NAMESPACE=$1 && shift
-        ;;
-      --service-mesh-channel)
-        export SERVICE_MESH_CHANNEL=$1 && shift
-        ;;
-      --service-mesh-catalog-source)
-        export SERVICE_MESH_CATALOG_SOURCE=$1 && shift
-        ;;
-      --service-mesh-source-namespace)
-        export SERVICE_MESH_SOURCE_NAMESPACE=$1 && shift
-        ;;
+      -m|--mas-instance-id) export MAS_INSTANCE_ID="$1"; shift ;;
+
+      # ODH
+      --odh-channel) export ODH_CHANNEL="$1"; shift ;;
+      --odh-catalog-source) export ODH_CATALOG_SOURCE="$1"; shift ;;
+      --odh-operator-version) export ODH_OPERATOR_VERSION="$1"; shift ;;
+      --odh-namespace) export ODH_NAMESPACE="$1"; shift ;;
+      --pull-secret-name) export PULL_SECRET_NAME="$1"; shift ;;
+      --opendatahub-name) export OPENDATAHUB_NAME="$1"; shift ;;
+      --opendatahub-operator-group) export OPENDATAHUB_OPERATOR_GROUP_NAME="$1"; shift ;;
+      --opendatahub-installplan) export OPENDATAHUB_INSTALLPLAN_APPROVAL="$1"; shift ;;
+      --opendatahub-channel) export OPENDATAHUB_CHANNEL="$1"; shift ;;
+      --opendatahub-source) export OPENDATAHUB_SOURCE="$1"; shift ;;
+      --opendatahub-source-namespace) export OPENDATAHUB_SOURCE_NAMESPACE="$1"; shift ;;
+
+      # Pipeline
+      --odh-pipeline-name) export ODH_PIPELINE_NAME="$1"; shift ;;
+      --odh-pipeline-namespace) export ODH_PIPELINE_NAMESPACE="$1"; shift ;;
+      --odh-pipeline-operator-name) export ODH_PIPELINE_OPERATOR_NAME="$1"; shift ;;
+      --odh-pipeline-source) export ODH_PIPELINE_SOURCE="$1"; shift ;;
+      --odh-pipeline-source-namespace) export ODH_PIPELINE_SOURCE_NAMESPACE="$1"; shift ;;
+      --odh-pipeline-channel) export ODH_PIPELINE_CHANNEL="$1"; shift ;;
+      --odh-pipeline-installplan) export ODH_PIPELINE_INSTALLPLAN="$1"; shift ;;
+      --pipeline-catalog-source) export PIPELINE_CATALOG_SOURCE="$1"; shift ;;
+
+      # Service Mesh
+      --service-mesh-namespace) export SERVICE_MESH_NAMESPACE="$1"; shift ;;
+      --service-mesh-channel) export SERVICE_MESH_CHANNEL="$1"; shift ;;
+      --service-mesh-catalog-source) export SERVICE_MESH_CATALOG_SOURCE="$1"; shift ;;
+      --service-mesh-source-namespace) export SERVICE_MESH_SOURCE_NAMESPACE="$1"; shift ;;
+
+      # Serverless
+      --serverless-namespace) export SERVERLESS_NAMESPACE="$1"; shift ;;
+      --serverless-channel) export SERVERLESS_CHANNEL="$1"; shift ;;
+      --serverless-operator-name) export SERVERLESS_OPERATOR_NAME="$1"; shift ;;
+      --serverless-operator-source) export SERVERLESS_OPERATOR_SOURCE="$1"; shift ;;
+      --serverless-operator-source-namespace) export SERVERLESS_OPERATOR_SOURCE_NAMESPACE="$1"; shift ;;
+
+      # Authorino
+      --authorino-catalog-source) export AUTHORINO_CATALOG_SOURCE="$1"; shift ;;
+
+      # Storage
+      --storage-provider) export MAS_AIBROKER_STORAGE_PROVIDER="$1"; shift ;;
+      --storage-accesskey) export MAS_AIBROKER_STORAGE_ACCESSKEY="$1"; shift ;;
+      --storage-secretkey) export MAS_AIBROKER_STORAGE_SECRETKEY="$1"; shift ;;
+      --storage-host) export MAS_AIBROKER_STORAGE_HOST="$1"; shift ;;
+      --storage-port) export MAS_AIBROKER_STORAGE_PORT="$1"; shift ;;
+      --storage-ssl) export MAS_AIBROKER_STORAGE_SSL="$1"; shift ;;
+      --storage-region) export MAS_AIBROKER_STORAGE_REGION="$1"; shift ;;
+      --pipelines-bucket) export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET="$1"; shift ;;
+      --primary-storage-class) export PRIMARY_STORAGE_CLASS="$1"; shift ;;
 
       --serverless-namespace)
         export SERVERLESS_NAMESPACE=$1 && shift
@@ -297,6 +198,13 @@ function gitops_odh_noninteractive() {
       --operator-name)
         export OPERATOR_NAME=$1 && shift
         ;;
+      # Database
+      --db-host) export MAS_AIBROKER_DB_HOST="$1"; shift ;;
+      --db-port) export MAS_AIBROKER_DB_PORT="$1"; shift ;;
+      --db-user) export MAS_AIBROKER_DB_USER="$1"; shift ;;
+      --db-database) export MAS_AIBROKER_DB_DATABASE="$1"; shift ;;
+      --db-secret-name) export MAS_AIBROKER_DB_SECRET_NAME="$1"; shift ;;
+      --db-secret-value) export MAS_AIBROKER_DB_SECRET_VALUE="$1"; shift ;;
 
       # GitHub
       -P|--github-push) export GITHUB_PUSH=true ;;
@@ -315,21 +223,10 @@ function gitops_odh_noninteractive() {
   [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_odh_help "Missing GITOPS_WORKING_DIR"
   [[ -z "$ACCOUNT_ID" ]] && gitops_odh_help "Missing ACCOUNT_ID"
   [[ -z "$CLUSTER_ID" ]] && gitops_odh_help "Missing CLUSTER_ID"
-  [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_odh_help "Missing AISERVICE_INSTANCE_ID"
-  [[ -z "$OPENDATAHUB_SOURCE" ]] && gitops_odh_help "Missing OPENDATAHUB_SOURCE"
-  [[ -z "$AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE" ]] && gitops_odh_help "Missing AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE"
-
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    [[ -z "$GITHUB_HOST" ]] && gitops_odh_help "GITHUB_HOST is not set"
-    [[ -z "$GITHUB_ORG" ]] && gitops_odh_help "GITHUB_ORG is not set"
-    [[ -z "$GITHUB_REPO" ]] && gitops_odh_help "GITHUB_REPO is not set"
-    [[ -z "$GIT_BRANCH" ]] && gitops_odh_help "GIT_BRANCH is not set"
-  fi
-
+  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_odh_help "Missing MAS_INSTANCE_ID"
 }
 
 function gitops_odh() {
-  # Remove the subcommand (e.g., "create-gitops")
   shift
   if [[ $# -gt 0 ]]; then
     gitops_odh_noninteractive "$@"
@@ -338,78 +235,19 @@ function gitops_odh() {
     exit 1
   fi
 
-  # Error trap
-  set -o pipefail
-  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
-
-  # Prepare directories
-  rm -rf "$GITOPS_WORKING_DIR"
-  mkdir -p "${GITOPS_WORKING_DIR}"
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AISERVICE_INSTANCE_ID}
-  
+  mkdir -p "$GITOPS_WORKING_DIR"
+  GITOPS_INSTANCE_DIR="${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}"
+  mkdir -p "$GITOPS_INSTANCE_DIR"
 
   echo
-  echo_h2 "Review Settings"
-  echo "${TEXT_DIM}"
-  echo_h2 "Target"
-  echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}"
-  echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}"
-  echo_reset_dim "AI Service Instance ID ................ ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}"
-  echo_reset_dim "OpenDataHub Source ................... ${COLOR_MAGENTA}${OPENDATAHUB_SOURCE}"
-  echo_reset_dim "AiService Model Deployment Type ...... ${COLOR_MAGENTA}${AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE}"
-  echo_reset_dim "Secrets Path .......................... ${COLOR_MAGENTA}${SECRETS_PATH}"
-  reset_colors
-
-  CURRENT_DIR=$PWD
-  
-  AVP_TYPE=aws
-  sm_login
-
-  # Set up secret key and fetch secret
-  export SECRET_ACCOUNT_PATH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
-  export ODH_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage"
-  export SECRET_KEY_IMAGE_PULL_SECRET_B64="${SECRET_ACCOUNT_PATH}ibm_entitlement#image_pull_secret_b64"
-
-  if [ -z $GIT_SSH ]; then
-    export GIT_SSH=false
-  fi
-
-  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement "image_pull_secret_b64"
-
-  echo_h2 "ODH Secret Summary"
-  echo_reset_dim "AI Service Namespace ................... ${COLOR_MAGENTA}${AISERVICE_NAMESPACE}"
-  echo_reset_dim "STORAGE_HOST ............................. ${COLOR_MAGENTA}${STORAGE_HOST}"
-  echo_reset_dim "STORAGE_BUCKET ........................... ${COLOR_MAGENTA}${STORAGE_BUCKET}"
-
-  echo_reset_dim "AISERVICE_STORAGE_SSL ................. ${COLOR_MAGENTA}${AISERVICE_STORAGE_SSL}"
-  reset_colors
-
-
-  # Clone github target repo
-  # ---------------------------------------------------------------------------
-  if [ "$GITHUB_PUSH" == "true" ]; then
-    echo "GITOPS_WORKING_DIR  ${GITOPS_WORKING_DIR}"
-    echo "GITOPS_CLUSTER_DIR  ${GITOPS_CLUSTER_DIR}"
-    echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
-    clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
-  fi
-
-  mkdir -p ${GITOPS_CLUSTER_DIR}
-  # Render YAML
   echo_h2 "Generating OpenDataHub GitOps YAML"
-  echo "${GITOPS_CLUSTER_DIR}"
-  echo "Output: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml"
+  echo "Output: ${GITOPS_INSTANCE_DIR}/ibm-mas-odh-install.yaml"
 
-  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
-  TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_odh\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
+  jinjanate_commmon "$CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2" "${GITOPS_INSTANCE_DIR}/ibm-mas-odh-install.yaml"
 
-  # GitHub push
   if [[ "$GITHUB_PUSH" == "true" ]]; then
     echo_h2 "Pushing changes to GitHub"
-    echo "Github push" "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "Working: " "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" " Commit :" "$GIT_COMMIT_MSG"
     save_to_target_git_repo "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "$GIT_COMMIT_MSG"
-    remove_git_repo_clone "${GITOPS_WORKING_DIR}/${GITHUB_REPO}"
+    remove_git_repo_clone "$GITOPS_WORKING_DIR/$GITHUB_REPO"
   fi
-
-  echo_h2 "ODH GitOps completed."
 }
diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index 4a9065e12c6..0f89b4cf70c 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -98,7 +98,6 @@ mkdir -p $CONFIG_DIR
 . $CLI_DIR/functions/gitops_deprovision_db2u_database
 . $CLI_DIR/functions/gitops_nvidia_gpu
 . $CLI_DIR/functions/gitops_deprovision_db2u
-. $CLI_DIR/functions/gitops_deprovision_odh
 . $CLI_DIR/functions/gitops_odh
 . $CLI_DIR/functions/gitops_aiservice
 . $CLI_DIR/functions/gitops_aiservice_tenant
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
index ed0f55dff11..e34a235c5b4 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
@@ -1,39 +1,64 @@
 ---
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AISERVICE_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
 
 ibm_odh:
-  openshift_namespace: {{ OPENSHIFT_NAMESPACE }}
-  odh_pipeline_channel: {{ ODH_PIPELINE_CHANNEL }}
-  odh_pipeline_installplan: {{ ODH_PIPELINE_INSTALLPLAN }}
-  pipeline_catalog_source: {{ PIPELINE_CATALOG_SOURCE }}
-  service_mesh_namespace: {{ SERVICE_MESH_NAMESPACE }}
-  service_mesh_channel: {{ SERVICE_MESH_CHANNEL }}
-  service_mesh_catalog_source: {{ SERVICE_MESH_CATALOG_SOURCE }}
-  service_mesh_sourceNamespace: {{ SERVICE_MESH_SOURCENAMESPACE }}
-  operatorName: {{ OPERATOR_NAME }}
-  serverless_channel: {{ SERVERLESS_CHANNEL }}
-  authorino_catalog_source: {{ AUTHORINO_CATALOG_SOURCE }}
-  odh_channel: {{ ODH_CHANNEL }}
-  odh_catalog_source: {{ ODH_CATALOG_SOURCE }}
-  odh_operator_version: {{ ODH_OPERATOR_VERSION }}
-  odh_namespace: {{ ODH_NAMESPACE }}
-
-  aiservice_namespace: {{ AISERVICE_NAMESPACE }}
-  pull_secret_name: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IMAGE_PULL_SECRET_B64 }}>"
+  openshift_namespace: "openshift-operators"
+  odh_pipeline_channel: "latest"
+  odh_pipeline_installplan: "Automatic"
+  pipeline_catalog_source: "redhat-operators"
+  service_mesh_namespace: "openshift-operators"
+  service_mesh_channel: "stable"
+  service_mesh_catalog_source: "redhat-operators"
+  service_mesh_sourceNamespace: "openshift-marketplace"
+  operatorName: "openshift-pipelines-operator-rh"
+  serverless_channel: "stable"
+  authorino_catalog_source: "community-operators"
+  odh_channel: "fast"
+  odh_catalog_source: "community-operators"
+  odh_operator_version: "opendatahub-operator.v2.19.0"
+  odh_namespace: "opendatahub"
+
+  aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
+  pull_secret_name: "<path:{{ SECRETS_PATH }}/ibm_entitlement#image_pull_secret_b64>"
+
+  # ODH Pipeline operator
+  odh_pipeline_name: "openshift-pipelines-operator"
+  odh_pipeline_namespace: "openshift-operators"
+  odh_pipeline_operatorName: "openshift-pipelines-operator-rh"
+  odh_pipeline_source: "redhat_operators"
+  odh_pipeline_sourceNamespace: "openshift_marketplace"
 
   # Serverless Operator
-  serverless_namespace: {{ SERVERLESS_NAMESPACE }}
-  serverless_operator_name: {{ SERVERLESS_OPERATOR_NAME }}
-  serverless_operator_source: {{ SERVERLESS_OPERATOR_SOURCE }}
-  serverless_operator_sourceNamespace: {{ SERVERLESS_OPERATOR_SOURCE_NAMESPACE }}
+  serverless_namespace: "openshift-serverless"
+  serverless_operator_name: "serverless-operator"
+  serverless_operator_source: "redhat-operators"
+  serverless_operator_sourceNamespace: "openshift-marketplace"
 
   # OpenDataHub Operator
-  opendatahub_OperatorGroup_name: {{ OPENDATAHUB_OPERATORGROUP_NAME }}
-  opendatahub_name: {{ OPENDATAHUB_NAME }}
-  opendatahub_namespace: {{ OPENDATAHUB_NAMESPACE }}
-  opendatahub_installPlanApproval: {{ ODH_INSTALL_PLAN }}
-  opendatahub_channel: {{ OPENDATAHUB_CHANNEL }}
-  opendatahub_source: {{ OPENDATAHUB_SOURCE }}
-  opendatahub_sourceNamespace: {{ OPENDATAHUB_SOURCE_NAMESPACE }}
-  aiservice_odh_model_deployment_type: "{{ AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE }}"
-  primary_storage_class: {{ PRIMARY_STORAGE_CLASS }}
+  opendatahub_OperatorGroup_name: "opendatahub-operator-group"
+  opendatahub_name: "opendatahub-operator"
+  opendatahub_namespace: "opendatahub"
+  opendatahub_installPlanApproval: "Manual"
+  opendatahub_channel: "fast"
+  opendatahub_source: "community-operators"
+  opendatahub__sourceNamespace: "openshift-marketplace"
+
+  # Storage configuration
+  mas_aibroker_storage_provider: "minio"
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}/minio#sm_minio_accesskey>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}/minio#sm_minio_secretkey>"
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}/minio#sm_minio_host>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}/minio#sm_minio_port>"
+  mas_aibroker_storage_ssl: "true"
+  mas_aibroker_storage_region: ""
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}/minio#sm_minio_bucket_default>"
+
+  # MariaDB configuration
+  mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_host>"
+  mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_port>"
+  mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_user>"
+  mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_database>"
+  mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_secret_name>"
+  mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_secret_value>"
+
+  primary_storage_class: "nfs-client"
diff --git a/tekton/src/tasks/gitops/gitops-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-odh.yml.j2
index 444ba7d4803..569cb3cedef 100644
--- a/tekton/src/tasks/gitops/gitops-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-odh.yml.j2
@@ -9,7 +9,7 @@ spec:
       type: string
     - name: account
       type: string
-    - name: aiservice_instance_id
+    - name: mas_instance_id
       type: string
     - name: cluster_url
       type: string
@@ -24,8 +24,6 @@ spec:
       type: string
     - name: secrets_path
       type: string
-    - name: aiservice_namespace
-      type: string
     - name: avp_aws_secret_region
       type: string
     - name: odh_channel
@@ -39,18 +37,6 @@ spec:
       type: string
     - name: opendatahub_namespace
       type: string
-    - name: odh_operator_version
-      type: string
-    - name: aiservice_storage_ssl
-      type: string
-      default: "true"
-    - name: aiservice_storage_region
-      type: string
-    - name: opendatahub_source 
-      type: string
-    - name: aiservice_odh_model_deployment_type
-      type: string
-
   stepTemplate:
     name: gitops-odh
     env:
@@ -58,8 +44,8 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
-      - name: AISERVICE_INSTANCE_ID
-        value: $(params.aiservice_instance_id)
+      - name: MAS_INSTANCE_ID
+        value: $(params.mas_instance_id)
       - name: CLUSTER_URL
         value: $(params.cluster_url)
       - name: GITHUB_REPO
@@ -76,8 +62,6 @@ spec:
         value: $(params.github_repo)
       - name: SM_AWS_REGION
         value: $(params.avp_aws_secret_region)
-      - name: AISERVICE_NAMESPACE
-        value: $(params.aiservice_namespace)
       - name: ODH_CHANNEL
         value: $(params.odh_channel)
       - name: ODH_INSTALL_PLAN
@@ -88,16 +72,6 @@ spec:
         value: $(params.opendatahub_operator_group)
       - name: ODH_NAMESPACE
         value: $(params.opendatahub_namespace)
-      - name: ODH_OPERATOR_VERSION
-        value: $(params.odh_operator_version)
-      - name: AISERVICE_STORAGE_SSL
-        value: $(params.aiservice_storage_ssl)
-      - name: AISERVICE_STORAGE_REGION
-        value: $(params.aiservice_storage_region)
-      - name: OPENDATAHUB_SOURCE 
-        value: $(params.opendatahub_source)
-      - name: AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE
-        value: $(params.aiservice_odh_model_deployment_type)
     envFrom:
       - configMapRef:
           name: environment-properties
@@ -110,16 +84,60 @@ spec:
         git config --global user.name "MAS Automation"
         git config --global user.email "you@example.com"
         git config --global user.password $GITHUB_PAT
+        
         mkdir -p /tmp/init-odh
         mas gitops-odh -a $ACCOUNT -c $CLUSTER_NAME \
-        --secrets-path $SECRET_PATH \
         --dir /tmp/init-odh \
+        --secrets-path $SECRET_PATH \
         --github-push \
         --github-host $GITHUB_HOST \
-        --github-org  $GITHUB_ORG \
+        --github-org $GITHUB_ORG \
         --github-repo $GITHUB_REPO \
-        --git-branch $GIT_BRANCH
-
+        --git-branch $GIT_BRANCH \
+        --odh-channel $ODH_CHANNEL \
+        --odh-catalog-source $ODH_CATALOG_SOURCE \
+        --odh-operator-version $ODH_OPERATOR_VERSION \
+        --odh-namespace $ODH_NAMESPACE \
+        --pull-secret-name $PULL_SECRET_NAME \
+        --opendatahub-name $OPENDATAHUB_NAME \
+        --opendatahub-operator-group $OPENDATAHUB_OPERATOR_GROUP_NAME \
+        --opendatahub-installplan $ODH_INSTALL_PLAN \
+        --opendatahub-channel $OPENDATAHUB_CHANNEL \
+        --opendatahub-source $OPENDATAHUB_SOURCE \
+        --opendatahub-source-namespace $OPENDATAHUB_SOURCE_NAMESPACE \
+        --odh-pipeline-name $ODH_PIPELINE_NAME \
+        --odh-pipeline-namespace $ODH_PIPELINE_NAMESPACE \
+        --odh-pipeline-operator-name $ODH_PIPELINE_OPERATOR_NAME \
+        --odh-pipeline-source $ODH_PIPELINE_SOURCE \
+        --odh-pipeline-source-namespace $ODH_PIPELINE_SOURCE_NAMESPACE \
+        --odh-pipeline-channel $ODH_PIPELINE_CHANNEL \
+        --odh-pipeline-installplan $ODH_PIPELINE_INSTALLPLAN \
+        --pipeline-catalog-source $PIPELINE_CATALOG_SOURCE \
+        --service-mesh-namespace $SERVICE_MESH_NAMESPACE \
+        --service-mesh-channel $SERVICE_MESH_CHANNEL \
+        --service-mesh-catalog-source $SERVICE_MESH_CATALOG_SOURCE \
+        --service-mesh-source-namespace $SERVICE_MESH_SOURCE_NAMESPACE \
+        --serverless-namespace $SERVERLESS_NAMESPACE \
+        --serverless-channel $SERVERLESS_CHANNEL \
+        --serverless-operator-name $SERVERLESS_OPERATOR_NAME \
+        --serverless-operator-source $SERVERLESS_OPERATOR_SOURCE \
+        --serverless-operator-source-namespace $SERVERLESS_OPERATOR_SOURCE_NAMESPACE \
+        --authorino-catalog-source $AUTHORINO_CATALOG_SOURCE \
+        --storage-provider $MAS_AIBROKER_STORAGE_PROVIDER \
+        --storage-accesskey $MAS_AIBROKER_STORAGE_ACCESSKEY \
+        --storage-secretkey $MAS_AIBROKER_STORAGE_SECRETKEY \
+        --storage-host $MAS_AIBROKER_STORAGE_HOST \
+        --storage-port $MAS_AIBROKER_STORAGE_PORT \
+        --storage-ssl $MAS_AIBROKER_STORAGE_SSL \
+        --storage-region $MAS_AIBROKER_STORAGE_REGION \
+        --pipelines-bucket $MAS_AIBROKER_STORAGE_PIPELINES_BUCKET \
+        --primary-storage-class $PRIMARY_STORAGE_CLASS \
+        --db-host $MAS_AIBROKER_DB_HOST \
+        --db-port $MAS_AIBROKER_DB_PORT \
+        --db-user $MAS_AIBROKER_DB_USER \
+        --db-database $MAS_AIBROKER_DB_DATABASE \
+        --db-secret-name $MAS_AIBROKER_DB_SECRET_NAME \
+        --db-secret-value $MAS_AIBROKER_DB_SECRET_VALUE
 
         exit $?
       command:

From 29694846d53eb69fd73977f5bdc33f99b1821700 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 7 May 2025 10:21:42 +0530
Subject: [PATCH 010/258] minio related changes

initial commit for the minio
---
 image/cli/mascli/functions/gitops_minio       | 354 ++++++++++++++++++
 image/cli/mascli/mas                          |   9 +
 .../cluster/instance/ibm-minio.yaml.j2        |  10 +
 tekton/src/tasks/gitops/gitops-minio.yml.j2   | 116 ++++++
 4 files changed, 489 insertions(+)
 create mode 100644 image/cli/mascli/functions/gitops_minio
 create mode 100644 image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
 create mode 100644 tekton/src/tasks/gitops/gitops-minio.yml.j2

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
new file mode 100644
index 00000000000..a5f3e2553b4
--- /dev/null
+++ b/image/cli/mascli/functions/gitops_minio
@@ -0,0 +1,354 @@
+#!/usr/bin/env bash
+
+function gitops_minio_help() {
+  [[ -n "$1" ]] && echo_warning "$1"
+  reset_colors
+  cat << EOM
+
+
+Usage:
+  mas gitops-minio [options]
+Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
+When no options are specified on the command line, interactive-mode will be enabled by default.
+
+GitOps Configuration:
+  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}         Directory for GitOps repository
+  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}          Account name that the cluster belongs to
+  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}          Cluster ID
+
+Secrets Manager:
+      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
+      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
+
+minio Provider Selection / Version:
+      --minio_namespace ${COLOR_YELLOW}MINIO_NAMESPACE${TEXT_RESET}                                         The minio namespace to install
+      --minio_instance_name ${COLOR_YELLOW}MINIO_INSTANCE_NAME${TEXT_RESET}                                 The minio instance name
+      --minio_root_user ${COLOR_YELLOW}MINIO_ROOT_USER${TEXT_RESET}                                         The minio user name
+      --minio_root_password ${COLOR_YELLOW}MINIO_ROOT_PASSWORD${TEXT_RESET}                                 The minio user password
+      --minio_storage_class ${COLOR_YELLOW}MINIO_STORAGE_CLASS${TEXT_RESET}                                 The minio storage class
+      --minio_storage_size ${COLOR_YELLOW}MINIO_STORAGE_SIZE${TEXT_RESET}                                   The minio storage size
+      --minio_image ${COLOR_YELLOW}MINIO_IMAGE${TEXT_RESET}                                                 The minio image name
+
+Automatic GitHub Push (Optional):
+  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
+  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
+  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}          Github org for your GitOps repository
+  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
+  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}             Git ssh key path
+  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
+  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
+
+Other Commands:
+      -h, --help                                                                                           Show this help message
+EOM
+  [[ -n "$1" ]] && exit 1 || exit 0
+}
+
+
+function gitops_minio_noninteractive() {
+  GITOPS_WORKING_DIR=$PWD/working-dir  
+  SECRETS_KEY_SEPERATOR="/"
+  GIT_COMMIT_MSG="gitops-minio commit"
+  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
+
+  #adding default values 
+  export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
+  export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
+  export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
+  export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
+
+  while [[ $# -gt 0 ]]
+  do
+    key="$1"
+    shift
+    case $key in
+      # GitOps Configuration
+      -d|--dir)
+        export GITOPS_WORKING_DIR=$1 && shift
+        ;;
+      -a|--account-id)
+        export ACCOUNT_ID=$1 && shift
+        ;;
+      -c|--cluster-id)
+        export CLUSTER_ID=$1 && shift
+        ;;
+
+      # AWS Secrets Manager Configuration
+      --sm-aws-secret-region)
+        export SM_AWS_REGION=$1
+        export REGION_ID=$1
+        shift
+        ;;
+      --sm-aws-access-key)
+        export SM_AWS_ACCESS_KEY_ID=$1 && shift
+        ;;
+      --sm-aws-secret-key)
+        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
+        ;;
+      --secrets-path)
+        export SECRETS_PATH=$1 && shift
+        ;;
+
+      # minio Provider Selection
+      --minio_namespace)
+        export MINIO_NAMESPACE=$1 && shift
+        ;;
+      --minio_instance_name)
+        export MINIO_INSTANCE_NAME=$1 && shift
+        ;;
+      # --minio_root_user)
+      #   export MINIO_ROOT_USER=$1 && shift
+      #   ;;
+      # --minio_root_password)
+      #   export MINIO_ROOT_PASSWORD=$1 && shift
+      #   ;;
+      --minio_storage_class)
+        export MINIO_STORAGE_CLASS=$1 && shift
+        ;;
+      --minio_storage_size)
+        export MINIO_STORAGE_SIZE=$1 && shift
+        ;;
+      --minio_image)
+        export MINIO_IMAGE=$1 && shift
+        ;;
+
+	    # optional parameters if needed
+
+      # Automatic GitHub Push
+      -P|--github-push)
+        export GITHUB_PUSH=true
+        ;;
+      -H|--github-host)
+        export GITHUB_HOST=$1 && shift
+        ;;
+      -O|--github-org)
+        export GITHUB_ORG=$1 && shift
+        ;;
+      -R|--github-repo)
+        export GITHUB_REPO=$1 && shift
+        ;;
+      -S|--github-ssh)
+        export GIT_SSH=$1 && shift
+        ;;
+      -B|--git-branch)
+        export GIT_BRANCH=$1 && shift
+        ;;
+      -M|--git-commit-msg)
+        export GIT_COMMIT_MSG=$1 && shift
+        ;;
+
+      # Other Commands
+      -h|--help)
+        gitops_minio_help
+        ;;
+      *)
+        # unknown option
+        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
+        gitops_minio_help  "Usage Error: Unsupported option \"${key}\" "
+        exit 1
+        ;;
+      esac
+  done
+
+
+  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_minio_help "GITOPS_WORKING_DIR is not set"
+  [[ -z "$ACCOUNT_ID" ]] && gitops_minio_help "ACCOUNT_ID is not set"
+  [[ -z "$CLUSTER_ID" ]] && gitops_minio_help "CLUSTER_ID is not set"
+  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_minio_help "REGION_ID or SM_AWS_REGION is not set"
+
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    [[ -z "$GITHUB_HOST" ]] && gitops_minio_help "GITHUB_HOST is not set"
+    [[ -z "$GITHUB_ORG" ]] && gitops_minio_help "GITHUB_ORG is not set"
+    [[ -z "$GITHUB_REPO" ]] && gitops_minio_help "GITHUB_REPO is not set"
+    [[ -z "$GIT_BRANCH" ]] && gitops_minio_help "GIT_BRANCH is not set"
+  fi
+
+  # [[ -z "$MINIO_NAMESPACE" ]] && gitops_minio_help "MINIO_NAMESPACE is not set. Please provide the namespace where MinIO should be deployed using --minio_namespace."
+  # [[ -z "$MINIO_INSTANCE_NAME" ]] && gitops_minio_help "MINIO_INSTANCE_NAME is not set. Please provide a unique name for the MinIO instance using --minio_instance_name."
+  # [[ -z "$MINIO_ROOT_USER" ]] && gitops_minio_help "MINIO_ROOT_USER is not set. Please provide the root username (access key) using --minio_root_user."
+  # [[ -z "$MINIO_ROOT_PASSWORD" ]] && gitops_minio_help "MINIO_ROOT_PASSWORD is not set. Please provide the root password (secret key) using --minio_root_password."
+  # [[ -z "$MINIO_STORAGE_CLASS" ]] && gitops_minio_help "MINIO_STORAGE_CLASS is not set. Please specify the Kubernetes storage class using --minio_storage_class."
+  # [[ -z "$MINIO_STORAGE_SIZE" ]] && gitops_minio_help "MINIO_STORAGE_SIZE is not set. Please provide the storage size (e.g., 50Gi) using --minio_storage_size."
+  # [[ -z "$MINIO_IMAGE" ]] && gitops_minio_help "MINIO_IMAGE is not set. Please provide the MinIO container image name using --minio_image."
+
+}
+
+function gitops_minio() {
+  # Take the first parameter off (it will be create-gitops)
+  shift
+  if [[ $# -gt 0 ]]; then
+    gitops_minio_noninteractive "$@"
+  else
+    echo "Not supported yet"
+    exit 1
+    gitops_minio_interactive
+  fi
+
+  # catch errors
+  set -o pipefail
+  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
+
+  rm -rf $GITOPS_WORKING_DIR
+  mkdir -p ${GITOPS_WORKING_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}
+  TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-minio
+  mkdir -p ${TEMP_DIR}
+
+  echo
+  reset_colors
+  echo_h2 "Review Settings"
+
+  echo "${TEXT_DIM}"
+  echo_h2 "Target" "    "
+  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
+  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
+  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "AWS Secrets Manager" "    "
+  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
+  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
+  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
+  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+    echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}"
+    echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}"
+    echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}"
+    echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}"
+  else
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+  fi
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "minio" "    "
+  echo_reset_dim "MinIO Namespace (minio_namespace)  .................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
+  echo_reset_dim "MinIO Instance Name (minio_instance_name)  ............ ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
+  echo_reset_dim "MinIO Root User (minio_root_user)  .................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
+  echo_reset_dim "MinIO Root Password (minio_root_password)  ............ ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
+  echo_reset_dim "MinIO Storage Class (minio_storage_class)  ............ ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
+  echo_reset_dim "MinIO Storage Size (minio_storage_size)  .............. ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
+  echo_reset_dim "MinIO Image (minio_image)  .............................${COLOR_MAGENTA}${MINIO_IMAGE}"
+
+  reset_colors
+
+  AVP_TYPE=aws  # Support for IBM will be added later
+  sm_login
+
+  if [ ! -z "$MINIO_NAMESPACE" ]; then
+
+    #minio provider role specific env variables
+    export MAS_CONFIG_DIR=$TEMP_DIR
+    export MINIO_ACTION="install"
+
+    # export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
+    # export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
+    # export MINIO_STORAGE_CLASS=${MINIO_STORAGE_CLASS:-""}
+    # export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
+    # export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
+
+    # Set default root user and password if not provided it should re renadom gne
+    export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
+    export MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-"minio123"}
+
+    export SECRET_NAME_MINIO_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
+
+    export SECRET_KEY_MINIO_USER=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_user
+    export SECRET_KEY_MINIO_PASSWORD=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_password
+    
+    # sm_update_secret and need to pss secrert | idempotent
+    ESCAPED_INFO=${UNESCAPED_INFO//\"/\\\"}
+    ESCAPED_INFO=${ESCAPED_INFO//$'\n'/\\n}
+    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
+    sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$SECRET_KEY_MINIO_USER\", \"password\": \"$SECRET_KEY_MINIO_PASSWORD\"}" "${TAGS}"
+
+    # export MINIO_SECRET_FILE=$TEMP_DIR/MINIO-secret.json
+    # sm_get_secret_file ${AWS_MSK_SECRET} $MINIO_SECRET_FILE
+    # TEMP_AWS_MINIO_USER_PASSWORD=$(jq -r .password $MINIO_SECRET_FILE)
+    # if [[ -n ${TEMP_AWS_MINIO_USER_PASSWORD} ]]; then
+    #   export AWS_MINIO_USER_PASSWORD=${TEMP_AWS_MINIO_USER_PASSWORD}
+    #   echo "gitops_minio : AWS_MINIO_USER_PASSWORD=${AWS_MINIO_USER_PASSWORD:0:8}<snip> is available in the secret, use the same while invoking the role again"
+    # fi
+    
+  
+    #export MINIO_CFG_FILE_NAME=${MINIO_CFG_FILE_NAME:-"aws-msk-${MINIO_CLUSTER_NAME}-miniocfg.yml"}
+
+    # echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
+    # echo_reset_dim "minio_instance_name ................... ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
+    # echo_reset_dim "minio_storage_class ................... ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
+    # echo_reset_dim "minio_storage_size .................... ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
+    # echo_reset_dim "minio_image ........................... ${COLOR_MAGENTA}${MINIO_IMAGE}"
+    # echo_reset_dim "minio_root_user ....................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
+    # echo_reset_dim "minio_root_password ................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
+
+    #echo_reset_dim "MINIO_CFG_FILE_NAME .................... ${COLOR_MAGENTA}${MINIO_CFG_FILE_NAME}"
+
+    # export AWS_DEFAULT_OUTPUT="json"
+    # export ROLE_NAME=minio && ansible-playbook ibm.mas_devops.run_role
+
+    # rc=$?
+    # [ $rc -ne 0 ] && exit $rc
+    # Extract the required details from the generated miniocfg/secret. For msk this is in plain text (stringData)
+    # export MINIO_USERNAME=$(yq 'select(di == 0) | .data.username' $TEMP_DIR/${MINIO_CFG_FILE_NAME} | base64 -d)
+    # export MINIO_PASSWORD=$(yq 'select(di == 0) | .data.password' $TEMP_DIR/${MINIO_CFG_FILE_NAME} | base64 -d)
+    # yq 'select(di == 1) | .spec' $TEMP_DIR/${MINIO_CFG_FILE_NAME} >> $TEMP_DIR/minio-info.yaml
+    # yq -i 'del(.config.credentials)' $TEMP_DIR/minio-info.yaml
+    # yq -i 'del(.displayName)' $TEMP_DIR/minio-info.yaml
+    # yq -i 'del(.type)' $TEMP_DIR/minio-info.yaml
+
+    # UNESCAPED_INFO="$(cat $TEMP_DIR/minio-info.yaml)"
+    
+
+    if [ -z $GIT_SSH ]; then
+      export GIT_SSH=false
+    fi
+
+    # Clone github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+    fi
+    mkdir -p ${GITOPS_CLUSTER_DIR}
+
+
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Generating minio operator Applications"
+    echo "- minio operator"
+
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Generating minio operator Applications"
+    echo "- minio operator"
+
+    echo "Generating minio file ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml"
+    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-minio.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml
+
+    # Commit and push to github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
+      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
+    fi
+
+    rm -rf $TEMP_DIR
+  
+  fi
+  exit 0
+}
\ No newline at end of file
diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index 0f89b4cf70c..f1b9a1f2375 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -98,6 +98,7 @@ mkdir -p $CONFIG_DIR
 . $CLI_DIR/functions/gitops_deprovision_db2u_database
 . $CLI_DIR/functions/gitops_nvidia_gpu
 . $CLI_DIR/functions/gitops_deprovision_db2u
+. $CLI_DIR/functions/gitops_minio
 . $CLI_DIR/functions/gitops_odh
 . $CLI_DIR/functions/gitops_aiservice
 . $CLI_DIR/functions/gitops_aiservice_tenant
@@ -844,6 +845,14 @@ case $1 in
     gitops
     ;;
 
+  gitops-minio)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite Minio Manager (v${VERSION})${TEXT_RESET}"
+    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
+    echo
+    reset_colors
+    gitops_minio "$@"
+    ;;
+
   *)
     echo "unknown parameter $1"
     exit 1
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
new file mode 100644
index 00000000000..20a9d17d16e
--- /dev/null
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
@@ -0,0 +1,10 @@
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
+
+ibm_minio:
+  minio_namespace: {{ MINIO_NAMESPACE }}
+  minio_instance_name: {{ MINIO_INSTANCE_NAME }}
+  minio_root_user: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_USER }}>"
+  minio_root_password: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_PASSWORD }}>"
+  minio_storage_class: {{ MINIO_STORAGE_CLASS }}
+  minio_storage_size: {{ MINIO_STORAGE_SIZE }}
+  minio_image: {{ MINIO_IMAGE }}
diff --git a/tekton/src/tasks/gitops/gitops-minio.yml.j2 b/tekton/src/tasks/gitops/gitops-minio.yml.j2
new file mode 100644
index 00000000000..806361fe9af
--- /dev/null
+++ b/tekton/src/tasks/gitops/gitops-minio.yml.j2
@@ -0,0 +1,116 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: gitops-minio
+spec:
+  params: 
+    - name: cluster_name
+      type: string
+    - name: account
+      type: string
+    - name: cluster_url
+      type: string
+      default: ""
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+      
+    - name: minio_namespace
+      type: string
+      default: minio
+    - name: minio_instance_name
+      type: string
+      default: minio
+    - name: minio_root_user
+      type: string
+    - name: minio_root_password
+      type: string
+    - name: minio_storage_class
+      type: string
+      default: nfs-client
+    - name: minio_storage_size
+      type: string
+      default: 40Gi
+    - name: minio_image
+      type: string
+      default: quay.io/minio/minio:latest
+  stepTemplate:
+    name: gitops-minio
+    env:
+      - name: CLUSTER_NAME
+        value: $(params.cluster_name)
+      - name: ACCOUNT
+        value: $(params.account)
+      #- name: CLUSTER_ID
+      #  value: $(params.cluster_id)
+      - name: CLUSTER_URL
+        value: $(params.cluster_url)
+      - name: SECRET_PATH
+        value: $(params.secrets_path)
+      - name: SM_AWS_REGION
+        value: $(params.avp_aws_secret_region)
+      - name: GIT_BRANCH
+        value: $(params.git_branch)
+      - name: GITHUB_ORG
+        value: $(params.github_org)
+      - name: GITHUB_HOST
+        value: $(params.github_host)
+      - name: GITHUB_REPO
+        value: $(params.github_repo)
+
+      - name: MINIO_NAMESPACE
+        value: $(params.minio_namespace)
+      - name: MINIO_INSTANCE_NAME
+        value: $(params.minio_instance_name)
+      - name: MINIO_ROOT_USER
+        value: $(params.minio_root_user)
+      - name: MINIO_ROOT_PASSWORD
+        value: $(params.minio_root_password)
+      - name: MINIO_STORAGE_CLASS
+        value: $(params.minio_storage_class)
+      - name: MINIO_STORAGE_SIZE
+        value: $(params.minio_storage_size)
+      - name: MINIO_IMAGE
+        value: $(params.minio_image)
+    envFrom:
+      - configMapRef:
+          name: environment-properties
+          optional: true
+      - secretRef:
+          name: secure-properties
+  steps:
+    - args:
+      - |-
+        git config --global user.name "MAS Automation"
+        git config --global user.email "you@example.com"
+        git config --global user.password $GITHUB_PAT
+
+        mkdir -p /tmp/init-minio
+        mas gitops-minio -a $ACCOUNT -c $CLUSTER_NAME \
+        --secrets-path $SECRET_PATH \
+        --dir /tmp/init-minio \
+        --github-push \
+        --github-host $GITHUB_HOST \
+        --github-org  $GITHUB_ORG \
+        --github-repo $GITHUB_REPO \
+        --git-branch $GIT_BRANCH
+
+        exit $?
+      command:
+        - /bin/sh
+        - -c
+      name: gitops-minio
+      imagePullPolicy: IfNotPresent
+      image: quay.io/ibmmas/cli:latest
+  workspaces:
+    - name: configs

From ec3aa25599dd80325c7dc6c0886c83fa8d9c5d81 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 7 May 2025 17:37:51 +0530
Subject: [PATCH 011/258] code updated for mino

---
 image/cli/mascli/functions/gitops_minio       |  95 ++---
 image/cli/mascli/functions/gitops_minio copy  | 382 ++++++++++++++++++
 .../cluster/instance/ibm-minio.yaml.j2        |   4 +-
 tekton/src/tasks/gitops/gitops-minio.yml.j2   |   2 +
 4 files changed, 418 insertions(+), 65 deletions(-)
 create mode 100644 image/cli/mascli/functions/gitops_minio copy

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index a5f3e2553b4..925b106a258 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -163,14 +163,8 @@ function gitops_minio_noninteractive() {
     [[ -z "$GIT_BRANCH" ]] && gitops_minio_help "GIT_BRANCH is not set"
   fi
 
-  # [[ -z "$MINIO_NAMESPACE" ]] && gitops_minio_help "MINIO_NAMESPACE is not set. Please provide the namespace where MinIO should be deployed using --minio_namespace."
-  # [[ -z "$MINIO_INSTANCE_NAME" ]] && gitops_minio_help "MINIO_INSTANCE_NAME is not set. Please provide a unique name for the MinIO instance using --minio_instance_name."
-  # [[ -z "$MINIO_ROOT_USER" ]] && gitops_minio_help "MINIO_ROOT_USER is not set. Please provide the root username (access key) using --minio_root_user."
-  # [[ -z "$MINIO_ROOT_PASSWORD" ]] && gitops_minio_help "MINIO_ROOT_PASSWORD is not set. Please provide the root password (secret key) using --minio_root_password."
-  # [[ -z "$MINIO_STORAGE_CLASS" ]] && gitops_minio_help "MINIO_STORAGE_CLASS is not set. Please specify the Kubernetes storage class using --minio_storage_class."
-  # [[ -z "$MINIO_STORAGE_SIZE" ]] && gitops_minio_help "MINIO_STORAGE_SIZE is not set. Please provide the storage size (e.g., 50Gi) using --minio_storage_size."
-  # [[ -z "$MINIO_IMAGE" ]] && gitops_minio_help "MINIO_IMAGE is not set. Please provide the MinIO container image name using --minio_image."
-
+  [[ -z "$MINIO_STORAGE_CLASS" ]] && gitops_minio_help "MINIO_STORAGE_CLASS is not set. Please specify the Kubernetes storage class using --minio_storage_class."
+  
 }
 
 function gitops_minio() {
@@ -234,8 +228,8 @@ function gitops_minio() {
   echo_h2 "minio" "    "
   echo_reset_dim "MinIO Namespace (minio_namespace)  .................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
   echo_reset_dim "MinIO Instance Name (minio_instance_name)  ............ ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
-  echo_reset_dim "MinIO Root User (minio_root_user)  .................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
-  echo_reset_dim "MinIO Root Password (minio_root_password)  ............ ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
+  # echo_reset_dim "MinIO Root User (minio_root_user)  .................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
+  # echo_reset_dim "MinIO Root Password (minio_root_password)  ............ ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
   echo_reset_dim "MinIO Storage Class (minio_storage_class)  ............ ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
   echo_reset_dim "MinIO Storage Size (minio_storage_size)  .............. ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
   echo_reset_dim "MinIO Image (minio_image)  .............................${COLOR_MAGENTA}${MINIO_IMAGE}"
@@ -248,66 +242,41 @@ function gitops_minio() {
   if [ ! -z "$MINIO_NAMESPACE" ]; then
 
     #minio provider role specific env variables
-    export MAS_CONFIG_DIR=$TEMP_DIR
     export MINIO_ACTION="install"
 
-    # export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
-    # export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
-    # export MINIO_STORAGE_CLASS=${MINIO_STORAGE_CLASS:-""}
-    # export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
-    # export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
-
-    # Set default root user and password if not provided it should re renadom gne
-    export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
-    export MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-"minio123"}
-
     export SECRET_NAME_MINIO_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
-
-    export SECRET_KEY_MINIO_USER=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_user
-    export SECRET_KEY_MINIO_PASSWORD=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_password
-    
-    # sm_update_secret and need to pss secrert | idempotent
-    ESCAPED_INFO=${UNESCAPED_INFO//\"/\\\"}
-    ESCAPED_INFO=${ESCAPED_INFO//$'\n'/\\n}
-    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
-    sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$SECRET_KEY_MINIO_USER\", \"password\": \"$SECRET_KEY_MINIO_PASSWORD\"}" "${TAGS}"
-
-    # export MINIO_SECRET_FILE=$TEMP_DIR/MINIO-secret.json
-    # sm_get_secret_file ${AWS_MSK_SECRET} $MINIO_SECRET_FILE
-    # TEMP_AWS_MINIO_USER_PASSWORD=$(jq -r .password $MINIO_SECRET_FILE)
-    # if [[ -n ${TEMP_AWS_MINIO_USER_PASSWORD} ]]; then
-    #   export AWS_MINIO_USER_PASSWORD=${TEMP_AWS_MINIO_USER_PASSWORD}
-    #   echo "gitops_minio : AWS_MINIO_USER_PASSWORD=${AWS_MINIO_USER_PASSWORD:0:8}<snip> is available in the secret, use the same while invoking the role again"
-    # fi
+    echo_reset_dim "SECRET_NAME_MINIO_AUTH ................ ${COLOR_MAGENTA}$SECRET_NAME_MINIO_AUTH"
+
+    if [ -z "$MINIO_ROOT_PASSWORD" ]; then
+      # Create a secret in SM containing the username/password for this specific minio instance.
+      export MINIO_SECRET_FILE=$TEMP_DIR/minio-secret.json
+      export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
+      echo_reset_dim "MINIO_ROOT_USER ............................. ${COLOR_MAGENTA}$MINIO_ROOT_USER"
+      
+      export MINIO_ROOT_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
+      sm_get_secret_file ${SECRET_NAME_MINIO_AUTH} $MINIO_SECRET_FILE
+      TEMP_MINIO_PASSWORD=$(jq -r .password $MINIO_SECRET_FILE)
+      if [[ -n ${TEMP_MINIO_PASSWORD} ]]; then
+        export MINIO_ROOT_PASSWORD=${TEMP_MINIO_PASSWORD}
+        echo_reset_dim "MINIO_ROOT_PASSWORD ........................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip> is available in the secret, using that value"
+      fi
+      echo_reset_dim "MINIO_ROOT_PASSWORD ............................. ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip>"
+      TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
+      
+      sm_update_secret $SECRET_NAME_MINIO_AUTH "{ \"username\": \"$MINIO_ROOT_USER\", \"password\": \"$MINIO_ROOT_PASSWORD\"}" "${TAGS}"
+    fi
     
   
     #export MINIO_CFG_FILE_NAME=${MINIO_CFG_FILE_NAME:-"aws-msk-${MINIO_CLUSTER_NAME}-miniocfg.yml"}
 
-    # echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
-    # echo_reset_dim "minio_instance_name ................... ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
-    # echo_reset_dim "minio_storage_class ................... ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
-    # echo_reset_dim "minio_storage_size .................... ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
-    # echo_reset_dim "minio_image ........................... ${COLOR_MAGENTA}${MINIO_IMAGE}"
-    # echo_reset_dim "minio_root_user ....................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
-    # echo_reset_dim "minio_root_password ................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
-
-    #echo_reset_dim "MINIO_CFG_FILE_NAME .................... ${COLOR_MAGENTA}${MINIO_CFG_FILE_NAME}"
-
-    # export AWS_DEFAULT_OUTPUT="json"
-    # export ROLE_NAME=minio && ansible-playbook ibm.mas_devops.run_role
-
-    # rc=$?
-    # [ $rc -ne 0 ] && exit $rc
-    # Extract the required details from the generated miniocfg/secret. For msk this is in plain text (stringData)
-    # export MINIO_USERNAME=$(yq 'select(di == 0) | .data.username' $TEMP_DIR/${MINIO_CFG_FILE_NAME} | base64 -d)
-    # export MINIO_PASSWORD=$(yq 'select(di == 0) | .data.password' $TEMP_DIR/${MINIO_CFG_FILE_NAME} | base64 -d)
-    # yq 'select(di == 1) | .spec' $TEMP_DIR/${MINIO_CFG_FILE_NAME} >> $TEMP_DIR/minio-info.yaml
-    # yq -i 'del(.config.credentials)' $TEMP_DIR/minio-info.yaml
-    # yq -i 'del(.displayName)' $TEMP_DIR/minio-info.yaml
-    # yq -i 'del(.type)' $TEMP_DIR/minio-info.yaml
-
-    # UNESCAPED_INFO="$(cat $TEMP_DIR/minio-info.yaml)"
-    
+    echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
+    echo_reset_dim "minio_instance_name ................... ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
+    echo_reset_dim "minio_storage_class ................... ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
+    echo_reset_dim "minio_storage_size .................... ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
+    echo_reset_dim "minio_image ........................... ${COLOR_MAGENTA}${MINIO_IMAGE}"
+    echo_reset_dim "minio_root_user ....................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
+    echo_reset_dim "minio_root_password ................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
+
 
     if [ -z $GIT_SSH ]; then
       export GIT_SSH=false
diff --git a/image/cli/mascli/functions/gitops_minio copy b/image/cli/mascli/functions/gitops_minio copy
new file mode 100644
index 00000000000..310d375f3f5
--- /dev/null
+++ b/image/cli/mascli/functions/gitops_minio copy	
@@ -0,0 +1,382 @@
+#!/usr/bin/env bash
+
+function gitops_minio_help() {
+  [[ -n "$1" ]] && echo_warning "$1"
+  reset_colors
+  cat << EOM
+
+
+Usage:
+  mas gitops-minio [options]
+Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
+When no options are specified on the command line, interactive-mode will be enabled by default.
+
+GitOps Configuration:
+  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}         Directory for GitOps repository
+  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}          Account name that the cluster belongs to
+  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}          Cluster ID
+
+Secrets Manager:
+      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
+      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
+
+minio Provider Selection / Version:
+      --minio_namespace ${COLOR_YELLOW}MINIO_NAMESPACE${TEXT_RESET}                                         The minio namespace to install
+      --minio_instance_name ${COLOR_YELLOW}MINIO_INSTANCE_NAME${TEXT_RESET}                                 The minio instance name
+      --minio_root_user ${COLOR_YELLOW}MINIO_ROOT_USER${TEXT_RESET}                                         The minio user name
+      --minio_root_password ${COLOR_YELLOW}MINIO_ROOT_PASSWORD${TEXT_RESET}                                 The minio user password
+      --minio_storage_class ${COLOR_YELLOW}MINIO_STORAGE_CLASS${TEXT_RESET}                                 The minio storage class
+      --minio_storage_size ${COLOR_YELLOW}MINIO_STORAGE_SIZE${TEXT_RESET}                                   The minio storage size
+      --minio_image ${COLOR_YELLOW}MINIO_IMAGE${TEXT_RESET}                                                 The minio image name
+
+Automatic GitHub Push (Optional):
+  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
+  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
+  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}          Github org for your GitOps repository
+  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
+  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}             Git ssh key path
+  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
+  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
+
+Other Commands:
+      -h, --help                                                                                           Show this help message
+EOM
+  [[ -n "$1" ]] && exit 1 || exit 0
+}
+
+
+function gitops_minio_noninteractive() {
+  GITOPS_WORKING_DIR=$PWD/working-dir  
+  SECRETS_KEY_SEPERATOR="/"
+  GIT_COMMIT_MSG="gitops-minio commit"
+  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
+
+  #adding default values 
+  export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
+  export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
+  export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
+  export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
+
+  while [[ $# -gt 0 ]]
+  do
+    key="$1"
+    shift
+    case $key in
+      # GitOps Configuration
+      -d|--dir)
+        export GITOPS_WORKING_DIR=$1 && shift
+        ;;
+      -a|--account-id)
+        export ACCOUNT_ID=$1 && shift
+        ;;
+      -c|--cluster-id)
+        export CLUSTER_ID=$1 && shift
+        ;;
+
+      # AWS Secrets Manager Configuration
+      --sm-aws-secret-region)
+        export SM_AWS_REGION=$1
+        export REGION_ID=$1
+        shift
+        ;;
+      --sm-aws-access-key)
+        export SM_AWS_ACCESS_KEY_ID=$1 && shift
+        ;;
+      --sm-aws-secret-key)
+        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
+        ;;
+      --secrets-path)
+        export SECRETS_PATH=$1 && shift
+        ;;
+
+      # minio Provider Selection
+      --minio_namespace)
+        export MINIO_NAMESPACE=$1 && shift
+        ;;
+      --minio_instance_name)
+        export MINIO_INSTANCE_NAME=$1 && shift
+        ;;
+      # --minio_root_user)
+      #   export MINIO_ROOT_USER=$1 && shift
+      #   ;;
+      # --minio_root_password)
+      #   export MINIO_ROOT_PASSWORD=$1 && shift
+      #   ;;
+      --minio_storage_class)
+        export MINIO_STORAGE_CLASS=$1 && shift
+        ;;
+      --minio_storage_size)
+        export MINIO_STORAGE_SIZE=$1 && shift
+        ;;
+      --minio_image)
+        export MINIO_IMAGE=$1 && shift
+        ;;
+
+	    # optional parameters if needed
+
+      # Automatic GitHub Push
+      -P|--github-push)
+        export GITHUB_PUSH=true
+        ;;
+      -H|--github-host)
+        export GITHUB_HOST=$1 && shift
+        ;;
+      -O|--github-org)
+        export GITHUB_ORG=$1 && shift
+        ;;
+      -R|--github-repo)
+        export GITHUB_REPO=$1 && shift
+        ;;
+      -S|--github-ssh)
+        export GIT_SSH=$1 && shift
+        ;;
+      -B|--git-branch)
+        export GIT_BRANCH=$1 && shift
+        ;;
+      -M|--git-commit-msg)
+        export GIT_COMMIT_MSG=$1 && shift
+        ;;
+
+      # Other Commands
+      -h|--help)
+        gitops_minio_help
+        ;;
+      *)
+        # unknown option
+        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
+        gitops_minio_help  "Usage Error: Unsupported option \"${key}\" "
+        exit 1
+        ;;
+      esac
+  done
+
+
+  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_minio_help "GITOPS_WORKING_DIR is not set"
+  [[ -z "$ACCOUNT_ID" ]] && gitops_minio_help "ACCOUNT_ID is not set"
+  [[ -z "$CLUSTER_ID" ]] && gitops_minio_help "CLUSTER_ID is not set"
+  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_minio_help "REGION_ID or SM_AWS_REGION is not set"
+
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    [[ -z "$GITHUB_HOST" ]] && gitops_minio_help "GITHUB_HOST is not set"
+    [[ -z "$GITHUB_ORG" ]] && gitops_minio_help "GITHUB_ORG is not set"
+    [[ -z "$GITHUB_REPO" ]] && gitops_minio_help "GITHUB_REPO is not set"
+    [[ -z "$GIT_BRANCH" ]] && gitops_minio_help "GIT_BRANCH is not set"
+  fi
+
+  # [[ -z "$MINIO_NAMESPACE" ]] && gitops_minio_help "MINIO_NAMESPACE is not set. Please provide the namespace where MinIO should be deployed using --minio_namespace."
+  # [[ -z "$MINIO_INSTANCE_NAME" ]] && gitops_minio_help "MINIO_INSTANCE_NAME is not set. Please provide a unique name for the MinIO instance using --minio_instance_name."
+  # [[ -z "$MINIO_ROOT_USER" ]] && gitops_minio_help "MINIO_ROOT_USER is not set. Please provide the root username (access key) using --minio_root_user."
+  # [[ -z "$MINIO_ROOT_PASSWORD" ]] && gitops_minio_help "MINIO_ROOT_PASSWORD is not set. Please provide the root password (secret key) using --minio_root_password."
+  [[ -z "$MINIO_STORAGE_CLASS" ]] && gitops_minio_help "MINIO_STORAGE_CLASS is not set. Please specify the Kubernetes storage class using --minio_storage_class."
+  # [[ -z "$MINIO_STORAGE_SIZE" ]] && gitops_minio_help "MINIO_STORAGE_SIZE is not set. Please provide the storage size (e.g., 50Gi) using --minio_storage_size."
+  # [[ -z "$MINIO_IMAGE" ]] && gitops_minio_help "MINIO_IMAGE is not set. Please provide the MinIO container image name using --minio_image."
+
+}
+
+function gitops_minio() {
+  # Take the first parameter off (it will be create-gitops)
+  shift
+  if [[ $# -gt 0 ]]; then
+    gitops_minio_noninteractive "$@"
+  else
+    echo "Not supported yet"
+    exit 1
+    gitops_minio_interactive
+  fi
+
+  # catch errors
+  set -o pipefail
+  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
+
+  rm -rf $GITOPS_WORKING_DIR
+  mkdir -p ${GITOPS_WORKING_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}
+  TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-minio
+  mkdir -p ${TEMP_DIR}
+
+  echo
+  reset_colors
+  echo_h2 "Review Settings"
+
+  echo "${TEXT_DIM}"
+  echo_h2 "Target" "    "
+  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
+  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
+  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "AWS Secrets Manager" "    "
+  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
+  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
+  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
+  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+    echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}"
+    echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}"
+    echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}"
+    echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}"
+  else
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+  fi
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "minio" "    "
+  echo_reset_dim "MinIO Namespace (minio_namespace)  .................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
+  echo_reset_dim "MinIO Instance Name (minio_instance_name)  ............ ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
+  # echo_reset_dim "MinIO Root User (minio_root_user)  .................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
+  # echo_reset_dim "MinIO Root Password (minio_root_password)  ............ ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
+  echo_reset_dim "MinIO Storage Class (minio_storage_class)  ............ ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
+  echo_reset_dim "MinIO Storage Size (minio_storage_size)  .............. ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
+  echo_reset_dim "MinIO Image (minio_image)  .............................${COLOR_MAGENTA}${MINIO_IMAGE}"
+
+  reset_colors
+
+  AVP_TYPE=aws  # Support for IBM will be added later
+  sm_login
+
+  if [ ! -z "$MINIO_NAMESPACE" ]; then
+
+    #minio provider role specific env variables
+    export MINIO_ACTION="install"
+
+    # export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
+    # export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
+    # export MINIO_STORAGE_CLASS=${MINIO_STORAGE_CLASS:-""}
+    # export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
+    # export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
+
+    export SECRET_NAME_MINIO_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
+    echo_reset_dim "SECRET_NAME_MINIO_AUTH ................ ${COLOR_MAGENTA}$SECRET_NAME_MINIO_AUTH"
+
+    if [ -z "$MINIO_ROOT_PASSWORD" ]; then
+      # Create a secret in SM containing the username/password for this specific minio instance.
+      export MINIO_SECRET_FILE=$TEMP_DIR/minio-secret.json
+
+      # Generate random username and password using /dev/urandom
+      # RANDOM_USER=`minio-$(cat /dev/urandom | tr -dc '0-9' | head -c 4)`
+      # export MINIO_ROOT_USER=${MINIO_ROOT_USER:-RANDOM_USER}
+      export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
+      echo_reset_dim "MINIO_ROOT_USER ............................. ${COLOR_MAGENTA}$MINIO_ROOT_USER"
+      
+      export MINIO_ROOT_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
+      sm_get_secret_file ${SECRET_NAME_MINIO_AUTH} $MINIO_SECRET_FILE
+      TEMP_MINIO_LDAP_PASSWORD=$(jq -r .password $MINIO_SECRET_FILE)
+      if [[ -n ${TEMP_MINIO_LDAP_PASSWORD} ]]; then
+        export MINIO_ROOT_PASSWORD=${TEMP_MINIO_LDAP_PASSWORD}
+        echo_reset_dim "MINIO_ROOT_PASSWORD ........................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip> is available in the secret, using that value"
+      fi
+      echo_reset_dim "MINIO_ROOT_PASSWORD ............................. ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip>"
+      TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
+      
+      # sm_update_secret and need to pss secrert | idempotent
+      ESCAPED_INFO=${UNESCAPED_INFO//\"/\\\"}
+      ESCAPED_INFO=${ESCAPED_INFO//$'\n'/\\n}
+      # sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$SECRET_KEY_MINIO_USER\", \"password\": \"$SECRET_KEY_MINIO_PASSWORD\"}" "${TAGS}"
+
+      sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$MINIO_ROOT_USER\", \"password\": \"$MINIO_ROOT_PASSWORD\"}" "${TAGS}"
+    fi
+    
+    # Generate random username and password using /dev/urandom
+    # RANDOM_USER="minio-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8)"
+    # RANDOM_PASS="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20)"
+    # export JDBRANDOM_PASSC_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
+
+    # export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
+    # export MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-"minio123"}
+
+    # export SECRET_NAME_MINIO_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
+
+    # export SECRET_KEY_MINIO_USER=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_user
+    # export SECRET_KEY_MINIO_PASSWORD=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_password
+    
+    # export MINIO_SECRET_FILE=$TEMP_DIR/MINIO-secret.json
+    # sm_get_secret_file ${AWS_MSK_SECRET} $MINIO_SECRET_FILE
+    # TEMP_AWS_MINIO_USER_PASSWORD=$(jq -r .password $MINIO_SECRET_FILE)
+    # if [[ -n ${TEMP_AWS_MINIO_USER_PASSWORD} ]]; then
+    #   export AWS_MINIO_USER_PASSWORD=${TEMP_AWS_MINIO_USER_PASSWORD}
+    #   echo "gitops_minio : AWS_MINIO_USER_PASSWORD=${AWS_MINIO_USER_PASSWORD:0:8}<snip> is available in the secret, use the same while invoking the role again"
+    # fi
+    
+  
+    #export MINIO_CFG_FILE_NAME=${MINIO_CFG_FILE_NAME:-"aws-msk-${MINIO_CLUSTER_NAME}-miniocfg.yml"}
+
+    echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
+    echo_reset_dim "minio_instance_name ................... ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
+    echo_reset_dim "minio_storage_class ................... ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
+    echo_reset_dim "minio_storage_size .................... ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
+    echo_reset_dim "minio_image ........................... ${COLOR_MAGENTA}${MINIO_IMAGE}"
+    echo_reset_dim "minio_root_user ....................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
+    echo_reset_dim "minio_root_password ................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
+
+    #echo_reset_dim "MINIO_CFG_FILE_NAME .................... ${COLOR_MAGENTA}${MINIO_CFG_FILE_NAME}"
+
+    # export AWS_DEFAULT_OUTPUT="json"
+    # export ROLE_NAME=minio && ansible-playbook ibm.mas_devops.run_role
+
+    # rc=$?
+    # [ $rc -ne 0 ] && exit $rc
+    # Extract the required details from the generated miniocfg/secret. For msk this is in plain text (stringData)
+    # export MINIO_USERNAME=$(yq 'select(di == 0) | .data.username' $TEMP_DIR/${MINIO_CFG_FILE_NAME} | base64 -d)
+    # export MINIO_PASSWORD=$(yq 'select(di == 0) | .data.password' $TEMP_DIR/${MINIO_CFG_FILE_NAME} | base64 -d)
+    # yq 'select(di == 1) | .spec' $TEMP_DIR/${MINIO_CFG_FILE_NAME} >> $TEMP_DIR/minio-info.yaml
+    # yq -i 'del(.config.credentials)' $TEMP_DIR/minio-info.yaml
+    # yq -i 'del(.displayName)' $TEMP_DIR/minio-info.yaml
+    # yq -i 'del(.type)' $TEMP_DIR/minio-info.yaml
+
+    # UNESCAPED_INFO="$(cat $TEMP_DIR/minio-info.yaml)"
+    
+
+    if [ -z $GIT_SSH ]; then
+      export GIT_SSH=false
+    fi
+
+    # Clone github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+    fi
+    mkdir -p ${GITOPS_CLUSTER_DIR}
+
+
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Generating minio operator Applications"
+    echo "- minio operator"
+
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Generating minio operator Applications"
+    echo "- minio operator"
+
+    echo "Generating minio file ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml"
+    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-minio.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml
+
+    # Commit and push to github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
+      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
+    fi
+
+    rm -rf $TEMP_DIR
+  
+  fi
+  exit 0
+}
\ No newline at end of file
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
index 20a9d17d16e..0c38106cd4e 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
@@ -3,8 +3,8 @@ merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
 ibm_minio:
   minio_namespace: {{ MINIO_NAMESPACE }}
   minio_instance_name: {{ MINIO_INSTANCE_NAME }}
-  minio_root_user: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_USER }}>"
-  minio_root_password: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_PASSWORD }}>"
+  minio_root_user: "<path:{{ SECRETS_PATH }}:{{ MINIO_ROOT_USER }}>"
+  minio_root_password: "<path:{{ SECRETS_PATH }}:{{ MINIO_ROOT_PASSWORD }}>"
   minio_storage_class: {{ MINIO_STORAGE_CLASS }}
   minio_storage_size: {{ MINIO_STORAGE_SIZE }}
   minio_image: {{ MINIO_IMAGE }}
diff --git a/tekton/src/tasks/gitops/gitops-minio.yml.j2 b/tekton/src/tasks/gitops/gitops-minio.yml.j2
index 806361fe9af..8ee45d26ab8 100644
--- a/tekton/src/tasks/gitops/gitops-minio.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-minio.yml.j2
@@ -9,6 +9,8 @@ spec:
       type: string
     - name: account
       type: string
+    - name: cluster_id
+      type: string
     - name: cluster_url
       type: string
       default: ""

From 02ba15a4312920038372d1d48051e7cb5de6f15f Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Thu, 8 May 2025 11:28:30 +0530
Subject: [PATCH 012/258] Update gitops_odh

---
 image/cli/mascli/functions/gitops_odh | 79 +++++++++++++++++++++++++--
 1 file changed, 73 insertions(+), 6 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 80beb610052..b9f56cecc36 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -227,6 +227,7 @@ function gitops_odh_noninteractive() {
 }
 
 function gitops_odh() {
+  # Remove the subcommand (e.g., "create-gitops")
   shift
   if [[ $# -gt 0 ]]; then
     gitops_odh_noninteractive "$@"
@@ -235,19 +236,85 @@ function gitops_odh() {
     exit 1
   fi
 
-  mkdir -p "$GITOPS_WORKING_DIR"
-  GITOPS_INSTANCE_DIR="${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}"
-  mkdir -p "$GITOPS_INSTANCE_DIR"
+  # Error trap
+  set -o pipefail
+  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
+
+  # Prepare directories
+  rm -rf "$GITOPS_WORKING_DIR"
+  mkdir -p "${GITOPS_WORKING_DIR}"
+  GITOPS_CLUSTER_DIR="${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}"
+  TEMP_DIR="${GITOPS_CLUSTER_DIR}/tmp-odh"
+  mkdir -p "$TEMP_DIR"
 
   echo
+  echo_h2 "Review Settings"
+  echo "${TEXT_DIM}"
+  echo_h2 "Target"
+  echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}"
+  echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "Temp Directory ........................ ${COLOR_MAGENTA}${TEMP_DIR}"
+  echo_reset_dim "Secrets Path .......................... ${COLOR_MAGENTA}${SECRETS_PATH}"
+  reset_colors
+
+  AVP_TYPE=aws
+  sm_login
+
+  # Set up secret key and fetch secret
+  export MAS_CONFIG_DIR="$TEMP_DIR"
+  export ODH_SECRET="odh${SECRETS_KEY_SEPERATOR}${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${MAS_INSTANCE_ID}"
+  export ODH_SECRET_FILE="$TEMP_DIR/odh-secret.json"
+
+  sm_get_secret_file "$ODH_SECRET" "$ODH_SECRET_FILE"
+
+  # Extract and export secrets
+  export MINIO_ACCESS_KEY=$(jq -r .sm_minio_accesskey "$ODH_SECRET_FILE")
+  export MINIO_SECRET_KEY=$(jq -r .sm_minio_secretkey "$ODH_SECRET_FILE")
+  export MINIO_HOST=$(jq -r .sm_minio_host "$ODH_SECRET_FILE")
+  export MINIO_PORT=$(jq -r .sm_minio_port "$ODH_SECRET_FILE")
+  export MINIO_BUCKET=$(jq -r .sm_minio_bucket_default "$ODH_SECRET_FILE")
+
+  export MARIADB_HOST=$(jq -r .sm_mariadb_host "$ODH_SECRET_FILE")
+  export MARIADB_PORT=$(jq -r .sm_mariadb_port "$ODH_SECRET_FILE")
+  export MARIADB_USER=$(jq -r .sm_mariadb_user "$ODH_SECRET_FILE")
+  export MARIADB_DATABASE=$(jq -r .sm_mariadb_database "$ODH_SECRET_FILE")
+  export MARIADB_SECRET_NAME=$(jq -r .sm_mariadb_secret_name "$ODH_SECRET_FILE")
+  export MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$ODH_SECRET_FILE")
+
+  echo_h2 "ODH Secret Summary"
+  echo_reset_dim "MINIO_HOST ............................. ${COLOR_MAGENTA}${MINIO_HOST}"
+  echo_reset_dim "MINIO_BUCKET ........................... ${COLOR_MAGENTA}${MINIO_BUCKET}"
+  echo_reset_dim "MARIADB_HOST ........................... ${COLOR_MAGENTA}${MARIADB_HOST}"
+  echo_reset_dim "MARIADB_DATABASE ....................... ${COLOR_MAGENTA}${MARIADB_DATABASE}"
+  reset_colors
+
+  # Render YAML
   echo_h2 "Generating OpenDataHub GitOps YAML"
-  echo "Output: ${GITOPS_INSTANCE_DIR}/ibm-mas-odh-install.yaml"
+  echo "Output: ${TEMP_DIR}/ibm-mas-odh-install.yaml"
 
-  jinjanate_commmon "$CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2" "${GITOPS_INSTANCE_DIR}/ibm-mas-odh-install.yaml"
+  jinjanate_commmon \
+    "$CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2" \
+    "${TEMP_DIR}/ibm-mas-odh-install.yaml"
 
+  # Collect info block for secret update
+  yq eval '.' "${TEMP_DIR}/ibm-mas-odh-install.yaml" > "${TEMP_DIR}/odh-info.yaml"
+  UNESCAPED_INFO="$(cat ${TEMP_DIR}/odh-info.yaml)"
+  ESCAPED_INFO="${UNESCAPED_INFO//\"/\\\"}"
+
+  TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_odh\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
+
+  sm_update_secret "$ODH_SECRET" \
+    "{\"minio_access_key\": \"${MINIO_ACCESS_KEY}\", \"minio_secret_key\": \"${MINIO_SECRET_KEY}\", \"mariadb_user\": \"${MARIADB_USER}\"}" \
+    "$TAGS"
+
+  # GitHub push
   if [[ "$GITHUB_PUSH" == "true" ]]; then
     echo_h2 "Pushing changes to GitHub"
     save_to_target_git_repo "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "$GIT_COMMIT_MSG"
-    remove_git_repo_clone "$GITOPS_WORKING_DIR/$GITHUB_REPO"
+    remove_git_repo_clone "${GITOPS_WORKING_DIR}/${GITHUB_REPO}"
   fi
+
+  rm -rf "$TEMP_DIR"
+  echo_h2 "ODH GitOps completed."
 }

From 1d5ec83a2d62b714d3059a6ddfbb6293fcf6c2c8 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Fri, 9 May 2025 12:28:55 +0530
Subject: [PATCH 013/258] update for aibroker

---
 .../functions/gitops_suite_aibroker_install   | 408 ++++++++++++++++++
 .../cluster/instance/ibm-aibroker-yaml.j2     |  72 ++++
 .../src/tasks/gitops/gitops-aibroker.yml.j2   | 244 +++++++++++
 3 files changed, 724 insertions(+)
 create mode 100644 image/cli/mascli/functions/gitops_suite_aibroker_install
 create mode 100644 image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-yaml.j2
 create mode 100644 tekton/src/tasks/gitops/gitops-aibroker.yml.j2

diff --git a/image/cli/mascli/functions/gitops_suite_aibroker_install b/image/cli/mascli/functions/gitops_suite_aibroker_install
new file mode 100644
index 00000000000..38ef1cc20a9
--- /dev/null
+++ b/image/cli/mascli/functions/gitops_suite_aibroker_install
@@ -0,0 +1,408 @@
+#!/usr/bin/env bash
+
+function gitops_suite_aibroker_install_help() {
+  [[ -n "$1" ]] && echo_warning "$1"
+  reset_colors
+  cat << EOM
+Usage:
+  mas gitops-kafka [options]
+Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
+When no options are specified on the command line, interactive-mode will be enabled by default.
+
+Basic Configuration:
+  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                  Account name that the cluster belongs to
+  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                  Cluster ID
+  -i, --Instace-id ${COLOR_YELLOW}INSTANCE_ID${TEXT_RESET}                                                 Instance ID
+
+ibm aibroker(required):
+      --aibroker-namespace ${TEXT_RESET}AIBROKER_NAMESPACE${TEXT_RESET}
+      --mas-instance-id ${TEXT_RESET}MAS_INSTACE_ID${TEXT_RESET}
+      --primary-storage-class ${TEXT_RESET}PRIMARY_STORAGE_CLASS${TEXT_RESET}
+
+minio storage:
+      --mas-aibroker-storage-provider ${TEXT_RESET}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}
+      --mas-aibroker-minio-secret ${TEXT_RESET}MAS_AIBROKER_MINIO_SECRET${TEXT_RESET}
+      --mas-aibroker-storage-accesskey ${TEXT_RESET}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}
+      --mas-aibroker-storage-secretkey ${TEXT_RESET}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}
+      --mas-aibroker-storage-host ${TEXT_RESET}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}
+      --mas-aibroker-storage-port ${TEXT_RESET}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}
+      --mas-aibroker-storage-ssl ${TEXT_RESET}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}
+      --mas-aibroker-storage-region ${TEXT_RESET}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}
+      --mas-aibroker-storage-pipelines-bucket ${TEXT_RESET}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}
+      --mas-aibroker-storage-tenants-bucket ${TEXT_RESET}MAS_AIBROKER_STORAGE_TENANTS_BUCKET${TEXT_RESET}
+      --mas-aibroker-storage-templates-bucket ${TEXT_RESET}MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}
+
+mariadb storage
+      --mas-aibroker-db-host ${TEXT_RESET}MAS_AIBROKER_DB_HOST${TEXT_RESET}
+      --mas-aibroker-mariadb-secret ${TEXT_RESET}MAS_AIBROKER_MARIADB_SECRET${TEXT_RESET}
+      --mas-aibroker-db-port ${TEXT_RESET}MAS_AIBROKER_DB_PORT${TEXT_RESET}
+      --mas-aibroker-db-user ${TEXT_RESET}MAS_AIBROKER_DB_USER${TEXT_RESET}
+      --mas-aibroker-db-database ${TEXT_RESET}MAS_AIBROKER_DB_DATABASE${TEXT_RESET}
+      --mas-aibroker-db-secret-name ${TEXT_RESET}MAS_AIBROKER_DB_SECRET_NAME${TEXT_RESET}
+      --mas-aibroker-db-secret-value ${TEXT_RESET}MAS_AIBROKER_DB_SECRET_VALUE${TEXT_RESET}
+
+sls_dro_jdbc
+      --slscfg-registration-key ${TEXT_RESET}SLSCFG_REGISTRATION_KEY${TEXT_RESET}
+      --drocfg-ca ${TEXT_RESET}DROCFG_CA${TEXT_RESET}
+      --drocfg-registration-key ${TEXT_RESET}DROCFG_REGISTRATION_KEY${TEXT_RESET}
+      --drocfg-url ${TEXT_RESET}DROCFG_URL${TEXT_RESET}
+      --jdbccfg-username ${TEXT_RESET}JDBCCFG_USERNAME${TEXT_RESET}
+      --jdbccfg-password ${TEXT_RESET}JDBCCFG_PASSWORD${TEXT_RESET}
+      --jdbccfg-url ${TEXT_RESET}JDBCCFG_URL${TEXT_RESET}
+      --jdbccfg-sslenabled ${TEXT_RESET}JDBCCFG_SSLENABLED${TEXT_RESET}
+      --jdbccfg-ca ${TEXT_RESET}JDBCCFG_CA${TEXT_RESET}
+
+      --mas-entitlement-key ${TEXT_RESET}MAS_ENTITLEMENT_KEY${TEXT_RESET}
+      --artifactory-username ${TEXT_RESET}ARTIFACTORY_USERNAME${TEXT_RESET}
+      --artifactory-token ${TEXT_RESET}ARTIFACTORY_TOKEN${TEXT_RESET}
+      --mas-app-channel ${TEXT_RESET}MAS_APP_CHANNEL${TEXT_RESET}
+      --mas-catalog-source ${TEXT_RESET}MAS_CATALOG_SOURCE${TEXT_RESET}
+      --mas-icr-cp ${TEXT_RESET}MAS_ICR_CP${TEXT_RESET}
+      --mas-icr-cpopen ${TEXT_RESET}MAS_ICR_CPOPEN${TEXT_RESET}
+      --cluster-domain ${TEXT_RESET}CLUSTER_DOMAIN${TEXT_RESET}
+      --in-saas-env ${TEXT_RESET}IN_SAAS_ENV${TEXT_RESET}
+
+Automatic GitHub Push (Optional):
+  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
+  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
+  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}          Github org for your GitOps repository
+  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
+  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}             Git ssh key path
+  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
+  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
+
+Other Commands:
+  -h, --help                                      Show this help message
+EOM
+  [[ -n "$1" ]] && exit 1 || exit 0
+}
+
+function gitops_dro_noninteractive() {
+  GITOPS_WORKING_DIR=$PWD/working-dir
+  SECRETS_KEY_SEPERATOR="/"
+  GIT_COMMIT_MSG="gitops-aibroker commit"
+
+   #adding default values # all generic values should to put here # check with ansible playbook/gitops anvs 
+   only export below in whiel loop
+
+  export PRIMARY_STORAGE_CLASS=${PRIMARY_STORAGE_CLASS:-"nfs-client"}
+  export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
+  export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
+  export ARTIFACTORY_USERNAME=${ARTIFACTORY_USERNAME:-"pmqcloud@us.ibm.com"}
+  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
+  export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
+  export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
+  export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
+  export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
+  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-sremat-aibroker"}
+  export MAS_INSTACE_ID=${MAS_INSTACE_ID:-"sremat"}
+  export MAS_AIBROKER_WATSONX_SECRET=${MAS_AIBROKER_WATSONX_SECRET:-"sremat-watsonxcfg"}
+  export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"minio"}
+  export MAS_AIBROKER_MINIO_SECRET=${MAS_AIBROKER_MINIO_SECRET:-"minio-secret"}
+  export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
+  export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
+  export MAS_APP_CHANNEL=${MAS_APP_CHANNEL:-"workspace"}
+  export MAS_CATALOG_SOURCE=${MAS_CATALOG_SOURCE:-"ibm-operator-catalog"}
+  export CLUSTER_DOMAIN=${CLUSTER_DOMAIN:-"sremat-test.cp.fyre.ibm.com"}
+  export IN_SAAS_ENV=${IN_SAAS_ENV:-"false"}
+  export MAS_AIBROKER_MARIADB_SECRET=${MAS_AIBROKER_MARIADB_SECRET:-"sremat-mariadbcfge"}
+
+
+  while [[ $# -gt 0 ]]
+  do
+    key="$1"
+    shift
+    case $key in
+      # GitOps Configuration
+      -d|--dir)
+        export GITOPS_WORKING_DIR=$1 && shift
+        ;;
+      -a|--account-id)
+        export ACCOUNT_ID=$1 && shift
+        ;;
+      -c|--cluster-id)
+        export CLUSTER_ID=$1 && shift
+        ;;
+      -i|--instance-id)
+        export INSTANCE_ID=$1 && shift 
+
+      # Secrets Manager
+      --secrets-path)
+        export SECRETS_PATH=$1 && shift
+        ;;
+      --secrets-key-seperator)
+        export SECRETS_KEY_SEPERATOR=$1 && shift
+        ;;
+            --primary-storage-class)
+        export PRIMARY_STORAGE_CLASS=$1 && shift
+        ;;
+      --mas-icr-cp)
+        export MAS_ICR_CP=$1 && shift
+        ;;
+      --mas-icr-cpopen)
+        export MAS_ICR_CPOPEN=$1 && shift
+        ;;
+      --artifactory-username)
+        export ARTIFACTORY_USERNAME=$1 && shift
+        ;;
+      --region-id)
+        export REGION_ID=$1 && shift
+        ;;
+      --minio-namespace)
+        export MINIO_NAMESPACE=$1 && shift
+        ;;
+      --minio-instance-name)
+        export MINIO_INSTANCE_NAME=$1 && shift
+        ;;
+      --minio-storage-size)
+        export MINIO_STORAGE_SIZE=$1 && shift
+        ;;
+      --minio-image)
+        export MINIO_IMAGE=$1 && shift
+        ;;
+      --aibroker-namespace)
+        export AIBROKER_NAMESPACE=$1 && shift
+        ;;
+      --mas-instace-id)
+        export MAS_INSTACE_ID=$1 && shift
+        ;;
+      --mas-aibroker-watsonx-secret)
+        export MAS_AIBROKER_WATSONX_SECRET=$1 && shift
+        ;;
+      --mas-aibroker-storage-provider)
+        export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
+        ;;
+      --mas-aibroker-minio-secret)
+        export MAS_AIBROKER_MINIO_SECRET=$1 && shift
+        ;;
+      --mas-aibroker-storage-ssl)
+        export MAS_AIBROKER_STORAGE_SSL=$1 && shift
+        ;;
+      --mas-aibroker-storage-region)
+        export MAS_AIBROKER_STORAGE_REGION=$1 && shift
+        ;;
+      --mas-app-channel)
+        export MAS_APP_CHANNEL=$1 && shift
+        ;;
+      --mas-catalog-source)
+        export MAS_CATALOG_SOURCE=$1 && shift
+        ;;
+      --cluster-domain)
+        export CLUSTER_DOMAIN=$1 && shift
+        ;;
+      --in-saas-env)
+        export IN_SAAS_ENV=$1 && shift
+        ;;
+      --mas-aibroker-mariadb-secret)
+        export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
+        ;;
+
+      # Automatic GitHub Push
+      -P|--github-push)
+        export GITHUB_PUSH=true
+        ;;
+      -H|--github-host)
+        export GITHUB_HOST=$1 && shift
+        ;;
+      -O|--github-org)
+        export GITHUB_ORG=$1 && shift
+        ;;
+      -R|--github-repo)
+        export GITHUB_REPO=$1 && shift
+        ;;
+      -B|--git-branch)
+        export GIT_BRANCH=$1 && shift
+        ;;
+      -M|--git-commit-msg)
+        export GIT_COMMIT_MSG=$1 && shift
+        ;;
+
+      # Other Commands
+      -h|--help)
+        gitops_aibroker_help
+        ;;
+      *)
+        # unknown option
+        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
+        gitops_aibroker_help  "Usage Error: Unsupported option \"${key}\" "
+        exit 1
+        ;;
+      esac
+  done
+
+
+  [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_help "CLUSTER_ID is not set"
+  //need to ask for instace id
+  [[ -z "$INSTANCE_ID" ]] && gitops_aibroker_help "INSTANCE_ID is not set"
+  [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
+
+   if [[ "$GITHUB_PUSH" == "true" ]]; then
+    [[ -z "$GITHUB_HOST" ]] && gitops_aibroker_help "GITHUB_HOST is not set"
+    [[ -z "$GITHUB_ORG" ]] && gitops_aibroker_help "GITHUB_ORG is not set"
+    [[ -z "$GITHUB_REPO" ]] && gitops_aibroker_help "GITHUB_REPO is not set"
+    [[ -z "$GIT_BRANCH" ]] && gitops_aibroker_help "GIT_BRANCH is not set"
+    [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_aibroker_help "PRIMARY_STORAGE_CLASS is not set"
+    [[ -z "$MAS_ICR_CP" ]] && gitops_aibroker_help "MAS_ICR_CP is not set"
+    [[ -z "$MAS_ICR_CPOPEN" ]] && gitops_aibroker_help "MAS_ICR_CPOPEN is not set"
+    [[ -z "$ARTIFACTORY_USERNAME" ]] && gitops_aibroker_help "ARTIFACTORY_USERNAME is not set"
+    [[ -z "$REGION_ID" ]] && gitops_aibroker_help "REGION_ID is not set"
+    [[ -z "$MINIO_NAMESPACE" ]] && gitops_aibroker_help "MINIO_NAMESPACE is not set"
+    [[ -z "$MINIO_INSTANCE_NAME" ]] && gitops_aibroker_help "MINIO_INSTANCE_NAME is not set"
+    [[ -z "$MINIO_STORAGE_SIZE" ]] && gitops_aibroker_help "MINIO_STORAGE_SIZE is not set"
+    [[ -z "$MINIO_IMAGE" ]] && gitops_aibroker_help "MINIO_IMAGE is not set"
+    [[ -z "$AIBROKER_NAMESPACE" ]] && gitops_aibroker_help "AIBROKER_NAMESPACE is not set"
+    [[ -z "$MAS_INSTACE_ID" ]] && gitops_aibroker_help "MAS_INSTACE_ID is not set"
+    [[ -z "$MAS_AIBROKER_WATSONX_SECRET" ]] && gitops_aibroker_help "MAS_AIBROKER_WATSONX_SECRET is not set"
+    [[ -z "$MAS_AIBROKER_STORAGE_PROVIDER" ]] && gitops_aibroker_help "MAS_AIBROKER_STORAGE_PROVIDER is not set"
+    [[ -z "$MAS_AIBROKER_MINIO_SECRET" ]] && gitops_aibroker_help "MAS_AIBROKER_MINIO_SECRET is not set"
+    [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_help "MAS_AIBROKER_STORAGE_SSL is not set"
+    [[ -z "$MAS_AIBROKER_STORAGE_REGION" ]] && gitops_aibroker_help "MAS_AIBROKER_STORAGE_REGION is not set"
+    [[ -z "$MAS_APP_CHANNEL" ]] && gitops_aibroker_help "MAS_APP_CHANNEL is not set"
+    [[ -z "$MAS_CATALOG_SOURCE" ]] && gitops_aibroker_help "MAS_CATALOG_SOURCE is not set"
+    [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_help "CLUSTER_DOMAIN is not set"
+    [[ -z "$IN_SAAS_ENV" ]] && gitops_aibroker_help "IN_SAAS_ENV is not set"
+    [[ -z "$MAS_AIBROKER_MARIADB_SECRET" ]] && gitops_aibroker_help "MAS_AIBROKER_MARIADB_SECRET is not set"
+
+  fi
+
+# add validation below like above  for those variable which have the value needed for further execution
+
+
+
+}
+
+function gitops_aibroker() {
+  # Take the first parameter off (it will be create-gitops)
+  shift
+  if [[ $# -gt 0 ]]; then
+    gitops_aibroker_noninteractive "$@"
+  else
+    echo "Not supported yet"
+    exit 1
+    gitops_aibroker_interactive
+  fi
+
+  # catch errors
+  set -o pipefail
+  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
+
+  rm -rf $GITOPS_WORKING_DIR
+  mkdir -p ${GITOPS_WORKING_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}
+  TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-aibroker
+  mkdir -p ${TEMP_DIR}
+  echo
+  reset_colors
+  echo_h2 "Review Settings"
+
+  echo "${TEXT_DIM}"
+  echo_h2 "Target" "    "
+  echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}"
+  echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}"
+  reset_colors
+
+  #echo all the variables ofgitops+envs
+echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+echo_reset_dim "AI Broker Namespace ................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
+echo_reset_dim "MAS AI Broker WatsonX Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONX_SECRET}"
+echo_reset_dim "Pull Secret Name ...................... ${COLOR_MAGENTA}${PULL_SECRET_NAME}"
+
+# Storage variables
+echo_reset_dim "MAS AI Broker Storage Provider ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
+echo_reset_dim "MAS AI Broker MinIO Secret ............ ${COLOR_MAGENTA}${MAS_AIBROKER_MINIO_SECRET}"
+echo_reset_dim "MAS AI Broker Storage Access Key ...... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
+echo_reset_dim "MAS AI Broker Storage Secret Key ...... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
+echo_reset_dim "MAS AI Broker Storage Host ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_HOST}"
+echo_reset_dim "MAS AI Broker Storage Port ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PORT}"
+echo_reset_dim "MAS AI Broker Storage SSL ............. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
+echo_reset_dim "MAS AI Broker Storage Region .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_REGION}"
+echo_reset_dim "MAS AI Broker Pipelines Bucket ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
+echo_reset_dim "MAS AI Broker Tenants Bucket .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
+echo_reset_dim "MAS AI Broker Templates Bucket ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
+echo_reset_dim "MAS AI Broker DB Host ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_HOST}"
+echo_reset_dim "MAS AI Broker MariaDB Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_MARIADB_SECRET}"
+echo_reset_dim "MAS AI Broker DB Port ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_PORT}"
+echo_reset_dim "MAS AI Broker DB User ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_USER}"
+echo_reset_dim "MAS AI Broker DB Database ............. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_DATABASE}"
+echo_reset_dim "MAS AI Broker DB Secret Name .......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_NAME}"
+echo_reset_dim "MAS AI Broker DB Secret Value ......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_VALUE}"
+echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
+echo_reset_dim "MAS AI Broker DB Host ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_HOST}"
+echo_reset_dim "MAS AI Broker MariaDB Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_MARIADB_SECRET}"
+echo_reset_dim "MAS AI Broker DB Port ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_PORT}"
+echo_reset_dim "MAS AI Broker DB User ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_USER}"
+echo_reset_dim "MAS AI Broker DB Database ............. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_DATABASE}"
+echo_reset_dim "MAS AI Broker DB Secret Name .......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_NAME}"
+echo_reset_dim "MAS AI Broker DB Secret Value ......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_VALUE}"
+echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
+
+
+
+  AVP_TYPE=aws  # Support for IBM will be added later
+  sm_login
+  # update those varialbe which are necessory to be updated into aws ,
+  # check if those are already present
+  # and update them
+  # finally get values into tempalte
+  # push them on github repo ,
+  # final output
+  # updated var in sm
+  # and git repo
+  
+  # Define cluster-level secrets used
+  # ---------------------------------------------------------------------------
+  # Note that SECRET_KEY_IBM_ENTITLEMENT cluster-level secret is set up by gitops-cluster
+  export SECRET_KEY_IBM_ENTITLEMENT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#entitlement_key
+  
+  
+
+  if [ -z $GIT_SSH ]; then
+    export GIT_SSH=false
+  fi
+
+
+  # Set and Validate App Names
+  # ---------------------------------------------------------------------------
+  ROOT_APP_NAME="root.${ACCOUNT_ID}"
+  CLUSTER_APP_NAME="cluster.${CLUSTER_ID}"
+  AIBROKER_APP_NAME="dro.${CLUSTER_ID}"
+
+  validate_app_name "${ROOT_APP_NAME}"
+  validate_app_name "${CLUSTER_APP_NAME}"
+  validate_app_name "${DRO_APP_NAME}"
+
+
+  # Clone github target repo
+  # ---------------------------------------------------------------------------
+  if [ "$GITHUB_PUSH" == "true" ]; then
+    echo
+    echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+    clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+  fi
+  mkdir -p ${GITOPS_CLUSTER_DIR}
+
+
+  # Generate ArgoApps
+  # ---------------------------------------------------------------------------
+  echo
+  echo_h2 "Generating dro operator Applications"
+  echo "- aibroker operator"
+
+  export IBM_ENTITLEMENT_KEY=$SECRET_KEY_IBM_ENTITLEMENT
+
+  echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-dro.yaml"
+  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-mas-aibroker-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-aibroker-install.yaml
+
+  # Commit and push to github target repo
+  # ---------------------------------------------------------------------------
+  if [ "$GITHUB_PUSH" == "true" ]; then
+    echo
+    echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+    save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
+    remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
+  fi
+
+  # Get generated DRO API Token and set it in AWS SM
+  # ---------------------------------------------------------------------------
+  # This is now handled by a postsync job in the ibm-dro chart
+}
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-yaml.j2
new file mode 100644
index 00000000000..84fdbb9c795
--- /dev/null
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-yaml.j2
@@ -0,0 +1,72 @@
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ INSTANCE_ID }}"
+
+ibm_aibroker:
+  mas_instance_id: "sremat"
+  aibroker_namespace: "mas-sremat-aibroker"
+  mas_aibroker_watsonx_secret: "sremat-watsonxcfg"
+  pull_secret_name: "<path:arn:aws:secretsmanager:us-east-2:435377327995:secret:fyre-sre-dev/sremat-test/ibm_entitlement#image_pull_secret_b64>"
+
+  # Storage vars
+  mas_aibroker_storage_provider: "minio"
+  mas_aibroker_minio_secret: "minio-secret"
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}/minio#sm_minio_accesskey>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}/minio##sm_minio_host>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}/minio#sm_minio_port>"
+  mas_aibroker_storage_ssl: "true"
+  mas_aibroker_storage_region: ""
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}/minio##sm_minio_bucket_default>"
+  mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}/minio##sm_minio_bucket_tenants>"
+  mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}/minio##sm_minio_bucket_templates>"
+  
+  # MariaDB
+  mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_host>"
+  mas_aibroker_mariadb_secret: "sremat-mariadbcfg"
+  mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_port>"
+
+  mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_user>"
+
+  mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_database>"
+
+  mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_secret_name>"
+
+  mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_secret_value>"
+
+
+  primary_storage_class: "nfs-client"
+
+  #SLS
+  slscfg_registration_key: "<path:{{ SECRETS_PATH }}/sls#slscfg_registration_key>"
+
+  #DRO
+  drocfg_ca: "<path:{{ SECRETS_PATH }}//dro#drocfg_ca>"
+  drocfg_registration_key: "<path:{{ SECRETS_PATH }}/dro#drocfg_registration_key>"
+  drocfg_url: "<path:{{ SECRETS_PATH }}/dro#drocfg_url>"
+
+  #JDBC
+  jdbccfg_username: "<path:{{ SECRETS_PATH }}/jdbc#jdbccfg_username>"
+  jdbccfg_password: "<path:{{ SECRETS_PATH }}/#jdbccfg_password>"
+  jdbccfg_url:"<path:{{ SECRETS_PATH }}/jdbc#jdbccfg_url>"
+  jdbccfg_sslenabled:"<path:{{ SECRETS_PATH }}/jdbc#jdbccfg_sslenabled>"
+  jdbccfg_ca: "<path:{{ SECRETS_PATH }}/jdbc#jdbccfg_ca>"
+
+
+  # MAS Entitlement
+  mas_entitlement_key:"<path:{{ SECRETS_PATH }}/ibm_entitlement#entitlement_key>"
+  
+  # Development Registry Entitlement
+  artifactory_username: "pmqcloud@us.ibm.com"
+  artifactory_token: "<path:{{ SECRETS_PATH }}/ibm_entitlement#aibroker_image_pull_secret_b64>"
+  # Environment Variable:
+  mas_app_channel: "workspace"
+  # mas_app_channel: "9.1.x-dev"
+  mas_catalog_source: "ibm-operator-catalog"
+
+  # Source container registry
+  # -----------------------------------------------------------------------------
+  # mas_icr_cp: "cp.icr.io/cp"
+  # mas_icr_cpopen: "icr.io/cpopen"
+  mas_icr_cp: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"
+  mas_icr_cpopen: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"
+
+  cluster_domain: "sremat-test.cp.fyre.ibm.com"
+  in_saas_env: "false"
\ No newline at end of file
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
new file mode 100644
index 00000000000..74a0e8adf89
--- /dev/null
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -0,0 +1,244 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: gitops-aibroker
+spec:
+  params:
+    - name: cluster_name
+      type: string
+    - name: account
+      type: string
+    - name: cluster_url
+      type: string
+      default: ""
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+    - name: mas_instance_id
+      type: string
+    - name: aibroker_namespace
+      type: string
+    - name: mas_aibroker_watsonx_secret
+      type: string
+    - name: pull_secret_name
+      type: string
+    - name: mas_aibroker_storage_provider
+      type: string
+    - name: mas_aibroker_minio_secret
+      type: string
+    - name: mas_aibroker_storage_accesskey
+      type: string
+    - name: mas_aibroker_storage_secretkey
+      type: string
+    - name: mas_aibroker_storage_host
+      type: string
+    - name: mas_aibroker_storage_port
+      type: string
+    - name: mas_aibroker_storage_ssl
+      type: string
+    - name: mas_aibroker_storage_region
+      type: string
+    - name: mas_aibroker_storage_pipelines_bucket
+      type: string
+    - name: mas_aibroker_storage_tenants_bucket
+      type: string
+    - name: mas_aibroker_storage_templates_bucket
+      type: string
+    - name: mas_aibroker_db_host
+      type: string
+    - name: mas_aibroker_mariadb_secret
+      type: string
+    - name: mas_aibroker_db_port
+      type: string
+    - name: mas_aibroker_db_user
+      type: string
+    - name: mas_aibroker_db_database
+      type: string
+    - name: mas_aibroker_db_secret_name
+      type: string
+    - name: mas_aibroker_db_secret_value
+      type: string
+    - name: primary_storage_class
+      type: string
+    - name: slscfg_registration_key
+      type: string
+    - name: drocfg_ca
+      type: string
+    - name: drocfg_registration_key
+      type: string
+    - name: drocfg_url
+      type: string
+    - name: jdbccfg_username
+      type: string
+    - name: jdbccfg_password
+      type: string
+    - name: jdbccfg_url
+      type: string
+    - name: jdbccfg_sslenabled
+      type: string
+    - name: jdbccfg_ca
+      type: string
+    - name: mas_entitlement_key
+      type: string
+    - name: artifactory_username
+      type: string
+    - name: artifactory_token
+      type: string
+    - name: mas_app_channel
+      type: string
+    - name: mas_catalog_source
+      type: string
+    - name: mas_icr_cp
+      type: string
+    - name: mas_icr_cpopen
+      type: string
+    - name: cluster_domain
+      type: string
+    - name: in_saas_env
+      type: string
+
+  stepTemplate:
+    name: gitops-aibroker
+    env:
+      - name: CLUSTER_NAME
+        value: $(params.cluster_name)
+      - name: ACCOUNT
+        value: $(params.account)
+      - name: CLUSTER_URL
+        value: $(params.cluster_url)
+      - name: SECRET_PATH
+        value: $(params.secrets_path)
+      - name: SM_AWS_REGION
+        value: $(params.avp_aws_secret_region)
+      - name: GIT_BRANCH
+        value: $(params.git_branch)
+      - name: GITHUB_ORG
+        value: $(params.github_org)
+      - name: GITHUB_HOST
+        value: $(params.github_host)
+      - name: GITHUB_REPO
+        value: $(params.github_repo)
+      - name: MAS_INSTANCE_ID
+        value: $(params.mas_instance_id)
+      - name: AIBROKER_NAMESPACE
+        value: $(params.aibroker_namespace)
+      - name: MAS_AIBROKER_WATSONX_SECRET
+        value: $(params.mas_aibroker_watsonx_secret)
+      - name: PULL_SECRET_NAME
+        value: $(params.pull_secret_name)
+      - name: MAS_AIBROKER_STORAGE_PROVIDER
+        value: $(params.mas_aibroker_storage_provider)
+      - name: MAS_AIBROKER_MINIO_SECRET
+        value: $(params.mas_aibroker_minio_secret)
+      - name: MAS_AIBROKER_STORAGE_ACCESSKEY
+        value: $(params.mas_aibroker_storage_accesskey)
+      - name: MAS_AIBROKER_STORAGE_SECRETKEY
+        value: $(params.mas_aibroker_storage_secretkey)
+      - name: MAS_AIBROKER_STORAGE_HOST
+        value: $(params.mas_aibroker_storage_host)
+      - name: MAS_AIBROKER_STORAGE_PORT
+        value: $(params.mas_aibroker_storage_port)
+      - name: MAS_AIBROKER_STORAGE_SSL
+        value: $(params.mas_aibroker_storage_ssl)
+      - name: MAS_AIBROKER_STORAGE_REGION
+        value: $(params.mas_aibroker_storage_region)
+      - name: MAS_AIBROKER_STORAGE_PIPELINES_BUCKET
+        value: $(params.mas_aibroker_storage_pipelines_bucket)
+      - name: MAS_AIBROKER_STORAGE_TENANTS_BUCKET
+        value: $(params.mas_aibroker_storage_tenants_bucket)
+      - name: MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET
+        value: $(params.mas_aibroker_storage_templates_bucket)
+      - name: MAS_AIBROKER_DB_HOST
+        value: $(params.mas_aibroker_db_host)
+      - name: MAS_AIBROKER_MARIADB_SECRET
+        value: $(params.mas_aibroker_mariadb_secret)
+      - name: MAS_AIBROKER_DB_PORT
+        value: $(params.mas_aibroker_db_port)
+      - name: MAS_AIBROKER_DB_USER
+        value: $(params.mas_aibroker_db_user)
+      - name: MAS_AIBROKER_DB_DATABASE
+        value: $(params.mas_aibroker_db_database)
+      - name: MAS_AIBROKER_DB_SECRET_NAME
+        value: $(params.mas_aibroker_db_secret_name)
+      - name: MAS_AIBROKER_DB_SECRET_VALUE
+        value: $(params.mas_aibroker_db_secret_value)
+      - name: PRIMARY_STORAGE_CLASS
+        value: $(params.primary_storage_class)
+      - name: SLSCFG_REGISTRATION_KEY
+        value: $(params.slscfg_registration_key)
+      - name: DROCFG_CA
+        value: $(params.drocfg_ca)
+      - name: DROCFG_REGISTRATION_KEY
+        value: $(params.drocfg_registration_key)
+      - name: DROCFG_URL
+        value: $(params.drocfg_url)
+      - name: JDBCCFG_USERNAME
+        value: $(params.jdbccfg_username)
+      - name: JDBCCFG_PASSWORD
+        value: $(params.jdbccfg_password)
+      - name: JDBCCFG_URL
+        value: $(params.jdbccfg_url)
+      - name: JDBCCFG_SSLENABLED
+        value: $(params.jdbccfg_sslenabled)
+      - name: JDBCCFG_CA
+        value: $(params.jdbccfg_ca)
+      - name: MAS_ENTITLEMENT_KEY
+        value: $(params.mas_entitlement_key)
+      - name: ARTIFACTORY_USERNAME
+        value: $(params.artifactory_username)
+      - name: ARTIFACTORY_TOKEN
+        value: $(params.artifactory_token)
+      - name: MAS_APP_CHANNEL
+        value: $(params.mas_app_channel)
+      - name: MAS_CATALOG_SOURCE
+        value: $(params.mas_catalog_source)
+      - name: MAS_ICR_CP
+        value: $(params.mas_icr_cp)
+      - name: MAS_ICR_CPOPEN
+        value: $(params.mas_icr_cpopen)
+      - name: CLUSTER_DOMAIN
+        value: $(params.cluster_domain)
+      - name: IN_SAAS_ENV
+        value: $(params.in_saas_env)
+    envFrom:
+      - configMapRef:
+          name: environment-properties
+          optional: true
+      - secretRef:
+          name: secure-properties
+  steps:
+    - args:
+      - |-
+        git config --global user.name "MAS Automation"
+        git config --global user.email "you@example.com"
+        git config --global user.password $GITHUB_PAT
+
+        mkdir -p /tmp/init-aibroker
+        mas gitops-aibroker -a $ACCOUNT -c $CLUSTER_NAME \
+        --secrets-path $SECRET_PATH \
+        --dir /tmp/init-aibroker \
+        --github-push \
+        --github-host $GITHUB_HOST \
+        --github-org  $GITHUB_ORG \
+        --github-repo $GITHUB_REPO \
+        --git-branch $GIT_BRANCH
+
+        exit $?
+      command:
+        - /bin/sh
+        - -c
+      name: gitops-aibroker
+      imagePullPolicy: IfNotPresent
+      image: quay.io/ibmmas/cli:latest
+  workspaces:
+    - name: configs

From f2ab4b1eb6c81dbda024afa9402dc5e3956d01d9 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Fri, 9 May 2025 11:10:46 +0530
Subject: [PATCH 014/258] cherry-pick d75748e7ff conflict

---
 image/cli/mascli/functions/gitops_odh | 75 +++++++++++++++++++++++++--
 1 file changed, 71 insertions(+), 4 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index b9f56cecc36..a18746c24cf 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -96,6 +96,9 @@ EOM
 
 
 function gitops_odh_noninteractive() {
+  GITOPS_WORKING_DIR=$PWD/working-dir  
+  SECRETS_KEY_SEPERATOR="/"
+  GIT_COMMIT_MSG="gitops-minio commit"
   GIT_COMMIT_MSG="gitops-odh commit"
   while [[ $# -gt 0 ]]; do
     key="$1"; shift
@@ -104,6 +107,45 @@ function gitops_odh_noninteractive() {
       -a|--account-id) export ACCOUNT_ID="$1"; shift ;;
       -c|--cluster-id) export CLUSTER_ID="$1"; shift ;;
       -m|--mas-instance-id) export MAS_INSTANCE_ID="$1"; shift ;;
+      # AWS Secrets Manager Configuration
+      --sm-aws-secret-region)
+        export SM_AWS_REGION=$1
+        export REGION_ID=$1
+        shift
+        ;;
+      --sm-aws-access-key)
+        export SM_AWS_ACCESS_KEY_ID=$1 && shift
+        ;;
+      --sm-aws-secret-key)
+        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
+        ;;
+      --secrets-path)
+        export SECRETS_PATH=$1 && shift
+        ;;
+
+            # Automatic GitHub Push
+      -P|--github-push)
+        export GITHUB_PUSH=true
+        ;;
+      -H|--github-host)
+        export GITHUB_HOST=$1 && shift
+        ;;
+      -O|--github-org)
+        export GITHUB_ORG=$1 && shift
+        ;;
+      -R|--github-repo)
+        export GITHUB_REPO=$1 && shift
+        ;;
+      -S|--github-ssh)
+        export GIT_SSH=$1 && shift
+        ;;
+      -B|--git-branch)
+        export GIT_BRANCH=$1 && shift
+        ;;
+      -M|--git-commit-msg)
+        export GIT_COMMIT_MSG=$1 && shift
+        ;;
+
 
       # ODH
       --odh-channel) export ODH_CHANNEL="$1"; shift ;;
@@ -263,11 +305,37 @@ function gitops_odh() {
 
   # Set up secret key and fetch secret
   export MAS_CONFIG_DIR="$TEMP_DIR"
-  export ODH_SECRET="odh${SECRETS_KEY_SEPERATOR}${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${MAS_INSTANCE_ID}"
+  export ODH_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio"
   export ODH_SECRET_FILE="$TEMP_DIR/odh-secret.json"
 
   sm_get_secret_file "$ODH_SECRET" "$ODH_SECRET_FILE"
 
+  # Reuse existing secret values if present
+  TEMP_MINIO_ACCESS_KEY=$(jq -r .sm_minio_accesskey "$ODH_SECRET_FILE")
+  if [[ -n ${TEMP_MINIO_ACCESS_KEY} ]]; then
+    export MINIO_ACCESS_KEY="${TEMP_MINIO_ACCESS_KEY}"
+    echo "gitops_odh : MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY:0:3}<snip> is available in the secret, using existing value."
+  fi
+
+  TEMP_MINIO_SECRET_KEY=$(jq -r .sm_minio_secretkey "$ODH_SECRET_FILE")
+  if [[ -n ${TEMP_MINIO_SECRET_KEY} ]]; then
+    export MINIO_SECRET_KEY="${TEMP_MINIO_SECRET_KEY}"
+    echo "gitops_odh : MINIO_SECRET_KEY=${MINIO_SECRET_KEY:0:3}<snip> is available in the secret, using existing value."
+  fi
+
+  TEMP_MARIADB_USER=$(jq -r .sm_mariadb_user "$ODH_SECRET_FILE")
+  if [[ -n ${TEMP_MARIADB_USER} ]]; then
+    export MARIADB_USER="${TEMP_MARIADB_USER}"
+    echo "gitops_odh : MARIADB_USER=${MARIADB_USER} is available in the secret, using existing value."
+  fi
+
+  TEMP_MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$ODH_SECRET_FILE")
+  if [[ -n ${TEMP_MARIADB_SECRET_VALUE} ]]; then
+    export MARIADB_SECRET_VALUE="${TEMP_MARIADB_SECRET_VALUE}"
+    echo "gitops_odh : MARIADB_SECRET_VALUE=${MARIADB_SECRET_VALUE:0:4}<snip> is available in the secret, using existing value."
+  fi
+
+
   # Extract and export secrets
   export MINIO_ACCESS_KEY=$(jq -r .sm_minio_accesskey "$ODH_SECRET_FILE")
   export MINIO_SECRET_KEY=$(jq -r .sm_minio_secretkey "$ODH_SECRET_FILE")
@@ -291,11 +359,10 @@ function gitops_odh() {
 
   # Render YAML
   echo_h2 "Generating OpenDataHub GitOps YAML"
+  echo "${TEMP_DIR}"
   echo "Output: ${TEMP_DIR}/ibm-mas-odh-install.yaml"
 
-  jinjanate_commmon \
-    "$CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2" \
-    "${TEMP_DIR}/ibm-mas-odh-install.yaml"
+  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 ${TEMP_DIR}/ibm-mas-odh-install.yaml
 
   # Collect info block for secret update
   yq eval '.' "${TEMP_DIR}/ibm-mas-odh-install.yaml" > "${TEMP_DIR}/odh-info.yaml"

From e066ca1a9df04419219ee06ea5b6ab3eabd0e642 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Fri, 9 May 2025 15:28:57 +0530
Subject: [PATCH 015/258] cherry-pick bc5c7cb4d0 conflict

---
 .../functions/gitops_suite_aibroker_install   | 70 +++++++++++--------
 image/cli/mascli/mas                          |  8 +++
 .../src/tasks/gitops/gitops-aibroker.yml.j2   |  1 +
 3 files changed, 50 insertions(+), 29 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_suite_aibroker_install b/image/cli/mascli/functions/gitops_suite_aibroker_install
index 38ef1cc20a9..578d5895103 100644
--- a/image/cli/mascli/functions/gitops_suite_aibroker_install
+++ b/image/cli/mascli/functions/gitops_suite_aibroker_install
@@ -340,36 +340,48 @@ echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMAR
 
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
-  # update those varialbe which are necessory to be updated into aws ,
-  # check if those are already present
-  # and update them
-  # finally get values into tempalte
-  # push them on github repo ,
-  # final output
-  # updated var in sm
-  # and git repo
-  
-  # Define cluster-level secrets used
-  # ---------------------------------------------------------------------------
-  # Note that SECRET_KEY_IBM_ENTITLEMENT cluster-level secret is set up by gitops-cluster
-  export SECRET_KEY_IBM_ENTITLEMENT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#entitlement_key
-  
-  
+  # update those varialbe which are necessory to be updated into aws , 
 
-  if [ -z $GIT_SSH ]; then
-    export GIT_SSH=false
-  fi
+  # pull_secret_name
+  export image_pull_secret_b64=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#image_pull_secret_b64
+  # mas_aibroker_storage_accesskey
+  export SM_MINIO_ACCESSKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_accesskey
+  # mas_aibroker_storage_secretkey
+  export SM_MINIO_SECRETKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_secretkey
+  # mas_aibroker_storage_host
+  export SM_MINIO_HOST=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_host
+  # mas_aibroker_storage_port
+  export SM_MINIO_PORT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_port
+  # mas_aibroker_storage_templates_bucket
+  export SM_MINIO_BUCKET_TEMPLATES=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_templates
+  # mas_aibroker_storage_tenants_bucket
+  export SM_MINIO_BUCKET_TENANTS=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_tenants
+  # mas_aibroker_storage_pipelines_bucket
+  export SM_MINIO_BUCKET_PIPELINES=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_pipelines
+  # check if those are already present 
+  # and update them 
 
+  # finally get values into tempalte 
+  # push them on github repo , 
 
-  # Set and Validate App Names
-  # ---------------------------------------------------------------------------
-  ROOT_APP_NAME="root.${ACCOUNT_ID}"
-  CLUSTER_APP_NAME="cluster.${CLUSTER_ID}"
-  AIBROKER_APP_NAME="dro.${CLUSTER_ID}"
+  # final output 
+  # updated var in sm 
+  # and git repo 
+
+
+  # sm_update_secret and need to pss secrert | idempotent
+  ESCAPED_INFO=${UNESCAPED_INFO//\"/\\\"}
+  ESCAPED_INFO=${ESCAPED_INFO//$'\n'/\\n}
+  TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_kmodel\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
+  # Auth necessary for kmodel ???
+  # sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$SECRET_KEY_MINIO_USER\", \"password\": \"$SECRET_KEY_MINIO_PASSWORD\"}" "${TAGS}"
 
-  validate_app_name "${ROOT_APP_NAME}"
-  validate_app_name "${CLUSTER_APP_NAME}"
-  validate_app_name "${DRO_APP_NAME}"
+
+
+
+  if [ -z $GIT_SSH ]; then
+    export GIT_SSH=false
+  fi
 
 
   # Clone github target repo
@@ -385,13 +397,13 @@ echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMAR
   # Generate ArgoApps
   # ---------------------------------------------------------------------------
   echo
-  echo_h2 "Generating dro operator Applications"
+  echo_h2 "Generating aibroker operator Applications"
   echo "- aibroker operator"
 
   export IBM_ENTITLEMENT_KEY=$SECRET_KEY_IBM_ENTITLEMENT
 
-  echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-dro.yaml"
-  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-mas-aibroker-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-aibroker-install.yaml
+  echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml"
+  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-mas-aibroker-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml
 
   # Commit and push to github target repo
   # ---------------------------------------------------------------------------
diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index f1b9a1f2375..e3b8ce3178b 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -853,6 +853,14 @@ case $1 in
     gitops_minio "$@"
     ;;
 
+  gitops-aibroker)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite Minio Manager (v${VERSION})${TEXT_RESET}"
+    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
+    echo
+    reset_colors
+    gitops_aibroker "$@"
+    ;;
+
   *)
     echo "unknown parameter $1"
     exit 1
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 74a0e8adf89..3c8c279157e 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -216,6 +216,7 @@ spec:
           optional: true
       - secretRef:
           name: secure-properties
+  
   steps:
     - args:
       - |-

From 4c9353f590d1c185704252eee8bc039decad0cce Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Fri, 9 May 2025 16:00:18 +0530
Subject: [PATCH 016/258] update aib

---
 .../functions/gitops_suite_aibroker_install   | 224 ++++++++++++++++++
 .../src/tasks/gitops/gitops-aibroker.yml.j2   |   1 +
 2 files changed, 225 insertions(+)

diff --git a/image/cli/mascli/functions/gitops_suite_aibroker_install b/image/cli/mascli/functions/gitops_suite_aibroker_install
index 578d5895103..45f841a1d9f 100644
--- a/image/cli/mascli/functions/gitops_suite_aibroker_install
+++ b/image/cli/mascli/functions/gitops_suite_aibroker_install
@@ -81,19 +81,28 @@ function gitops_dro_noninteractive() {
   GITOPS_WORKING_DIR=$PWD/working-dir
   SECRETS_KEY_SEPERATOR="/"
   GIT_COMMIT_MSG="gitops-aibroker commit"
+<<<<<<< Updated upstream
 
    #adding default values # all generic values should to put here # check with ansible playbook/gitops anvs 
    only export below in whiel loop
 
+=======
+>>>>>>> Stashed changes
   export PRIMARY_STORAGE_CLASS=${PRIMARY_STORAGE_CLASS:-"nfs-client"}
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
   export ARTIFACTORY_USERNAME=${ARTIFACTORY_USERNAME:-"pmqcloud@us.ibm.com"}
   export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
+<<<<<<< Updated upstream
+=======
+
+  #adding default values 
+>>>>>>> Stashed changes
   export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
   export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
   export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
   export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
+<<<<<<< Updated upstream
   export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-sremat-aibroker"}
   export MAS_INSTACE_ID=${MAS_INSTACE_ID:-"sremat"}
   export MAS_AIBROKER_WATSONX_SECRET=${MAS_AIBROKER_WATSONX_SECRET:-"sremat-watsonxcfg"}
@@ -106,6 +115,8 @@ function gitops_dro_noninteractive() {
   export CLUSTER_DOMAIN=${CLUSTER_DOMAIN:-"sremat-test.cp.fyre.ibm.com"}
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"false"}
   export MAS_AIBROKER_MARIADB_SECRET=${MAS_AIBROKER_MARIADB_SECRET:-"sremat-mariadbcfge"}
+=======
+>>>>>>> Stashed changes
 
 
   while [[ $# -gt 0 ]]
@@ -133,6 +144,7 @@ function gitops_dro_noninteractive() {
       --secrets-key-seperator)
         export SECRETS_KEY_SEPERATOR=$1 && shift
         ;;
+<<<<<<< Updated upstream
             --primary-storage-class)
         export PRIMARY_STORAGE_CLASS=$1 && shift
         ;;
@@ -169,12 +181,23 @@ function gitops_dro_noninteractive() {
       --mas-aibroker-watsonx-secret)
         export MAS_AIBROKER_WATSONX_SECRET=$1 && shift
         ;;
+=======
+
+      # MAS
+      -m|--mas-instance-id)
+        export MAS_INSTACE_ID=$1 && shift
+        ;;
+
+    
+    	# MINIO 
+>>>>>>> Stashed changes
       --mas-aibroker-storage-provider)
         export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
         ;;
       --mas-aibroker-minio-secret)
         export MAS_AIBROKER_MINIO_SECRET=$1 && shift
         ;;
+<<<<<<< Updated upstream
       --mas-aibroker-storage-ssl)
         export MAS_AIBROKER_STORAGE_SSL=$1 && shift
         ;;
@@ -197,6 +220,145 @@ function gitops_dro_noninteractive() {
         export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
         ;;
 
+=======
+      --mas-aibroker-storage-accesskey)
+        export MAS_AIBROKER_STORAGE_ACCESSKEY=$1 && shift
+        ;;
+      --mas-aibroker-storage-secretkey)
+        export mas-aibroker-storage-secretkey=$1 && shift
+        ;;
+      
+      --mas-aibroker-storage-host)
+        export MAS_AIBROKER_STORAGE_HOST=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-port)
+        export MAS_AIBROKER_STORAGE_PORT=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-ssl)
+        export MAS_AIBROKER_STORAGE_SSL=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-region)
+        export MAS_AIBROKER_STORAGE_REGION=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-pipelines-bucket)
+        export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-tenants-bucket)
+          export MAS_AIBROKER_STORAGE_TENANTS_BUCKET=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-templates-bucket)
+          export MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET=$1 && shift
+        ;;
+
+
+      --mas-aibroker-db-host)
+          export MAS_AIBROKER_DB_HOST=$1 && shift
+        ;;
+
+      --mas-aibroker-mariadb-secret)
+          export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
+        ;;
+
+      --mas-aibroker-db-port)
+          export MAS_AIBROKER_DB_PORT=$1 && shift
+        ;;
+
+      --mas-aibroker-db-user)
+          export MAS_AIBROKER_DB_USER=$1 && shift
+        ;;
+
+      --mas-aibroker-db-database)
+          export MAS_AIBROKER_DB_DATABASE=$1 && shift
+        ;;
+
+      --mas-aibroker-db-secret-name)
+          export MAS_AIBROKER_DB_SECRET_NAME=$1 && shift
+        ;;
+
+      --mas-aibroker-db-secret-value)
+          export MAS_AIBROKER_DB_SECRET_VALUE=$1 && shift
+        ;;
+
+
+      --slscfg-registration-key)
+          export SLSCFG_REGISTRATION_KEY=$1 && shift
+        ;;
+
+      --drocfg-ca)
+          export DROCFG_CA=$1 && shift
+        ;;
+
+      --drocfg-registration-key)
+          export DROCFG_REGISTRATION_KEY=$1 && shift
+        ;;
+
+      --drocfg-url)
+          export DROCFG_URL=$1 && shift
+        ;;
+
+      --jdbccfg-username)
+          export JDBCCFG_USERNAME=$1 && shift
+        ;;
+
+      --jdbccfg-password)
+          export JDBCCFG_PASSWORD=$1 && shift
+        ;;
+
+      --jdbccfg-url)
+          export JDBCCFG_URL=$1 && shift
+        ;;
+
+      --jdbccfg-sslenabled)
+          export JDBCCFG_SSLENABLED=$1 && shift
+          ;;
+
+      --jdbccfg-ca)
+          export JDBCCFG_CA=$1 && shift
+          ;;
+
+      --mas-entitlement-key)
+          export MAS_ENTITLEMENT_KEY=$1 && shift
+          ;;
+
+      --artifactory-username)
+          export ARTIFACTORY_USERNAME=$1 && shift
+          ;;
+
+      --artifactory-token)
+          export ARTIFACTORY_TOKEN=$1 && shift
+          ;;
+
+      --mas-app-channel)
+          export MAS_APP_CHANNEL=$1 && shift
+          ;;
+
+      --mas-catalog-source)
+          export MAS_CATALOG_SOURCE=$1 && shift
+          ;;
+
+      --mas-icr-cp)
+          export MAS_ICR_CP=$1 && shift
+          ;;
+
+      --mas-icr-cpopen)
+          export MAS_ICR_CPOPEN=$1 && shift
+          ;;
+
+      --cluster-domain)
+          export CLUSTER_DOMAIN=$1 && shift
+          ;;
+
+      --in-saas-env)
+          export IN_SAAS_ENV=$1 && shift
+          ;;
+
+>>>>>>> Stashed changes
       # Automatic GitHub Push
       -P|--github-push)
         export GITHUB_PUSH=true
@@ -219,12 +381,20 @@ function gitops_dro_noninteractive() {
 
       # Other Commands
       -h|--help)
+<<<<<<< Updated upstream
         gitops_aibroker_help
+=======
+        gitops_kafka_help
+>>>>>>> Stashed changes
         ;;
       *)
         # unknown option
         echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
+<<<<<<< Updated upstream
         gitops_aibroker_help  "Usage Error: Unsupported option \"${key}\" "
+=======
+        gitops_kafka_help  "Usage Error: Unsupported option \"${key}\" "
+>>>>>>> Stashed changes
         exit 1
         ;;
       esac
@@ -232,15 +402,22 @@ function gitops_dro_noninteractive() {
 
 
   [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_help "CLUSTER_ID is not set"
+<<<<<<< Updated upstream
   //need to ask for instace id
   [[ -z "$INSTANCE_ID" ]] && gitops_aibroker_help "INSTANCE_ID is not set"
   [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
+=======
+  [[ -z "$INSTANCE_ID" ]] && gitops_aibroker_help "INSTANCE_ID is not set"
+  [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
+  #[[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_help "MAS_INSTANCE_ID is not set"
+>>>>>>> Stashed changes
 
    if [[ "$GITHUB_PUSH" == "true" ]]; then
     [[ -z "$GITHUB_HOST" ]] && gitops_aibroker_help "GITHUB_HOST is not set"
     [[ -z "$GITHUB_ORG" ]] && gitops_aibroker_help "GITHUB_ORG is not set"
     [[ -z "$GITHUB_REPO" ]] && gitops_aibroker_help "GITHUB_REPO is not set"
     [[ -z "$GIT_BRANCH" ]] && gitops_aibroker_help "GIT_BRANCH is not set"
+<<<<<<< Updated upstream
     [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_aibroker_help "PRIMARY_STORAGE_CLASS is not set"
     [[ -z "$MAS_ICR_CP" ]] && gitops_aibroker_help "MAS_ICR_CP is not set"
     [[ -z "$MAS_ICR_CPOPEN" ]] && gitops_aibroker_help "MAS_ICR_CPOPEN is not set"
@@ -267,6 +444,10 @@ function gitops_dro_noninteractive() {
 
 # add validation below like above  for those variable which have the value needed for further execution
 
+=======
+  fi
+
+>>>>>>> Stashed changes
 
 
 }
@@ -299,6 +480,7 @@ function gitops_aibroker() {
   echo_h2 "Target" "    "
   echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}"
   echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}"
+<<<<<<< Updated upstream
   reset_colors
 
   #echo all the variables ofgitops+envs
@@ -378,12 +560,45 @@ echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMAR
 
 
 
+=======
+
+
+  reset_colors
+
+  AVP_TYPE=aws  # Support for IBM will be added later
+  
+  # Define cluster-level secrets used
+  # ---------------------------------------------------------------------------
+  # Note that SECRET_KEY_IBM_ENTITLEMENT cluster-level secret is set up by gitops-cluster
+  export SECRET_KEY_IBM_ENTITLEMENT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#entitlement_key
+  
+  if [ "$DRO_CMM_SETUP" == "true" ]; then
+    export SECRET_KEY_DRO_CMM_AUTH_APIKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro_cmm_auth#api_key
+    export SECRET_NAME_DRO_CMM_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro_cmm_auth
+    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_dro\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
+    sm_update_secret $SECRET_NAME_DRO_CMM_AUTH "{\"api_key\": \"$DRO_CMM_AUTH_APIKEY\"}" "${TAGS}"
+  fi
+>>>>>>> Stashed changes
 
   if [ -z $GIT_SSH ]; then
     export GIT_SSH=false
   fi
 
 
+<<<<<<< Updated upstream
+=======
+  # Set and Validate App Names
+  # ---------------------------------------------------------------------------
+  ROOT_APP_NAME="root.${ACCOUNT_ID}"
+  CLUSTER_APP_NAME="cluster.${CLUSTER_ID}"
+  DRO_APP_NAME="dro.${CLUSTER_ID}"
+
+  validate_app_name "${ROOT_APP_NAME}"
+  validate_app_name "${CLUSTER_APP_NAME}"
+  validate_app_name "${DRO_APP_NAME}"
+
+
+>>>>>>> Stashed changes
   # Clone github target repo
   # ---------------------------------------------------------------------------
   if [ "$GITHUB_PUSH" == "true" ]; then
@@ -397,13 +612,22 @@ echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMAR
   # Generate ArgoApps
   # ---------------------------------------------------------------------------
   echo
+<<<<<<< Updated upstream
   echo_h2 "Generating aibroker operator Applications"
+=======
+  echo_h2 "Generating dro operator Applications"
+>>>>>>> Stashed changes
   echo "- aibroker operator"
 
   export IBM_ENTITLEMENT_KEY=$SECRET_KEY_IBM_ENTITLEMENT
 
+<<<<<<< Updated upstream
   echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml"
   jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-mas-aibroker-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml
+=======
+  echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-dro.yaml"
+  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-mas-aibroker-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-aibroker-install.yaml
+>>>>>>> Stashed changes
 
   # Commit and push to github target repo
   # ---------------------------------------------------------------------------
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 3c8c279157e..5eaa8083af1 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -217,6 +217,7 @@ spec:
       - secretRef:
           name: secure-properties
   
+  
   steps:
     - args:
       - |-

From ccd9a52903fe6f699fc8306f6c0836ea3864bd52 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 9 May 2025 17:35:52 +0530
Subject: [PATCH 017/258] changes related to minio

---
 image/cli/mascli/functions/gitops_minio       |  41 +-
 image/cli/mascli/functions/gitops_minio copy  | 382 ------------------
 .../cluster/instance/ibm-minio.yaml.j2        |  14 +-
 3 files changed, 21 insertions(+), 416 deletions(-)
 delete mode 100644 image/cli/mascli/functions/gitops_minio copy

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index 925b106a258..082ca2ea18f 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -96,12 +96,6 @@ function gitops_minio_noninteractive() {
       --minio_instance_name)
         export MINIO_INSTANCE_NAME=$1 && shift
         ;;
-      # --minio_root_user)
-      #   export MINIO_ROOT_USER=$1 && shift
-      #   ;;
-      # --minio_root_password)
-      #   export MINIO_ROOT_PASSWORD=$1 && shift
-      #   ;;
       --minio_storage_class)
         export MINIO_STORAGE_CLASS=$1 && shift
         ;;
@@ -111,9 +105,6 @@ function gitops_minio_noninteractive() {
       --minio_image)
         export MINIO_IMAGE=$1 && shift
         ;;
-
-	    # optional parameters if needed
-
       # Automatic GitHub Push
       -P|--github-push)
         export GITHUB_PUSH=true
@@ -182,11 +173,8 @@ function gitops_minio() {
   set -o pipefail
   trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
 
-  rm -rf $GITOPS_WORKING_DIR
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}
-  TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-minio
-  mkdir -p ${TEMP_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}
 
   echo
   reset_colors
@@ -228,14 +216,18 @@ function gitops_minio() {
   echo_h2 "minio" "    "
   echo_reset_dim "MinIO Namespace (minio_namespace)  .................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
   echo_reset_dim "MinIO Instance Name (minio_instance_name)  ............ ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
-  # echo_reset_dim "MinIO Root User (minio_root_user)  .................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
-  # echo_reset_dim "MinIO Root Password (minio_root_password)  ............ ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
   echo_reset_dim "MinIO Storage Class (minio_storage_class)  ............ ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
   echo_reset_dim "MinIO Storage Size (minio_storage_size)  .............. ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
   echo_reset_dim "MinIO Image (minio_image)  .............................${COLOR_MAGENTA}${MINIO_IMAGE}"
 
   reset_colors
 
+  # Set up secrets
+  # ---------------------------------------------------------------------------
+  CURRENT_DIR=$PWD
+  TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-minio
+  mkdir -p ${TEMP_DIR}
+
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
 
@@ -246,7 +238,9 @@ function gitops_minio() {
 
     export SECRET_NAME_MINIO_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
     echo_reset_dim "SECRET_NAME_MINIO_AUTH ................ ${COLOR_MAGENTA}$SECRET_NAME_MINIO_AUTH"
-
+    export SECRET_KEY_MINIO_USER=${SECRET_NAME_MINIO_AUTH}#sm_minio_user
+    export SECRET_KEY_MINIO_PASSWORD=${SECRET_NAME_MINIO_AUTH}#sm_minio_password
+    
     if [ -z "$MINIO_ROOT_PASSWORD" ]; then
       # Create a secret in SM containing the username/password for this specific minio instance.
       export MINIO_SECRET_FILE=$TEMP_DIR/minio-secret.json
@@ -256,6 +250,7 @@ function gitops_minio() {
       export MINIO_ROOT_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
       sm_get_secret_file ${SECRET_NAME_MINIO_AUTH} $MINIO_SECRET_FILE
       TEMP_MINIO_PASSWORD=$(jq -r .password $MINIO_SECRET_FILE)
+      TEMP_MINIO_PASSWORD=$(jq -r .sm_minio_password $MINIO_SECRET_FILE)
       if [[ -n ${TEMP_MINIO_PASSWORD} ]]; then
         export MINIO_ROOT_PASSWORD=${TEMP_MINIO_PASSWORD}
         echo_reset_dim "MINIO_ROOT_PASSWORD ........................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip> is available in the secret, using that value"
@@ -266,9 +261,6 @@ function gitops_minio() {
       sm_update_secret $SECRET_NAME_MINIO_AUTH "{ \"username\": \"$MINIO_ROOT_USER\", \"password\": \"$MINIO_ROOT_PASSWORD\"}" "${TAGS}"
     fi
     
-  
-    #export MINIO_CFG_FILE_NAME=${MINIO_CFG_FILE_NAME:-"aws-msk-${MINIO_CLUSTER_NAME}-miniocfg.yml"}
-
     echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
     echo_reset_dim "minio_instance_name ................... ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
     echo_reset_dim "minio_storage_class ................... ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
@@ -292,12 +284,6 @@ function gitops_minio() {
     mkdir -p ${GITOPS_CLUSTER_DIR}
 
 
-    # Generate ArgoApps
-    # ---------------------------------------------------------------------------
-    echo
-    echo_h2 "Generating minio operator Applications"
-    echo "- minio operator"
-
     # Generate ArgoApps
     # ---------------------------------------------------------------------------
     echo
@@ -305,7 +291,7 @@ function gitops_minio() {
     echo "- minio operator"
 
     echo "Generating minio file ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml"
-    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-minio.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml
+    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml
 
     # Commit and push to github target repo
     # ---------------------------------------------------------------------------
@@ -317,7 +303,8 @@ function gitops_minio() {
     fi
 
     rm -rf $TEMP_DIR
-  
+    rm -rf $GITOPS_WORKING_DIR
+
   fi
   exit 0
 }
\ No newline at end of file
diff --git a/image/cli/mascli/functions/gitops_minio copy b/image/cli/mascli/functions/gitops_minio copy
deleted file mode 100644
index 310d375f3f5..00000000000
--- a/image/cli/mascli/functions/gitops_minio copy	
+++ /dev/null
@@ -1,382 +0,0 @@
-#!/usr/bin/env bash
-
-function gitops_minio_help() {
-  [[ -n "$1" ]] && echo_warning "$1"
-  reset_colors
-  cat << EOM
-
-
-Usage:
-  mas gitops-minio [options]
-Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
-When no options are specified on the command line, interactive-mode will be enabled by default.
-
-GitOps Configuration:
-  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}         Directory for GitOps repository
-  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}          Account name that the cluster belongs to
-  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}          Cluster ID
-
-Secrets Manager:
-      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
-      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
-
-minio Provider Selection / Version:
-      --minio_namespace ${COLOR_YELLOW}MINIO_NAMESPACE${TEXT_RESET}                                         The minio namespace to install
-      --minio_instance_name ${COLOR_YELLOW}MINIO_INSTANCE_NAME${TEXT_RESET}                                 The minio instance name
-      --minio_root_user ${COLOR_YELLOW}MINIO_ROOT_USER${TEXT_RESET}                                         The minio user name
-      --minio_root_password ${COLOR_YELLOW}MINIO_ROOT_PASSWORD${TEXT_RESET}                                 The minio user password
-      --minio_storage_class ${COLOR_YELLOW}MINIO_STORAGE_CLASS${TEXT_RESET}                                 The minio storage class
-      --minio_storage_size ${COLOR_YELLOW}MINIO_STORAGE_SIZE${TEXT_RESET}                                   The minio storage size
-      --minio_image ${COLOR_YELLOW}MINIO_IMAGE${TEXT_RESET}                                                 The minio image name
-
-Automatic GitHub Push (Optional):
-  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
-  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
-  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}          Github org for your GitOps repository
-  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
-  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}             Git ssh key path
-  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
-  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
-
-Other Commands:
-      -h, --help                                                                                           Show this help message
-EOM
-  [[ -n "$1" ]] && exit 1 || exit 0
-}
-
-
-function gitops_minio_noninteractive() {
-  GITOPS_WORKING_DIR=$PWD/working-dir  
-  SECRETS_KEY_SEPERATOR="/"
-  GIT_COMMIT_MSG="gitops-minio commit"
-  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
-
-  #adding default values 
-  export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
-  export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
-  export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
-  export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
-
-  while [[ $# -gt 0 ]]
-  do
-    key="$1"
-    shift
-    case $key in
-      # GitOps Configuration
-      -d|--dir)
-        export GITOPS_WORKING_DIR=$1 && shift
-        ;;
-      -a|--account-id)
-        export ACCOUNT_ID=$1 && shift
-        ;;
-      -c|--cluster-id)
-        export CLUSTER_ID=$1 && shift
-        ;;
-
-      # AWS Secrets Manager Configuration
-      --sm-aws-secret-region)
-        export SM_AWS_REGION=$1
-        export REGION_ID=$1
-        shift
-        ;;
-      --sm-aws-access-key)
-        export SM_AWS_ACCESS_KEY_ID=$1 && shift
-        ;;
-      --sm-aws-secret-key)
-        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
-        ;;
-      --secrets-path)
-        export SECRETS_PATH=$1 && shift
-        ;;
-
-      # minio Provider Selection
-      --minio_namespace)
-        export MINIO_NAMESPACE=$1 && shift
-        ;;
-      --minio_instance_name)
-        export MINIO_INSTANCE_NAME=$1 && shift
-        ;;
-      # --minio_root_user)
-      #   export MINIO_ROOT_USER=$1 && shift
-      #   ;;
-      # --minio_root_password)
-      #   export MINIO_ROOT_PASSWORD=$1 && shift
-      #   ;;
-      --minio_storage_class)
-        export MINIO_STORAGE_CLASS=$1 && shift
-        ;;
-      --minio_storage_size)
-        export MINIO_STORAGE_SIZE=$1 && shift
-        ;;
-      --minio_image)
-        export MINIO_IMAGE=$1 && shift
-        ;;
-
-	    # optional parameters if needed
-
-      # Automatic GitHub Push
-      -P|--github-push)
-        export GITHUB_PUSH=true
-        ;;
-      -H|--github-host)
-        export GITHUB_HOST=$1 && shift
-        ;;
-      -O|--github-org)
-        export GITHUB_ORG=$1 && shift
-        ;;
-      -R|--github-repo)
-        export GITHUB_REPO=$1 && shift
-        ;;
-      -S|--github-ssh)
-        export GIT_SSH=$1 && shift
-        ;;
-      -B|--git-branch)
-        export GIT_BRANCH=$1 && shift
-        ;;
-      -M|--git-commit-msg)
-        export GIT_COMMIT_MSG=$1 && shift
-        ;;
-
-      # Other Commands
-      -h|--help)
-        gitops_minio_help
-        ;;
-      *)
-        # unknown option
-        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
-        gitops_minio_help  "Usage Error: Unsupported option \"${key}\" "
-        exit 1
-        ;;
-      esac
-  done
-
-
-  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_minio_help "GITOPS_WORKING_DIR is not set"
-  [[ -z "$ACCOUNT_ID" ]] && gitops_minio_help "ACCOUNT_ID is not set"
-  [[ -z "$CLUSTER_ID" ]] && gitops_minio_help "CLUSTER_ID is not set"
-  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_minio_help "REGION_ID or SM_AWS_REGION is not set"
-
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    [[ -z "$GITHUB_HOST" ]] && gitops_minio_help "GITHUB_HOST is not set"
-    [[ -z "$GITHUB_ORG" ]] && gitops_minio_help "GITHUB_ORG is not set"
-    [[ -z "$GITHUB_REPO" ]] && gitops_minio_help "GITHUB_REPO is not set"
-    [[ -z "$GIT_BRANCH" ]] && gitops_minio_help "GIT_BRANCH is not set"
-  fi
-
-  # [[ -z "$MINIO_NAMESPACE" ]] && gitops_minio_help "MINIO_NAMESPACE is not set. Please provide the namespace where MinIO should be deployed using --minio_namespace."
-  # [[ -z "$MINIO_INSTANCE_NAME" ]] && gitops_minio_help "MINIO_INSTANCE_NAME is not set. Please provide a unique name for the MinIO instance using --minio_instance_name."
-  # [[ -z "$MINIO_ROOT_USER" ]] && gitops_minio_help "MINIO_ROOT_USER is not set. Please provide the root username (access key) using --minio_root_user."
-  # [[ -z "$MINIO_ROOT_PASSWORD" ]] && gitops_minio_help "MINIO_ROOT_PASSWORD is not set. Please provide the root password (secret key) using --minio_root_password."
-  [[ -z "$MINIO_STORAGE_CLASS" ]] && gitops_minio_help "MINIO_STORAGE_CLASS is not set. Please specify the Kubernetes storage class using --minio_storage_class."
-  # [[ -z "$MINIO_STORAGE_SIZE" ]] && gitops_minio_help "MINIO_STORAGE_SIZE is not set. Please provide the storage size (e.g., 50Gi) using --minio_storage_size."
-  # [[ -z "$MINIO_IMAGE" ]] && gitops_minio_help "MINIO_IMAGE is not set. Please provide the MinIO container image name using --minio_image."
-
-}
-
-function gitops_minio() {
-  # Take the first parameter off (it will be create-gitops)
-  shift
-  if [[ $# -gt 0 ]]; then
-    gitops_minio_noninteractive "$@"
-  else
-    echo "Not supported yet"
-    exit 1
-    gitops_minio_interactive
-  fi
-
-  # catch errors
-  set -o pipefail
-  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
-
-  rm -rf $GITOPS_WORKING_DIR
-  mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}
-  TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-minio
-  mkdir -p ${TEMP_DIR}
-
-  echo
-  reset_colors
-  echo_h2 "Review Settings"
-
-  echo "${TEXT_DIM}"
-  echo_h2 "Target" "    "
-  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
-  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
-  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
-  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  echo_h2 "AWS Secrets Manager" "    "
-  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
-  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
-  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
-  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled"
-    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-    echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}"
-    echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}"
-    echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}"
-    echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}"
-  else
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled"
-    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-  fi
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  echo_h2 "minio" "    "
-  echo_reset_dim "MinIO Namespace (minio_namespace)  .................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
-  echo_reset_dim "MinIO Instance Name (minio_instance_name)  ............ ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
-  # echo_reset_dim "MinIO Root User (minio_root_user)  .................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
-  # echo_reset_dim "MinIO Root Password (minio_root_password)  ............ ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
-  echo_reset_dim "MinIO Storage Class (minio_storage_class)  ............ ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
-  echo_reset_dim "MinIO Storage Size (minio_storage_size)  .............. ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
-  echo_reset_dim "MinIO Image (minio_image)  .............................${COLOR_MAGENTA}${MINIO_IMAGE}"
-
-  reset_colors
-
-  AVP_TYPE=aws  # Support for IBM will be added later
-  sm_login
-
-  if [ ! -z "$MINIO_NAMESPACE" ]; then
-
-    #minio provider role specific env variables
-    export MINIO_ACTION="install"
-
-    # export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
-    # export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
-    # export MINIO_STORAGE_CLASS=${MINIO_STORAGE_CLASS:-""}
-    # export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
-    # export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
-
-    export SECRET_NAME_MINIO_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
-    echo_reset_dim "SECRET_NAME_MINIO_AUTH ................ ${COLOR_MAGENTA}$SECRET_NAME_MINIO_AUTH"
-
-    if [ -z "$MINIO_ROOT_PASSWORD" ]; then
-      # Create a secret in SM containing the username/password for this specific minio instance.
-      export MINIO_SECRET_FILE=$TEMP_DIR/minio-secret.json
-
-      # Generate random username and password using /dev/urandom
-      # RANDOM_USER=`minio-$(cat /dev/urandom | tr -dc '0-9' | head -c 4)`
-      # export MINIO_ROOT_USER=${MINIO_ROOT_USER:-RANDOM_USER}
-      export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
-      echo_reset_dim "MINIO_ROOT_USER ............................. ${COLOR_MAGENTA}$MINIO_ROOT_USER"
-      
-      export MINIO_ROOT_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
-      sm_get_secret_file ${SECRET_NAME_MINIO_AUTH} $MINIO_SECRET_FILE
-      TEMP_MINIO_LDAP_PASSWORD=$(jq -r .password $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_MINIO_LDAP_PASSWORD} ]]; then
-        export MINIO_ROOT_PASSWORD=${TEMP_MINIO_LDAP_PASSWORD}
-        echo_reset_dim "MINIO_ROOT_PASSWORD ........................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip> is available in the secret, using that value"
-      fi
-      echo_reset_dim "MINIO_ROOT_PASSWORD ............................. ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip>"
-      TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
-      
-      # sm_update_secret and need to pss secrert | idempotent
-      ESCAPED_INFO=${UNESCAPED_INFO//\"/\\\"}
-      ESCAPED_INFO=${ESCAPED_INFO//$'\n'/\\n}
-      # sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$SECRET_KEY_MINIO_USER\", \"password\": \"$SECRET_KEY_MINIO_PASSWORD\"}" "${TAGS}"
-
-      sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$MINIO_ROOT_USER\", \"password\": \"$MINIO_ROOT_PASSWORD\"}" "${TAGS}"
-    fi
-    
-    # Generate random username and password using /dev/urandom
-    # RANDOM_USER="minio-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 8)"
-    # RANDOM_PASS="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20)"
-    # export JDBRANDOM_PASSC_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
-
-    # export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
-    # export MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-"minio123"}
-
-    # export SECRET_NAME_MINIO_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
-
-    # export SECRET_KEY_MINIO_USER=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_user
-    # export SECRET_KEY_MINIO_PASSWORD=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_password
-    
-    # export MINIO_SECRET_FILE=$TEMP_DIR/MINIO-secret.json
-    # sm_get_secret_file ${AWS_MSK_SECRET} $MINIO_SECRET_FILE
-    # TEMP_AWS_MINIO_USER_PASSWORD=$(jq -r .password $MINIO_SECRET_FILE)
-    # if [[ -n ${TEMP_AWS_MINIO_USER_PASSWORD} ]]; then
-    #   export AWS_MINIO_USER_PASSWORD=${TEMP_AWS_MINIO_USER_PASSWORD}
-    #   echo "gitops_minio : AWS_MINIO_USER_PASSWORD=${AWS_MINIO_USER_PASSWORD:0:8}<snip> is available in the secret, use the same while invoking the role again"
-    # fi
-    
-  
-    #export MINIO_CFG_FILE_NAME=${MINIO_CFG_FILE_NAME:-"aws-msk-${MINIO_CLUSTER_NAME}-miniocfg.yml"}
-
-    echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
-    echo_reset_dim "minio_instance_name ................... ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
-    echo_reset_dim "minio_storage_class ................... ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
-    echo_reset_dim "minio_storage_size .................... ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
-    echo_reset_dim "minio_image ........................... ${COLOR_MAGENTA}${MINIO_IMAGE}"
-    echo_reset_dim "minio_root_user ....................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
-    echo_reset_dim "minio_root_password ................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
-
-    #echo_reset_dim "MINIO_CFG_FILE_NAME .................... ${COLOR_MAGENTA}${MINIO_CFG_FILE_NAME}"
-
-    # export AWS_DEFAULT_OUTPUT="json"
-    # export ROLE_NAME=minio && ansible-playbook ibm.mas_devops.run_role
-
-    # rc=$?
-    # [ $rc -ne 0 ] && exit $rc
-    # Extract the required details from the generated miniocfg/secret. For msk this is in plain text (stringData)
-    # export MINIO_USERNAME=$(yq 'select(di == 0) | .data.username' $TEMP_DIR/${MINIO_CFG_FILE_NAME} | base64 -d)
-    # export MINIO_PASSWORD=$(yq 'select(di == 0) | .data.password' $TEMP_DIR/${MINIO_CFG_FILE_NAME} | base64 -d)
-    # yq 'select(di == 1) | .spec' $TEMP_DIR/${MINIO_CFG_FILE_NAME} >> $TEMP_DIR/minio-info.yaml
-    # yq -i 'del(.config.credentials)' $TEMP_DIR/minio-info.yaml
-    # yq -i 'del(.displayName)' $TEMP_DIR/minio-info.yaml
-    # yq -i 'del(.type)' $TEMP_DIR/minio-info.yaml
-
-    # UNESCAPED_INFO="$(cat $TEMP_DIR/minio-info.yaml)"
-    
-
-    if [ -z $GIT_SSH ]; then
-      export GIT_SSH=false
-    fi
-
-    # Clone github target repo
-    # ---------------------------------------------------------------------------
-    if [ "$GITHUB_PUSH" == "true" ]; then
-      echo
-      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
-    fi
-    mkdir -p ${GITOPS_CLUSTER_DIR}
-
-
-    # Generate ArgoApps
-    # ---------------------------------------------------------------------------
-    echo
-    echo_h2 "Generating minio operator Applications"
-    echo "- minio operator"
-
-    # Generate ArgoApps
-    # ---------------------------------------------------------------------------
-    echo
-    echo_h2 "Generating minio operator Applications"
-    echo "- minio operator"
-
-    echo "Generating minio file ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml"
-    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-minio.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml
-
-    # Commit and push to github target repo
-    # ---------------------------------------------------------------------------
-    if [ "$GITHUB_PUSH" == "true" ]; then
-      echo
-      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
-      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
-    fi
-
-    rm -rf $TEMP_DIR
-  
-  fi
-  exit 0
-}
\ No newline at end of file
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
index 0c38106cd4e..9c737f7267d 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
@@ -1,10 +1,10 @@
 merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
 
 ibm_minio:
-  minio_namespace: {{ MINIO_NAMESPACE }}
-  minio_instance_name: {{ MINIO_INSTANCE_NAME }}
-  minio_root_user: "<path:{{ SECRETS_PATH }}:{{ MINIO_ROOT_USER }}>"
-  minio_root_password: "<path:{{ SECRETS_PATH }}:{{ MINIO_ROOT_PASSWORD }}>"
-  minio_storage_class: {{ MINIO_STORAGE_CLASS }}
-  minio_storage_size: {{ MINIO_STORAGE_SIZE }}
-  minio_image: {{ MINIO_IMAGE }}
+  minio_namespace: "{{ MINIO_NAMESPACE }}"
+  minio_instance_name: "{{ MINIO_INSTANCE_NAME }}"
+  minio_root_user: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_USER }}>"
+  minio_root_password: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_PASSWORD }}>"
+  minio_storage_class: "{{ MINIO_STORAGE_CLASS }}"
+  minio_storage_size: "{{ MINIO_STORAGE_SIZE }}"
+  minio_image: "{{ MINIO_IMAGE }}"

From f60fdd40b02d9309b80e554347762f2f2ae25724 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 9 May 2025 17:36:58 +0530
Subject: [PATCH 018/258] Update gitops_minio

---
 image/cli/mascli/functions/gitops_minio | 2 --
 1 file changed, 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index 082ca2ea18f..c71cfab5a52 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -249,7 +249,6 @@ function gitops_minio() {
       
       export MINIO_ROOT_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
       sm_get_secret_file ${SECRET_NAME_MINIO_AUTH} $MINIO_SECRET_FILE
-      TEMP_MINIO_PASSWORD=$(jq -r .password $MINIO_SECRET_FILE)
       TEMP_MINIO_PASSWORD=$(jq -r .sm_minio_password $MINIO_SECRET_FILE)
       if [[ -n ${TEMP_MINIO_PASSWORD} ]]; then
         export MINIO_ROOT_PASSWORD=${TEMP_MINIO_PASSWORD}
@@ -283,7 +282,6 @@ function gitops_minio() {
     fi
     mkdir -p ${GITOPS_CLUSTER_DIR}
 
-
     # Generate ArgoApps
     # ---------------------------------------------------------------------------
     echo

From 4f7b8766d473e79279d423d346cf47e8c7f1fdf1 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 12 May 2025 13:03:50 +0530
Subject: [PATCH 019/258] update aib

---
 .../functions/gitops_suite_aibroker_install   | 461 +++++-------------
 1 file changed, 123 insertions(+), 338 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_suite_aibroker_install b/image/cli/mascli/functions/gitops_suite_aibroker_install
index 45f841a1d9f..f2e65d4a1ef 100644
--- a/image/cli/mascli/functions/gitops_suite_aibroker_install
+++ b/image/cli/mascli/functions/gitops_suite_aibroker_install
@@ -5,7 +5,7 @@ function gitops_suite_aibroker_install_help() {
   reset_colors
   cat << EOM
 Usage:
-  mas gitops-kafka [options]
+  mas gitops-aibroker [options]
 Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
 When no options are specified on the command line, interactive-mode will be enabled by default.
 
@@ -77,32 +77,24 @@ EOM
   [[ -n "$1" ]] && exit 1 || exit 0
 }
 
-function gitops_dro_noninteractive() {
+function gitops_aibroker_noninteractive() {
   GITOPS_WORKING_DIR=$PWD/working-dir
   SECRETS_KEY_SEPERATOR="/"
   GIT_COMMIT_MSG="gitops-aibroker commit"
-<<<<<<< Updated upstream
 
    #adding default values # all generic values should to put here # check with ansible playbook/gitops anvs 
    only export below in whiel loop
 
-=======
->>>>>>> Stashed changes
+  #adding default values 
   export PRIMARY_STORAGE_CLASS=${PRIMARY_STORAGE_CLASS:-"nfs-client"}
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
   export ARTIFACTORY_USERNAME=${ARTIFACTORY_USERNAME:-"pmqcloud@us.ibm.com"}
   export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
-<<<<<<< Updated upstream
-=======
-
-  #adding default values 
->>>>>>> Stashed changes
   export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
   export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
   export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
   export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
-<<<<<<< Updated upstream
   export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-sremat-aibroker"}
   export MAS_INSTACE_ID=${MAS_INSTACE_ID:-"sremat"}
   export MAS_AIBROKER_WATSONX_SECRET=${MAS_AIBROKER_WATSONX_SECRET:-"sremat-watsonxcfg"}
@@ -115,8 +107,6 @@ function gitops_dro_noninteractive() {
   export CLUSTER_DOMAIN=${CLUSTER_DOMAIN:-"sremat-test.cp.fyre.ibm.com"}
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"false"}
   export MAS_AIBROKER_MARIADB_SECRET=${MAS_AIBROKER_MARIADB_SECRET:-"sremat-mariadbcfge"}
-=======
->>>>>>> Stashed changes
 
 
   while [[ $# -gt 0 ]]
@@ -141,224 +131,70 @@ function gitops_dro_noninteractive() {
       --secrets-path)
         export SECRETS_PATH=$1 && shift
         ;;
-      --secrets-key-seperator)
-        export SECRETS_KEY_SEPERATOR=$1 && shift
-        ;;
-<<<<<<< Updated upstream
-            --primary-storage-class)
-        export PRIMARY_STORAGE_CLASS=$1 && shift
-        ;;
+      --primary-storage-class)
+         export PRIMARY_STORAGE_CLASS=$1 && shift
+          ;;
       --mas-icr-cp)
-        export MAS_ICR_CP=$1 && shift
-        ;;
+          export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-pu"} && shift
+          ;;
       --mas-icr-cpopen)
-        export MAS_ICR_CPOPEN=$1 && shift
-        ;;
+          export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"d"} && shift
+          ;;
       --artifactory-username)
-        export ARTIFACTORY_USERNAME=$1 && shift
-        ;;
+          export ARTIFACTORY_USERNAME=$1 && shift
+          ;;
       --region-id)
-        export REGION_ID=$1 && shift
-        ;;
+          export REGION_ID=${REGION_ID:-${SM_AWS_REGION}} && shift
+          ;;
       --minio-namespace)
-        export MINIO_NAMESPACE=$1 && shift
-        ;;
+          export MINIO_NAMESPACE=$1 && shift
+          ;;
       --minio-instance-name)
-        export MINIO_INSTANCE_NAME=$1 && shift
-        ;;
+          export MINIO_INSTANCE_NAME=$1 && shift
+          ;;
       --minio-storage-size)
-        export MINIO_STORAGE_SIZE=$1 && shift
-        ;;
+          export MINIO_STORAGE_SIZE=$1 && shift
+          ;;
       --minio-image)
-        export MINIO_IMAGE=$1 && shift
-        ;;
+          export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio"} && shift
+          ;;
       --aibroker-namespace)
-        export AIBROKER_NAMESPACE=$1 && shift
-        ;;
-      --mas-instace-id)
-        export MAS_INSTACE_ID=$1 && shift
-        ;;
+          export AIBROKER_NAMESPACE=$1 && shift
+          ;;
+      --mas-instance-id)
+          export MAS_INSTACE_ID=${MAS_INSTACE_ID:-"sre"} && shift
+          ;;
       --mas-aibroker-watsonx-secret)
-        export MAS_AIBROKER_WATSONX_SECRET=$1 && shift
-        ;;
-=======
-
-      # MAS
-      -m|--mas-instance-id)
-        export MAS_INSTACE_ID=$1 && shift
-        ;;
-
-    
-    	# MINIO 
->>>>>>> Stashed changes
-      --mas-aibroker-storage-provider)
-        export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
-        ;;
-      --mas-aibroker-minio-secret)
-        export MAS_AIBROKER_MINIO_SECRET=$1 && shift
-        ;;
-<<<<<<< Updated upstream
-      --mas-aibroker-storage-ssl)
-        export MAS_AIBROKER_STORAGE_SSL=$1 && shift
-        ;;
-      --mas-aibroker-storage-region)
-        export MAS_AIBROKER_STORAGE_REGION=$1 && shift
-        ;;
-      --mas-app-channel)
-        export MAS_APP_CHANNEL=$1 && shift
-        ;;
-      --mas-catalog-source)
-        export MAS_CATALOG_SOURCE=$1 && shift
-        ;;
-      --cluster-domain)
-        export CLUSTER_DOMAIN=$1 && shift
-        ;;
-      --in-saas-env)
-        export IN_SAAS_ENV=$1 && shift
-        ;;
-      --mas-aibroker-mariadb-secret)
-        export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
-        ;;
-
-=======
-      --mas-aibroker-storage-accesskey)
-        export MAS_AIBROKER_STORAGE_ACCESSKEY=$1 && shift
-        ;;
-      --mas-aibroker-storage-secretkey)
-        export mas-aibroker-storage-secretkey=$1 && shift
-        ;;
-      
-      --mas-aibroker-storage-host)
-        export MAS_AIBROKER_STORAGE_HOST=$1 && shift
-        ;;
-
-      --mas-aibroker-storage-port)
-        export MAS_AIBROKER_STORAGE_PORT=$1 && shift
-        ;;
-
-      --mas-aibroker-storage-ssl)
-        export MAS_AIBROKER_STORAGE_SSL=$1 && shift
-        ;;
-
-      --mas-aibroker-storage-region)
-        export MAS_AIBROKER_STORAGE_REGION=$1 && shift
-        ;;
-
-      --mas-aibroker-storage-pipelines-bucket)
-        export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET=$1 && shift
-        ;;
-
-      --mas-aibroker-storage-tenants-bucket)
-          export MAS_AIBROKER_STORAGE_TENANTS_BUCKET=$1 && shift
-        ;;
-
-      --mas-aibroker-storage-templates-bucket)
-          export MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET=$1 && shift
-        ;;
-
-
-      --mas-aibroker-db-host)
-          export MAS_AIBROKER_DB_HOST=$1 && shift
-        ;;
-
-      --mas-aibroker-mariadb-secret)
-          export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
-        ;;
-
-      --mas-aibroker-db-port)
-          export MAS_AIBROKER_DB_PORT=$1 && shift
-        ;;
-
-      --mas-aibroker-db-user)
-          export MAS_AIBROKER_DB_USER=$1 && shift
-        ;;
-
-      --mas-aibroker-db-database)
-          export MAS_AIBROKER_DB_DATABASE=$1 && shift
-        ;;
-
-      --mas-aibroker-db-secret-name)
-          export MAS_AIBROKER_DB_SECRET_NAME=$1 && shift
-        ;;
-
-      --mas-aibroker-db-secret-value)
-          export MAS_AIBROKER_DB_SECRET_VALUE=$1 && shift
-        ;;
-
-
-      --slscfg-registration-key)
-          export SLSCFG_REGISTRATION_KEY=$1 && shift
-        ;;
-
-      --drocfg-ca)
-          export DROCFG_CA=$1 && shift
-        ;;
-
-      --drocfg-registration-key)
-          export DROCFG_REGISTRATION_KEY=$1 && shift
-        ;;
-
-      --drocfg-url)
-          export DROCFG_URL=$1 && shift
-        ;;
-
-      --jdbccfg-username)
-          export JDBCCFG_USERNAME=$1 && shift
-        ;;
-
-      --jdbccfg-password)
-          export JDBCCFG_PASSWORD=$1 && shift
-        ;;
-
-      --jdbccfg-url)
-          export JDBCCFG_URL=$1 && shift
-        ;;
-
-      --jdbccfg-sslenabled)
-          export JDBCCFG_SSLENABLED=$1 && shift
+          export MAS_AIBROKER_WATSONX_SECRET=$1 && shift
           ;;
-
-      --jdbccfg-ca)
-          export JDBCCFG_CA=$1 && shift
+      --mas-aibroker-storage-provider)
+          export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
           ;;
-
-      --mas-entitlement-key)
-          export MAS_ENTITLEMENT_KEY=$1 && shift
+      --mas-aibroker-minio-secret)
+          export MAS_AIBROKER_MINIO_SECRET=$1 && shift
           ;;
-
-      --artifactory-username)
-          export ARTIFACTORY_USERNAME=$1 && shift
+      --mas-aibroker-storage-ssl)
+          export MAS_AIBROKER_STORAGE_SSL=$1 && shift
           ;;
-
-      --artifactory-token)
-          export ARTIFACTORY_TOKEN=$1 && shift
+      --mas-aibroker-storage-region)
+          export MAS_AIBROKER_STORAGE_REGION=$1 && shift
           ;;
-
       --mas-app-channel)
           export MAS_APP_CHANNEL=$1 && shift
           ;;
-
       --mas-catalog-source)
           export MAS_CATALOG_SOURCE=$1 && shift
           ;;
-
-      --mas-icr-cp)
-          export MAS_ICR_CP=$1 && shift
-          ;;
-
-      --mas-icr-cpopen)
-          export MAS_ICR_CPOPEN=$1 && shift
-          ;;
-
       --cluster-domain)
-          export CLUSTER_DOMAIN=$1 && shift
+          export CLUSTER_DOMAIN=${CLUSTER_DOMAIN:-""} && shift
           ;;
-
       --in-saas-env)
-          export IN_SAAS_ENV=$1 && shift
+          export IN_SAAS_ENV=${IN_SAAS_ENV:-"false"} && shift
+          ;;
+      --mas-aibroker-mariadb-secret)
+          export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
           ;;
 
->>>>>>> Stashed changes
       # Automatic GitHub Push
       -P|--github-push)
         export GITHUB_PUSH=true
@@ -381,20 +217,12 @@ function gitops_dro_noninteractive() {
 
       # Other Commands
       -h|--help)
-<<<<<<< Updated upstream
         gitops_aibroker_help
-=======
-        gitops_kafka_help
->>>>>>> Stashed changes
         ;;
       *)
         # unknown option
         echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
-<<<<<<< Updated upstream
         gitops_aibroker_help  "Usage Error: Unsupported option \"${key}\" "
-=======
-        gitops_kafka_help  "Usage Error: Unsupported option \"${key}\" "
->>>>>>> Stashed changes
         exit 1
         ;;
       esac
@@ -402,22 +230,18 @@ function gitops_dro_noninteractive() {
 
 
   [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_help "CLUSTER_ID is not set"
-<<<<<<< Updated upstream
   //need to ask for instace id
   [[ -z "$INSTANCE_ID" ]] && gitops_aibroker_help "INSTANCE_ID is not set"
   [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
-=======
   [[ -z "$INSTANCE_ID" ]] && gitops_aibroker_help "INSTANCE_ID is not set"
   [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
   #[[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_help "MAS_INSTANCE_ID is not set"
->>>>>>> Stashed changes
 
    if [[ "$GITHUB_PUSH" == "true" ]]; then
     [[ -z "$GITHUB_HOST" ]] && gitops_aibroker_help "GITHUB_HOST is not set"
     [[ -z "$GITHUB_ORG" ]] && gitops_aibroker_help "GITHUB_ORG is not set"
     [[ -z "$GITHUB_REPO" ]] && gitops_aibroker_help "GITHUB_REPO is not set"
     [[ -z "$GIT_BRANCH" ]] && gitops_aibroker_help "GIT_BRANCH is not set"
-<<<<<<< Updated upstream
     [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_aibroker_help "PRIMARY_STORAGE_CLASS is not set"
     [[ -z "$MAS_ICR_CP" ]] && gitops_aibroker_help "MAS_ICR_CP is not set"
     [[ -z "$MAS_ICR_CPOPEN" ]] && gitops_aibroker_help "MAS_ICR_CPOPEN is not set"
@@ -444,11 +268,6 @@ function gitops_dro_noninteractive() {
 
 # add validation below like above  for those variable which have the value needed for further execution
 
-=======
-  fi
-
->>>>>>> Stashed changes
-
 
 }
 
@@ -480,43 +299,41 @@ function gitops_aibroker() {
   echo_h2 "Target" "    "
   echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}"
   echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}"
-<<<<<<< Updated upstream
   reset_colors
 
-  #echo all the variables ofgitops+envs
-echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
-echo_reset_dim "AI Broker Namespace ................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
-echo_reset_dim "MAS AI Broker WatsonX Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONX_SECRET}"
-echo_reset_dim "Pull Secret Name ...................... ${COLOR_MAGENTA}${PULL_SECRET_NAME}"
-
-# Storage variables
-echo_reset_dim "MAS AI Broker Storage Provider ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
-echo_reset_dim "MAS AI Broker MinIO Secret ............ ${COLOR_MAGENTA}${MAS_AIBROKER_MINIO_SECRET}"
-echo_reset_dim "MAS AI Broker Storage Access Key ...... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
-echo_reset_dim "MAS AI Broker Storage Secret Key ...... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
-echo_reset_dim "MAS AI Broker Storage Host ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_HOST}"
-echo_reset_dim "MAS AI Broker Storage Port ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PORT}"
-echo_reset_dim "MAS AI Broker Storage SSL ............. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
-echo_reset_dim "MAS AI Broker Storage Region .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_REGION}"
-echo_reset_dim "MAS AI Broker Pipelines Bucket ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
-echo_reset_dim "MAS AI Broker Tenants Bucket .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
-echo_reset_dim "MAS AI Broker Templates Bucket ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
-echo_reset_dim "MAS AI Broker DB Host ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_HOST}"
-echo_reset_dim "MAS AI Broker MariaDB Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_MARIADB_SECRET}"
-echo_reset_dim "MAS AI Broker DB Port ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_PORT}"
-echo_reset_dim "MAS AI Broker DB User ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_USER}"
-echo_reset_dim "MAS AI Broker DB Database ............. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_DATABASE}"
-echo_reset_dim "MAS AI Broker DB Secret Name .......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_NAME}"
-echo_reset_dim "MAS AI Broker DB Secret Value ......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_VALUE}"
-echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
-echo_reset_dim "MAS AI Broker DB Host ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_HOST}"
-echo_reset_dim "MAS AI Broker MariaDB Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_MARIADB_SECRET}"
-echo_reset_dim "MAS AI Broker DB Port ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_PORT}"
-echo_reset_dim "MAS AI Broker DB User ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_USER}"
-echo_reset_dim "MAS AI Broker DB Database ............. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_DATABASE}"
-echo_reset_dim "MAS AI Broker DB Secret Name .......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_NAME}"
-echo_reset_dim "MAS AI Broker DB Secret Value ......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_VALUE}"
-echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
+# echo all the variables ofgitops+envs
+  echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "AI Broker Namespace ................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
+  echo_reset_dim "MAS AI Broker WatsonX Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONX_SECRET}"
+  echo_reset_dim "Pull Secret Name ...................... ${COLOR_MAGENTA}${PULL_SECRET_NAME}"
+  # Storage variables
+  echo_reset_dim "MAS AI Broker Storage Provider ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
+  echo_reset_dim "MAS AI Broker MinIO Secret ............ ${COLOR_MAGENTA}${MAS_AIBROKER_MINIO_SECRET}"
+  echo_reset_dim "MAS AI Broker Storage Access Key ...... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
+  echo_reset_dim "MAS AI Broker Storage Secret Key ...... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
+  echo_reset_dim "MAS AI Broker Storage Host ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_HOST}"
+  echo_reset_dim "MAS AI Broker Storage Port ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PORT}"
+  echo_reset_dim "MAS AI Broker Storage SSL ............. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
+  echo_reset_dim "MAS AI Broker Storage Region .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_REGION}"
+  echo_reset_dim "MAS AI Broker Pipelines Bucket ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
+  echo_reset_dim "MAS AI Broker Tenants Bucket .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
+  echo_reset_dim "MAS AI Broker Templates Bucket ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
+  echo_reset_dim "MAS AI Broker DB Host ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_HOST}"
+  echo_reset_dim "MAS AI Broker MariaDB Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_MARIADB_SECRET}"
+  echo_reset_dim "MAS AI Broker DB Port ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_PORT}"
+  echo_reset_dim "MAS AI Broker DB User ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_USER}"
+  echo_reset_dim "MAS AI Broker DB Database ............. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_DATABASE}"
+  echo_reset_dim "MAS AI Broker DB Secret Name .......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_NAME}"
+  echo_reset_dim "MAS AI Broker DB Secret Value ......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_VALUE}"
+  echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
+  echo_reset_dim "MAS AI Broker DB Host ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_HOST}"
+  echo_reset_dim "MAS AI Broker MariaDB Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_MARIADB_SECRET}"
+  echo_reset_dim "MAS AI Broker DB Port ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_PORT}"
+  echo_reset_dim "MAS AI Broker DB User ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_USER}"
+  echo_reset_dim "MAS AI Broker DB Database ............. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_DATABASE}"
+  echo_reset_dim "MAS AI Broker DB Secret Name .......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_NAME}"
+  echo_reset_dim "MAS AI Broker DB Secret Value ......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_VALUE}"
+  echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
 
 
 
@@ -540,6 +357,24 @@ echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMAR
   export SM_MINIO_BUCKET_TENANTS=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_tenants
   # mas_aibroker_storage_pipelines_bucket
   export SM_MINIO_BUCKET_PIPELINES=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_pipelines
+  export MAS_AIBROKER_DB_HOST=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_host
+  export MAS_AIBROKER_DB_PORT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_port
+  export MAS_AIBROKER_DB_USER=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_user
+  export MAS_AIBROKER_DB_DATABASE=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_database
+  export MAS_AIBROKER_DB_SECRET_NAME=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_secret_name
+  export MAS_AIBROKER_DB_SECRET_VALUE=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_secret_value
+  export SLSCFG_REGISTRATION_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}sls#slscfg_registration_key
+  export DROCFG_CA=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#drocfg_ca
+  export DROCFG_REGISTRATION_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#drocfg_registration_key
+  export DROCFG_URL=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#drocfg_url
+  export JDBCCFG_USERNAME=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}jdbc#jdbccfg_username
+  export JDBCCFG_PASSWORD=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}jdbc#jdbccfg_password
+  export JDBCCFG_URL=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}jdbc#jdbccfg_url
+  export JDBCCFG_SSLENABLED=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}jdbc#jdbccfg_sslenabled
+  export JDBCCFG_CA=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}jdbc#jdbccfg_ca
+  export MAS_ENTITLEMENT_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#entitlement_key
+  export ARTIFACTORY_TOKEN=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#aibroker_image_pull_secret_b64
+
   # check if those are already present 
   # and update them 
 
@@ -552,93 +387,43 @@ echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMAR
 
 
   # sm_update_secret and need to pss secrert | idempotent
-  ESCAPED_INFO=${UNESCAPED_INFO//\"/\\\"}
-  ESCAPED_INFO=${ESCAPED_INFO//$'\n'/\\n}
-  TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_kmodel\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
-  # Auth necessary for kmodel ???
-  # sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$SECRET_KEY_MINIO_USER\", \"password\": \"$SECRET_KEY_MINIO_PASSWORD\"}" "${TAGS}"
-
-
-
-=======
-
-
-  reset_colors
-
-  AVP_TYPE=aws  # Support for IBM will be added later
-  
-  # Define cluster-level secrets used
-  # ---------------------------------------------------------------------------
-  # Note that SECRET_KEY_IBM_ENTITLEMENT cluster-level secret is set up by gitops-cluster
-  export SECRET_KEY_IBM_ENTITLEMENT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#entitlement_key
-  
-  if [ "$DRO_CMM_SETUP" == "true" ]; then
-    export SECRET_KEY_DRO_CMM_AUTH_APIKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro_cmm_auth#api_key
-    export SECRET_NAME_DRO_CMM_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro_cmm_auth
-    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_dro\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
-    sm_update_secret $SECRET_NAME_DRO_CMM_AUTH "{\"api_key\": \"$DRO_CMM_AUTH_APIKEY\"}" "${TAGS}"
-  fi
->>>>>>> Stashed changes
+  # sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$SECRET_KEY_MINIO_USER\", \"password\": \"$SECRET_KEY_MINIO_PASSWORD\"}" "${TAGS}"fi
 
-  if [ -z $GIT_SSH ]; then
-    export GIT_SSH=false
-  fi
 
+    if [ -z $GIT_SSH ]; then
+      export GIT_SSH=false
+    fi
 
-<<<<<<< Updated upstream
-=======
-  # Set and Validate App Names
-  # ---------------------------------------------------------------------------
-  ROOT_APP_NAME="root.${ACCOUNT_ID}"
-  CLUSTER_APP_NAME="cluster.${CLUSTER_ID}"
-  DRO_APP_NAME="dro.${CLUSTER_ID}"
+    # Clone github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+    fi
+    mkdir -p ${GITOPS_CLUSTER_DIR}
 
-  validate_app_name "${ROOT_APP_NAME}"
-  validate_app_name "${CLUSTER_APP_NAME}"
-  validate_app_name "${DRO_APP_NAME}"
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Generating aibroker operator Applications"
+    echo "- minio operator"
 
+    echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibrokernio.yaml"
+    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml
 
->>>>>>> Stashed changes
-  # Clone github target repo
-  # ---------------------------------------------------------------------------
-  if [ "$GITHUB_PUSH" == "true" ]; then
-    echo
-    echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
-    clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
-  fi
-  mkdir -p ${GITOPS_CLUSTER_DIR}
+    # Commit and push to github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
+      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
+    fi
 
+    rm -rf $TEMP_DIR
+    rm -rf $GITOPS_WORKING_DIR
 
-  # Generate ArgoApps
-  # ---------------------------------------------------------------------------
-  echo
-<<<<<<< Updated upstream
-  echo_h2 "Generating aibroker operator Applications"
-=======
-  echo_h2 "Generating dro operator Applications"
->>>>>>> Stashed changes
-  echo "- aibroker operator"
-
-  export IBM_ENTITLEMENT_KEY=$SECRET_KEY_IBM_ENTITLEMENT
-
-<<<<<<< Updated upstream
-  echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml"
-  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-mas-aibroker-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml
-=======
-  echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-dro.yaml"
-  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/ibm-mas-aibroker-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-aibroker-install.yaml
->>>>>>> Stashed changes
-
-  # Commit and push to github target repo
-  # ---------------------------------------------------------------------------
-  if [ "$GITHUB_PUSH" == "true" ]; then
-    echo
-    echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
-    save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
-    remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
   fi
-
-  # Get generated DRO API Token and set it in AWS SM
-  # ---------------------------------------------------------------------------
-  # This is now handled by a postsync job in the ibm-dro chart
-}
+  exit 0
+}
\ No newline at end of file

From 024dafa8b45e6af09ee22c148b3236f0624c402d Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 12 May 2025 11:29:35 +0530
Subject: [PATCH 020/258] Update gitops_minio

---
 image/cli/mascli/functions/gitops_minio | 66 +++++++++++++++++++++++--
 1 file changed, 62 insertions(+), 4 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index c71cfab5a52..c071d9ed6c6 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -28,6 +28,11 @@ minio Provider Selection / Version:
       --minio_storage_class ${COLOR_YELLOW}MINIO_STORAGE_CLASS${TEXT_RESET}                                 The minio storage class
       --minio_storage_size ${COLOR_YELLOW}MINIO_STORAGE_SIZE${TEXT_RESET}                                   The minio storage size
       --minio_image ${COLOR_YELLOW}MINIO_IMAGE${TEXT_RESET}                                                 The minio image name
+      --minio_access_key=${COLOR_YELLOW}MINIO_ACCESS_KEY${TEXT_RESET}                                    The access key for MinIO, used as the username
+      --minio_secret_key=${COLOR_YELLOW}MINIO_SECRET_KEY${TEXT_RESET}                                    The secret key for MinIO, used as the password
+      --minio_host=${COLOR_YELLOW}MINIO_HOST${TEXT_RESET}                                                The hostname or service URL where MinIO is reachable
+      --minio_port=${COLOR_YELLOW}MINIO_PORT${TEXT_RESET}                                                The port number on which MinIO is exposed
+
 
 Automatic GitHub Push (Optional):
   -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
@@ -56,6 +61,10 @@ function gitops_minio_noninteractive() {
   export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
   export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
   export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
+  export MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY:-"minio"}
+  export MINIO_SECRET_KEY=${MINIO_SECRET_KEY:-"minio123"}
+  export MINIO_PORT=${MINIO_PORT:-"9000"}
+  export MINIO_HOST=${MINIO_HOST:-"minio-service.minio.svc.cluster.local"}
 
   while [[ $# -gt 0 ]]
   do
@@ -105,6 +114,19 @@ function gitops_minio_noninteractive() {
       --minio_image)
         export MINIO_IMAGE=$1 && shift
         ;;
+      --minio_access_key)
+        export MINIO_ACCESS_KEY=$1 && shift
+        ;;
+      --minio_secret_key)
+          export MINIO_SECRET_KEY=$1 && shift
+          ;;
+      --minio_host)
+          export MINIO_HOST=$1 && shift
+          ;;
+      --minio_port)
+          export MINIO_PORT=$1 && shift
+          ;;
+
       # Automatic GitHub Push
       -P|--github-push)
         export GITHUB_PUSH=true
@@ -225,7 +247,7 @@ function gitops_minio() {
   # Set up secrets
   # ---------------------------------------------------------------------------
   CURRENT_DIR=$PWD
-  TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-minio
+  TEMP_DIR=$GITOPS_CLUSTER_DIR/aibroker01
   mkdir -p ${TEMP_DIR}
 
   AVP_TYPE=aws  # Support for IBM will be added later
@@ -246,8 +268,41 @@ function gitops_minio() {
       export MINIO_SECRET_FILE=$TEMP_DIR/minio-secret.json
       export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
       echo_reset_dim "MINIO_ROOT_USER ............................. ${COLOR_MAGENTA}$MINIO_ROOT_USER"
-      
+
+      # Extract and export sm_minio_accesskey
+      TEMP_MINIO_ACCESSKEY=$(jq -r .sm_minio_accesskey $MINIO_SECRET_FILE)
+      # echo_reset_dim "TEMP_MINIO_ACCESSKEY .............................. ${COLOR_MAGENTA}${TEMP_MINIO_ACCESSKEY:0:8}<snip> is available in the secret, using that value"
+      if [[ -n ${TEMP_MINIO_ACCESSKEY} ]]; then
+        export MINIO_ACCESS_KEY=${TEMP_MINIO_ACCESSKEY}
+        echo_reset_dim "MINIO_ACCESS_KEY .............................. ${COLOR_MAGENTA}${MINIO_ACCESS_KEY:0:8}<snip> is available in the secret, using that value"
+      fi
+
+      # Extract and export sm_minio_secretkey
+      TEMP_MINIO_SECRETKEY=$(jq -r .sm_minio_secretkey $MINIO_SECRET_FILE)
+      # echo_reset_dim "TEMP_MINIO_SECRETKEY .............................. ${COLOR_MAGENTA}${TEMP_MINIO_SECRETKEY:0:8}<snip> is available in the secret, using that value"
+      if [[ -n ${TEMP_MINIO_SECRETKEY} ]]; then
+        export MINIO_SECRET_KEY=${TEMP_MINIO_SECRETKEY}
+        echo_reset_dim "MINIO_SECRET_KEY .............................. ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:8}<snip> is available in the secret, using that value"
+      fi
+
+      # Extract and export sm_minio_port
+      TEMP_MINIO_PORT=$(jq -r .sm_minio_port $MINIO_SECRET_FILE)
+      # echo_reset_dim "TEMP_MINIO_PORT .............................. ${COLOR_MAGENTA}${TEMP_MINIO_PORT:0:8}<snip> is available in the secret, using that value"
+      if [[ -n ${TEMP_MINIO_PORT} ]]; then
+        export MINIO_PORT=${TEMP_MINIO_PORT}
+        echo_reset_dim "MINIO_PORT .................................... ${COLOR_MAGENTA}${MINIO_PORT} is available in the secret, using that value"
+      fi
+
+      # Extract and export sm_minio_host
+      TEMP_MINIO_HOST=$(jq -r .sm_minio_host $MINIO_SECRET_FILE)
+      # echo_reset_dim "TEMP_MINIO_HOST .............................. ${COLOR_MAGENTA}${TEMP_MINIO_HOST:0:8}<snip> is available in the secret, using that value"
+      if [[ -n ${TEMP_MINIO_HOST} ]]; then
+        export MINIO_HOST=${TEMP_MINIO_HOST}
+        echo_reset_dim "MINIO_HOST .................................... ${COLOR_MAGENTA}${MINIO_HOST} is available in the secret, using that value"
+      fi
+
       export MINIO_ROOT_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
+     
       sm_get_secret_file ${SECRET_NAME_MINIO_AUTH} $MINIO_SECRET_FILE
       TEMP_MINIO_PASSWORD=$(jq -r .sm_minio_password $MINIO_SECRET_FILE)
       if [[ -n ${TEMP_MINIO_PASSWORD} ]]; then
@@ -257,7 +312,7 @@ function gitops_minio() {
       echo_reset_dim "MINIO_ROOT_PASSWORD ............................. ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip>"
       TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
       
-      sm_update_secret $SECRET_NAME_MINIO_AUTH "{ \"username\": \"$MINIO_ROOT_USER\", \"password\": \"$MINIO_ROOT_PASSWORD\"}" "${TAGS}"
+      sm_update_secret $SECRET_NAME_MINIO_AUTH "{ \"sm_minio_user\": \"$MINIO_ROOT_USER\", \"sm_minio_password\": \"$MINIO_ROOT_PASSWORD\", \"sm_minio_accesskey\": \"$MINIO_ROOT_USER\", \"sm_minio_secretkey\": \"$MINIO_ROOT_PASSWORD\", \"sm_minio_port\": \"$MINIO_PORT\", \"sm_minio_host\": \"$MINIO_HOST\" }" "${TAGS}"
     fi
     
     echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
@@ -267,7 +322,10 @@ function gitops_minio() {
     echo_reset_dim "minio_image ........................... ${COLOR_MAGENTA}${MINIO_IMAGE}"
     echo_reset_dim "minio_root_user ....................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
     echo_reset_dim "minio_root_password ................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
-
+    echo_reset_dim "minio_access_key ...................... ${COLOR_MAGENTA}${MINIO_ACCESS_KEY}"
+    echo_reset_dim "minio_secret_key ...................... ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:4}<snip>"
+    echo_reset_dim "minio_port ............................ ${COLOR_MAGENTA}${MINIO_PORT}"
+    echo_reset_dim "minio_host ............................ ${COLOR_MAGENTA}${MINIO_HOST}"
 
     if [ -z $GIT_SSH ]; then
       export GIT_SSH=false

From ac9ad89ba00f8f5419faef564921ac092f0e5b97 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 12 May 2025 14:31:12 +0530
Subject: [PATCH 021/258] Update gitops_minio

resolved file issue.
---
 image/cli/mascli/functions/gitops_minio | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index c071d9ed6c6..735f0bc0a04 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -263,9 +263,12 @@ function gitops_minio() {
     export SECRET_KEY_MINIO_USER=${SECRET_NAME_MINIO_AUTH}#sm_minio_user
     export SECRET_KEY_MINIO_PASSWORD=${SECRET_NAME_MINIO_AUTH}#sm_minio_password
     
+    # Create a secret in SM containing the username/password for this specific minio instance.
+    export MINIO_SECRET_FILE=$TEMP_DIR/minio-secret.json
+    sm_get_secret_file ${SECRET_NAME_MINIO_AUTH} $MINIO_SECRET_FILE
+    
     if [ -z "$MINIO_ROOT_PASSWORD" ]; then
-      # Create a secret in SM containing the username/password for this specific minio instance.
-      export MINIO_SECRET_FILE=$TEMP_DIR/minio-secret.json
+
       export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
       echo_reset_dim "MINIO_ROOT_USER ............................. ${COLOR_MAGENTA}$MINIO_ROOT_USER"
 
@@ -302,8 +305,7 @@ function gitops_minio() {
       fi
 
       export MINIO_ROOT_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
-     
-      sm_get_secret_file ${SECRET_NAME_MINIO_AUTH} $MINIO_SECRET_FILE
+
       TEMP_MINIO_PASSWORD=$(jq -r .sm_minio_password $MINIO_SECRET_FILE)
       if [[ -n ${TEMP_MINIO_PASSWORD} ]]; then
         export MINIO_ROOT_PASSWORD=${TEMP_MINIO_PASSWORD}
@@ -322,7 +324,7 @@ function gitops_minio() {
     echo_reset_dim "minio_image ........................... ${COLOR_MAGENTA}${MINIO_IMAGE}"
     echo_reset_dim "minio_root_user ....................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
     echo_reset_dim "minio_root_password ................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
-    echo_reset_dim "minio_access_key ...................... ${COLOR_MAGENTA}${MINIO_ACCESS_KEY}"
+    echo_reset_dim "minio_access_key ...................... ${COLOR_MAGENTA}${MINIO_ACCESS_KEY:0:4}<snip>"
     echo_reset_dim "minio_secret_key ...................... ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:4}<snip>"
     echo_reset_dim "minio_port ............................ ${COLOR_MAGENTA}${MINIO_PORT}"
     echo_reset_dim "minio_host ............................ ${COLOR_MAGENTA}${MINIO_HOST}"

From ef780cadc244ad4fa5884db95edb7ed1e7fefdd0 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <drashti.malviya1207@gmail.com>
Date: Mon, 12 May 2025 14:51:31 +0530
Subject: [PATCH 022/258] Rename
 image/cli/mascli/functions/gitops_suite_aibroker_install to
 image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker

change in file name
---
 .../functions/gitops_aibroker}                                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename image/cli/mascli/functions/{gitops_suite_aibroker_install => . $CLI_DIR/functions/gitops_aibroker} (99%)

diff --git a/image/cli/mascli/functions/gitops_suite_aibroker_install b/image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker
similarity index 99%
rename from image/cli/mascli/functions/gitops_suite_aibroker_install
rename to image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker
index f2e65d4a1ef..3df9d029ff7 100644
--- a/image/cli/mascli/functions/gitops_suite_aibroker_install
+++ b/image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker	
@@ -426,4 +426,4 @@ function gitops_aibroker() {
 
   fi
   exit 0
-}
\ No newline at end of file
+}

From e4f5a26946832b72b33879a6f894b6628ba71e8e Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 12 May 2025 15:15:11 +0530
Subject: [PATCH 023/258] update fname

---
 image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker b/image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker
index 3df9d029ff7..63b641223f4 100644
--- a/image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker	
+++ b/image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker	
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-function gitops_suite_aibroker_install_help() {
+function gitops_aibroker_help() {
   [[ -n "$1" ]] && echo_warning "$1"
   reset_colors
   cat << EOM

From 8a33d83e7227e7b28c1d7932391f2edaa109cf3f Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 12 May 2025 16:31:19 +0530
Subject: [PATCH 024/258] correct file path

---
 .../functions/{. $CLI_DIR/functions => }/gitops_aibroker    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename image/cli/mascli/functions/{. $CLI_DIR/functions => }/gitops_aibroker (99%)

diff --git a/image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
similarity index 99%
rename from image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker
rename to image/cli/mascli/functions/gitops_aibroker
index 63b641223f4..c57893c0374 100644
--- a/image/cli/mascli/functions/. $CLI_DIR/functions/gitops_aibroker	
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -128,7 +128,7 @@ function gitops_aibroker_noninteractive() {
         export INSTANCE_ID=$1 && shift 
 
       # Secrets Manager
-      --secrets-path)
+      --secrets-path
         export SECRETS_PATH=$1 && shift
         ;;
       --primary-storage-class)
@@ -409,7 +409,7 @@ function gitops_aibroker() {
     echo_h2 "Generating aibroker operator Applications"
     echo "- minio operator"
 
-    echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibrokernio.yaml"
+    echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml"
     jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml
 
     # Commit and push to github target repo
@@ -424,6 +424,6 @@ function gitops_aibroker() {
     rm -rf $TEMP_DIR
     rm -rf $GITOPS_WORKING_DIR
 
-  fi
+   
   exit 0
 }

From 949a10ad3b1441719a6eaa99a05dd5704d33269d Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 12 May 2025 16:27:47 +0530
Subject: [PATCH 025/258] Update gitops_minio

code updated for checking values present in aws
---
 image/cli/mascli/functions/gitops_minio | 47 ++++++++++---------------
 1 file changed, 19 insertions(+), 28 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index 735f0bc0a04..c704695c7eb 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -61,8 +61,6 @@ function gitops_minio_noninteractive() {
   export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
   export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
   export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
-  export MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY:-"minio"}
-  export MINIO_SECRET_KEY=${MINIO_SECRET_KEY:-"minio123"}
   export MINIO_PORT=${MINIO_PORT:-"9000"}
   export MINIO_HOST=${MINIO_HOST:-"minio-service.minio.svc.cluster.local"}
 
@@ -114,12 +112,6 @@ function gitops_minio_noninteractive() {
       --minio_image)
         export MINIO_IMAGE=$1 && shift
         ;;
-      --minio_access_key)
-        export MINIO_ACCESS_KEY=$1 && shift
-        ;;
-      --minio_secret_key)
-          export MINIO_SECRET_KEY=$1 && shift
-          ;;
       --minio_host)
           export MINIO_HOST=$1 && shift
           ;;
@@ -256,7 +248,6 @@ function gitops_minio() {
   if [ ! -z "$MINIO_NAMESPACE" ]; then
 
     #minio provider role specific env variables
-    export MINIO_ACTION="install"
 
     export SECRET_NAME_MINIO_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
     echo_reset_dim "SECRET_NAME_MINIO_AUTH ................ ${COLOR_MAGENTA}$SECRET_NAME_MINIO_AUTH"
@@ -272,45 +263,45 @@ function gitops_minio() {
       export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
       echo_reset_dim "MINIO_ROOT_USER ............................. ${COLOR_MAGENTA}$MINIO_ROOT_USER"
 
+      export MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
       # Extract and export sm_minio_accesskey
       TEMP_MINIO_ACCESSKEY=$(jq -r .sm_minio_accesskey $MINIO_SECRET_FILE)
-      # echo_reset_dim "TEMP_MINIO_ACCESSKEY .............................. ${COLOR_MAGENTA}${TEMP_MINIO_ACCESSKEY:0:8}<snip> is available in the secret, using that value"
-      if [[ -n ${TEMP_MINIO_ACCESSKEY} ]]; then
+      if [[ -n ${TEMP_MINIO_ACCESSKEY} && ${TEMP_MINIO_ACCESSKEY} != "null" ]]; then
         export MINIO_ACCESS_KEY=${TEMP_MINIO_ACCESSKEY}
         echo_reset_dim "MINIO_ACCESS_KEY .............................. ${COLOR_MAGENTA}${MINIO_ACCESS_KEY:0:8}<snip> is available in the secret, using that value"
       fi
-
-      # Extract and export sm_minio_secretkey
-      TEMP_MINIO_SECRETKEY=$(jq -r .sm_minio_secretkey $MINIO_SECRET_FILE)
-      # echo_reset_dim "TEMP_MINIO_SECRETKEY .............................. ${COLOR_MAGENTA}${TEMP_MINIO_SECRETKEY:0:8}<snip> is available in the secret, using that value"
-      if [[ -n ${TEMP_MINIO_SECRETKEY} ]]; then
-        export MINIO_SECRET_KEY=${TEMP_MINIO_SECRETKEY}
-        echo_reset_dim "MINIO_SECRET_KEY .............................. ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:8}<snip> is available in the secret, using that value"
-      fi
-
+      
+      export MINIO_PORT=${MINIO_PORT:-"9000"}
       # Extract and export sm_minio_port
       TEMP_MINIO_PORT=$(jq -r .sm_minio_port $MINIO_SECRET_FILE)
-      # echo_reset_dim "TEMP_MINIO_PORT .............................. ${COLOR_MAGENTA}${TEMP_MINIO_PORT:0:8}<snip> is available in the secret, using that value"
-      if [[ -n ${TEMP_MINIO_PORT} ]]; then
+      if [[ -n ${TEMP_MINIO_PORT} && ${TEMP_MINIO_PORT} != "null" ]]; then
         export MINIO_PORT=${TEMP_MINIO_PORT}
         echo_reset_dim "MINIO_PORT .................................... ${COLOR_MAGENTA}${MINIO_PORT} is available in the secret, using that value"
       fi
-
+      
+      export MINIO_HOST=${MINIO_HOST:-"minio-service.minio.svc.cluster.local"}
       # Extract and export sm_minio_host
       TEMP_MINIO_HOST=$(jq -r .sm_minio_host $MINIO_SECRET_FILE)
-      # echo_reset_dim "TEMP_MINIO_HOST .............................. ${COLOR_MAGENTA}${TEMP_MINIO_HOST:0:8}<snip> is available in the secret, using that value"
-      if [[ -n ${TEMP_MINIO_HOST} ]]; then
+      if [[ -n ${TEMP_MINIO_HOST} && ${TEMP_MINIO_HOST} != "null" ]]; then
         export MINIO_HOST=${TEMP_MINIO_HOST}
         echo_reset_dim "MINIO_HOST .................................... ${COLOR_MAGENTA}${MINIO_HOST} is available in the secret, using that value"
       fi
 
       export MINIO_ROOT_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
-
       TEMP_MINIO_PASSWORD=$(jq -r .sm_minio_password $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_MINIO_PASSWORD} ]]; then
+      if [[ -n ${TEMP_MINIO_PASSWORD} && ${TEMP_MINIO_PASSWORD} != "null" ]]; then
         export MINIO_ROOT_PASSWORD=${TEMP_MINIO_PASSWORD}
         echo_reset_dim "MINIO_ROOT_PASSWORD ........................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip> is available in the secret, using that value"
       fi
+
+      export MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
+      # Extract and export sm_minio_secretkey
+      TEMP_MINIO_SECRETKEY=$(jq -r .sm_minio_secretkey $MINIO_SECRET_FILE)
+      if [[ -n ${TEMP_MINIO_SECRETKEY} && ${TEMP_MINIO_SECRETKEY} != "null" ]]; then
+        export MINIO_SECRET_KEY=${TEMP_MINIO_SECRETKEY}
+        echo_reset_dim "MINIO_SECRET_KEY .............................. ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:8}<snip> is available in the secret, using that value"
+      fi
+
       echo_reset_dim "MINIO_ROOT_PASSWORD ............................. ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip>"
       TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
       
@@ -324,7 +315,7 @@ function gitops_minio() {
     echo_reset_dim "minio_image ........................... ${COLOR_MAGENTA}${MINIO_IMAGE}"
     echo_reset_dim "minio_root_user ....................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
     echo_reset_dim "minio_root_password ................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
-    echo_reset_dim "minio_access_key ...................... ${COLOR_MAGENTA}${MINIO_ACCESS_KEY:0:4}<snip>"
+    echo_reset_dim "minio_access_key ...................... ${COLOR_MAGENTA}${MINIO_ACCESS_KEY}"
     echo_reset_dim "minio_secret_key ...................... ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:4}<snip>"
     echo_reset_dim "minio_port ............................ ${COLOR_MAGENTA}${MINIO_PORT}"
     echo_reset_dim "minio_host ............................ ${COLOR_MAGENTA}${MINIO_HOST}"

From 0a7a5d36e15f238b39dfcca572c31989adb275dc Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 12 May 2025 17:12:05 +0530
Subject: [PATCH 026/258] update envs

---
 image/cli/mascli/functions/gitops_aibroker | 69 ++++++++++------------
 1 file changed, 31 insertions(+), 38 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index c57893c0374..eb889a14f82 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -83,7 +83,7 @@ function gitops_aibroker_noninteractive() {
   GIT_COMMIT_MSG="gitops-aibroker commit"
 
    #adding default values # all generic values should to put here # check with ansible playbook/gitops anvs 
-   only export below in whiel loop
+   #only export below in whiel loop
 
   #adding default values 
   export PRIMARY_STORAGE_CLASS=${PRIMARY_STORAGE_CLASS:-"nfs-client"}
@@ -126,74 +126,67 @@ function gitops_aibroker_noninteractive() {
         ;;
       -i|--instance-id)
         export INSTANCE_ID=$1 && shift 
-
-      # Secrets Manager
-      --secrets-path
-        export SECRETS_PATH=$1 && shift
         ;;
-      --primary-storage-class)
-         export PRIMARY_STORAGE_CLASS=$1 && shift
-          ;;
       --mas-icr-cp)
-          export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-pu"} && shift
-          ;;
+        export MAS_ICR_CP=$1 && shift
+        ;;
       --mas-icr-cpopen)
-          export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"d"} && shift
-          ;;
+        export MAS_ICR_CPOPEN=$1 && shift
+        ;;
       --artifactory-username)
-          export ARTIFACTORY_USERNAME=$1 && shift
-          ;;
+        export ARTIFACTORY_USERNAME=$1 && shift
+        ;;
       --region-id)
-          export REGION_ID=${REGION_ID:-${SM_AWS_REGION}} && shift
-          ;;
-      --minio-namespace)
-          export MINIO_NAMESPACE=$1 && shift
-          ;;
+        export REGION_ID=$1 && shift
+        ;;
+      --minio_namespace)
+        export MINIO_NAMESPACE=$1 && shift
+        ;;
       --minio-instance-name)
           export MINIO_INSTANCE_NAME=$1 && shift
-          ;;
+        ;;
       --minio-storage-size)
           export MINIO_STORAGE_SIZE=$1 && shift
-          ;;
+        ;;
       --minio-image)
-          export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio"} && shift
-          ;;
+          export MINIO_IMAGE=$1 && shift
+        ;;
       --aibroker-namespace)
           export AIBROKER_NAMESPACE=$1 && shift
-          ;;
+        ;;
       --mas-instance-id)
-          export MAS_INSTACE_ID=${MAS_INSTACE_ID:-"sre"} && shift
-          ;;
+          export MAS_INSTACE_ID=$1 && shift
+        ;;
       --mas-aibroker-watsonx-secret)
           export MAS_AIBROKER_WATSONX_SECRET=$1 && shift
-          ;;
+        ;;
       --mas-aibroker-storage-provider)
           export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
-          ;;
+        ;;
       --mas-aibroker-minio-secret)
           export MAS_AIBROKER_MINIO_SECRET=$1 && shift
-          ;;
+        ;;
       --mas-aibroker-storage-ssl)
           export MAS_AIBROKER_STORAGE_SSL=$1 && shift
-          ;;
+        ;;
       --mas-aibroker-storage-region)
           export MAS_AIBROKER_STORAGE_REGION=$1 && shift
-          ;;
+        ;;
       --mas-app-channel)
           export MAS_APP_CHANNEL=$1 && shift
-          ;;
+        ;;
       --mas-catalog-source)
           export MAS_CATALOG_SOURCE=$1 && shift
-          ;;
+        ;;
       --cluster-domain)
-          export CLUSTER_DOMAIN=${CLUSTER_DOMAIN:-""} && shift
-          ;;
+          export CLUSTER_DOMAIN=$1 && shift
+        ;;
       --in-saas-env)
-          export IN_SAAS_ENV=${IN_SAAS_ENV:-"false"} && shift
-          ;;
+          export IN_SAAS_ENV=$1 && shift
+        ;;
       --mas-aibroker-mariadb-secret)
           export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
-          ;;
+        ;;
 
       # Automatic GitHub Push
       -P|--github-push)

From ec454b235b0f22682c84d36b5332d701590feec5 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Tue, 13 May 2025 11:30:58 +0530
Subject: [PATCH 027/258] Git ODH function path

---
 image/cli/mascli/functions/gitops_odh         | 67 +++++++++++++------
 .../instance/ibm-mas-odh-install.yaml.j2      | 24 +++----
 2 files changed, 60 insertions(+), 31 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index a18746c24cf..d9486e8dcb0 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -285,9 +285,9 @@ function gitops_odh() {
   # Prepare directories
   rm -rf "$GITOPS_WORKING_DIR"
   mkdir -p "${GITOPS_WORKING_DIR}"
-  GITOPS_CLUSTER_DIR="${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}"
-  TEMP_DIR="${GITOPS_CLUSTER_DIR}/tmp-odh"
-  mkdir -p "$TEMP_DIR"
+  #GITOPS_CLUSTER_DIR="${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}"
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
+  
 
   echo
   echo_h2 "Review Settings"
@@ -300,16 +300,33 @@ function gitops_odh() {
   echo_reset_dim "Secrets Path .......................... ${COLOR_MAGENTA}${SECRETS_PATH}"
   reset_colors
 
+  CURRENT_DIR=$PWD
+  TEMP_DIR=$CURRENT_DIR/aibroker01
+  mkdir -p $TEMP_DIR
+
   AVP_TYPE=aws
   sm_login
 
   # Set up secret key and fetch secret
+  export SECRET_ACCOUNT_PATH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
   export MAS_CONFIG_DIR="$TEMP_DIR"
   export ODH_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio"
   export ODH_SECRET_FILE="$TEMP_DIR/odh-secret.json"
+  if [ -z $GIT_SSH ]; then
+    export GIT_SSH=false
+  fi
 
+  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio "sm_minio_bucket_templates,sm_minio_bucket_tenants,sm_minio_bucket_pipelines,sm_minio_bucket_default"
+  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb "sm_mariadb_host,sm_mariadb_database"
   sm_get_secret_file "$ODH_SECRET" "$ODH_SECRET_FILE"
-
+  #################################################################
+   export MARIA_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb"
+   export MARIA_SECRET_FILE="$TEMP_DIR/mariadb-secret.json"
+   sm_get_secret_file "$MARIA_SECRET" "$MARIA_SECRET_FILE"
+  ######################################################################
+   #######################Checking condition Storage_provider#######################################
+   #mas_aibroker_storage_provider
+  ######################################################################
   # Reuse existing secret values if present
   TEMP_MINIO_ACCESS_KEY=$(jq -r .sm_minio_accesskey "$ODH_SECRET_FILE")
   if [[ -n ${TEMP_MINIO_ACCESS_KEY} ]]; then
@@ -343,12 +360,12 @@ function gitops_odh() {
   export MINIO_PORT=$(jq -r .sm_minio_port "$ODH_SECRET_FILE")
   export MINIO_BUCKET=$(jq -r .sm_minio_bucket_default "$ODH_SECRET_FILE")
 
-  export MARIADB_HOST=$(jq -r .sm_mariadb_host "$ODH_SECRET_FILE")
-  export MARIADB_PORT=$(jq -r .sm_mariadb_port "$ODH_SECRET_FILE")
-  export MARIADB_USER=$(jq -r .sm_mariadb_user "$ODH_SECRET_FILE")
-  export MARIADB_DATABASE=$(jq -r .sm_mariadb_database "$ODH_SECRET_FILE")
-  export MARIADB_SECRET_NAME=$(jq -r .sm_mariadb_secret_name "$ODH_SECRET_FILE")
-  export MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$ODH_SECRET_FILE")
+  export MARIADB_HOST=$(jq -r .sm_mariadb_host "$MARIA_SECRET_FILE")
+  export MARIADB_PORT=$(jq -r .sm_mariadb_port "$MARIA_SECRET_FILE")
+  export MARIADB_USER=$(jq -r .sm_mariadb_user "$MARIA_SECRET_FILE")
+  export MARIADB_DATABASE=$(jq -r .sm_mariadb_database "$MARIA_SECRET_FILE")
+  export MARIADB_SECRET_NAME=$(jq -r .sm_mariadb_secret_name "$$MARIA_SECRET_FILE")
+  export MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$MARIA_SECRET_FILE")
 
   echo_h2 "ODH Secret Summary"
   echo_reset_dim "MINIO_HOST ............................. ${COLOR_MAGENTA}${MINIO_HOST}"
@@ -357,27 +374,39 @@ function gitops_odh() {
   echo_reset_dim "MARIADB_DATABASE ....................... ${COLOR_MAGENTA}${MARIADB_DATABASE}"
   reset_colors
 
+
+  # Clone github target repo
+  # ---------------------------------------------------------------------------
+  if [ "$GITHUB_PUSH" == "true" ]; then
+    echo "GITOPS_WORKING_DIR  ${GITOPS_WORKING_DIR}"
+    echo "GITOPS_CLUSTER_DIR  ${GITOPS_CLUSTER_DIR}"
+    echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+    clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+  fi
+
+  mkdir -p ${GITOPS_CLUSTER_DIR}
   # Render YAML
   echo_h2 "Generating OpenDataHub GitOps YAML"
-  echo "${TEMP_DIR}"
-  echo "Output: ${TEMP_DIR}/ibm-mas-odh-install.yaml"
+  echo "${GITOPS_CLUSTER_DIR}"
+  echo "Output: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml"
 
-  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 ${TEMP_DIR}/ibm-mas-odh-install.yaml
+  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
 
   # Collect info block for secret update
-  yq eval '.' "${TEMP_DIR}/ibm-mas-odh-install.yaml" > "${TEMP_DIR}/odh-info.yaml"
-  UNESCAPED_INFO="$(cat ${TEMP_DIR}/odh-info.yaml)"
+  yq eval '.' "${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml" > "${GITOPS_CLUSTER_DIR}/odh-info.yaml"
+  UNESCAPED_INFO="$(cat ${GITOPS_CLUSTER_DIR}/odh-info.yaml)"
   ESCAPED_INFO="${UNESCAPED_INFO//\"/\\\"}"
 
   TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_odh\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
 
-  sm_update_secret "$ODH_SECRET" \
-    "{\"minio_access_key\": \"${MINIO_ACCESS_KEY}\", \"minio_secret_key\": \"${MINIO_SECRET_KEY}\", \"mariadb_user\": \"${MARIADB_USER}\"}" \
-    "$TAGS"
-
+  # sm_update_secret "$ODH_SECRET" \
+  #   "{\"minio_access_key\": \"${MINIO_ACCESS_KEY}\", \"minio_secret_key\": \"${MINIO_SECRET_KEY}\", \"mariadb_user\": \"${MARIADB_USER}\"}" \
+  #   "$TAGS"
+  #rm -rf "$TEMP_DIR"
   # GitHub push
   if [[ "$GITHUB_PUSH" == "true" ]]; then
     echo_h2 "Pushing changes to GitHub"
+    echo "Github push" "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "Working: " "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" " Commit :" "$GIT_COMMIT_MSG"
     save_to_target_git_repo "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "$GIT_COMMIT_MSG"
     remove_git_repo_clone "${GITOPS_WORKING_DIR}/${GITHUB_REPO}"
   fi
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
index e34a235c5b4..7b898ce04c2 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
@@ -19,7 +19,7 @@ ibm_odh:
   odh_namespace: "opendatahub"
 
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
-  pull_secret_name: "<path:{{ SECRETS_PATH }}/ibm_entitlement#image_pull_secret_b64>"
+  pull_secret_name: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}/ibm_entitlement#image_pull_secret_b64>"
 
   # ODH Pipeline operator
   odh_pipeline_name: "openshift-pipelines-operator"
@@ -45,20 +45,20 @@ ibm_odh:
 
   # Storage configuration
   mas_aibroker_storage_provider: "minio"
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}/minio#sm_minio_accesskey>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}/minio#sm_minio_secretkey>"
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}/minio#sm_minio_host>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}/minio#sm_minio_port>"
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}minio#sm_minio_accesskey>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}minio#sm_minio_secretkey>"
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}minio#sm_minio_host>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}minio#sm_minio_port>"
   mas_aibroker_storage_ssl: "true"
   mas_aibroker_storage_region: ""
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}/minio#sm_minio_bucket_default>"
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}minio#sm_minio_bucket_default>"
 
   # MariaDB configuration
-  mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_host>"
-  mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_port>"
-  mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_user>"
-  mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_database>"
-  mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_secret_name>"
-  mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_secret_value>"
+  mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_host>"
+  mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_port>"
+  mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_user>"
+  mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_database>"
+  mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_secret_name>"
+  mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_secret_value>"
 
   primary_storage_class: "nfs-client"

From e36d8ec9d59df9dd7ec8663cf23e15c5bc2152cc Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Tue, 13 May 2025 15:47:36 +0530
Subject: [PATCH 028/258] comment unused

---
 image/cli/mascli/functions/gitops_aibroker | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index eb889a14f82..3c33801cc96 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -101,7 +101,7 @@ function gitops_aibroker_noninteractive() {
   export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"minio"}
   export MAS_AIBROKER_MINIO_SECRET=${MAS_AIBROKER_MINIO_SECRET:-"minio-secret"}
   export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
-  export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
+ # export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
   export MAS_APP_CHANNEL=${MAS_APP_CHANNEL:-"workspace"}
   export MAS_CATALOG_SOURCE=${MAS_CATALOG_SOURCE:-"ibm-operator-catalog"}
   export CLUSTER_DOMAIN=${CLUSTER_DOMAIN:-"sremat-test.cp.fyre.ibm.com"}
@@ -124,9 +124,6 @@ function gitops_aibroker_noninteractive() {
       -c|--cluster-id)
         export CLUSTER_ID=$1 && shift
         ;;
-      -i|--instance-id)
-        export INSTANCE_ID=$1 && shift 
-        ;;
       --mas-icr-cp)
         export MAS_ICR_CP=$1 && shift
         ;;
@@ -169,9 +166,9 @@ function gitops_aibroker_noninteractive() {
       --mas-aibroker-storage-ssl)
           export MAS_AIBROKER_STORAGE_SSL=$1 && shift
         ;;
-      --mas-aibroker-storage-region)
-          export MAS_AIBROKER_STORAGE_REGION=$1 && shift
-        ;;
+      # --mas-aibroker-storage-region)
+      #     export MAS_AIBROKER_STORAGE_REGION=$1 && shift
+      #   ;;
       --mas-app-channel)
           export MAS_APP_CHANNEL=$1 && shift
         ;;
@@ -187,11 +184,11 @@ function gitops_aibroker_noninteractive() {
       --mas-aibroker-mariadb-secret)
           export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
         ;;
-
       # Automatic GitHub Push
       -P|--github-push)
         export GITHUB_PUSH=true
         ;;
+
       -H|--github-host)
         export GITHUB_HOST=$1 && shift
         ;;
@@ -223,10 +220,8 @@ function gitops_aibroker_noninteractive() {
 
 
   [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_help "CLUSTER_ID is not set"
-  //need to ask for instace id
-  [[ -z "$INSTANCE_ID" ]] && gitops_aibroker_help "INSTANCE_ID is not set"
+  #[[ -z "$INSTANCE_ID" ]] && gitops_aibroker_help "INSTANCE_ID is not set"
   [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
-  [[ -z "$INSTANCE_ID" ]] && gitops_aibroker_help "INSTANCE_ID is not set"
   [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
   #[[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_help "MAS_INSTANCE_ID is not set"
 
@@ -250,7 +245,7 @@ function gitops_aibroker_noninteractive() {
     [[ -z "$MAS_AIBROKER_STORAGE_PROVIDER" ]] && gitops_aibroker_help "MAS_AIBROKER_STORAGE_PROVIDER is not set"
     [[ -z "$MAS_AIBROKER_MINIO_SECRET" ]] && gitops_aibroker_help "MAS_AIBROKER_MINIO_SECRET is not set"
     [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_help "MAS_AIBROKER_STORAGE_SSL is not set"
-    [[ -z "$MAS_AIBROKER_STORAGE_REGION" ]] && gitops_aibroker_help "MAS_AIBROKER_STORAGE_REGION is not set"
+   # [[ -z "$MAS_AIBROKER_STORAGE_REGION" ]] && gitops_aibroker_help "MAS_AIBROKER_STORAGE_REGION is not set"
     [[ -z "$MAS_APP_CHANNEL" ]] && gitops_aibroker_help "MAS_APP_CHANNEL is not set"
     [[ -z "$MAS_CATALOG_SOURCE" ]] && gitops_aibroker_help "MAS_CATALOG_SOURCE is not set"
     [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_help "CLUSTER_DOMAIN is not set"

From c615597970a665ab5669651cb5ed81e52331b27a Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 13 May 2025 17:12:07 +0530
Subject: [PATCH 029/258] cherry-pick 759c37fe2d conflict

---
 .../mascli/functions/gitops_aibroker_tenant   | 509 ++++++++++++++++++
 image/cli/mascli/mas                          |   8 +
 .../instance/ibm-aibroker-tenant.yaml.j2      |  44 ++
 .../gitops/gitops-aibroker-tenant.yml.j2      | 244 +++++++++
 4 files changed, 805 insertions(+)
 create mode 100644 image/cli/mascli/functions/gitops_aibroker_tenant
 create mode 100644 image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
 create mode 100644 tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
new file mode 100644
index 00000000000..5dcee34c120
--- /dev/null
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -0,0 +1,509 @@
+#!/usr/bin/env bash
+
+function gitops_aibroker_tenant_help() {
+  [[ -n "$1" ]] && echo_warning "$1"
+  reset_colors
+  cat << EOM
+Usage:
+  mas gitops-aibroker-tenant [options]
+Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
+When no options are specified on the command line, interactive-mode will be enabled by default.
+
+Basic Configuration:
+  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                 Directory for GitOps repository
+  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                  Account name that the cluster belongs to
+  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                  Cluster ID
+  -i, --Instace-id ${COLOR_YELLOW}INSTANCE_ID${TEXT_RESET}                                                 Instance ID
+
+ibm_aibroker_tenant(required):
+      --aibroker-namespace ${TEXT_RESET}AIBROKER_NAMESPACE${TEXT_RESET}
+      --mas-instance-id ${TEXT_RESET}MAS_INSTACE_ID${TEXT_RESET}
+      --primary-storage-class ${TEXT_RESET}PRIMARY_STORAGE_CLASS${TEXT_RESET}
+
+AIBroker :
+--aibroker_namespace ${COLOR_YELLOW}${AIBROKER_NAMESPACE}${TEXT_RESET}                                                           The namespace where AI Broker is deployed
+--mas_aibroker_provision_tenant ${COLOR_YELLOW}${MAS_AIBROKER_PROVISION_TENANT}${TEXT_RESET}                                     Whether to provision the AI Broker tenant (true/false)
+--mas_instance_id ${COLOR_YELLOW}${MAS_INSTANCE_ID}${TEXT_RESET}                                                                 The MAS instance ID used by AI Broker
+--tenant_namespace ${COLOR_YELLOW}${TENANT_NAMESPACE}${TEXT_RESET}                                                                 The tenant's Kubernetes namespace
+--cluster_domain ${COLOR_YELLOW}${CLUSTER_DOMAIN}${TEXT_RESET}                                                                   The domain name of the Kubernetes cluster (e.g., cluster.local)
+--in_saas_env ${COLOR_YELLOW}${IN_SAAS_ENV}${TEXT_RESET}                                                                         Whether the environment is SaaS (true/false)
+--ibm_entitlement_key ${COLOR_YELLOW}${IBM_ENTITLEMENT_KEY}${TEXT_RESET}                                                         IBM Entitlement API key for accessing IBM container registries
+
+--mas_icr_cp ${COLOR_YELLOW}${MAS_ICR_CP}${TEXT_RESET}                                                                           IBM Cloud Pak container registry URL
+--mas_icr_cpopen ${COLOR_YELLOW}${MAS_ICR_CPOPEN}${TEXT_RESET}                                                                   IBM Cloud Pak Open container registry URL
+
+DRO :
+--artifactory_token ${COLOR_YELLOW}${ARTIFACTORY_TOKEN}${TEXT_RESET}                                                             API token used to authenticate with Artifactory
+--drocfg_url ${COLOR_YELLOW}${DROCFG_URL}${TEXT_RESET}                                                                           URL of the DRO configuration service
+--mas_aibroker_dro_token_secret ${COLOR_YELLOW}${MAS_AIBROKER_DRO_TOKEN_SECRET}${TEXT_RESET}                                     Secret name containing the DRO token
+--drocfg_ca ${COLOR_YELLOW}${DROCFG_CA}${TEXT_RESET}                                                                             CA certificate for secure communication with DRO config
+--drocfg_registration_key ${COLOR_YELLOW}${DROCFG_REGISTRATION_KEY}${TEXT_RESET}                                                 Registration key used for DRO setup
+
+SLS :
+--slscfg_url ${COLOR_YELLOW}${SLSCFG_URL}${TEXT_RESET}                                                                           URL of the SLS configuration service
+--slscfg_registration_key ${COLOR_YELLOW}${SLSCFG_REGISTRATION_KEY}${TEXT_RESET}                                                 Registration key used to register with SLS
+--mas_aibroker_sls_subscription_id ${COLOR_YELLOW}${MAS_AIBROKER_SLS_SUBSCRIPTION_ID}${TEXT_RESET}                               Subscription ID associated with SLS
+--slscfg_client_id ${COLOR_YELLOW}${SLSCFG_CLIENT_ID}${TEXT_RESET}                                                                 Client ID for SLS (usually generated by GitOps Helm)
+--slscfg_ca ${COLOR_YELLOW}${SLSCFG_CA}${TEXT_RESET}                                                                             CA certificate for SLS TLS connection
+--slscfg_tls ${COLOR_YELLOW}${SLSCFG_TLS}${TEXT_RESET}                                                                           TLS certificate used by the SLS client
+--slscfg_key ${COLOR_YELLOW}${SLSCFG_KEY}${TEXT_RESET}                                                                           Private key used by the SLS client
+
+Watsonx :
+--mas_aibroker_watsonxai_url ${COLOR_YELLOW}${MAS_AIBROKER_WATSONXAI_URL}${TEXT_RESET}                                           Endpoint URL for Watsonx.ai
+--mas_aibroker_watsonxai_apikey ${COLOR_YELLOW}${MAS_AIBROKER_WATSONXAI_APIKEY}${TEXT_RESET}                                     API key for authenticating with Watsonx.ai
+--mas_aibroker_watsonxai_project_id ${COLOR_YELLOW}${MAS_AIBROKER_WATSONXAI_PROJECT_ID}${TEXT_RESET}                             Watsonx.ai project ID used by AI Broker
+
+MinIO :
+--mas_aibroker_storage_host ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_HOST}${TEXT_RESET}                                             Hostname or service name of the MinIO backend
+--mas_aibroker_storage_port ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_PORT}${TEXT_RESET}                                             Port number MinIO is exposed on
+--mas_aibroker_storage_region ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_REGION}${TEXT_RESET}                                         Storage region used in MinIO (if applicable)
+--mas_aibroker_storage_accesskey ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_ACCESSKEY}${TEXT_RESET}                                   Access key to authenticate with MinIO
+--mas_aibroker_storage_secretkey ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_SECRETKEY}${TEXT_RESET}                                   Secret key for authenticating with MinIO
+--mas_aibroker_storage_pipelines_bucket ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}${TEXT_RESET}                     The MinIO bucket used to store pipeline assets
+--mas_aibroker_storage_ssl ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_SSL}${TEXT_RESET}                                               Whether MinIO uses SSL (true/false)
+
+
+Automatic GitHub Push (Optional):
+  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
+  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
+  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}          Github org for your GitOps repository
+  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
+  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}             Git ssh key path
+  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
+  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
+
+Other Commands:
+  -h, --help                                      Show this help message
+EOM
+  [[ -n "$1" ]] && exit 1 || exit 0
+}
+
+function gitops_aibroker_tenant_noninteractive() {
+  GITOPS_WORKING_DIR=$PWD/working-dir
+  SECRETS_KEY_SEPERATOR="/"
+  GIT_COMMIT_MSG="gitops-aibroker-tenant commit"
+
+  #adding default values # all generic values should to put here # check with ansible playbook/gitops envs 
+  only export below in whiel loop
+  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
+  #adding default values # -- AIBroker Defaults
+  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-sremat-aibroker"}
+  export MAS_AIBROKER_PROVISION_TENANT=${MAS_AIBROKER_PROVISION_TENANT:-"provision-tenant"}
+  export MAS_INSTANCE_ID=${MAS_INSTANCE_ID:-"sremat"}
+  export TENANT_NAMESPACE=${TENANT_NAMESPACE:-"aibroker-user"}
+  export CLUSTER_DOMAIN=${CLUSTER_DOMAIN:-"sremat-test.cp.fyre.ibm.com"}
+  export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
+  export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
+  export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
+
+  # -- DRO Defaults
+  export DROCFG_URL=${DROCFG_URL:-"https://ibm-data-reporter-redhat-marketplace.apps.sremat-test.cp.fyre.ibm.com"}
+  export MAS_AIBROKER_DRO_TOKEN_SECRET=${MAS_AIBROKER_DRO_TOKEN_SECRET:-"dro-token"}
+
+  # -- SLS Defaults
+  export SLSCFG_URL=${SLSCFG_URL:-"https://sls.ibm-sls.ibm-sls.apps.sremat-test.cp.fyre.ibm.com"}
+  export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=${MAS_AIBROKER_SLS_SUBSCRIPTION_ID:-"001"}
+  export SLSCFG_CLIENT_ID=${SLSCFG_CLIENT_ID:-"aibroker-88s55n4n7obrkn"}
+
+  # -- Watsonx Defaults
+  export MAS_AIBROKER_WATSONXAI_URL=${MAS_AIBROKER_WATSONXAI_URL:-"https://us-south.ml.cloud.ibm.com"}
+  export MAS_AIBROKER_WATSONXAI_APIKEY=${MAS_AIBROKER_WATSONXAI_APIKEY:-"0dk2e7C4OzcLGM5kCWR-bkyD9e3WwY-CkBl_uYfNbNwO"}
+  export MAS_AIBROKER_WATSONXAI_PROJECT_ID=${MAS_AIBROKER_WATSONXAI_PROJECT_ID:-"37ac1937-3a50-48cc-acc0-4de5c83a0b0e"}
+
+  # -- MinIO Defaults
+  export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
+  export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
+
+
+
+  while [[ $# -gt 0 ]]
+  do
+    key="$1"
+    shift
+    case $key in
+      # GitOps Configuration
+      -d|--dir)
+        export GITOPS_WORKING_DIR=$1 && shift
+        ;;
+      -a|--account-id)
+        export ACCOUNT_ID=$1 && shift
+        ;;
+      -c|--cluster-id)
+        export CLUSTER_ID=$1 && shift
+        ;;
+      -i|--instance-id)
+        export INSTANCE_ID=$1 && shift 
+
+      # AWS Secrets Manager Configuration
+      --sm-aws-secret-region)
+        export SM_AWS_REGION=$1
+        export REGION_ID=$1
+        shift
+        ;;
+      --sm-aws-access-key)
+        export SM_AWS_ACCESS_KEY_ID=$1 && shift
+        ;;
+      --sm-aws-secret-key)
+        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
+        ;;
+      --secrets-path)
+        export SECRETS_PATH=$1 && shift
+        ;;
+
+      # -- AIBroker
+      --aibroker_namespace)
+        export AIBROKER_NAMESPACE=$1 && shift
+        ;;
+      --mas_aibroker_provision_tenant)
+        export MAS_AIBROKER_PROVISION_TENANT=$1 && shift
+        ;;
+      --mas_instance_id)
+        export MAS_INSTANCE_ID=$1 && shift
+        ;;
+      --tenant_namespace)
+        export TENANT_NAMESPACE=$1 && shift
+        ;;
+      --cluster_domain)
+        export CLUSTER_DOMAIN=$1 && shift
+        ;;
+      --in_saas_env)
+        export IN_SAAS_ENV=$1 && shift
+        ;;
+      --ibm_entitlement_key)
+        export IBM_ENTITLEMENT_KEY=$1 && shift
+        ;;
+      --mas_icr_cp)
+        export MAS_ICR_CP=$1 && shift
+        ;;
+      --mas_icr_cpopen)
+        export MAS_ICR_CPOPEN=$1 && shift
+        ;;
+
+      # -- DRO
+      --artifactory_token)
+        export ARTIFACTORY_TOKEN=$1 && shift
+        ;;
+      --drocfg_url)
+        export DROCFG_URL=$1 && shift
+        ;;
+      --mas_aibroker_dro_token_secret)
+        export MAS_AIBROKER_DRO_TOKEN_SECRET=$1 && shift
+        ;;
+      --drocfg_ca)
+        export DROCFG_CA=$1 && shift
+        ;;
+      --drocfg_registration_key)
+        export DROCFG_REGISTRATION_KEY=$1 && shift
+        ;;
+
+      # -- SLS
+      --slscfg_url)
+        export SLSCFG_URL=$1 && shift
+        ;;
+      --slscfg_registration_key)
+        export SLSCFG_REGISTRATION_KEY=$1 && shift
+        ;;
+      --mas_aibroker_sls_subscription_id)
+        export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=$1 && shift
+        ;;
+      --slscfg_client_id)
+        export SLSCFG_CLIENT_ID=$1 && shift
+        ;;
+      --slscfg_ca)
+        export SLSCFG_CA=$1 && shift
+        ;;
+      --slscfg_tls)
+        export SLSCFG_TLS=$1 && shift
+        ;;
+      --slscfg_key)
+        export SLSCFG_KEY=$1 && shift
+        ;;
+
+      # -- Watsonx
+      --mas_aibroker_watsonxai_url)
+        export MAS_AIBROKER_WATSONXAI_URL=$1 && shift
+        ;;
+      --mas_aibroker_watsonxai_apikey)
+        export MAS_AIBROKER_WATSONXAI_APIKEY=$1 && shift
+        ;;
+      --mas_aibroker_watsonxai_project_id)
+        export MAS_AIBROKER_WATSONXAI_PROJECT_ID=$1 && shift
+        ;;
+
+      # -- MinIO
+      --mas_aibroker_storage_host)
+        export MAS_AIBROKER_STORAGE_HOST=$1 && shift
+        ;;
+      --mas_aibroker_storage_port)
+        export MAS_AIBROKER_STORAGE_PORT=$1 && shift
+        ;;
+      --mas_aibroker_storage_region)
+        export MAS_AIBROKER_STORAGE_REGION=$1 && shift
+        ;;
+      --mas_aibroker_storage_accesskey)
+        export MAS_AIBROKER_STORAGE_ACCESSKEY=$1 && shift
+        ;;
+      --mas_aibroker_storage_secretkey)
+        export MAS_AIBROKER_STORAGE_SECRETKEY=$1 && shift
+        ;;
+      --mas_aibroker_storage_pipelines_bucket)
+        export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET=$1 && shift
+        ;;
+      --mas_aibroker_storage_ssl)
+        export MAS_AIBROKER_STORAGE_SSL=$1 && shift
+        ;;
+
+     
+      # Automatic GitHub Push
+      -P|--github-push)
+        export GITHUB_PUSH=true
+        ;;
+      -H|--github-host)
+        export GITHUB_HOST=$1 && shift
+        ;;
+      -O|--github-org)
+        export GITHUB_ORG=$1 && shift
+        ;;
+      -R|--github-repo)
+        export GITHUB_REPO=$1 && shift
+        ;;
+      -B|--git-branch)
+        export GIT_BRANCH=$1 && shift
+        ;;
+      -M|--git-commit-msg)
+        export GIT_COMMIT_MSG=$1 && shift
+        ;;
+
+      # Other Commands
+      -h|--help)
+        gitops_aibroker_tenant_help
+        ;;
+      *)
+        # unknown option
+        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
+        gitops_aibroker_tenant_help  "Usage Error: Unsupported option \"${key}\" "
+        exit 1
+        ;;
+      esac
+  done
+
+  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_aibroker_tenant_help "GITOPS_WORKING_DIR is not set"
+  [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_tenant_help "ACCOUNT_ID is not set"
+  [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_tenant_help "CLUSTER_ID is not set"
+  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_aibroker_tenant_help "REGION_ID or SM_AWS_REGION is not set"
+
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    [[ -z "$GITHUB_HOST" ]] && gitops_aibroker_tenant_help "GITHUB_HOST is not set"
+    [[ -z "$GITHUB_ORG" ]] && gitops_aibroker_tenant_help "GITHUB_ORG is not set"
+    [[ -z "$GITHUB_REPO" ]] && gitops_aibroker_tenant_help "GITHUB_REPO is not set"
+    [[ -z "$GIT_BRANCH" ]] && gitops_aibroker_tenant_help "GIT_BRANCH is not set"
+  fi
+
+# add validation below like above  for those variable which have the value needed for further execution
+  # -- AIBroker
+  [[ -z "$AIBROKER_NAMESPACE" ]] && gitops_aibroker_tenant_help "AIBROKER_NAMESPACE is not set. Please specify the namespace for AIBroker using --aibroker_namespace."
+  [[ -z "$MAS_AIBROKER_PROVISION_TENANT" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_PROVISION_TENANT is not set. Please specify the provision tenant name using --mas_aibroker_provision_tenant."
+  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas_instance_id."
+  [[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_tenant_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
+  [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_tenant_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster_domain."
+  [[ -z "$IN_SAAS_ENV" ]] && gitops_aibroker_tenant_help "IN_SAAS_ENV is not set. Please specify whether this is a SaaS environment using --in_saas_env."
+  [[ -z "$IBM_ENTITLEMENT_KEY" ]] && gitops_aibroker_tenant_help "IBM_ENTITLEMENT_KEY is not set. Please provide the IBM entitlement key using --ibm_entitlement_key."
+  [[ -z "$MAS_ICR_CP" ]] && gitops_aibroker_tenant_help "MAS_ICR_CP is not set. Please specify the ICR CP registry using --mas_icr_cp."
+  [[ -z "$MAS_ICR_CPOPEN" ]] && gitops_aibroker_tenant_help "MAS_ICR_CPOPEN is not set. Please specify the ICR CPOPEN registry using --mas_icr_cpopen."
+
+  # -- DRO
+  [[ -z "$ARTIFACTORY_TOKEN" ]] && gitops_aibroker_tenant_help "ARTIFACTORY_TOKEN is not set. Please provide the Artifactory access token using --artifactory_token."
+  [[ -z "$DROCFG_URL" ]] && gitops_aibroker_tenant_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg_url."
+  [[ -z "$MAS_AIBROKER_DRO_TOKEN_SECRET" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_DRO_TOKEN_SECRET is not set. Please specify the secret name containing the DRO token using --mas_aibroker_dro_token_secret."
+  [[ -z "$DROCFG_CA" ]] && gitops_aibroker_tenant_help "DROCFG_CA is not set. Please provide the DRO CA certificate using --drocfg_ca."
+  [[ -z "$DROCFG_REGISTRATION_KEY" ]] && gitops_aibroker_tenant_help "DROCFG_REGISTRATION_KEY is not set. Please specify the DRO registration key using --drocfg_registration_key."
+
+  # -- SLS
+  [[ -z "$SLSCFG_URL" ]] && gitops_aibroker_tenant_help "SLSCFG_URL is not set. Please specify the SLS configuration URL using --slscfg_url."
+  [[ -z "$SLSCFG_REGISTRATION_KEY" ]] && gitops_aibroker_tenant_help "SLSCFG_REGISTRATION_KEY is not set. Please provide the SLS registration key using --slscfg_registration_key."
+  [[ -z "$MAS_AIBROKER_SLS_SUBSCRIPTION_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_SLS_SUBSCRIPTION_ID is not set. Please specify the SLS subscription ID using --mas_aibroker_sls_subscription_id."
+  [[ -z "$SLSCFG_CLIENT_ID" ]] && gitops_aibroker_tenant_help "SLSCFG_CLIENT_ID is not set. Please provide the SLS client ID using --slscfg_client_Id."
+  [[ -z "$SLSCFG_CA" ]] && gitops_aibroker_tenant_help "SLSCFG_CA is not set. Please provide the SLS CA certificate using --slscfg_ca."
+  [[ -z "$SLSCFG_TLS" ]] && gitops_aibroker_tenant_help "SLSCFG_TLS is not set. Please specify the SLS TLS certificate using --slscfg_tls."
+  [[ -z "$SLSCFG_KEY" ]] && gitops_aibroker_tenant_help "SLSCFG_KEY is not set. Please provide the SLS private key using --slscfg_key."
+
+  # -- Watsonx
+  [[ -z "$MAS_AIBROKER_WATSONXAI_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --mas_aibroker_watsonxai_url."
+  [[ -z "$MAS_AIBROKER_WATSONXAI_APIKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_APIKEY is not set. Please provide the Watsonx.ai API key using --mas_aibroker_watsonxai_apikey."
+  [[ -z "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_PROJECT_ID is not set. Please specify the Watsonx.ai project ID using --mas_aibroker_watsonxai_project_id."
+
+  # -- MinIO
+  [[ -z "$MAS_AIBROKER_STORAGE_HOST" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_HOST is not set. Please specify the MinIO storage host using --mas_aibroker_storage_host."
+  [[ -z "$MAS_AIBROKER_STORAGE_PORT" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_PORT is not set. Please specify the MinIO storage port using --mas_aibroker_storage_port."
+  [[ -z "$MAS_AIBROKER_STORAGE_REGION" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_REGION is not set. Please specify the MinIO storage region using --mas_aibroker_storage_region."
+  [[ -z "$MAS_AIBROKER_STORAGE_ACCESSKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_ACCESSKEY is not set. Please provide the MinIO access key using --mas_aibroker_storage_accesskey."
+  [[ -z "$MAS_AIBROKER_STORAGE_SECRETKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_SECRETKEY is not set. Please provide the MinIO secret key using --mas_aibroker_storage_secretkey."
+  [[ -z "$MAS_AIBROKER_STORAGE_PIPELINES_BUCKET" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_PIPELINES_BUCKET is not set. Please specify the MinIO bucket for pipelines using --mas_aibroker_storage_pipelines_bucket."
+  [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_SSL is not set. Please specify whether to use SSL for MinIO using --mas_aibroker_storage_ssl."
+
+
+}
+
+function gitops_aibroker_tenant() {
+  # Take the first parameter off (it will be create-gitops)
+  shift
+  if [[ $# -gt 0 ]]; then
+    gitops_aibroker_tenant_noninteractive "$@"
+  else
+    echo "Not supported yet"
+    exit 1
+    gitops_aibroker_tenant_interactive
+  fi
+
+  # catch errors
+  set -o pipefail
+  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
+
+  rm -rf $GITOPS_WORKING_DIR
+  mkdir -p ${GITOPS_WORKING_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}
+  TEMP_DIR=$GITOPS_CLUSTER_DIR/${MAS_INSTANCE_ID}
+  mkdir -p ${TEMP_DIR}
+
+  echo
+  reset_colors
+  echo_h2 "Review Settings"
+
+  echo "${TEXT_DIM}"
+  echo_h2 "Target" "    "
+  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
+  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
+  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "AWS Secrets Manager" "    "
+  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
+  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
+  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
+  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+    echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}"
+    echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}"
+    echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}"
+    echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}"
+  else
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+  fi
+  reset_colors
+
+  # echo all the variables of gitops envs
+
+  # -- AIBroker
+  echo_reset_dim "aibroker namespace ............................ ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
+  echo_reset_dim "mas aibroker provision tenant ................ ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
+  echo_reset_dim "mas instance ID .............................. ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "tenant namespace ............................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
+  echo_reset_dim "cluster domain ............................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
+  echo_reset_dim "in SaaS environment .......................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
+  echo_reset_dim "IBM entitlement key .......................... ${COLOR_MAGENTA}${IBM_ENTITLEMENT_KEY}"
+  echo_reset_dim "MAS ICR CP registry .......................... ${COLOR_MAGENTA}${MAS_ICR_CP}"
+  echo_reset_dim "MAS ICR CPOPEN registry ...................... ${COLOR_MAGENTA}${MAS_ICR_CPOPEN}"
+
+  # -- DRO
+  echo_reset_dim "Artifactory token ............................ ${COLOR_MAGENTA}${ARTIFACTORY_TOKEN}"
+  echo_reset_dim "DRO config URL ............................... ${COLOR_MAGENTA}${DROCFG_URL}"
+  echo_reset_dim "DRO token secret name ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_DRO_TOKEN_SECRET}"
+  echo_reset_dim "DRO config CA ................................ ${COLOR_MAGENTA}${DROCFG_CA}"
+  echo_reset_dim "DRO registration key ......................... ${COLOR_MAGENTA}${DROCFG_REGISTRATION_KEY}"
+
+  # -- SLS
+  echo_reset_dim "SLS config URL ............................... ${COLOR_MAGENTA}${SLSCFG_URL}"
+  echo_reset_dim "SLS registration key ......................... ${COLOR_MAGENTA}${SLSCFG_REGISTRATION_KEY}"
+  echo_reset_dim "SLS subscription ID .......................... ${COLOR_MAGENTA}${MAS_AIBROKER_SLS_SUBSCRIPTION_ID}"
+  echo_reset_dim "SLS client ID ................................ ${COLOR_MAGENTA}${SLSCFG_CLIENT_ID}"
+  echo_reset_dim "SLS CA certificate ........................... ${COLOR_MAGENTA}${SLSCFG_CA}"
+  echo_reset_dim "SLS TLS certificate .......................... ${COLOR_MAGENTA}${SLSCFG_TLS}"
+  echo_reset_dim "SLS private key .............................. ${COLOR_MAGENTA}${SLSCFG_KEY}"
+
+  # -- Watsonx
+  echo_reset_dim "Watsonx.ai URL ............................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_URL}"
+  echo_reset_dim "Watsonx.ai API key ........................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_APIKEY}"
+  echo_reset_dim "Watsonx.ai project ID ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_PROJECT_ID}"
+
+  # -- MinIO
+  echo_reset_dim "MinIO storage host ........................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_HOST}"
+  echo_reset_dim "MinIO storage port ........................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PORT}"
+  echo_reset_dim "MinIO storage region ......................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_REGION}"
+  echo_reset_dim "MinIO access key ............................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
+  echo_reset_dim "MinIO secret key ............................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
+  echo_reset_dim "MinIO pipelines bucket ....................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
+  echo_reset_dim "MinIO SSL enabled ............................ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
+
+
+  AVP_TYPE=aws  # Support for IBM will be added later
+  sm_login
+
+  # aibroker
+  export IBM_ENTITLEMENT_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#entitlement_key
+
+  # dro
+  export ARTIFACTORY_TOKEN=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#aibroker_image_pull_secret_b64
+  export DROCFG_CA=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#drocfg_ca
+  export DROCFG_REGISTRATION_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#drocfg_registration_key
+
+  # sls
+  export SLSCFG_REGISTRATION_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}sls#slscfg_registration_key
+  export SLSCFG_CA=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}sls#slscfg_ca
+  export SLSCFG_TLS=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}sls#slscfg_tls
+  export SLSCFG_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}sls#slscfg_key
+
+  # minio
+  export MAS_AIBROKER_STORAGE_HOST=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_host
+  export MAS_AIBROKER_STORAGE_PORT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_port
+  export MAS_AIBROKER_STORAGE_ACCESSKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_accesskey
+  export MAS_AIBROKER_STORAGE_SECRETKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_secretkey
+  export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_default
+
+
+    if [ -z $GIT_SSH ]; then
+      export GIT_SSH=false
+    fi
+
+    # Clone github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+    fi
+    mkdir -p ${GITOPS_CLUSTER_DIR}
+
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Generating aibroker operator Applications"
+    echo "- minio operator"
+
+    echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant.yaml"
+    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant.yaml
+
+    # Commit and push to github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
+      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
+    fi
+
+    rm -rf $TEMP_DIR
+    rm -rf $GITOPS_WORKING_DIR
+
+   
+  exit 0
+}
diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index e3b8ce3178b..dd286af1809 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -861,6 +861,14 @@ case $1 in
     gitops_aibroker "$@"
     ;;
 
+  gitops-aibroker_tenant)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker tenant Manager (v${VERSION})${TEXT_RESET}"
+    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
+    echo
+    reset_colors
+    gitops_aibroker_tenant "$@"
+    ;;
+
   *)
     echo "unknown parameter $1"
     exit 1
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
new file mode 100644
index 00000000000..359bc4d449c
--- /dev/null
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -0,0 +1,44 @@
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
+
+ibm_aibroker_tenant:
+  # aibroker
+  aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
+  mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
+  mas_instance_id: "{{ MAS_INSTANCE_ID }}"
+  tenantNamespace: "{{ TENANTNAMESPACE }}"
+  cluster_domain: "{{ CLUSTER_DOMAIN }}"
+  in_saas_env: "{{ IN_SAAS_ENV }}"
+  ibm_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IBM_ENTITLEMENT }}>"
+
+  mas_icr_cp: "{{ MAS_ICR_CP }}"
+  mas_icr_cpopen: "{{ MAS_ICR_CPOPEN }}"
+
+  # dro
+  artifactory_token: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_ARTIFACTORY_TOKEN }}>"
+  drocfg_url: "{{ DROCFG_URL }}"
+  mas_aibroker_dro_token_secret: "{{ MAS_AIBROKER_DRO_TOKEN_SECRET }}"
+  drocfg_ca: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DROCFG_CA }}>"
+  drocfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DROCFG_REGISTRATION_KEY }}>"
+
+  # sls
+  slscfg_url: "{{ SLSCFG_URL }}"
+  slscfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_REGISTRATION_KEY }}>"
+  mas_aibroker_sls_subscription_id: "{{ MAS_AIBROKER_SLS_SUBSCRIPTION_ID }}"
+  slscfg_clientId: "{{ SLSCFG_CLIENTID }}"
+  slscfg_ca: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_CA }}>"
+  slscfg_tls: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_TLS }}>"
+  slscfg_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_KEY }}>"
+
+  # watsonx
+  mas_aibroker_watsonxai_url: "{{ MAS_AIBROKER_WATSONXAI_URL }}"
+  mas_aibroker_watsonxai_apikey: "{{ MAS_AIBROKER_WATSONXAI_APIKEY }}"
+  mas_aibroker_watsonxai_project_id: "{{ MAS_AIBROKER_WATSONXAI_PROJECT_ID }}"
+
+  # minio
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_HOST }}>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_PORT }}>"
+  mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_ACCESSKEY }}>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_SECRETKEY }}>"
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_BUCKET }}>"
+  mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
new file mode 100644
index 00000000000..4c15663a4f3
--- /dev/null
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -0,0 +1,244 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: gitops-aibroker-tenant
+spec:
+  params: 
+    - name: cluster_name
+      type: string
+    - name: account
+      type: string
+    - name: cluster_id
+      type: string
+    - name: cluster_url
+      type: string    
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+
+    - name: aibroker_namespace
+      type: string
+    - name: mas_aibroker_provision_tenant
+      type: string
+    - name: mas_instance_id
+      type: string
+    - name: tenant_namespace
+      type: string
+    - name: cluster_domain
+      type: string
+    - name: in_saas_env
+      type: string
+    - name: ibm_entitlement_key
+      type: string
+    - name: mas_icr_cp
+      type: string
+    - name: mas_icr_cpopen
+      type: string
+
+    - name: artifactory_token
+      type: string
+    - name: drocfg_url
+      type: string
+    - name: mas_aibroker_dro_token_secret
+      type: string
+    - name: drocfg_ca
+      type: string
+    - name: drocfg_registration_key
+      type: string
+
+    - name: slscfg_url
+      type: string
+    - name: slscfg_registration_key
+      type: string
+    - name: mas_aibroker_sls_subscription_id
+      type: string
+    - name: slscfg_clientId
+      type: string
+    - name: slscfg_ca
+      type: string
+    - name: slscfg_tls
+      type: string
+    - name: slscfg_key
+      type: string
+    
+    - name: mas_aibroker_watsonxai_url
+      type: string
+    - name: mas_aibroker_watsonxai_apikey
+      type: string
+    - name: mas_aibroker_watsonxai_project_id
+      type: string
+    
+    - name: mas_aibroker_storage_host
+      type: string
+    - name: mas_aibroker_storage_port
+      type: string
+    - name: mas_aibroker_storage_region
+      type: string
+    - name: mas_aibroker_storage_accesskey
+      type: string
+    - name: mas_aibroker_storage_secretkey
+      type: string
+    - name: mas_aibroker_storage_pipelines_bucket
+      type: string
+    - name: mas_aibroker_storage_ssl
+      type: string
+      
+  stepTemplate:
+    name: gitops-aibroker-tenant
+    env:
+      - name: CLUSTER_NAME
+        value: $(params.cluster_name)
+      - name: ACCOUNT
+        value: $(params.account)
+      #- name: CLUSTER_ID
+      #  value: $(params.cluster_id)
+      - name: CLUSTER_URL
+        value: $(params.cluster_url)
+      - name: SECRET_PATH
+        value: $(params.secrets_path)
+      - name: SM_AWS_REGION
+        value: $(params.avp_aws_secret_region)
+      - name: GIT_BRANCH
+        value: $(params.git_branch)
+      - name: GITHUB_ORG
+        value: $(params.github_org)
+      - name: GITHUB_HOST
+        value: $(params.github_host)
+      - name: GITHUB_REPO
+        value: $(params.github_repo)
+
+      - name: AIBROKER_NAMESPACE
+        value: $(params.aibroker_namespace)
+
+      - name: MAS_AIBROKER_PROVISION_TENANT
+        value: $(params.mas_aibroker_provision_tenant)
+
+      - name: MAS_INSTANCE_ID
+        value: $(params.mas_instance_id)
+
+      - name: TENANT_NAMESPACE
+        value: $(params.tenant_namespace)
+
+      - name: CLUSTER_DOMAIN
+        value: $(params.cluster_domain)
+
+      - name: IN_SAAS_ENV
+        value: $(params.in_saas_env)
+
+      - name: IBM_ENTITLEMENT_KEY
+        value: $(params.ibm_entitlement_key)
+
+      - name: MAS_ICR_CP
+        value: $(params.mas_icr_cp)
+
+      - name: MAS_ICR_CPOPEN
+        value: $(params.mas_icr_cpopen)
+
+      - name: ARTIFACTORY_TOKEN
+        value: $(params.artifactory_token)
+
+      - name: DROCFG_URL
+        value: $(params.drocfg_url)
+
+      - name: MAS_AIBROKER_DRO_TOKEN_SECRET
+        value: $(params.mas_aibroker_dro_token_secret)
+
+      - name: DROCFG_CA
+        value: $(params.drocfg_ca)
+
+      - name: DROCFG_REGISTRATION_KEY
+        value: $(params.drocfg_registration_key)
+
+      - name: SLSCFG_URL
+        value: $(params.slscfg_url)
+
+      - name: SLSCFG_REGISTRATION_KEY
+        value: $(params.slscfg_registration_key)
+
+      - name: MAS_AIBROKER_SLS_SUBSCRIPTION_ID
+        value: $(params.mas_aibroker_sls_subscription_id)
+
+      - name: SLSCFG_CLIENTID
+        value: $(params.slscfg_clientId)
+
+      - name: SLSCFG_CA
+        value: $(params.slscfg_ca)
+
+      - name: SLSCFG_TLS
+        value: $(params.slscfg_tls)
+
+      - name: SLSCFG_KEY
+        value: $(params.slscfg_key)
+
+      - name: MAS_AIBROKER_WATSONXAI_URL
+        value: $(params.mas_aibroker_watsonxai_url)
+
+      - name: MAS_AIBROKER_WATSONXAI_APIKEY
+        value: $(params.mas_aibroker_watsonxai_apikey)
+
+      - name: MAS_AIBROKER_WATSONXAI_PROJECT_ID
+        value: $(params.mas_aibroker_watsonxai_project_id)
+
+      - name: MAS_AIBROKER_STORAGE_HOST
+        value: $(params.mas_aibroker_storage_host)
+
+      - name: MAS_AIBROKER_STORAGE_PORT
+        value: $(params.mas_aibroker_storage_port)
+
+      - name: MAS_AIBROKER_STORAGE_REGION
+        value: $(params.mas_aibroker_storage_region)
+
+      - name: MAS_AIBROKER_STORAGE_ACCESSKEY
+        value: $(params.mas_aibroker_storage_accesskey)
+
+      - name: MAS_AIBROKER_STORAGE_SECRETKEY
+        value: $(params.mas_aibroker_storage_secretkey)
+
+      - name: MAS_AIBROKER_STORAGE_PIPELINES_BUCKET
+        value: $(params.mas_aibroker_storage_pipelines_bucket)
+
+      - name: MAS_AIBROKER_STORAGE_SSL
+        value: $(params.mas_aibroker_storage_ssl)
+
+    envFrom:
+      - configMapRef:
+          name: environment-properties
+          optional: true
+      - secretRef:
+          name: secure-properties
+  steps:
+    - args:
+      - |-
+        git config --global user.name "MAS Automation"
+        git config --global user.email "you@example.com"
+        git config --global user.password $GITHUB_PAT
+
+        mkdir -p /tmp/init-aibroker-tenant
+        mas gitops-aibroker-tenant -a $ACCOUNT -c $CLUSTER_NAME \
+        --secrets-path $SECRET_PATH \
+        --dir /tmp/init-aibroker-tenant \
+        --github-push \
+        --github-host $GITHUB_HOST \
+        --github-org  $GITHUB_ORG \
+        --github-repo $GITHUB_REPO \
+        --git-branch $GIT_BRANCH
+
+        exit $?
+      command:
+        - /bin/sh
+        - -c
+      name: gitops-aibroker-tenant
+      imagePullPolicy: IfNotPresent
+      image: quay.io/ibmmas/cli:latest
+  workspaces:
+    - name: configs

From e4e8bc87795a454a1a7b7249f5e0fdaf5b4ee937 Mon Sep 17 00:00:00 2001
From: Nikita Kumble <nikitakumble@gmail.com>
Date: Wed, 14 May 2025 13:19:10 +0530
Subject: [PATCH 030/258] cherry-pick b31ea8c0c9 conflict

---
 image/cli/mascli/functions/gitops_kmodel      | 457 ++++++++++++++++++
 image/cli/mascli/mas                          |   8 +
 .../cluster/instance/ibm-kmodel.yaml.j2       |  44 ++
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2  | 205 ++++++++
 4 files changed, 714 insertions(+)
 create mode 100644 image/cli/mascli/functions/gitops_kmodel
 create mode 100644 image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
 create mode 100644 tekton/src/tasks/gitops/gitops-kmodel.yml.j2

diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
new file mode 100644
index 00000000000..82a6ed7ba33
--- /dev/null
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -0,0 +1,457 @@
+#!/usr/bin/env bash
+
+function gitops_kmodel_help() {
+  [[ -n "$1" ]] && echo_warning "$1"
+  reset_colors
+  cat << EOM
+
+
+Usage:
+  mas gitops-kmodel [options]
+Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
+When no options are specified on the command line, interactive-mode will be enabled by default.
+
+GitOps Configuration:
+  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                 Directory for GitOps repository
+  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                  Account name that the cluster belongs to
+  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                  Cluster ID
+
+Secrets Manager:
+      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
+      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
+
+Kkmodel Configuration:
+      --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}
+      --aibroker-internal-tls ${COLOR_YELLOW}AIBROKER_INTERNAL_TLS${TEXT_RESET}
+      --aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}
+      --pull-secret-name ${COLOR_YELLOW}PULL_SECRET_NAME${TEXT_RESET}
+      --mas-aibroker-storage-provider ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}
+      --mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}
+      --mas-aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}
+      --mas-aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}
+      --mas-aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}
+      --mas-aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}
+      --mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}
+      --mas-aibroker-storage-templates-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}
+      --mas-aibroker-storage-tenants-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TENANTS_BUCKET${TEXT_RESET}
+      --mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}
+      --ssh-secret-name ${COLOR_YELLOW}SSH_SECRET_NAME${TEXT_RESET}
+      --docker-server ${COLOR_YELLOW}DOCKER_SERVER${TEXT_RESET}
+      --tenant-namespace ${COLOR_YELLOW}TENANTNAMESPACE${TEXT_RESET}
+      --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}
+      --primary-storage-class ${COLOR_YELLOW}PRIMARY_STORAGE_CLASS${TEXT_RESET}
+      --image-store ${COLOR_YELLOW}IMAGE_STORE${TEXT_RESET}
+      --image-watcher ${COLOR_YELLOW}IMAGE_WATCHER${TEXT_RESET}
+      --image-controller ${COLOR_YELLOW}IMAGE_CONTROLLER${TEXT_RESET}
+      --mas-aibroker-pipeline-steps-tag ${COLOR_YELLOW}MAS_AIBROKER_PIPELINE_STEPS_TAG${TEXT_RESET}
+      --mas-aibroker-connector-tag ${COLOR_YELLOW}MAS_AIBROKER_CONNECTOR_TAG${TEXT_RESET}
+      --mas-aibroker-saas ${COLOR_YELLOW}MAS_AIBROKER_SAAS${TEXT_RESET}
+      --model-id-unique-length ${COLOR_YELLOW}MODEL_ID_UNIQUE_LENGTH${TEXT_RESET}
+      --model-id-prefix ${COLOR_YELLOW}MODEL_ID_PREFIX${TEXT_RESET}
+
+Automatic GitHub Push (Optional):
+  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
+  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
+  -O, --github-org  ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}         Github org for your GitOps repository
+  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
+  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
+  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
+  -S , --github-ssh  ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}           Git ssh key path
+
+Other Commands:
+  -h, --help                                      Show this help message
+EOM
+  [[ -n "$1" ]] && exit 1 || exit 0
+}
+
+
+function gitops_kmodel_noninteractive() {
+  GITOPS_WORKING_DIR=$PWD/working-dir  
+  SECRETS_KEY_SEPERATOR="/"
+  GIT_COMMIT_MSG="gitops-kmodel commit"
+  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
+
+  #adding default values 
+  export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"minio"}
+  export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"false"}
+  export SSH_SECRET_NAME=${SSH_SECRET_NAME:-"sremat-kmodel-aibroker-tls"}
+  export DOCKER_SERVER=${DOCKER_SERVER:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker"}
+  export TENANTNAMESPACE=${TENANTNAMESPACE:-"aibroker-user"}
+  export PRIMARY_STORAGE_CLASS=${PRIMARY_STORAGE_CLASS:-"nfs-client"}
+  export IMAGE_STORE=${IMAGE_STORE:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/store:1.0.3-pre.maint10xdev"}
+  export IMAGE_WATCHER=${IMAGE_WATCHER:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/watcher:1.0.5-pre.maint10xdev"}
+  export IMAGE_CONTROLLER=${IMAGE_CONTROLLER:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/controller:1.0.8-pre.maint10xdev"}
+  export MAS_AIBROKER_PIPELINE_STEPS_TAG=${MAS_AIBROKER_PIPELINE_STEPS_TAG:-"1.0.0"}
+  export MAS_AIBROKER_CONNECTOR_TAG=${MAS_AIBROKER_CONNECTOR_TAG:-"1.0.0"}
+  export MAS_AIBROKER_SAAS=${MAS_AIBROKER_SAAS:-"true"}
+  export MODEL_ID_UNIQUE_LENGTH=${MODEL_ID_UNIQUE_LENGTH:-"8"}
+  export MODEL_ID_PREFIX=${MODEL_ID_PREFIX:-"m"}
+
+  while [[ $# -gt 0 ]]
+  do
+    key="$1"
+    shift
+    case $key in
+      # GitOps Configuration
+      -d|--dir)
+        export GITOPS_WORKING_DIR=$1 && shift
+        ;;
+      -a|--account-id)
+        export ACCOUNT_ID=$1 && shift
+        ;;
+      -c|--cluster-id)
+        export CLUSTER_ID=$1 && shift
+        ;;
+
+      # AWS Secrets Manager Configuration
+      --sm-aws-secret-region)
+        export SM_AWS_REGION=$1
+        export REGION_ID=$1
+        shift
+        ;;
+      --sm-aws-access-key)
+        export SM_AWS_ACCESS_KEY_ID=$1 && shift
+        ;;
+      --sm-aws-secret-key)
+        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
+        ;;
+      --secrets-path)
+        export SECRETS_PATH=$1 && shift
+        ;;
+
+      # kmodel
+      --mas-instance-id)
+        export MAS_INSTANCE_ID=$1 && shift
+        ;;
+
+      --aibroker-internal-tls)
+        export AIBROKER_INTERNAL_TLS=$1 && shift
+        ;;
+      
+      --aibroker-namespace)
+        export AIBROKER_NAMESPACE=$1 && shift
+        ;;
+
+      --pull-secret-name)
+        export PULL_SECRET_NAME=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-provider)
+        export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-ssl)
+        export MAS_AIBROKER_STORAGE_SSL=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-accesskey)
+        export MAS_AIBROKER_STORAGE_ACCESSKEY=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-secretkey)
+        export MAS_AIBROKER_STORAGE_SECRETKEY=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-host)
+        export MAS_AIBROKER_STORAGE_HOST=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-port)
+        export MAS_AIBROKER_STORAGE_PORT=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-region)
+        export MAS_AIBROKER_STORAGE_REGION=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-templates-bucket)
+        export MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-tenants-bucket)
+        export MAS_AIBROKER_STORAGE_TENANTS_BUCKET=$1 && shift
+        ;;
+
+      --mas-aibroker-storage-pipelines-bucket)
+        export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET=$1 && shift
+        ;;
+
+      --ssh-secret-name)
+        export SSH_SECRET_NAME=$1 && shift
+        ;;
+
+      --docker-server)
+        export DOCKER_SERVER=$1 && shift
+        ;;
+
+      --tenant-namespace)
+        export TENANTNAMESPACE=$1 && shift
+        ;;
+
+      --mas-aibroker-provision-tenant)
+        export MAS_AIBROKER_PROVISION_TENANT=$1 && shift
+        ;;
+
+      --primary-storage-class)
+        export PRIMARY_STORAGE_CLASS=$1 && shift
+        ;;
+
+      --image-store)
+        export IMAGE_STORE=$1 && shift
+        ;;
+
+      --image-watcher)
+        export IMAGE_WATCHER=$1 && shift
+        ;;
+
+      --image-controller)
+        export IMAGE_CONTROLLER=$1 && shift
+        ;;
+
+      --mas-aibroker-pipeline-steps-tag)
+        export MAS_AIBROKER_PIPELINE_STEPS_TAG=$1 && shift
+        ;;
+
+      --mas-aibroker-connector-tag)
+        export MAS_AIBROKER_CONNECTOR_TAG=$1 && shift
+        ;;
+
+      --mas-aibroker-saas)
+        export MAS_AIBROKER_SAAS=$1 && shift
+        ;;
+
+      --model-id-unique-length)
+        export MODEL_ID_UNIQUE_LENGTH=$1 && shift
+        ;;
+
+      --model-id-prefix)
+        export MODEL_ID_PREFIX=$1 && shift
+        ;;
+
+	    # optional parameters if needed
+
+      # Automatic GitHub Push
+      -P|--github-push)
+        export GITHUB_PUSH=true
+        ;;
+      -H|--github-host)
+        export GITHUB_HOST=$1 && shift
+        ;;
+      -O|--github-org)
+        export GITHUB_ORG=$1 && shift
+        ;;
+      -R|--github-repo)
+        export GITHUB_REPO=$1 && shift
+        ;;
+      -S|--github-ssh)
+        export GIT_SSH=$1 && shift
+        ;;
+      -B|--git-branch)
+        export GIT_BRANCH=$1 && shift
+        ;;
+      -M|--git-commit-msg)
+        export GIT_COMMIT_MSG=$1 && shift
+        ;;
+
+      # Other Commands
+      -h|--help)
+        gitops_kmodel_help
+        ;;
+      *)
+        # unknown option
+        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
+        gitops_kmodel_help  "Usage Error: Unsupported option \"${key}\" "
+        exit 1
+        ;;
+      esac
+  done
+
+
+  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_kmodel_help "GITOPS_WORKING_DIR is not set"
+  [[ -z "$ACCOUNT_ID" ]] && gitops_kmodel_help "ACCOUNT_ID is not set"
+  [[ -z "$CLUSTER_ID" ]] && gitops_kmodel_help "CLUSTER_ID is not set"
+  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_kmodel_help "REGION_ID or SM_AWS_REGION is not set"
+
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    [[ -z "$GITHUB_HOST" ]] && gitops_kmodel_help "GITHUB_HOST is not set"
+    [[ -z "$GITHUB_ORG" ]] && gitops_kmodel_help "GITHUB_ORG is not set"
+    [[ -z "$GITHUB_REPO" ]] && gitops_kmodel_help "GITHUB_REPO is not set"
+    [[ -z "$GIT_BRANCH" ]] && gitops_kmodel_help "GIT_BRANCH is not set"
+  fi
+  # add validation for those variable which have the value needed for further execution
+
+}
+
+function gitops_kmodel() {
+  # Take the first parameter off (it will be create-gitops)
+  shift
+  if [[ $# -gt 0 ]]; then
+    gitops_kmodel_noninteractive "$@"
+  else
+    echo "Not supported yet"
+    exit 1
+    gitops_kmodel_interactive
+  fi
+
+  # catch errors
+  set -o pipefail
+  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
+
+  mkdir -p ${GITOPS_WORKING_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}
+
+  echo
+  reset_colors
+  echo_h2 "Review Settings"
+
+  echo "${TEXT_DIM}"
+  echo_h2 "Target" "    "
+  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
+  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
+  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "AWS Secrets Manager" "    "
+  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
+  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
+  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
+  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+    echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}"
+    echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}"
+    echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}"
+    echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}"
+  else
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+  fi
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "kmodel" "    "
+  echo_reset_dim "Mas Instance Id (mas_instance_id)  .................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "AI Broker Internal TLS (aibroker_internal_tls)  .................... ${COLOR_MAGENTA}${AIBROKER_INTERNAL_TLS}"
+  echo_reset_dim "AI Broker Namespace (aibroker_namespace)  .................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
+  echo_reset_dim "Pull Secret Name (pull_secret_name)  .................... ${COLOR_MAGENTA}${PULL_SECRET_NAME}"
+  echo_reset_dim "MAS AI Broker Storage Provider (mas_aibroker_storage_provider)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
+  echo_reset_dim "MAS AI Broker Storage SSL (mas_aibroker_storage_ssl)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
+  echo_reset_dim "MAS AI Broker Storage Access Key (mas_aibroker_storage_accesskey)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
+  echo_reset_dim "MAS AI Broker Storage Secret Key (mas_aibroker_storage_secretkey)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
+  echo_reset_dim "MAS AI Broker Storage Host (mas_aibroker_storage_host)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_HOST}"
+  echo_reset_dim "MAS AI Broker Storage Port (mas_aibroker_storage_port)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PORT}"
+  echo_reset_dim "MAS AI Broker Storage Region (mas_aibroker_storage_region)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_REGION}"
+  echo_reset_dim "MAS AI Broker Storage Templates Bucket (mas_aibroker_storage_templates_bucket)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
+  echo_reset_dim "MAS AI Broker Storage Tenants Bucket (mas_aibroker_storage_tenants_bucket)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
+  echo_reset_dim "MAS AI Broker Storage Pipelines Bucket (mas_aibroker_storage_pipelines_bucket)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
+  echo_reset_dim "SSH Secret Name (ssh_secret_name)  .................... ${COLOR_MAGENTA}${SSH_SECRET_NAME}"
+  echo_reset_dim "Docker Server (docker_server)  .................... ${COLOR_MAGENTA}${DOCKER_SERVER}"
+  echo_reset_dim "Tenant Namespace (tenantNamespace)  .................... ${COLOR_MAGENTA}${TENANTNAMESPACE}"
+  echo_reset_dim "MAS AI Broker Provision Tenant (mas_aibroker_provision_tenant)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
+  echo_reset_dim "Primary Storage Class (primary_storage_class)  .................... ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
+  echo_reset_dim "Image Store (image_store)  .................... ${COLOR_MAGENTA}${IMAGE_STORE}"
+  echo_reset_dim "Image Watcher (image_watcher)  .................... ${COLOR_MAGENTA}${IMAGE_WATCHER}"
+  echo_reset_dim "Image Controller (image_controller)  .................... ${COLOR_MAGENTA}${IMAGE_CONTROLLER}"
+  echo_reset_dim "MAS AI Broker Pipeline Steps Tag (mas_aibroker_pipeline_steps_tag)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_PIPELINE_STEPS_TAG}"
+  echo_reset_dim "MAS AI Broker Connector Tag (mas_aibroker_connector_tag)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_CONNECTOR_TAG}"
+  echo_reset_dim "MAS AI Broker SAAS (mas_aibroker_saas)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_SAAS}"
+  echo_reset_dim "Model ID Unique Length (model_id_unique_length)  .................... ${COLOR_MAGENTA}${MODEL_ID_UNIQUE_LENGTH}"
+  echo_reset_dim "Model ID Prefix (model_id_prefix)  .................... ${COLOR_MAGENTA}${MODEL_ID_PREFIX}"
+
+  reset_colors
+
+  # Set up secrets
+  # ---------------------------------------------------------------------------
+  CURRENT_DIR=$PWD
+  TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-kmodel
+  mkdir -p ${TEMP_DIR}
+
+  AVP_TYPE=aws  # Support for IBM will be added later
+  sm_login
+  
+  # update those varialbe which are necessory to be updated into aws , 
+
+  # pull_secret_name
+  export image_pull_secret_b64=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#image_pull_secret_b64
+  # mas_aibroker_storage_accesskey
+  export SM_MINIO_ACCESSKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_accesskey
+  # mas_aibroker_storage_secretkey
+  export SM_MINIO_SECRETKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_secretkey
+  # mas_aibroker_storage_host
+  export SM_MINIO_HOST=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_host
+  # mas_aibroker_storage_port
+  export SM_MINIO_PORT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_port
+  # mas_aibroker_storage_templates_bucket
+  export SM_MINIO_BUCKET_TEMPLATES=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_templates
+  # mas_aibroker_storage_tenants_bucket
+  export SM_MINIO_BUCKET_TENANTS=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_tenants
+  # mas_aibroker_storage_pipelines_bucket
+  export SM_MINIO_BUCKET_PIPELINES=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_pipelines
+  # check if those are already present 
+  # and update them 
+
+  # finally get values into tempalte 
+  # push them on github repo , 
+
+  # final output 
+  # updated var in sm 
+  # and git repo 
+
+
+  # sm_update_secret and need to pss secrert | idempotent
+  # TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_kmodel\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
+  # Auth necessary for kmodel ???
+  # sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$SECRET_KEY_MINIO_USER\", \"password\": \"$SECRET_KEY_MINIO_PASSWORD\"}" "${TAGS}"
+
+
+  echo_reset_dim "AIBROKER_NAMESPACE ....................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
+
+  GITOPS_WORKING_DIR=/Users/nikitakumble/temp/working-dir
+  mkdir -p ${GITOPS_WORKING_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/kmodel
+
+  if [ -z $GIT_SSH ]; then
+    export GIT_SSH=false
+  fi
+
+  # Clone github target repo
+  # ---------------------------------------------------------------------------
+  if [ "$GITHUB_PUSH" == "true" ]; then
+    echo
+    echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+    clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+  fi
+
+  mkdir -p ${GITOPS_CLUSTER_DIR}
+
+  # Generate ArgoApps
+  # ---------------------------------------------------------------------------
+  echo
+  echo_h2 "Generating kmodel operator Applications"
+  echo "- kmodel operator"
+
+  echo "Generating kmodel file ${GITOPS_CLUSTER_DIR}/ibm-kmodel.yaml"
+  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-kmodel.yaml
+
+
+  # Commit and push to github target repo
+  # ---------------------------------------------------------------------------
+  if [ "$GITHUB_PUSH" == "true" ]; then
+    echo
+    echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+    save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
+    remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
+  fi
+
+  rm -rf $TEMP_DIR
+
+  exit 0
+}
diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index dd286af1809..92804381f84 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -853,6 +853,14 @@ case $1 in
     gitops_minio "$@"
     ;;
 
+    gitops-kmodel)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite kmodel Manager (v${VERSION})${TEXT_RESET}"
+    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
+    echo
+    reset_colors
+    gitops_kmodel "$@"
+    ;;
+
   gitops-aibroker)
     echo "${TEXT_UNDERLINE}IBM Maximo Application Suite Minio Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
new file mode 100644
index 00000000000..506011a4110
--- /dev/null
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -0,0 +1,44 @@
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
+
+ibm_kmodel:
+  mas_instance_id: {{ MAS_INSTANCE_ID }}
+  aibroker_internal_tls: "{{ MAS_INSTANCE_ID }}-internal-aibroker-tls"
+
+  aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
+
+  pull_secret_name: "<path:{{ SECRETS_PATH }}:{{ IMAGE_PULL_SECRET_B64 }}>"
+
+  mas_aibroker_storage_provider: "minio"
+  mas_aibroker_storage_ssl: "false"
+
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_ACCESSKEY }}>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_SECRETKEY }}>"
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_HOST }}>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_PORT }}>"
+  mas_aibroker_storage_region: ""
+
+  mas_aibroker_storage_templates_bucket: "km-templates"
+  mas_aibroker_storage_tenants_bucket: "km-tenants"
+  mas_aibroker_storage_pipelines_bucket: "km-pipelines"
+
+  ssh_secret_name: "{{ MAS_INSTANCE_ID }}-kmodel-aibroker-tls"
+  
+  docker_server: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker"
+
+  tenantNamespace: "aibroker-user"
+  mas_aibroker_provision_tenant: ""
+
+  primary_storage_class: "nfs-client"
+
+# Docker image
+  image_store: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/store:1.0.3-pre.maint10xdev"
+  image_watcher: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/watcher:1.0.5-pre.maint10xdev"
+  image_controller: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/controller:1.0.8-pre.maint10xdev"  
+  
+  mas_aibroker_pipeline_steps_tag: 1.0.0
+  mas_aibroker_connector_tag: 1.0.0
+
+  mas_aibroker_saas: "true"
+  
+  model_id_unique_length: "8"
+  model_id_prefix: "m"
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
new file mode 100644
index 00000000000..f21ba10fb34
--- /dev/null
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -0,0 +1,205 @@
+
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: gitops-kmodel
+spec:
+  params:
+    - name: cluster_name
+      type: string
+    - name: account
+      type: string
+    - name: cluster_id
+      type: string
+    - name: cluster_url
+      type: string
+      default: ""
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+
+    - name: mas_instance_id
+      type: string
+    - name: aibroker_internal_tls
+      type: string
+    - name: aibroker_namespace
+      type: string
+    - name: pull_secret_name
+      type: string
+    - name: mas_aibroker_storage_provider
+      type: string
+    - name: mas_aibroker_storage_ssl
+      type: string
+    - name: mas_aibroker_storage_accesskey
+      type: string
+      default: ""
+    - name: mas_aibroker_storage_secretkey
+      type: string
+      default: ""
+    - name: mas_aibroker_storage_host
+      type: string
+      default: ""
+    - name: mas_aibroker_storage_port
+      type: string
+    - name: mas_aibroker_storage_region
+      type: string
+      default: ""
+    - name: mas_aibroker_storage_templates_bucket
+      type: string
+    - name: mas_aibroker_storage_tenants_bucket
+      type: string
+    - name: mas_aibroker_storage_pipelines_bucket
+      type: string
+    - name: ssh_secret_name
+      type: string
+    - name: docker_server
+      type: string
+    - name: tenantNamespace
+      type: string
+    - name: mas_aibroker_provision_tenant
+      type: string
+      default: provision-tenant
+    - name: primary_storage_class
+      type: string
+    - name: image_store
+      type: string
+    - name: image_watcher
+      type: string
+    - name: image_controller
+      type: string
+    - name: mas_aibroker_pipeline_steps_tag
+      type: string
+    - name: mas_aibroker_connector_tag
+      type: string
+    - name: mas_aibroker_saas
+      default: false
+      type: string
+    - name: model_id_unique_length
+      type: string
+      default: 8
+    - name: model_id_prefix
+      type: string
+      default: m
+
+
+
+
+  stepTemplate:
+    name: gitops-kmodel
+    env:
+      - name: CLUSTER_NAME
+        value: $(params.cluster_name)
+      - name: ACCOUNT
+        value: $(params.account)
+      #- name: CLUSTER_ID
+      #  value: $(params.cluster_id)
+      - name: CLUSTER_URL
+        value: $(params.cluster_url)
+      - name: SECRET_PATH
+        value: $(params.secrets_path)
+      - name: SM_AWS_REGION
+        value: $(params.avp_aws_secret_region)
+      - name: GIT_BRANCH
+        value: $(params.git_branch)
+      - name: GITHUB_ORG
+        value: $(params.github_org)
+      - name: GITHUB_HOST
+        value: $(params.github_host)
+      - name: GITHUB_REPO
+        value: $(params.github_repo)
+
+      - name: MAS_INSTANCE_ID
+        value: $(params.mas_instance_id)
+      - name: AIBROKER_INTERNAL_TLS
+        value: $(params.aibroker_internal_tls)
+      - name: AIBROKER_NAMESPACE
+        value: $(params.aibroker_namespace)
+      - name: PULL_SECRET_NAME
+        value: $(params.pull_secret_name)
+      - name: MAS_AIBROKER_STORAGE_PROVIDER
+        value: $(params.mas_aibroker_storage_provider)
+      - name: MAS_AIBROKER_STORAGE_SSL
+        value: $(params.mas_aibroker_storage_ssl)
+      - name: MAS_AIBROKER_STORAGE_ACCESSKEY
+        value: $(params.mas_aibroker_storage_accesskey)
+      - name: MAS_AIBROKER_STORAGE_SECRETKEY
+        value: $(params.mas_aibroker_storage_secretkey)
+      - name: MAS_AIBROKER_STORAGE_HOST
+        value: $(params.mas_aibroker_storage_host)
+      - name: MAS_AIBROKER_STORAGE_PORT
+        value: $(params.mas_aibroker_storage_port)
+      - name: MAS_AIBROKER_STORAGE_REGION
+        value: $(params.mas_aibroker_storage_region)
+      - name: MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET
+        value: $(params.mas_aibroker_storage_templates_bucket)
+      - name: MAS_AIBROKER_STORAGE_TENANTS_BUCKET
+        value: $(params.mas_aibroker_storage_tenants_bucket)
+      - name: MAS_AIBROKER_STORAGE_PIPELINES_BUCKET
+        value: $(params.mas_aibroker_storage_pipelines_bucket)
+      - name: SSH_SECRET_NAME
+        value: $(params.ssh_secret_name)
+      - name: DOCKER_SERVER
+        value: $(params.docker_server)
+      - name: TENANTNAMESPACE
+        value: $(params.tenantNamespace)
+      - name: MAS_AIBROKER_PROVISION_TENANT
+        value: $(params.mas_aibroker_provision_tenant)
+      - name: PRIMARY_STORAGE_CLASS
+        value: $(params.primary_storage_class)
+      - name: IMAGE_STORE
+        value: $(params.image_store)
+      - name: IMAGE_WATCHER
+        value: $(params.image_watcher)
+      - name: IMAGE_CONTROLLER
+        value: $(params.image_controller)
+      - name: MAS_AIBROKER_PIPELINE_STEPS_TAG
+        value: $(params.mas_aibroker_pipeline_steps_tag)
+      - name: MAS_AIBROKER_CONNECTOR_TAG
+        value: $(params.mas_aibroker_connector_tag)
+      - name: MAS_AIBROKER_SAAS
+        value: $(params.mas_aibroker_saas)
+      - name: MODEL_ID_UNIQUE_LENGTH
+        value: $(params.model_id_unique_length)
+      - name: MODEL_ID_PREFIX
+        value: $(params.model_id_prefix)
+    envFrom:
+      - configMapRef:
+          name: environment-properties
+          optional: true
+      - secretRef:
+          name: secure-properties
+  steps:
+    - args:
+      - |-
+        git config --global user.name "MAS Automation"
+        git config --global user.email "you@example.com"
+        git config --global user.password $GITHUB_PAT
+        
+        mkdir -p /tmp/init-kmodel
+        mas gitops-kmodel -a $ACCOUNT -c $CLUSTER_NAME \
+        --dir /tmp/init-kmodel \
+        --secrets-path $SECRET_PATH \
+        --github-push \
+        --github-host $GITHUB_HOST \
+        --github-org $GITHUB_ORG \
+        --github-repo $GITHUB_REPO \
+        --git-branch $GIT_BRANCH \
+
+        exit $?
+      command:
+        - /bin/sh
+        - -c
+      name: gitops-kmodel
+      imagePullPolicy: IfNotPresent
+      image: quay.io/ibmmas/cli:latest
+  workspaces:
+    - name: configs

From fa5acb3ddec7fee338123c8121a4e1f2a4f49797 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 14 May 2025 15:59:24 +0530
Subject: [PATCH 031/258] code updated for aibroker tenant role

---
 .../mascli/functions/gitops_aibroker_tenant   | 216 ++++++++----------
 image/cli/mascli/mas                          |   2 +-
 .../gitops/gitops-aibroker-tenant.yml.j2      |  23 +-
 tekton/src/tasks/gitops/gitops-minio.yml.j2   |   4 +
 4 files changed, 113 insertions(+), 132 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 5dcee34c120..e7df99b3558 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -10,67 +10,74 @@ Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by s
 When no options are specified on the command line, interactive-mode will be enabled by default.
 
 Basic Configuration:
-  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                 Directory for GitOps repository
-  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                  Account name that the cluster belongs to
-  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                  Cluster ID
-  -i, --Instace-id ${COLOR_YELLOW}INSTANCE_ID${TEXT_RESET}                                                 Instance ID
+  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                  Directory for GitOps repository
+  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                   Account name that the cluster belongs to
+  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                   Cluster ID
+  -i, --Instace-id ${COLOR_YELLOW}INSTANCE_ID${TEXT_RESET}                                                  Instance ID
 
 ibm_aibroker_tenant(required):
-      --aibroker-namespace ${TEXT_RESET}AIBROKER_NAMESPACE${TEXT_RESET}
-      --mas-instance-id ${TEXT_RESET}MAS_INSTACE_ID${TEXT_RESET}
-      --primary-storage-class ${TEXT_RESET}PRIMARY_STORAGE_CLASS${TEXT_RESET}
+      --mas_instance_id ${COLOR_YELLOW}MAS_INSTACE_ID${TEXT_RESET}                                          The MAS instance ID used by AI Broker
+      --tenant_namespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                       The tenant's Kubernetes namespace
+      --cluster_domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                           The domain name of the Kubernetes cluster (e.g., cluster.local)
+      --drocfg_url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
+      --slscfg_url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
+      --slscfg_client_id ${COLOR_YELLOW}SLSCFG_CLIENT_ID${TEXT_RESET}                                       Client ID for SLS (usually generated by GitOps Helm)
+      --mas_aibroker_watsonxai_url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                   Endpoint URL for Watsonx.ai
+      --mas_aibroker_watsonxai_apikey ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_APIKEY${TEXT_RESET}             API key for authenticating with Watsonx.ai
+      --mas_aibroker_watsonxai_project_id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}     Watsonx.ai project ID used by AI Broker
+
 
 AIBroker :
---aibroker_namespace ${COLOR_YELLOW}${AIBROKER_NAMESPACE}${TEXT_RESET}                                                           The namespace where AI Broker is deployed
---mas_aibroker_provision_tenant ${COLOR_YELLOW}${MAS_AIBROKER_PROVISION_TENANT}${TEXT_RESET}                                     Whether to provision the AI Broker tenant (true/false)
---mas_instance_id ${COLOR_YELLOW}${MAS_INSTANCE_ID}${TEXT_RESET}                                                                 The MAS instance ID used by AI Broker
---tenant_namespace ${COLOR_YELLOW}${TENANT_NAMESPACE}${TEXT_RESET}                                                                 The tenant's Kubernetes namespace
---cluster_domain ${COLOR_YELLOW}${CLUSTER_DOMAIN}${TEXT_RESET}                                                                   The domain name of the Kubernetes cluster (e.g., cluster.local)
---in_saas_env ${COLOR_YELLOW}${IN_SAAS_ENV}${TEXT_RESET}                                                                         Whether the environment is SaaS (true/false)
---ibm_entitlement_key ${COLOR_YELLOW}${IBM_ENTITLEMENT_KEY}${TEXT_RESET}                                                         IBM Entitlement API key for accessing IBM container registries
+--aibroker_namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
+--mas_aibroker_provision_tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant (true/false)
+--mas_instance_id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                               The MAS instance ID used by AI Broker
+--tenant_namespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                             The tenant's Kubernetes namespace
+--cluster_domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
+--in_saas_env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
+--ibm_entitlement_key ${COLOR_YELLOW}IBM_ENTITLEMENT_KEY${TEXT_RESET}                                       IBM Entitlement API key for accessing IBM container registries
 
---mas_icr_cp ${COLOR_YELLOW}${MAS_ICR_CP}${TEXT_RESET}                                                                           IBM Cloud Pak container registry URL
---mas_icr_cpopen ${COLOR_YELLOW}${MAS_ICR_CPOPEN}${TEXT_RESET}                                                                   IBM Cloud Pak Open container registry URL
+--mas_icr_cp ${COLOR_YELLOW}MAS_ICR_CP${TEXT_RESET}                                                         IBM Cloud Pak container registry URL
+--mas_icr_cpopen ${COLOR_YELLOW}MAS_ICR_CPOPEN${TEXT_RESET}                                                 IBM Cloud Pak Open container registry URL
 
 DRO :
---artifactory_token ${COLOR_YELLOW}${ARTIFACTORY_TOKEN}${TEXT_RESET}                                                             API token used to authenticate with Artifactory
---drocfg_url ${COLOR_YELLOW}${DROCFG_URL}${TEXT_RESET}                                                                           URL of the DRO configuration service
---mas_aibroker_dro_token_secret ${COLOR_YELLOW}${MAS_AIBROKER_DRO_TOKEN_SECRET}${TEXT_RESET}                                     Secret name containing the DRO token
---drocfg_ca ${COLOR_YELLOW}${DROCFG_CA}${TEXT_RESET}                                                                             CA certificate for secure communication with DRO config
---drocfg_registration_key ${COLOR_YELLOW}${DROCFG_REGISTRATION_KEY}${TEXT_RESET}                                                 Registration key used for DRO setup
+--artifactory_token ${COLOR_YELLOW}ARTIFACTORY_TOKEN${TEXT_RESET}                                           API token used to authenticate with Artifactory
+--drocfg_url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                         URL of the DRO configuration service
+--mas_aibroker_dro_token_secret ${COLOR_YELLOW}MAS_AIBROKER_DRO_TOKEN_SECRET${TEXT_RESET}                   Secret name containing the DRO token
+--drocfg_ca ${COLOR_YELLOW}DROCFG_CA${TEXT_RESET}                                                           CA certificate for secure communication with DRO config
+--drocfg_registration_key ${COLOR_YELLOW}DROCFG_REGISTRATION_KEY${TEXT_RESET}                               Registration key used for DRO setup
 
 SLS :
---slscfg_url ${COLOR_YELLOW}${SLSCFG_URL}${TEXT_RESET}                                                                           URL of the SLS configuration service
---slscfg_registration_key ${COLOR_YELLOW}${SLSCFG_REGISTRATION_KEY}${TEXT_RESET}                                                 Registration key used to register with SLS
---mas_aibroker_sls_subscription_id ${COLOR_YELLOW}${MAS_AIBROKER_SLS_SUBSCRIPTION_ID}${TEXT_RESET}                               Subscription ID associated with SLS
---slscfg_client_id ${COLOR_YELLOW}${SLSCFG_CLIENT_ID}${TEXT_RESET}                                                                 Client ID for SLS (usually generated by GitOps Helm)
---slscfg_ca ${COLOR_YELLOW}${SLSCFG_CA}${TEXT_RESET}                                                                             CA certificate for SLS TLS connection
---slscfg_tls ${COLOR_YELLOW}${SLSCFG_TLS}${TEXT_RESET}                                                                           TLS certificate used by the SLS client
---slscfg_key ${COLOR_YELLOW}${SLSCFG_KEY}${TEXT_RESET}                                                                           Private key used by the SLS client
+--slscfg_url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                          URL of the SLS configuration service
+--slscfg_registration_key ${COLOR_YELLOW}SLSCFG_REGISTRATION_KEY${TEXT_RESET}                                Registration key used to register with SLS
+--mas_aibroker_sls_subscription_id ${COLOR_YELLOW}MAS_AIBROKER_SLS_SUBSCRIPTION_ID${TEXT_RESET}              Subscription ID associated with SLS
+--slscfg_client_id ${COLOR_YELLOW}SLSCFG_CLIENT_ID${TEXT_RESET}                                              Client ID for SLS (usually generated by GitOps Helm)
+--slscfg_ca ${COLOR_YELLOW}SLSCFG_CA${TEXT_RESET}                                                            CA certificate for SLS TLS connection
+--slscfg_tls ${COLOR_YELLOW}SLSCFG_TLS${TEXT_RESET}                                                          TLS certificate used by the SLS client
+--slscfg_key ${COLOR_YELLOW}SLSCFG_KEY${TEXT_RESET}                                                          Private key used by the SLS client
 
 Watsonx :
---mas_aibroker_watsonxai_url ${COLOR_YELLOW}${MAS_AIBROKER_WATSONXAI_URL}${TEXT_RESET}                                           Endpoint URL for Watsonx.ai
---mas_aibroker_watsonxai_apikey ${COLOR_YELLOW}${MAS_AIBROKER_WATSONXAI_APIKEY}${TEXT_RESET}                                     API key for authenticating with Watsonx.ai
---mas_aibroker_watsonxai_project_id ${COLOR_YELLOW}${MAS_AIBROKER_WATSONXAI_PROJECT_ID}${TEXT_RESET}                             Watsonx.ai project ID used by AI Broker
+--mas_aibroker_watsonxai_url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                          Endpoint URL for Watsonx.ai
+--mas_aibroker_watsonxai_apikey ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_APIKEY${TEXT_RESET}                    API key for authenticating with Watsonx.ai
+--mas_aibroker_watsonxai_project_id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}            Watsonx.ai project ID used by AI Broker
 
 MinIO :
---mas_aibroker_storage_host ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_HOST}${TEXT_RESET}                                             Hostname or service name of the MinIO backend
---mas_aibroker_storage_port ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_PORT}${TEXT_RESET}                                             Port number MinIO is exposed on
---mas_aibroker_storage_region ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_REGION}${TEXT_RESET}                                         Storage region used in MinIO (if applicable)
---mas_aibroker_storage_accesskey ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_ACCESSKEY}${TEXT_RESET}                                   Access key to authenticate with MinIO
---mas_aibroker_storage_secretkey ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_SECRETKEY}${TEXT_RESET}                                   Secret key for authenticating with MinIO
---mas_aibroker_storage_pipelines_bucket ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}${TEXT_RESET}                     The MinIO bucket used to store pipeline assets
---mas_aibroker_storage_ssl ${COLOR_YELLOW}${MAS_AIBROKER_STORAGE_SSL}${TEXT_RESET}                                               Whether MinIO uses SSL (true/false)
+--mas_aibroker_storage_host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                            Hostname or service name of the MinIO backend
+--mas_aibroker_storage_port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                            Port number MinIO is exposed on
+--mas_aibroker_storage_region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                        Storage region used in MinIO (if applicable)
+--mas_aibroker_storage_accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                  Access key to authenticate with MinIO
+--mas_aibroker_storage_secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                  Secret key for authenticating with MinIO
+--mas_aibroker_storage_pipelines_bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}    The MinIO bucket used to store pipeline assets
+--mas_aibroker_storage_ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                              Whether MinIO uses SSL (true/false)
 
 
 Automatic GitHub Push (Optional):
-  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
-  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
-  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}          Github org for your GitOps repository
-  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
-  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}             Git ssh key path
-  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
-  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
+  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}                                                  Enable automatic push to GitHub
+  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}                                                  GitHub Hostname for your GitOps repository
+  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}                                                    Github org for your GitOps repository
+  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}                                                  Github repo for your GitOps repository
+  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}                                                       Git ssh key path
+  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}                                                    Git branch to commit to of your GitOps repository
+  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}                                            Git commit message to use when committing to of your GitOps repository
 
 Other Commands:
   -h, --help                                      Show this help message
@@ -83,39 +90,29 @@ function gitops_aibroker_tenant_noninteractive() {
   SECRETS_KEY_SEPERATOR="/"
   GIT_COMMIT_MSG="gitops-aibroker-tenant commit"
 
-  #adding default values # all generic values should to put here # check with ansible playbook/gitops envs 
-  only export below in whiel loop
+  # adding default values 
+  # all generic values should to put here 
+  # check with ansible playbook/gitops envs 
+  # only export below in whiel loop
   export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
+
   #adding default values # -- AIBroker Defaults
-  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-sremat-aibroker"}
+  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${MAS_INSTANCE_ID}-aibroker"}
   export MAS_AIBROKER_PROVISION_TENANT=${MAS_AIBROKER_PROVISION_TENANT:-"provision-tenant"}
-  export MAS_INSTANCE_ID=${MAS_INSTANCE_ID:-"sremat"}
-  export TENANT_NAMESPACE=${TENANT_NAMESPACE:-"aibroker-user"}
-  export CLUSTER_DOMAIN=${CLUSTER_DOMAIN:-"sremat-test.cp.fyre.ibm.com"}
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
 
   # -- DRO Defaults
-  export DROCFG_URL=${DROCFG_URL:-"https://ibm-data-reporter-redhat-marketplace.apps.sremat-test.cp.fyre.ibm.com"}
   export MAS_AIBROKER_DRO_TOKEN_SECRET=${MAS_AIBROKER_DRO_TOKEN_SECRET:-"dro-token"}
 
   # -- SLS Defaults
-  export SLSCFG_URL=${SLSCFG_URL:-"https://sls.ibm-sls.ibm-sls.apps.sremat-test.cp.fyre.ibm.com"}
   export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=${MAS_AIBROKER_SLS_SUBSCRIPTION_ID:-"001"}
-  export SLSCFG_CLIENT_ID=${SLSCFG_CLIENT_ID:-"aibroker-88s55n4n7obrkn"}
-
-  # -- Watsonx Defaults
-  export MAS_AIBROKER_WATSONXAI_URL=${MAS_AIBROKER_WATSONXAI_URL:-"https://us-south.ml.cloud.ibm.com"}
-  export MAS_AIBROKER_WATSONXAI_APIKEY=${MAS_AIBROKER_WATSONXAI_APIKEY:-"0dk2e7C4OzcLGM5kCWR-bkyD9e3WwY-CkBl_uYfNbNwO"}
-  export MAS_AIBROKER_WATSONXAI_PROJECT_ID=${MAS_AIBROKER_WATSONXAI_PROJECT_ID:-"37ac1937-3a50-48cc-acc0-4de5c83a0b0e"}
 
   # -- MinIO Defaults
   export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
   export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
 
-
-
   while [[ $# -gt 0 ]]
   do
     key="$1"
@@ -133,7 +130,7 @@ function gitops_aibroker_tenant_noninteractive() {
         ;;
       -i|--instance-id)
         export INSTANCE_ID=$1 && shift 
-
+        ;;
       # AWS Secrets Manager Configuration
       --sm-aws-secret-region)
         export SM_AWS_REGION=$1
@@ -299,49 +296,24 @@ function gitops_aibroker_tenant_noninteractive() {
     [[ -z "$GIT_BRANCH" ]] && gitops_aibroker_tenant_help "GIT_BRANCH is not set"
   fi
 
-# add validation below like above  for those variable which have the value needed for further execution
+  # add validation below like above  for those variable which have the value needed for further execution
   # -- AIBroker
-  [[ -z "$AIBROKER_NAMESPACE" ]] && gitops_aibroker_tenant_help "AIBROKER_NAMESPACE is not set. Please specify the namespace for AIBroker using --aibroker_namespace."
-  [[ -z "$MAS_AIBROKER_PROVISION_TENANT" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_PROVISION_TENANT is not set. Please specify the provision tenant name using --mas_aibroker_provision_tenant."
   [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas_instance_id."
   [[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_tenant_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
   [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_tenant_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster_domain."
-  [[ -z "$IN_SAAS_ENV" ]] && gitops_aibroker_tenant_help "IN_SAAS_ENV is not set. Please specify whether this is a SaaS environment using --in_saas_env."
-  [[ -z "$IBM_ENTITLEMENT_KEY" ]] && gitops_aibroker_tenant_help "IBM_ENTITLEMENT_KEY is not set. Please provide the IBM entitlement key using --ibm_entitlement_key."
-  [[ -z "$MAS_ICR_CP" ]] && gitops_aibroker_tenant_help "MAS_ICR_CP is not set. Please specify the ICR CP registry using --mas_icr_cp."
-  [[ -z "$MAS_ICR_CPOPEN" ]] && gitops_aibroker_tenant_help "MAS_ICR_CPOPEN is not set. Please specify the ICR CPOPEN registry using --mas_icr_cpopen."
-
+  
   # -- DRO
-  [[ -z "$ARTIFACTORY_TOKEN" ]] && gitops_aibroker_tenant_help "ARTIFACTORY_TOKEN is not set. Please provide the Artifactory access token using --artifactory_token."
   [[ -z "$DROCFG_URL" ]] && gitops_aibroker_tenant_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg_url."
-  [[ -z "$MAS_AIBROKER_DRO_TOKEN_SECRET" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_DRO_TOKEN_SECRET is not set. Please specify the secret name containing the DRO token using --mas_aibroker_dro_token_secret."
-  [[ -z "$DROCFG_CA" ]] && gitops_aibroker_tenant_help "DROCFG_CA is not set. Please provide the DRO CA certificate using --drocfg_ca."
-  [[ -z "$DROCFG_REGISTRATION_KEY" ]] && gitops_aibroker_tenant_help "DROCFG_REGISTRATION_KEY is not set. Please specify the DRO registration key using --drocfg_registration_key."
-
+  
   # -- SLS
   [[ -z "$SLSCFG_URL" ]] && gitops_aibroker_tenant_help "SLSCFG_URL is not set. Please specify the SLS configuration URL using --slscfg_url."
-  [[ -z "$SLSCFG_REGISTRATION_KEY" ]] && gitops_aibroker_tenant_help "SLSCFG_REGISTRATION_KEY is not set. Please provide the SLS registration key using --slscfg_registration_key."
-  [[ -z "$MAS_AIBROKER_SLS_SUBSCRIPTION_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_SLS_SUBSCRIPTION_ID is not set. Please specify the SLS subscription ID using --mas_aibroker_sls_subscription_id."
   [[ -z "$SLSCFG_CLIENT_ID" ]] && gitops_aibroker_tenant_help "SLSCFG_CLIENT_ID is not set. Please provide the SLS client ID using --slscfg_client_Id."
-  [[ -z "$SLSCFG_CA" ]] && gitops_aibroker_tenant_help "SLSCFG_CA is not set. Please provide the SLS CA certificate using --slscfg_ca."
-  [[ -z "$SLSCFG_TLS" ]] && gitops_aibroker_tenant_help "SLSCFG_TLS is not set. Please specify the SLS TLS certificate using --slscfg_tls."
-  [[ -z "$SLSCFG_KEY" ]] && gitops_aibroker_tenant_help "SLSCFG_KEY is not set. Please provide the SLS private key using --slscfg_key."
 
   # -- Watsonx
   [[ -z "$MAS_AIBROKER_WATSONXAI_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --mas_aibroker_watsonxai_url."
   [[ -z "$MAS_AIBROKER_WATSONXAI_APIKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_APIKEY is not set. Please provide the Watsonx.ai API key using --mas_aibroker_watsonxai_apikey."
   [[ -z "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_PROJECT_ID is not set. Please specify the Watsonx.ai project ID using --mas_aibroker_watsonxai_project_id."
 
-  # -- MinIO
-  [[ -z "$MAS_AIBROKER_STORAGE_HOST" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_HOST is not set. Please specify the MinIO storage host using --mas_aibroker_storage_host."
-  [[ -z "$MAS_AIBROKER_STORAGE_PORT" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_PORT is not set. Please specify the MinIO storage port using --mas_aibroker_storage_port."
-  [[ -z "$MAS_AIBROKER_STORAGE_REGION" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_REGION is not set. Please specify the MinIO storage region using --mas_aibroker_storage_region."
-  [[ -z "$MAS_AIBROKER_STORAGE_ACCESSKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_ACCESSKEY is not set. Please provide the MinIO access key using --mas_aibroker_storage_accesskey."
-  [[ -z "$MAS_AIBROKER_STORAGE_SECRETKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_SECRETKEY is not set. Please provide the MinIO secret key using --mas_aibroker_storage_secretkey."
-  [[ -z "$MAS_AIBROKER_STORAGE_PIPELINES_BUCKET" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_PIPELINES_BUCKET is not set. Please specify the MinIO bucket for pipelines using --mas_aibroker_storage_pipelines_bucket."
-  [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_SSL is not set. Please specify whether to use SSL for MinIO using --mas_aibroker_storage_ssl."
-
-
 }
 
 function gitops_aibroker_tenant() {
@@ -404,31 +376,23 @@ function gitops_aibroker_tenant() {
   # echo all the variables of gitops envs
 
   # -- AIBroker
-  echo_reset_dim "aibroker namespace ............................ ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
+  echo_reset_dim "aibroker namespace ........................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "mas aibroker provision tenant ................ ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
   echo_reset_dim "mas instance ID .............................. ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
   echo_reset_dim "tenant namespace ............................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
   echo_reset_dim "cluster domain ............................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
   echo_reset_dim "in SaaS environment .......................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
-  echo_reset_dim "IBM entitlement key .......................... ${COLOR_MAGENTA}${IBM_ENTITLEMENT_KEY}"
+
   echo_reset_dim "MAS ICR CP registry .......................... ${COLOR_MAGENTA}${MAS_ICR_CP}"
   echo_reset_dim "MAS ICR CPOPEN registry ...................... ${COLOR_MAGENTA}${MAS_ICR_CPOPEN}"
 
   # -- DRO
-  echo_reset_dim "Artifactory token ............................ ${COLOR_MAGENTA}${ARTIFACTORY_TOKEN}"
-  echo_reset_dim "DRO config URL ............................... ${COLOR_MAGENTA}${DROCFG_URL}"
   echo_reset_dim "DRO token secret name ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_DRO_TOKEN_SECRET}"
-  echo_reset_dim "DRO config CA ................................ ${COLOR_MAGENTA}${DROCFG_CA}"
-  echo_reset_dim "DRO registration key ......................... ${COLOR_MAGENTA}${DROCFG_REGISTRATION_KEY}"
 
   # -- SLS
-  echo_reset_dim "SLS config URL ............................... ${COLOR_MAGENTA}${SLSCFG_URL}"
-  echo_reset_dim "SLS registration key ......................... ${COLOR_MAGENTA}${SLSCFG_REGISTRATION_KEY}"
   echo_reset_dim "SLS subscription ID .......................... ${COLOR_MAGENTA}${MAS_AIBROKER_SLS_SUBSCRIPTION_ID}"
   echo_reset_dim "SLS client ID ................................ ${COLOR_MAGENTA}${SLSCFG_CLIENT_ID}"
-  echo_reset_dim "SLS CA certificate ........................... ${COLOR_MAGENTA}${SLSCFG_CA}"
-  echo_reset_dim "SLS TLS certificate .......................... ${COLOR_MAGENTA}${SLSCFG_TLS}"
-  echo_reset_dim "SLS private key .............................. ${COLOR_MAGENTA}${SLSCFG_KEY}"
+
 
   # -- Watsonx
   echo_reset_dim "Watsonx.ai URL ............................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_URL}"
@@ -436,39 +400,44 @@ function gitops_aibroker_tenant() {
   echo_reset_dim "Watsonx.ai project ID ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_PROJECT_ID}"
 
   # -- MinIO
-  echo_reset_dim "MinIO storage host ........................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_HOST}"
-  echo_reset_dim "MinIO storage port ........................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PORT}"
-  echo_reset_dim "MinIO storage region ......................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_REGION}"
-  echo_reset_dim "MinIO access key ............................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
-  echo_reset_dim "MinIO secret key ............................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
-  echo_reset_dim "MinIO pipelines bucket ....................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
   echo_reset_dim "MinIO SSL enabled ............................ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
 
-
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
 
-  # aibroker
-  export IBM_ENTITLEMENT_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#entitlement_key
+  SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
 
+  # aibroker
+  export SECRET_KEY_IBM_ENTITLEMENT=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
   # dro
-  export ARTIFACTORY_TOKEN=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#aibroker_image_pull_secret_b64
-  export DROCFG_CA=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#drocfg_ca
-  export DROCFG_REGISTRATION_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#drocfg_registration_key
+  export SECRET_KEY_ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#aibroker_image_pull_secret_b64
+  export SECRET_KEY_DROCFG_CA=${SECRETS_PREFIX}dro#drocfg_ca
+  export SECRET_KEY_DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}dro#drocfg_registration_key
 
   # sls
-  export SLSCFG_REGISTRATION_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}sls#slscfg_registration_key
-  export SLSCFG_CA=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}sls#slscfg_ca
-  export SLSCFG_TLS=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}sls#slscfg_tls
-  export SLSCFG_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}sls#slscfg_key
+  export SECRET_KEY_SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
+  export SECRET_KEY_SLSCFG_CA=${SECRETS_PREFIX}sls#slscfg_ca
+  export SECRET_KEY_SLSCFG_TLS=${SECRETS_PREFIX}sls#slscfg_tls
+  export SECRET_KEY_SLSCFG_KEY=${SECRETS_PREFIX}sls#slscfg_key
 
   # minio
-  export MAS_AIBROKER_STORAGE_HOST=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_host
-  export MAS_AIBROKER_STORAGE_PORT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_port
-  export MAS_AIBROKER_STORAGE_ACCESSKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_accesskey
-  export MAS_AIBROKER_STORAGE_SECRETKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_secretkey
-  export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_default
+  export SECRET_KEY_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
+  export SECRET_KEY_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
+  export SECRET_KEY_MINIO_ACCESSKEY=${SECRETS_PREFIX}minio#sm_minio_accesskey
+  export SECRET_KEY_MINIO_SECRETKEY=${SECRETS_PREFIX}minio#sm_minio_secretkey
+  export SECRET_KEY_MINIO_BUCKET=${SECRETS_PREFIX}minio#sm_minio_bucket_default
+
+  # check for those variables present into the aws sm 
+
+  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
+ 
+  sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key"
+
+  sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca,slscfg_tls,slscfg_key"
+ 
+  sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_default"
 
+  # finally push them into the git repo
 
     if [ -z $GIT_SSH ]; then
       export GIT_SSH=false
@@ -496,7 +465,7 @@ function gitops_aibroker_tenant() {
     # ---------------------------------------------------------------------------
     if [ "$GITHUB_PUSH" == "true" ]; then
       echo
-      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      echo "Github push" "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "Working: " "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" " Commit :" "$GIT_COMMIT_MSG"
       save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
       remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
     fi
@@ -504,6 +473,5 @@ function gitops_aibroker_tenant() {
     rm -rf $TEMP_DIR
     rm -rf $GITOPS_WORKING_DIR
 
-   
   exit 0
 }
diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index 92804381f84..5bed58fa054 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -869,7 +869,7 @@ case $1 in
     gitops_aibroker "$@"
     ;;
 
-  gitops-aibroker_tenant)
+  gitops-aibroker-tenant)
     echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker tenant Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index 4c15663a4f3..aa34411060c 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -224,14 +224,23 @@ spec:
         git config --global user.password $GITHUB_PAT
 
         mkdir -p /tmp/init-aibroker-tenant
-        mas gitops-aibroker-tenant -a $ACCOUNT -c $CLUSTER_NAME \
-        --secrets-path $SECRET_PATH \
-        --dir /tmp/init-aibroker-tenant \
+        
+        mas gitops-aibroker-tenant --account-id "$ACCOUNT_ID" --cluster-id "$CLUSTER_ID" \
+        --secrets-path "$SECRETS_PATH" \
         --github-push \
-        --github-host $GITHUB_HOST \
-        --github-org  $GITHUB_ORG \
-        --github-repo $GITHUB_REPO \
-        --git-branch $GIT_BRANCH
+        --github-host "$GITHUB_HOST" \
+        --github-org "$GITHUB_ORG" \
+        --github-repo "$GITHUB_REPO" \
+        --git-branch "$GIT_BRANCH" \
+        --mas_instance_id "$MAS_INSTANCE_ID" \
+        --tenant_namespace "$TENANT_NAMESPACE" \
+        --cluster_domain "$CLUSTER_DOMAIN" \
+        --slscfg_url "$SLSCFG_URL" \
+        --slscfg_client_id "$SLSCFG_CLIENT_ID" \
+        --mas_aibroker_watsonxai_url "$MAS_AIBROKER_WATSONXAI_URL" \
+        --mas_aibroker_watsonxai_apikey "$MAS_AIBROKER_WATSONXAI_APIKEY" \
+        --mas_aibroker_watsonxai_project_id "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" \
+        --drocfg_url "$DROCFG_URL"
 
         exit $?
       command:
diff --git a/tekton/src/tasks/gitops/gitops-minio.yml.j2 b/tekton/src/tasks/gitops/gitops-minio.yml.j2
index 8ee45d26ab8..d18b025af9c 100644
--- a/tekton/src/tasks/gitops/gitops-minio.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-minio.yml.j2
@@ -9,6 +9,8 @@ spec:
       type: string
     - name: account
       type: string
+    - name: mas_instance_id
+      type: string
     - name: cluster_id
       type: string
     - name: cluster_url
@@ -53,6 +55,8 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
+      - name: MAS_INSTANCE_ID
+        value: $(params.mas_instance_id)
       #- name: CLUSTER_ID
       #  value: $(params.cluster_id)
       - name: CLUSTER_URL

From c3394e205570609a903d2a7b5296b42ab0c3bd39 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 15 May 2025 12:51:12 +0530
Subject: [PATCH 032/258] Update gitops_aibroker_tenant

---
 image/cli/mascli/functions/gitops_aibroker_tenant | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index e7df99b3558..b9ffb698904 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -29,7 +29,7 @@ ibm_aibroker_tenant(required):
 
 AIBroker :
 --aibroker_namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
---mas_aibroker_provision_tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant (true/false)
+--mas_aibroker_provision_tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant
 --mas_instance_id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                               The MAS instance ID used by AI Broker
 --tenant_namespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                             The tenant's Kubernetes namespace
 --cluster_domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)

From f2b94d8d88979225f19e0db3aa9ea0d7ff11c1de Mon Sep 17 00:00:00 2001
From: Nikita Kumble <nikitakumble@gmail.com>
Date: Fri, 16 May 2025 11:39:25 +0530
Subject: [PATCH 033/258] kmodel cli changes done

---
 image/cli/mascli/functions/gitops_kmodel      | 263 +++++++++---------
 .../cluster/instance/ibm-kmodel.yaml.j2       |  40 +--
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2  |  17 +-
 3 files changed, 153 insertions(+), 167 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 82a6ed7ba33..068360d551a 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -20,34 +20,36 @@ Secrets Manager:
       --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
       --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
 
+ibm_kmodel(required):
+      --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                                     The MAS instance ID used by AI Broker
+      --primary-storage-class ${COLOR_YELLOW}PRIMARY_STORAGE_CLASS${TEXT_RESET}                                         Kubernetes storage class to be used for provisioning persistent volumes
+      --mas-aibroker-storage-templates-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}         Storage templates bucket for Kmodels role
+      --mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}         Storage piplines bucket for Kmodels role
+      --mas-aibroker-storage-tenants-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TENANTS_BUCKET${TEXT_RESET}             Storage tenants bucket for Kmodels role
+
 Kkmodel Configuration:
-      --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}
-      --aibroker-internal-tls ${COLOR_YELLOW}AIBROKER_INTERNAL_TLS${TEXT_RESET}
-      --aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}
-      --pull-secret-name ${COLOR_YELLOW}PULL_SECRET_NAME${TEXT_RESET}
-      --mas-aibroker-storage-provider ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}
-      --mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}
-      --mas-aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}
-      --mas-aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}
-      --mas-aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}
-      --mas-aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}
-      --mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}
-      --mas-aibroker-storage-templates-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}
-      --mas-aibroker-storage-tenants-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TENANTS_BUCKET${TEXT_RESET}
-      --mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}
-      --ssh-secret-name ${COLOR_YELLOW}SSH_SECRET_NAME${TEXT_RESET}
-      --docker-server ${COLOR_YELLOW}DOCKER_SERVER${TEXT_RESET}
-      --tenant-namespace ${COLOR_YELLOW}TENANTNAMESPACE${TEXT_RESET}
-      --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}
-      --primary-storage-class ${COLOR_YELLOW}PRIMARY_STORAGE_CLASS${TEXT_RESET}
-      --image-store ${COLOR_YELLOW}IMAGE_STORE${TEXT_RESET}
-      --image-watcher ${COLOR_YELLOW}IMAGE_WATCHER${TEXT_RESET}
-      --image-controller ${COLOR_YELLOW}IMAGE_CONTROLLER${TEXT_RESET}
-      --mas-aibroker-pipeline-steps-tag ${COLOR_YELLOW}MAS_AIBROKER_PIPELINE_STEPS_TAG${TEXT_RESET}
-      --mas-aibroker-connector-tag ${COLOR_YELLOW}MAS_AIBROKER_CONNECTOR_TAG${TEXT_RESET}
-      --mas-aibroker-saas ${COLOR_YELLOW}MAS_AIBROKER_SAAS${TEXT_RESET}
-      --model-id-unique-length ${COLOR_YELLOW}MODEL_ID_UNIQUE_LENGTH${TEXT_RESET}
-      --model-id-prefix ${COLOR_YELLOW}MODEL_ID_PREFIX${TEXT_RESET}
+      --aibroker-internal-tls ${COLOR_YELLOW}AIBROKER_INTERNAL_TLS${TEXT_RESET}                                         Identifier for the internal TLS configuration 
+      --aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                               The namespace where AI Broker is deployed
+      --mas-aibroker-storage-provider ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}                         Backend storage service used by AI Broker to store models, pipelines, and tenant data
+      --mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                                   Whether MinIO uses SSL (true/false)
+      --mas_aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                                 Hostname or service name of the MinIO backend
+      --mas_aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                                 Port number MinIO is exposed on
+      --mas_aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                       Access key to authenticate with MinIO
+      --mas_aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                       Secret key for authenticating with MinIO
+      --mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                             Storage region used in MinIO (if applicable)
+      --ssh-secret-name ${COLOR_YELLOW}SSH_SECRET_NAME${TEXT_RESET}                                                     SSH secret for securely provide SSH credentials
+      --mas_aibroker_tenant_name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                                   Aibroker Tenant name
+      --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                         Whether to provision the AI Broker tenant (true/false)
+      --mas-aibroker-connector-tag ${COLOR_YELLOW}MAS_AIBROKER_CONNECTOR_TAG${TEXT_RESET}                               AI Broker connector for integration or communication.
+      --mas-aibroker-pipeline-steps-tag ${COLOR_YELLOW}MAS_AIBROKER_PIPELINE_STEPS_TAG${TEXT_RESET}                     Version tag of the AI Broker pipeline steps image used to run model-related processing tasks in KModel deployments
+      --mas-aibroker-saas ${COLOR_YELLOW}MAS_AIBROKER_SAAS${TEXT_RESET}                                                 AI Broker is deployed as a SaaS
+      --model-id-unique-length ${COLOR_YELLOW}MODEL_ID_UNIQUE_LENGTH${TEXT_RESET}                                       Length of the unique identifier used for model IDs
+      --model-id-prefix ${COLOR_YELLOW}MODEL_ID_PREFIX${TEXT_RESET}                                                     Model ID prefix
+      --mas_icr_cp ${COLOR_YELLOW}MAS_ICR_CP${TEXT_RESET}                                                               Prefix to be used for generating model IDs
+      --docker-server ${COLOR_YELLOW}DOCKER_SERVER${TEXT_RESET}                                                         Docker registry where kmodel container images is stored and pulled from.
+      --image-store ${COLOR_YELLOW}IMAGE_STORE${TEXT_RESET}                                                             Docker image for storing models and artifacts.
+      --image-watcher ${COLOR_YELLOW}IMAGE_WATCHER${TEXT_RESET}                                                         Docker image for monitoring and detecting changes to models or configurations.
+      --image-controller ${COLOR_YELLOW}IMAGE_CONTROLLER${TEXT_RESET}                                                   Docker image for controlling and managing the deployment and lifecycle of models.
 
 Automatic GitHub Push (Optional):
   -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
@@ -72,21 +74,27 @@ function gitops_kmodel_noninteractive() {
   export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
 
   #adding default values 
-  export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"minio"}
-  export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"false"}
-  export SSH_SECRET_NAME=${SSH_SECRET_NAME:-"sremat-kmodel-aibroker-tls"}
-  export DOCKER_SERVER=${DOCKER_SERVER:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker"}
-  export TENANTNAMESPACE=${TENANTNAMESPACE:-"aibroker-user"}
-  export PRIMARY_STORAGE_CLASS=${PRIMARY_STORAGE_CLASS:-"nfs-client"}
-  export IMAGE_STORE=${IMAGE_STORE:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/store:1.0.3-pre.maint10xdev"}
-  export IMAGE_WATCHER=${IMAGE_WATCHER:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/watcher:1.0.5-pre.maint10xdev"}
-  export IMAGE_CONTROLLER=${IMAGE_CONTROLLER:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/controller:1.0.8-pre.maint10xdev"}
-  export MAS_AIBROKER_PIPELINE_STEPS_TAG=${MAS_AIBROKER_PIPELINE_STEPS_TAG:-"1.0.0"}
-  export MAS_AIBROKER_CONNECTOR_TAG=${MAS_AIBROKER_CONNECTOR_TAG:-"1.0.0"}
-  export MAS_AIBROKER_SAAS=${MAS_AIBROKER_SAAS:-"true"}
-  export MODEL_ID_UNIQUE_LENGTH=${MODEL_ID_UNIQUE_LENGTH:-"8"}
-  export MODEL_ID_PREFIX=${MODEL_ID_PREFIX:-"m"}
-
+  export AIBROKER_INTERNAL_TLS=${AIBROKER_INTERNAL_TLS:-"${MAS_INSTANCE_ID}-internal-aibroker-tls"}
+  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${MAS_INSTANCE_ID}-aibroker"}
+  export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}
+  export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
+  export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
+  export SSH_SECRET_NAME=${SSH_SECRET_NAME:-"${MAS_INSTANCE_ID}-kmodel-aibroker-tls"}
+  export MAS_AIBROKER_TENANT_NAME=${MAS_AIBROKER_TENANT_NAME:-"user"}
+  export TENANT_NAMESPACE=${TENANT_NAMESPACE:-"aibroker-${MAS_AIBROKER_TENANT_NAME}"}
+  export MAS_AIBROKER_PROVISION_TENANT=${MAS_AIBROKER_PROVISION_TENANT:-"provision-tenant"}
+  export MAS_AIBROKER_CONNECTOR_TAG=${MAS_AIBROKER_CONNECTOR_TAG:-"1.0.2"}
+  export MAS_AIBROKER_PIPELINE_STEPS_TAG=${MAS_AIBROKER_PIPELINE_STEPS_TAG:-"1.0.3"}
+  export MAS_AIBROKER_SAAS=${MAS_AIBROKER_SAAS:-"false"}
+  export MODEL_ID_UNIQUE_LENGTH=${MODEL_ID_UNIQUE_LENGTH:-"15"}
+  export MODEL_ID_PREFIX=${MODEL_ID_PREFIX:-"m"}  
+  export MAS_ICR_CP=${MAS_ICR_CP:-"cp.icr.io/cp"}
+  export DOCKER_SERVER=${DOCKER_SERVER:-"${MAS_ICR_CP}/aibroker"}
+  export IMAGE_STORE=${IMAGE_STORE:-"${DOCKER_SERVER}/store:1.0.3-pre.maint10xdev"}
+  export IMAGE_WATCHER=${IMAGE_WATCHER:-"${DOCKER_SERVER}/watcher:1.0.5-pre.maint10xdev"}
+  export IMAGE_CONTROLLER=${IMAGE_CONTROLLER:-"${DOCKER_SERVER}/controller:1.0.8-pre.maint10xdev"}
+  
+  
   while [[ $# -gt 0 ]]
   do
     key="$1"
@@ -119,7 +127,7 @@ function gitops_kmodel_noninteractive() {
         export SECRETS_PATH=$1 && shift
         ;;
 
-      # kmodel
+      # kmodel - all input params default + sm
       --mas-instance-id)
         export MAS_INSTANCE_ID=$1 && shift
         ;;
@@ -180,12 +188,16 @@ function gitops_kmodel_noninteractive() {
         export SSH_SECRET_NAME=$1 && shift
         ;;
 
+      --mas_icr_cp)
+        export MAS_ICR_CP=$1 && shift
+        ;;
+
       --docker-server)
         export DOCKER_SERVER=$1 && shift
         ;;
 
       --tenant-namespace)
-        export TENANTNAMESPACE=$1 && shift
+        export TENANT_NAMESPACE=$1 && shift
         ;;
 
       --mas-aibroker-provision-tenant)
@@ -278,7 +290,13 @@ function gitops_kmodel_noninteractive() {
     [[ -z "$GITHUB_REPO" ]] && gitops_kmodel_help "GITHUB_REPO is not set"
     [[ -z "$GIT_BRANCH" ]] && gitops_kmodel_help "GIT_BRANCH is not set"
   fi
+
   # add validation for those variable which have the value needed for further execution
+  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_kmodel_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
+  [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_kmodel_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
+  [[ -z "$MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET is not set. Please provide the templates bucket name using --mas-aibroker-storage-templates-bucket."
+  [[ -z "$MAS_AIBROKER_STORAGE_TENANTS_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_TENANTS_BUCKET is not set. Please provide the tenants bucket name using --mas-aibroker-storage-tenants-bucket."
+  [[ -z "$MAS_AIBROKER_STORAGE_PIPELINES_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_PIPELINES_BUCKET is not set. Please provide the pipelines bucket name using --mas-aibroker-storage-pipelines-bucket."
 
 }
 
@@ -297,6 +315,7 @@ function gitops_kmodel() {
   set -o pipefail
   trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
 
+  # Prepare directories
   mkdir -p ${GITOPS_WORKING_DIR}
   GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}
 
@@ -336,35 +355,34 @@ function gitops_kmodel() {
   fi
   reset_colors
 
+  # echo all the variables of gitops envs
+
   echo "${TEXT_DIM}"
   echo_h2 "kmodel" "    "
-  echo_reset_dim "Mas Instance Id (mas_instance_id)  .................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
-  echo_reset_dim "AI Broker Internal TLS (aibroker_internal_tls)  .................... ${COLOR_MAGENTA}${AIBROKER_INTERNAL_TLS}"
-  echo_reset_dim "AI Broker Namespace (aibroker_namespace)  .................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
-  echo_reset_dim "Pull Secret Name (pull_secret_name)  .................... ${COLOR_MAGENTA}${PULL_SECRET_NAME}"
-  echo_reset_dim "MAS AI Broker Storage Provider (mas_aibroker_storage_provider)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
-  echo_reset_dim "MAS AI Broker Storage SSL (mas_aibroker_storage_ssl)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
-  echo_reset_dim "MAS AI Broker Storage Access Key (mas_aibroker_storage_accesskey)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
-  echo_reset_dim "MAS AI Broker Storage Secret Key (mas_aibroker_storage_secretkey)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
-  echo_reset_dim "MAS AI Broker Storage Host (mas_aibroker_storage_host)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_HOST}"
-  echo_reset_dim "MAS AI Broker Storage Port (mas_aibroker_storage_port)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PORT}"
-  echo_reset_dim "MAS AI Broker Storage Region (mas_aibroker_storage_region)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_REGION}"
-  echo_reset_dim "MAS AI Broker Storage Templates Bucket (mas_aibroker_storage_templates_bucket)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
-  echo_reset_dim "MAS AI Broker Storage Tenants Bucket (mas_aibroker_storage_tenants_bucket)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
-  echo_reset_dim "MAS AI Broker Storage Pipelines Bucket (mas_aibroker_storage_pipelines_bucket)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
-  echo_reset_dim "SSH Secret Name (ssh_secret_name)  .................... ${COLOR_MAGENTA}${SSH_SECRET_NAME}"
-  echo_reset_dim "Docker Server (docker_server)  .................... ${COLOR_MAGENTA}${DOCKER_SERVER}"
-  echo_reset_dim "Tenant Namespace (tenantNamespace)  .................... ${COLOR_MAGENTA}${TENANTNAMESPACE}"
-  echo_reset_dim "MAS AI Broker Provision Tenant (mas_aibroker_provision_tenant)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
-  echo_reset_dim "Primary Storage Class (primary_storage_class)  .................... ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
-  echo_reset_dim "Image Store (image_store)  .................... ${COLOR_MAGENTA}${IMAGE_STORE}"
-  echo_reset_dim "Image Watcher (image_watcher)  .................... ${COLOR_MAGENTA}${IMAGE_WATCHER}"
-  echo_reset_dim "Image Controller (image_controller)  .................... ${COLOR_MAGENTA}${IMAGE_CONTROLLER}"
-  echo_reset_dim "MAS AI Broker Pipeline Steps Tag (mas_aibroker_pipeline_steps_tag)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_PIPELINE_STEPS_TAG}"
-  echo_reset_dim "MAS AI Broker Connector Tag (mas_aibroker_connector_tag)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_CONNECTOR_TAG}"
-  echo_reset_dim "MAS AI Broker SAAS (mas_aibroker_saas)  .................... ${COLOR_MAGENTA}${MAS_AIBROKER_SAAS}"
-  echo_reset_dim "Model ID Unique Length (model_id_unique_length)  .................... ${COLOR_MAGENTA}${MODEL_ID_UNIQUE_LENGTH}"
-  echo_reset_dim "Model ID Prefix (model_id_prefix)  .................... ${COLOR_MAGENTA}${MODEL_ID_PREFIX}"
+  echo_reset_dim "Mas Instance Id ................................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "AI Broker Internal TLS ............................ ${COLOR_MAGENTA}${AIBROKER_INTERNAL_TLS}"
+  echo_reset_dim "AI Broker Namespace ............................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
+  echo_reset_dim "MAS AI Broker Storage Provider .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
+  echo_reset_dim "MAS AI Broker Storage SSL ......................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
+  echo_reset_dim "MAS AI Broker Storage Access Key .................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
+  echo_reset_dim "MAS AI Broker Storage Secret Key .................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
+  echo_reset_dim "MAS AI Broker Storage Templates Bucket ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
+  echo_reset_dim "MAS AI Broker Storage Tenants Bucket .............. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
+  echo_reset_dim "MAS AI Broker Storage Pipelines Bucket ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
+  echo_reset_dim "SSH Secret Name ................................... ${COLOR_MAGENTA}${SSH_SECRET_NAME}"
+  echo_reset_dim "MAS ICR CP Registry ............................... ${COLOR_MAGENTA}${MAS_ICR_CP}"
+  echo_reset_dim "Docker Server ..................................... ${COLOR_MAGENTA}${DOCKER_SERVER}"
+  echo_reset_dim "Tenant Namespace .................................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
+  echo_reset_dim "MAS AI Broker Provision Tenant .................... ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
+  echo_reset_dim "Primary Storage Class ............................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
+  echo_reset_dim "Image Store ....................................... ${COLOR_MAGENTA}${IMAGE_STORE}"
+  echo_reset_dim "Image Watcher ..................................... ${COLOR_MAGENTA}${IMAGE_WATCHER}"
+  echo_reset_dim "Image Controller .................................. ${COLOR_MAGENTA}${IMAGE_CONTROLLER}"
+  echo_reset_dim "MAS AI Broker Pipeline Steps Tag .................. ${COLOR_MAGENTA}${MAS_AIBROKER_PIPELINE_STEPS_TAG}"
+  echo_reset_dim "MAS AI Broker Connector Tag ....................... ${COLOR_MAGENTA}${MAS_AIBROKER_CONNECTOR_TAG}"
+  echo_reset_dim "MAS AI Broker SAAS ................................ ${COLOR_MAGENTA}${MAS_AIBROKER_SAAS}"
+  echo_reset_dim "Model ID Unique Length ............................ ${COLOR_MAGENTA}${MODEL_ID_UNIQUE_LENGTH}"
+  echo_reset_dim "Model ID Prefix ................................... ${COLOR_MAGENTA}${MODEL_ID_PREFIX}"
 
   reset_colors
 
@@ -377,81 +395,60 @@ function gitops_kmodel() {
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
   
-  # update those varialbe which are necessory to be updated into aws , 
-
-  # pull_secret_name
-  export image_pull_secret_b64=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#image_pull_secret_b64
-  # mas_aibroker_storage_accesskey
-  export SM_MINIO_ACCESSKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_accesskey
-  # mas_aibroker_storage_secretkey
-  export SM_MINIO_SECRETKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_secretkey
-  # mas_aibroker_storage_host
-  export SM_MINIO_HOST=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_host
-  # mas_aibroker_storage_port
-  export SM_MINIO_PORT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_port
-  # mas_aibroker_storage_templates_bucket
-  export SM_MINIO_BUCKET_TEMPLATES=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_templates
-  # mas_aibroker_storage_tenants_bucket
-  export SM_MINIO_BUCKET_TENANTS=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_tenants
-  # mas_aibroker_storage_pipelines_bucket
-  export SM_MINIO_BUCKET_PIPELINES=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_pipelines
-  # check if those are already present 
-  # and update them 
+  SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
 
-  # finally get values into tempalte 
-  # push them on github repo , 
+  # check if those are already present 
+  export image_pull_secret_b64=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
+  
+  # minio
+  export SM_MINIO_ACCESSKEY=${SECRETS_PREFIX}minio#sm_minio_accesskey
+  export SM_MINIO_SECRETKEY=${SECRETS_PREFIX}minio#sm_minio_secretkey
+  export SM_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
+  export SM_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
 
-  # final output 
-  # updated var in sm 
-  # and git repo 
+# check for those variables present into the aws sm 
+  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64"
 
+  sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey"
 
-  # sm_update_secret and need to pss secrert | idempotent
-  # TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_kmodel\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
-  # Auth necessary for kmodel ???
-  # sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$SECRET_KEY_MINIO_USER\", \"password\": \"$SECRET_KEY_MINIO_PASSWORD\"}" "${TAGS}"
+    # finally push them into the git repo
+    # ---------------------------------------------------------------------------
 
+    if [ -z $GIT_SSH ]; then
+      export GIT_SSH=false
+    fi
 
-  echo_reset_dim "AIBROKER_NAMESPACE ....................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
+    # Clone github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+    fi
 
-  GITOPS_WORKING_DIR=/Users/nikitakumble/temp/working-dir
-  mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/kmodel
+    mkdir -p ${GITOPS_CLUSTER_DIR}
 
-  if [ -z $GIT_SSH ]; then
-    export GIT_SSH=false
-  fi
-
-  # Clone github target repo
-  # ---------------------------------------------------------------------------
-  if [ "$GITHUB_PUSH" == "true" ]; then
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
     echo
-    echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
-    clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
-  fi
+    echo_h2 "Generating kmodel operator Applications"
+    echo "- kmodel operator"
 
-  mkdir -p ${GITOPS_CLUSTER_DIR}
+    echo "Generating kmodel file ${GITOPS_CLUSTER_DIR}/ibm-kmodel.yaml"
+    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-kmodel.yaml
 
-  # Generate ArgoApps
-  # ---------------------------------------------------------------------------
-  echo
-  echo_h2 "Generating kmodel operator Applications"
-  echo "- kmodel operator"
 
-  echo "Generating kmodel file ${GITOPS_CLUSTER_DIR}/ibm-kmodel.yaml"
-  jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-kmodel.yaml
-
-
-  # Commit and push to github target repo
-  # ---------------------------------------------------------------------------
-  if [ "$GITHUB_PUSH" == "true" ]; then
-    echo
-    echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
-    save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
-    remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
-  fi
+    # Commit and push to github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
+      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
+    fi
 
-  rm -rf $TEMP_DIR
+    rm -rf $TEMP_DIR
+    rm -rf $GITOPS_WORKING_DIR
 
   exit 0
 }
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index 506011a4110..baa8fc02021 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -2,43 +2,43 @@ merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
 
 ibm_kmodel:
   mas_instance_id: {{ MAS_INSTANCE_ID }}
-  aibroker_internal_tls: "{{ MAS_INSTANCE_ID }}-internal-aibroker-tls"
+  aibroker_internal_tls: "{{ AIBROKER_INTERNAL_TLS }}"
 
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
 
   pull_secret_name: "<path:{{ SECRETS_PATH }}:{{ IMAGE_PULL_SECRET_B64 }}>"
 
-  mas_aibroker_storage_provider: "minio"
-  mas_aibroker_storage_ssl: "false"
+  mas_aibroker_storage_provider: "{{ MAS_AIBROKER_STORAGE_PROVIDER }}"
+  mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
 
   mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_ACCESSKEY }}>"
   mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_SECRETKEY }}>"
   mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_HOST }}>"
   mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_PORT }}>"
-  mas_aibroker_storage_region: ""
+  mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
 
-  mas_aibroker_storage_templates_bucket: "km-templates"
-  mas_aibroker_storage_tenants_bucket: "km-tenants"
-  mas_aibroker_storage_pipelines_bucket: "km-pipelines"
+  mas_aibroker_storage_templates_bucket: "{{ MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET }}"
+  mas_aibroker_storage_tenants_bucket: "{{ MAS_AIBROKER_STORAGE_TENANTS_BUCKET }}"
+  mas_aibroker_storage_pipelines_bucket: "{{ MAS_AIBROKER_STORAGE_PIPELINES_BUCKET }}"
 
-  ssh_secret_name: "{{ MAS_INSTANCE_ID }}-kmodel-aibroker-tls"
+  ssh_secret_name: "{{ SSH_SECRET_NAME }}"
   
-  docker_server: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker"
+  docker_server: "{{ DOCKER_SERVER }}"
 
-  tenantNamespace: "aibroker-user"
-  mas_aibroker_provision_tenant: ""
+  tenant_namespace: "{{ TENANT_NAMESPACE }}"
+  mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
 
-  primary_storage_class: "nfs-client"
+  primary_storage_class: "{{ PRIMARY_STORAGE_CLASS }}"
 
 # Docker image
-  image_store: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/store:1.0.3-pre.maint10xdev"
-  image_watcher: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/watcher:1.0.5-pre.maint10xdev"
-  image_controller: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/aibroker/controller:1.0.8-pre.maint10xdev"  
+  image_store: "{{ IMAGE_STORE }}"
+  image_watcher: "{{ IMAGE_WATCHER }}"
+  image_controller: "{{ IMAGE_CONTROLLER }}"  
   
-  mas_aibroker_pipeline_steps_tag: 1.0.0
-  mas_aibroker_connector_tag: 1.0.0
+  mas_aibroker_pipeline_steps_tag: "{{ MAS_AIBROKER_PIPELINE_STEPS_TAG }}"
+  mas_aibroker_connector_tag: "{{ MAS_AIBROKER_CONNECTOR_TAG }}"
 
-  mas_aibroker_saas: "true"
+  mas_aibroker_saas: "{{ MAS_AIBROKER_SAAS }}"
   
-  model_id_unique_length: "8"
-  model_id_prefix: "m"
+  model_id_unique_length: "{{ MODEL_ID_UNIQUE_LENGTH }}"
+  model_id_prefix: "{{ MODEL_ID_PREFIX }}"
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
index f21ba10fb34..8c315bab1dc 100644
--- a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -41,18 +41,14 @@ spec:
       type: string
     - name: mas_aibroker_storage_accesskey
       type: string
-      default: ""
     - name: mas_aibroker_storage_secretkey
       type: string
-      default: ""
     - name: mas_aibroker_storage_host
       type: string
-      default: ""
     - name: mas_aibroker_storage_port
       type: string
     - name: mas_aibroker_storage_region
       type: string
-      default: ""
     - name: mas_aibroker_storage_templates_bucket
       type: string
     - name: mas_aibroker_storage_tenants_bucket
@@ -63,11 +59,10 @@ spec:
       type: string
     - name: docker_server
       type: string
-    - name: tenantNamespace
+    - name: tenant_namespace
       type: string
     - name: mas_aibroker_provision_tenant
       type: string
-      default: provision-tenant
     - name: primary_storage_class
       type: string
     - name: image_store
@@ -81,17 +76,11 @@ spec:
     - name: mas_aibroker_connector_tag
       type: string
     - name: mas_aibroker_saas
-      default: false
       type: string
     - name: model_id_unique_length
       type: string
-      default: 8
     - name: model_id_prefix
       type: string
-      default: m
-
-
-
 
   stepTemplate:
     name: gitops-kmodel
@@ -149,8 +138,8 @@ spec:
         value: $(params.ssh_secret_name)
       - name: DOCKER_SERVER
         value: $(params.docker_server)
-      - name: TENANTNAMESPACE
-        value: $(params.tenantNamespace)
+      - name: TENANT_NAMESPACE
+        value: $(params.tenant_namespace)
       - name: MAS_AIBROKER_PROVISION_TENANT
         value: $(params.mas_aibroker_provision_tenant)
       - name: PRIMARY_STORAGE_CLASS

From 48726d62a4ea77ce92eeef6188bb2d5d930d55fe Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Tue, 20 May 2025 15:43:48 +0530
Subject: [PATCH 034/258] Pipeline AIBROKER and AIBROKER-Tenant

AIBROKER Pipeline under Role(MInio, ODH, Aibroker, Kmodel)
AIBROKER-Tenant Pipeline under Role (Aibroker-tenant)
---
 .../gitops/gitops-mas-aibroker-tenant.yml.j2  | 192 ++++++++
 .../gitops/gitops-mas-aibroker.yml.j2         | 430 ++++++++++++++++++
 2 files changed, 622 insertions(+)
 create mode 100644 tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
 create mode 100644 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
new file mode 100644
index 00000000000..133b8c598f0
--- /dev/null
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -0,0 +1,192 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: gitops-aibroker-tenant-pipeline
+spec:
+  params:
+    - name: cluster_name
+      type: string
+    - name: account
+      type: string
+    - name: cluster_id
+      type: string
+    - name: cluster_url
+      type: string
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+
+    - name: aibroker_namespace
+      type: string
+    - name: mas_aibroker_provision_tenant
+      type: string
+    - name: mas_instance_id
+      type: string
+    - name: tenant_namespace
+      type: string
+    - name: cluster_domain
+      type: string
+    - name: in_saas_env
+      type: string
+    - name: ibm_entitlement_key
+      type: string
+    - name: mas_icr_cp
+      type: string
+    - name: mas_icr_cpopen
+      type: string
+
+    - name: artifactory_token
+      type: string
+    - name: drocfg_url
+      type: string
+    - name: mas_aibroker_dro_token_secret
+      type: string
+    - name: drocfg_ca
+      type: string
+    - name: drocfg_registration_key
+      type: string
+
+    - name: slscfg_url
+      type: string
+    - name: slscfg_registration_key
+      type: string
+    - name: mas_aibroker_sls_subscription_id
+      type: string
+    - name: slscfg_clientId
+      type: string
+    - name: slscfg_ca
+      type: string
+    - name: slscfg_tls
+      type: string
+    - name: slscfg_key
+      type: string
+
+    - name: mas_aibroker_watsonxai_url
+      type: string
+    - name: mas_aibroker_watsonxai_apikey
+      type: string
+    - name: mas_aibroker_watsonxai_project_id
+      type: string
+
+    - name: mas_aibroker_storage_host
+      type: string
+    - name: mas_aibroker_storage_port
+      type: string
+    - name: mas_aibroker_storage_region
+      type: string
+    - name: mas_aibroker_storage_accesskey
+      type: string
+    - name: mas_aibroker_storage_secretkey
+      type: string
+    - name: mas_aibroker_storage_pipelines_bucket
+      type: string
+    - name: mas_aibroker_storage_ssl
+      type: string
+
+  workspaces:
+    - name: configs
+
+  tasks:
+    - name: run-gitops-aibroker-tenant
+      taskRef:
+        name: gitops-aibroker-tenant
+      workspaces:
+        - name: configs
+          workspace: configs
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: cluster_id
+          value: $(params.cluster_id)
+        - name: cluster_url
+          value: $(params.cluster_url)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: git_branch
+          value: $(params.git_branch)
+        - name: github_org
+          value: $(params.github_org)
+        - name: github_repo
+          value: $(params.github_repo)
+        - name: github_host
+          value: $(params.github_host)
+
+        - name: aibroker_namespace
+          value: $(params.aibroker_namespace)
+        - name: mas_aibroker_provision_tenant
+          value: $(params.mas_aibroker_provision_tenant)
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+        - name: tenant_namespace
+          value: $(params.tenant_namespace)
+        - name: cluster_domain
+          value: $(params.cluster_domain)
+        - name: in_saas_env
+          value: $(params.in_saas_env)
+        - name: ibm_entitlement_key
+          value: $(params.ibm_entitlement_key)
+        - name: mas_icr_cp
+          value: $(params.mas_icr_cp)
+        - name: mas_icr_cpopen
+          value: $(params.mas_icr_cpopen)
+
+        - name: artifactory_token
+          value: $(params.artifactory_token)
+        - name: drocfg_url
+          value: $(params.drocfg_url)
+        - name: mas_aibroker_dro_token_secret
+          value: $(params.mas_aibroker_dro_token_secret)
+        - name: drocfg_ca
+          value: $(params.drocfg_ca)
+        - name: drocfg_registration_key
+          value: $(params.drocfg_registration_key)
+
+        - name: slscfg_url
+          value: $(params.slscfg_url)
+        - name: slscfg_registration_key
+          value: $(params.slscfg_registration_key)
+        - name: mas_aibroker_sls_subscription_id
+          value: $(params.mas_aibroker_sls_subscription_id)
+        - name: slscfg_clientId
+          value: $(params.slscfg_clientId)
+        - name: slscfg_ca
+          value: $(params.slscfg_ca)
+        - name: slscfg_tls
+          value: $(params.slscfg_tls)
+        - name: slscfg_key
+          value: $(params.slscfg_key)
+
+        - name: mas_aibroker_watsonxai_url
+          value: $(params.mas_aibroker_watsonxai_url)
+        - name: mas_aibroker_watsonxai_apikey
+          value: $(params.mas_aibroker_watsonxai_apikey)
+        - name: mas_aibroker_watsonxai_project_id
+          value: $(params.mas_aibroker_watsonxai_project_id)
+
+        - name: mas_aibroker_storage_host
+          value: $(params.mas_aibroker_storage_host)
+        - name: mas_aibroker_storage_port
+          value: $(params.mas_aibroker_storage_port)
+        - name: mas_aibroker_storage_region
+          value: $(params.mas_aibroker_storage_region)
+        - name: mas_aibroker_storage_accesskey
+          value: $(params.mas_aibroker_storage_accesskey)
+        - name: mas_aibroker_storage_secretkey
+          value: $(params.mas_aibroker_storage_secretkey)
+        - name: mas_aibroker_storage_pipelines_bucket
+          value: $(params.mas_aibroker_storage_pipelines_bucket)
+        - name: mas_aibroker_storage_ssl
+          value: $(params.mas_aibroker_storage_ssl)
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
new file mode 100644
index 00000000000..b5583eab054
--- /dev/null
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -0,0 +1,430 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: gitops-mas-aibroker
+spec:
+  params:
+    - name: cluster_name
+      type: string
+    - name: cluster_id
+      type: string
+    - name: account
+      type: string
+    - name: mas_instance_id
+      type: string
+    - name: cluster_url
+      type: string
+      default: ""
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+
+    # AIBROKER-specific
+    - name: aibroker_namespace
+      type: string
+    - name: mas_aibroker_watsonx_secret
+      type: string
+    - name: pull_secret_name
+      type: string
+    - name: mas_aibroker_storage_provider
+      type: string
+    - name: mas_aibroker_minio_secret
+      type: string
+    - name: mas_aibroker_storage_accesskey
+      type: string
+    - name: mas_aibroker_storage_secretkey
+      type: string
+    - name: mas_aibroker_storage_host
+      type: string
+    - name: mas_aibroker_storage_port
+      type: string
+    - name: mas_aibroker_storage_ssl
+      type: string
+    - name: mas_aibroker_storage_region
+      type: string
+    - name: mas_aibroker_storage_pipelines_bucket
+      type: string
+    - name: mas_aibroker_storage_tenants_bucket
+      type: string
+    - name: mas_aibroker_storage_templates_bucket
+      type: string
+    - name: mas_aibroker_db_host
+      type: string
+    - name: mas_aibroker_mariadb_secret
+      type: string
+    - name: mas_aibroker_db_port
+      type: string
+    - name: mas_aibroker_db_user
+      type: string
+    - name: mas_aibroker_db_database
+      type: string
+    - name: mas_aibroker_db_secret_name
+      type: string
+    - name: mas_aibroker_db_secret_value
+      type: string
+    - name: primary_storage_class
+      type: string
+    - name: slscfg_registration_key
+      type: string
+    - name: drocfg_ca
+      type: string
+    - name: drocfg_registration_key
+      type: string
+    - name: drocfg_url
+      type: string
+    - name: jdbccfg_username
+      type: string
+    - name: jdbccfg_password
+      type: string
+    - name: jdbccfg_url
+      type: string
+    - name: jdbccfg_sslenabled
+      type: string
+    - name: jdbccfg_ca
+      type: string
+    - name: mas_entitlement_key
+      type: string
+    - name: artifactory_username
+      type: string
+    - name: artifactory_token
+      type: string
+    - name: mas_app_channel
+      type: string
+    - name: mas_catalog_source
+      type: string
+    - name: mas_icr_cp
+      type: string
+    - name: mas_icr_cpopen
+      type: string
+    - name: cluster_domain
+      type: string
+    - name: in_saas_env
+      type: string
+
+    # MINIO-specific
+    - name: minio_namespace
+      type: string
+    - name: minio_instance_name
+      type: string
+    - name: minio_root_user
+      type: string
+    - name: minio_root_password
+      type: string
+    - name: minio_storage_class
+      type: string
+    - name: minio_storage_size
+      type: string
+    - name: minio_image
+      type: string
+
+    # ODH-specific
+    - name: odh_channel
+      type: string
+    - name: odh_subscription_install_plan
+      type: string
+    - name: opendatahub_name
+      type: string
+    - name: opendatahub_operator_group
+      type: string
+    - name: opendatahub_namespace
+      type: string
+
+  workspaces:
+    - name: configs
+
+  tasks:
+    # 1.gitops-minio  Condition MINIO/S3
+    # -------------------------------------------------------------------------
+    - name: gitops-minio
+      taskRef:
+        name: gitops-minio
+      workspaces:
+        - name: configs
+          workspace: configs
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: cluster_id
+          value: $(params.cluster_id)
+        - name: cluster_url
+          value: $(params.cluster_url)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: git_branch
+          value: $(params.git_branch)
+        - name: github_org
+          value: $(params.github_org)
+        - name: github_repo
+          value: $(params.github_repo)
+        - name: github_host
+          value: $(params.github_host)
+        - name: minio_namespace
+          value: $(params.minio_namespace)
+        - name: minio_instance_name
+          value: $(params.minio_instance_name)
+        - name: minio_root_user
+          value: $(params.minio_root_user)
+        - name: minio_root_password
+          value: $(params.minio_root_password)
+        - name: minio_storage_class
+          value: $(params.minio_storage_class)
+        - name: minio_storage_size
+          value: $(params.minio_storage_size)
+        - name: minio_image
+          value: $(params.minio_image)
+
+    # 2.gitops-odh
+    # -------------------------------------------------------------------------
+
+    - name: gitops-odh
+      taskRef:
+        name: gitops-odh
+      runAfter:
+        - gitops-minio
+      workspaces:
+        - name: configs
+          workspace: configs
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+        - name: cluster_url
+          value: $(params.cluster_url)
+        - name: git_branch
+          value: $(params.git_branch)
+        - name: github_org
+          value: $(params.github_org)
+        - name: github_repo
+          value: $(params.github_repo)
+        - name: github_host
+          value: $(params.github_host)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: odh_channel
+          value: $(params.odh_channel)
+        - name: odh_subscription_install_plan
+          value: $(params.odh_subscription_install_plan)
+        - name: opendatahub_name
+          value: $(params.opendatahub_name)
+        - name: opendatahub_operator_group
+          value: $(params.opendatahub_operator_group)
+        - name: opendatahub_namespace
+          value: $(params.opendatahub_namespace)
+
+    # 3.gitops-Aibroker
+    # -------------------------------------------------------------------------
+
+    - name: gitops-aibroker
+      taskRef:
+        name: gitops-aibroker
+      runAfter:
+        - gitops-odh
+      workspaces:
+        - name: configs
+          workspace: configs
+      params:
+        # AIBROKER shared and specific params
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: cluster_url
+          value: $(params.cluster_url)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: git_branch
+          value: $(params.git_branch)
+        - name: github_org
+          value: $(params.github_org)
+        - name: github_repo
+          value: $(params.github_repo)
+        - name: github_host
+          value: $(params.github_host)
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+        - name: aibroker_namespace
+          value: $(params.aibroker_namespace)
+        - name: mas_aibroker_watsonx_secret
+          value: $(params.mas_aibroker_watsonx_secret)
+        - name: pull_secret_name
+          value: $(params.pull_secret_name)
+        - name: mas_aibroker_storage_provider
+          value: $(params.mas_aibroker_storage_provider)
+        - name: mas_aibroker_minio_secret
+          value: $(params.mas_aibroker_minio_secret)
+        - name: mas_aibroker_storage_accesskey
+          value: $(params.mas_aibroker_storage_accesskey)
+        - name: mas_aibroker_storage_secretkey
+          value: $(params.mas_aibroker_storage_secretkey)
+        - name: mas_aibroker_storage_host
+          value: $(params.mas_aibroker_storage_host)
+        - name: mas_aibroker_storage_port
+          value: $(params.mas_aibroker_storage_port)
+        - name: mas_aibroker_storage_ssl
+          value: $(params.mas_aibroker_storage_ssl)
+        - name: mas_aibroker_storage_region
+          value: $(params.mas_aibroker_storage_region)
+        - name: mas_aibroker_storage_pipelines_bucket
+          value: $(params.mas_aibroker_storage_pipelines_bucket)
+        - name: mas_aibroker_storage_tenants_bucket
+          value: $(params.mas_aibroker_storage_tenants_bucket)
+        - name: mas_aibroker_storage_templates_bucket
+          value: $(params.mas_aibroker_storage_templates_bucket)
+        - name: mas_aibroker_db_host
+          value: $(params.mas_aibroker_db_host)
+        - name: mas_aibroker_mariadb_secret
+          value: $(params.mas_aibroker_mariadb_secret)
+        - name: mas_aibroker_db_port
+          value: $(params.mas_aibroker_db_port)
+        - name: mas_aibroker_db_user
+          value: $(params.mas_aibroker_db_user)
+        - name: mas_aibroker_db_database
+          value: $(params.mas_aibroker_db_database)
+        - name: mas_aibroker_db_secret_name
+          value: $(params.mas_aibroker_db_secret_name)
+        - name: mas_aibroker_db_secret_value
+          value: $(params.mas_aibroker_db_secret_value)
+        - name: primary_storage_class
+          value: $(params.primary_storage_class)
+        - name: slscfg_registration_key
+          value: $(params.slscfg_registration_key)
+        - name: drocfg_ca
+          value: $(params.drocfg_ca)
+        - name: drocfg_registration_key
+          value: $(params.drocfg_registration_key)
+        - name: drocfg_url
+          value: $(params.drocfg_url)
+        - name: jdbccfg_username
+          value: $(params.jdbccfg_username)
+        - name: jdbccfg_password
+          value: $(params.jdbccfg_password)
+        - name: jdbccfg_url
+          value: $(params.jdbccfg_url)
+        - name: jdbccfg_sslenabled
+          value: $(params.jdbccfg_sslenabled)
+        - name: jdbccfg_ca
+          value: $(params.jdbccfg_ca)
+        - name: mas_entitlement_key
+          value: $(params.mas_entitlement_key)
+        - name: artifactory_username
+          value: $(params.artifactory_username)
+        - name: artifactory_token
+          value: $(params.artifactory_token)
+        - name: mas_app_channel
+          value: $(params.mas_app_channel)
+        - name: mas_catalog_source
+          value: $(params.mas_catalog_source)
+        - name: mas_icr_cp
+          value: $(params.mas_icr_cp)
+        - name: mas_icr_cpopen
+          value: $(params.mas_icr_cpopen)
+        - name: cluster_domain
+          value: $(params.cluster_domain)
+        - name: in_saas_env
+          value: $(params.in_saas_env)
+
+    # 3.gitops-Kmodel
+    # -------------------------------------------------------------------------
+    - name: gitops-kmodel
+      taskRef:
+        name: gitops-kmodel
+      runAfter:
+        - gitops-aibroker
+      workspaces:
+        - name: configs
+          workspace: configs
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: cluster_id
+          value: $(params.cluster_id)
+        - name: cluster_url
+          value: $(params.cluster_url)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: git_branch
+          value: $(params.git_branch)
+        - name: github_org
+          value: $(params.github_org)
+        - name: github_repo
+          value: $(params.github_repo)
+        - name: github_host
+          value: $(params.github_host)
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+        - name: aibroker_internal_tls
+          value: $(params.aibroker_internal_tls)
+        - name: aibroker_namespace
+          value: $(params.aibroker_namespace)
+        - name: pull_secret_name
+          value: $(params.pull_secret_name)
+        - name: mas_aibroker_storage_provider
+          value: $(params.mas_aibroker_storage_provider)
+        - name: mas_aibroker_storage_ssl
+          value: $(params.mas_aibroker_storage_ssl)
+        - name: mas_aibroker_storage_accesskey
+          value: $(params.mas_aibroker_storage_accesskey)
+        - name: mas_aibroker_storage_secretkey
+          value: $(params.mas_aibroker_storage_secretkey)
+        - name: mas_aibroker_storage_host
+          value: $(params.mas_aibroker_storage_host)
+        - name: mas_aibroker_storage_port
+          value: $(params.mas_aibroker_storage_port)
+        - name: mas_aibroker_storage_region
+          value: $(params.mas_aibroker_storage_region)
+        - name: mas_aibroker_storage_templates_bucket
+          value: $(params.mas_aibroker_storage_templates_bucket)
+        - name: mas_aibroker_storage_tenants_bucket
+          value: $(params.mas_aibroker_storage_tenants_bucket)
+        - name: mas_aibroker_storage_pipelines_bucket
+          value: $(params.mas_aibroker_storage_pipelines_bucket)
+        - name: ssh_secret_name
+          value: $(params.ssh_secret_name)
+        - name: docker_server
+          value: $(params.docker_server)
+        - name: tenantNamespace
+          value: $(params.tenantNamespace)
+        - name: mas_aibroker_provision_tenant
+          value: $(params.mas_aibroker_provision_tenant)
+        - name: primary_storage_class
+          value: $(params.primary_storage_class)
+        - name: image_store
+          value: $(params.image_store)
+        - name: image_watcher
+          value: $(params.image_watcher)
+        - name: image_controller
+          value: $(params.image_controller)
+        - name: mas_aibroker_pipeline_steps_tag
+          value: $(params.mas_aibroker_pipeline_steps_tag)
+        - name: mas_aibroker_connector_tag
+          value: $(params.mas_aibroker_connector_tag)
+        - name: mas_aibroker_saas
+          value: $(params.mas_aibroker_saas)
+        - name: model_id_unique_length
+          value: $(params.model_id_unique_length)
+        - name: model_id_prefix
+          value: $(params.model_id_prefix)
\ No newline at end of file

From 5da9e0a7018dc932aa0e8220cd3df7c2913cfadc Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Tue, 20 May 2025 16:18:58 +0530
Subject: [PATCH 035/258] Update gitops-mas-aibroker.yml.j2

---
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index b5583eab054..a6372b9cef2 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -142,7 +142,9 @@ spec:
     - name: configs
 
   tasks:
-    # 1.gitops-minio  Condition MINIO/S3
+    # 1.gitops-minio  
+    # MINIO-Condition Added but mas_aibroker_storage_provider is part of ODH 
+    # S3 pending for testing  When we test at that time whatever condition needed here we have to Added
     # -------------------------------------------------------------------------
     - name: gitops-minio
       taskRef:
@@ -185,6 +187,10 @@ spec:
           value: $(params.minio_storage_size)
         - name: minio_image
           value: $(params.minio_image)
+      when:
+        - input: "$(params.mas_aibroker_storage_provider)"
+          operator: notin
+          values: ["minio"]
 
     # 2.gitops-odh
     # -------------------------------------------------------------------------

From d68e5afc0cd51c8ed093abe609cb8a1127970f55 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Fri, 30 May 2025 14:21:54 +0530
Subject: [PATCH 036/258] cherry-pick 511cbfabcc conflict

---
 .secrets.baseline | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index d609ed18005..fb2f746342b 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-05-20T23:47:35Z",
+  "generated_at": "2026-05-10T18:20:55Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -272,7 +272,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 498,
+        "line_number": 502,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -420,7 +420,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 747,
+        "line_number": 704,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -428,7 +428,7 @@
         "hashed_secret": "effb7852555adce89885fb075fb43a77a1e0e77e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 996,
+        "line_number": 923,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -436,7 +436,7 @@
         "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 998,
+        "line_number": 925,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -672,7 +672,7 @@
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 45,
+        "line_number": 43,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -720,7 +720,7 @@
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 22,
+        "line_number": 21,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -860,7 +860,7 @@
         "hashed_secret": "206c80413b9a96c1312cc346b7d2517b84463edd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 344,
+        "line_number": 339,
         "type": "Secret Keyword",
         "verified_result": null
       }

From 3d920126f270a6af91ea094673d910984a9d4db1 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 5 Jun 2025 15:08:07 +0530
Subject: [PATCH 037/258] added kmodel related variables and removed
 mas_instance_id from minio task

---
 .../gitops/gitops-mas-aibroker.yml.j2         | 28 +++++++++++++++++++
 tekton/src/tasks/gitops/gitops-minio.yml.j2   |  8 +++---
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index a6372b9cef2..c95a2d7ecb8 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -137,6 +137,34 @@ spec:
       type: string
     - name: opendatahub_namespace
       type: string
+ 
+    # KMODEL-specific 
+    - name: aibroker_internal_tls
+      type: string
+    - name: docker_server
+      type: string
+    - name: image_controller
+      type: string
+    - name: image_store
+      type: string
+    - name: image_watcher
+      type: string
+    - name: mas_aibroker_connector_tag
+      type: string
+    - name: mas_aibroker_pipeline_steps_tag
+      type: string
+    - name: mas_aibroker_provision_tenant
+      type: string
+    - name: mas_aibroker_saas
+      type: string
+    - name: model_id_prefix
+      type: string
+    - name: model_id_unique_length
+      type: string
+    - name: ssh_secret_name
+      type: string
+    - name: tenantNamespace
+      type: string   
 
   workspaces:
     - name: configs
diff --git a/tekton/src/tasks/gitops/gitops-minio.yml.j2 b/tekton/src/tasks/gitops/gitops-minio.yml.j2
index d18b025af9c..7a3e6a4721b 100644
--- a/tekton/src/tasks/gitops/gitops-minio.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-minio.yml.j2
@@ -9,8 +9,8 @@ spec:
       type: string
     - name: account
       type: string
-    - name: mas_instance_id
-      type: string
+    #- name: mas_instance_id
+    #  type: string
     - name: cluster_id
       type: string
     - name: cluster_url
@@ -55,8 +55,8 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
-      - name: MAS_INSTANCE_ID
-        value: $(params.mas_instance_id)
+      #- name: MAS_INSTANCE_ID
+      #  value: $(params.mas_instance_id)
       #- name: CLUSTER_ID
       #  value: $(params.cluster_id)
       - name: CLUSTER_URL

From e8345468a7ef7902d2bc4de8c9795f1ff7bc659b Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 5 Jun 2025 16:33:08 +0530
Subject: [PATCH 038/258] renamed tenantNamespace

---
 image/cli/mascli/functions/gitops_aibroker_tenant           | 6 +++---
 .../appset-configs/cluster/instance/ibm-kmodel.yaml.j2      | 2 +-
 .../src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2  | 6 +++---
 tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2       | 6 +++---
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2                | 4 ++--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index b9ffb698904..85f325db12c 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -17,7 +17,7 @@ Basic Configuration:
 
 ibm_aibroker_tenant(required):
       --mas_instance_id ${COLOR_YELLOW}MAS_INSTACE_ID${TEXT_RESET}                                          The MAS instance ID used by AI Broker
-      --tenant_namespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                       The tenant's Kubernetes namespace
+      --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                       The tenant's Kubernetes namespace
       --cluster_domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                           The domain name of the Kubernetes cluster (e.g., cluster.local)
       --drocfg_url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
       --slscfg_url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
@@ -31,7 +31,7 @@ AIBroker :
 --aibroker_namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
 --mas_aibroker_provision_tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant
 --mas_instance_id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                               The MAS instance ID used by AI Broker
---tenant_namespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                             The tenant's Kubernetes namespace
+--tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                             The tenant's Kubernetes namespace
 --cluster_domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
 --in_saas_env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
 --ibm_entitlement_key ${COLOR_YELLOW}IBM_ENTITLEMENT_KEY${TEXT_RESET}                                       IBM Entitlement API key for accessing IBM container registries
@@ -157,7 +157,7 @@ function gitops_aibroker_tenant_noninteractive() {
       --mas_instance_id)
         export MAS_INSTANCE_ID=$1 && shift
         ;;
-      --tenant_namespace)
+      --tenantNamespace)
         export TENANT_NAMESPACE=$1 && shift
         ;;
       --cluster_domain)
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index baa8fc02021..5dbb9e9c96e 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -25,7 +25,7 @@ ibm_kmodel:
   
   docker_server: "{{ DOCKER_SERVER }}"
 
-  tenant_namespace: "{{ TENANT_NAMESPACE }}"
+  tenantNamespace: "{{ TENANT_NAMESPACE }}"
   mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
 
   primary_storage_class: "{{ PRIMARY_STORAGE_CLASS }}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index 133b8c598f0..e32d6c8be65 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -31,7 +31,7 @@ spec:
       type: string
     - name: mas_instance_id
       type: string
-    - name: tenant_namespace
+    - name: tenantNamespace
       type: string
     - name: cluster_domain
       type: string
@@ -130,8 +130,8 @@ spec:
           value: $(params.mas_aibroker_provision_tenant)
         - name: mas_instance_id
           value: $(params.mas_instance_id)
-        - name: tenant_namespace
-          value: $(params.tenant_namespace)
+        - name: tenantNamespace
+          value: $(params.tenantNamespace)
         - name: cluster_domain
           value: $(params.cluster_domain)
         - name: in_saas_env
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index aa34411060c..ad97440fd84 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -32,7 +32,7 @@ spec:
       type: string
     - name: mas_instance_id
       type: string
-    - name: tenant_namespace
+    - name: tenantNamespace
       type: string
     - name: cluster_domain
       type: string
@@ -127,7 +127,7 @@ spec:
         value: $(params.mas_instance_id)
 
       - name: TENANT_NAMESPACE
-        value: $(params.tenant_namespace)
+        value: $(params.tenantNamespace)
 
       - name: CLUSTER_DOMAIN
         value: $(params.cluster_domain)
@@ -233,7 +233,7 @@ spec:
         --github-repo "$GITHUB_REPO" \
         --git-branch "$GIT_BRANCH" \
         --mas_instance_id "$MAS_INSTANCE_ID" \
-        --tenant_namespace "$TENANT_NAMESPACE" \
+        --tenantNamespace "$TENANT_NAMESPACE" \
         --cluster_domain "$CLUSTER_DOMAIN" \
         --slscfg_url "$SLSCFG_URL" \
         --slscfg_client_id "$SLSCFG_CLIENT_ID" \
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
index 8c315bab1dc..54b69cf5fb7 100644
--- a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -59,7 +59,7 @@ spec:
       type: string
     - name: docker_server
       type: string
-    - name: tenant_namespace
+    - name: tenantNamespace
       type: string
     - name: mas_aibroker_provision_tenant
       type: string
@@ -139,7 +139,7 @@ spec:
       - name: DOCKER_SERVER
         value: $(params.docker_server)
       - name: TENANT_NAMESPACE
-        value: $(params.tenant_namespace)
+        value: $(params.tenantNamespace)
       - name: MAS_AIBROKER_PROVISION_TENANT
         value: $(params.mas_aibroker_provision_tenant)
       - name: PRIMARY_STORAGE_CLASS

From e51fac724d3a28aad90ed30898af2e2aa5db0ced Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Fri, 6 Jun 2025 10:20:44 +0530
Subject: [PATCH 039/258] Update gitops-odh.yml.j2

---
 tekton/src/tasks/gitops/gitops-odh.yml.j2 | 53 +++--------------------
 1 file changed, 5 insertions(+), 48 deletions(-)

diff --git a/tekton/src/tasks/gitops/gitops-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-odh.yml.j2
index 569cb3cedef..d7e106e5cbe 100644
--- a/tekton/src/tasks/gitops/gitops-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-odh.yml.j2
@@ -84,60 +84,17 @@ spec:
         git config --global user.name "MAS Automation"
         git config --global user.email "you@example.com"
         git config --global user.password $GITHUB_PAT
-        
+        #mas gitops-odh --account-id "$ACCOUNT_ID" --cluster-id "$CLUSTER_ID"   --secrets-path "$SECRETS_PATH"   --github-host "$GITHUB_HOST"   --github-org "$GITHUB_ORG"   --github-repo "$GITHUB_REPO"   --git-branch "$GIT_BRANCH" --github-push
         mkdir -p /tmp/init-odh
         mas gitops-odh -a $ACCOUNT -c $CLUSTER_NAME \
-        --dir /tmp/init-odh \
         --secrets-path $SECRET_PATH \
+        --dir /tmp/init-odh \
         --github-push \
         --github-host $GITHUB_HOST \
-        --github-org $GITHUB_ORG \
+        --github-org  $GITHUB_ORG \
         --github-repo $GITHUB_REPO \
-        --git-branch $GIT_BRANCH \
-        --odh-channel $ODH_CHANNEL \
-        --odh-catalog-source $ODH_CATALOG_SOURCE \
-        --odh-operator-version $ODH_OPERATOR_VERSION \
-        --odh-namespace $ODH_NAMESPACE \
-        --pull-secret-name $PULL_SECRET_NAME \
-        --opendatahub-name $OPENDATAHUB_NAME \
-        --opendatahub-operator-group $OPENDATAHUB_OPERATOR_GROUP_NAME \
-        --opendatahub-installplan $ODH_INSTALL_PLAN \
-        --opendatahub-channel $OPENDATAHUB_CHANNEL \
-        --opendatahub-source $OPENDATAHUB_SOURCE \
-        --opendatahub-source-namespace $OPENDATAHUB_SOURCE_NAMESPACE \
-        --odh-pipeline-name $ODH_PIPELINE_NAME \
-        --odh-pipeline-namespace $ODH_PIPELINE_NAMESPACE \
-        --odh-pipeline-operator-name $ODH_PIPELINE_OPERATOR_NAME \
-        --odh-pipeline-source $ODH_PIPELINE_SOURCE \
-        --odh-pipeline-source-namespace $ODH_PIPELINE_SOURCE_NAMESPACE \
-        --odh-pipeline-channel $ODH_PIPELINE_CHANNEL \
-        --odh-pipeline-installplan $ODH_PIPELINE_INSTALLPLAN \
-        --pipeline-catalog-source $PIPELINE_CATALOG_SOURCE \
-        --service-mesh-namespace $SERVICE_MESH_NAMESPACE \
-        --service-mesh-channel $SERVICE_MESH_CHANNEL \
-        --service-mesh-catalog-source $SERVICE_MESH_CATALOG_SOURCE \
-        --service-mesh-source-namespace $SERVICE_MESH_SOURCE_NAMESPACE \
-        --serverless-namespace $SERVERLESS_NAMESPACE \
-        --serverless-channel $SERVERLESS_CHANNEL \
-        --serverless-operator-name $SERVERLESS_OPERATOR_NAME \
-        --serverless-operator-source $SERVERLESS_OPERATOR_SOURCE \
-        --serverless-operator-source-namespace $SERVERLESS_OPERATOR_SOURCE_NAMESPACE \
-        --authorino-catalog-source $AUTHORINO_CATALOG_SOURCE \
-        --storage-provider $MAS_AIBROKER_STORAGE_PROVIDER \
-        --storage-accesskey $MAS_AIBROKER_STORAGE_ACCESSKEY \
-        --storage-secretkey $MAS_AIBROKER_STORAGE_SECRETKEY \
-        --storage-host $MAS_AIBROKER_STORAGE_HOST \
-        --storage-port $MAS_AIBROKER_STORAGE_PORT \
-        --storage-ssl $MAS_AIBROKER_STORAGE_SSL \
-        --storage-region $MAS_AIBROKER_STORAGE_REGION \
-        --pipelines-bucket $MAS_AIBROKER_STORAGE_PIPELINES_BUCKET \
-        --primary-storage-class $PRIMARY_STORAGE_CLASS \
-        --db-host $MAS_AIBROKER_DB_HOST \
-        --db-port $MAS_AIBROKER_DB_PORT \
-        --db-user $MAS_AIBROKER_DB_USER \
-        --db-database $MAS_AIBROKER_DB_DATABASE \
-        --db-secret-name $MAS_AIBROKER_DB_SECRET_NAME \
-        --db-secret-value $MAS_AIBROKER_DB_SECRET_VALUE
+        --git-branch $GIT_BRANCH
+
 
         exit $?
       command:

From e04aa14ca187bc773e7d49186fb13acbd72f3304 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Fri, 6 Jun 2025 10:56:48 +0530
Subject: [PATCH 040/258] remove minio

---
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index c95a2d7ecb8..f8484a9072c 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -215,10 +215,10 @@ spec:
           value: $(params.minio_storage_size)
         - name: minio_image
           value: $(params.minio_image)
-      when:
-        - input: "$(params.mas_aibroker_storage_provider)"
-          operator: notin
-          values: ["minio"]
+      #when:
+       # - input: "$(params.mas_aibroker_storage_provider)"
+       #   operator: notin
+      #  values: ["minio"]
 
     # 2.gitops-odh
     # -------------------------------------------------------------------------

From bc86fea5bdd6bfd1f5df56000f3ce982b7895492 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 6 Jun 2025 13:54:13 +0530
Subject: [PATCH 041/258] Update gitops_minio

before clonning git repo code added to :
Delete the existing directory and all its contents (rm -rf).
Recreate the empty directory (mkdir -p).
---
 image/cli/mascli/functions/gitops_minio | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index c704695c7eb..0e6f15294cd 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -329,6 +329,8 @@ function gitops_minio() {
     if [ "$GITHUB_PUSH" == "true" ]; then
       echo
       echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      rm -rf $GITOPS_WORKING_DIR
+      mkdir -p ${GITOPS_WORKING_DIR}
       clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
     fi
     mkdir -p ${GITOPS_CLUSTER_DIR}

From 1be88de10bdaef9438b6096ca90f22565974bacc Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 6 Jun 2025 15:00:26 +0530
Subject: [PATCH 042/258] cherry-pick bcbe95c6e2 conflict

---
 image/cli/mascli/functions/gitops_minio | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index 0e6f15294cd..4a930745e2c 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -63,7 +63,8 @@ function gitops_minio_noninteractive() {
   export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
   export MINIO_PORT=${MINIO_PORT:-"9000"}
   export MINIO_HOST=${MINIO_HOST:-"minio-service.minio.svc.cluster.local"}
-
+  export AIBROKER_INSTANCE_ID=${AIBROKER_INSTANCE_ID:-"aibroker-inst-1"}
+  
   while [[ $# -gt 0 ]]
   do
     key="$1"
@@ -333,6 +334,10 @@ function gitops_minio() {
       mkdir -p ${GITOPS_WORKING_DIR}
       clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
     fi
+    
+    # Create cluster directory to clone the repo into
+    # ---------------------------------------------------------------------------
+    GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
     mkdir -p ${GITOPS_CLUSTER_DIR}
 
     # Generate ArgoApps

From b9ed44cf5731af3515ab9c118ba6d8e7e2f73d0a Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 6 Jun 2025 18:28:27 +0530
Subject: [PATCH 043/258] cherry-pick 7f7b6b0705 conflict

---
 image/cli/mascli/functions/gitops_minio | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index 4a930745e2c..67973d5e011 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -32,7 +32,7 @@ minio Provider Selection / Version:
       --minio_secret_key=${COLOR_YELLOW}MINIO_SECRET_KEY${TEXT_RESET}                                    The secret key for MinIO, used as the password
       --minio_host=${COLOR_YELLOW}MINIO_HOST${TEXT_RESET}                                                The hostname or service URL where MinIO is reachable
       --minio_port=${COLOR_YELLOW}MINIO_PORT${TEXT_RESET}                                                The port number on which MinIO is exposed
-
+      --aibroker_instance_id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                             The AI Broker instance ID
 
 Automatic GitHub Push (Optional):
   -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
@@ -119,6 +119,9 @@ function gitops_minio_noninteractive() {
       --minio_port)
           export MINIO_PORT=$1 && shift
           ;;
+      --aibroker_instance_id)
+          export AIBROKER_INSTANCE_ID=$1 && shift
+          ;;
 
       # Automatic GitHub Push
       -P|--github-push)
@@ -234,6 +237,7 @@ function gitops_minio() {
   echo_reset_dim "MinIO Storage Class (minio_storage_class)  ............ ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
   echo_reset_dim "MinIO Storage Size (minio_storage_size)  .............. ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
   echo_reset_dim "MinIO Image (minio_image)  .............................${COLOR_MAGENTA}${MINIO_IMAGE}"
+  echo_reset_dim "AiBroker (aibroker_instance_id)  ..................... ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
 
   reset_colors
 
@@ -256,7 +260,7 @@ function gitops_minio() {
     export SECRET_KEY_MINIO_PASSWORD=${SECRET_NAME_MINIO_AUTH}#sm_minio_password
     
     # Create a secret in SM containing the username/password for this specific minio instance.
-    export MINIO_SECRET_FILE=$TEMP_DIR/minio-secret.json
+    export MINIO_SECRET_FILE=$GITOPS_WORKING_DIR/minio-secret.json
     sm_get_secret_file ${SECRET_NAME_MINIO_AUTH} $MINIO_SECRET_FILE
     
     if [ -z "$MINIO_ROOT_PASSWORD" ]; then
@@ -320,6 +324,7 @@ function gitops_minio() {
     echo_reset_dim "minio_secret_key ...................... ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:4}<snip>"
     echo_reset_dim "minio_port ............................ ${COLOR_MAGENTA}${MINIO_PORT}"
     echo_reset_dim "minio_host ............................ ${COLOR_MAGENTA}${MINIO_HOST}"
+    echo_reset_dim "aibroker_instance_id .................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
 
     if [ -z $GIT_SSH ]; then
       export GIT_SSH=false
@@ -330,8 +335,6 @@ function gitops_minio() {
     if [ "$GITHUB_PUSH" == "true" ]; then
       echo
       echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      rm -rf $GITOPS_WORKING_DIR
-      mkdir -p ${GITOPS_WORKING_DIR}
       clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
     fi
     

From 1b24d7ed2750f00544bea481ca8878e29eca0487 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 6 Jun 2025 20:56:02 +0530
Subject: [PATCH 044/258] Update gitops_minio

---
 image/cli/mascli/functions/gitops_minio | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index 67973d5e011..fd70862f582 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -244,8 +244,8 @@ function gitops_minio() {
   # Set up secrets
   # ---------------------------------------------------------------------------
   CURRENT_DIR=$PWD
-  TEMP_DIR=$GITOPS_CLUSTER_DIR/aibroker01
-  mkdir -p ${TEMP_DIR}
+  # TEMP_DIR=$GITOPS_CLUSTER_DIR/aibroker01
+  # mkdir -p ${TEMP_DIR}
 
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
@@ -361,7 +361,7 @@ function gitops_minio() {
       remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
     fi
 
-    rm -rf $TEMP_DIR
+    # rm -rf $TEMP_DIR
     rm -rf $GITOPS_WORKING_DIR
 
   fi

From e282128b0c7f53175d2009d982a408bae41e0746 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 6 Jun 2025 22:03:46 +0530
Subject: [PATCH 045/258] Update ibm-minio.yaml.j2

---
 .../gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
index 9c737f7267d..b11d510833f 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
@@ -1,4 +1,4 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
 
 ibm_minio:
   minio_namespace: "{{ MINIO_NAMESPACE }}"

From c424af7b90eb5bcd20f497bec7f465c440eae484 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 7 Jun 2025 08:58:50 +0530
Subject: [PATCH 046/258] Update gitops_minio

---
 image/cli/mascli/functions/gitops_minio | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index fd70862f582..61092e72f02 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -361,7 +361,7 @@ function gitops_minio() {
       remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
     fi
 
-    # rm -rf $TEMP_DIR
+    rm -rf $MINIO_SECRET_FILE
     rm -rf $GITOPS_WORKING_DIR
 
   fi

From 0f95309946f33e8ee05ac0f4449f4a55a963fe50 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 7 Jun 2025 10:51:15 +0530
Subject: [PATCH 047/258] Update gitops_odh

code change updated for the odh
---
 image/cli/mascli/functions/gitops_odh | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index d9486e8dcb0..7905fdac8d4 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -98,7 +98,6 @@ EOM
 function gitops_odh_noninteractive() {
   GITOPS_WORKING_DIR=$PWD/working-dir  
   SECRETS_KEY_SEPERATOR="/"
-  GIT_COMMIT_MSG="gitops-minio commit"
   GIT_COMMIT_MSG="gitops-odh commit"
   while [[ $# -gt 0 ]]; do
     key="$1"; shift
@@ -296,22 +295,22 @@ function gitops_odh() {
   echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}"
   echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}"
   echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
-  echo_reset_dim "Temp Directory ........................ ${COLOR_MAGENTA}${TEMP_DIR}"
+
   echo_reset_dim "Secrets Path .......................... ${COLOR_MAGENTA}${SECRETS_PATH}"
   reset_colors
 
   CURRENT_DIR=$PWD
-  TEMP_DIR=$CURRENT_DIR/aibroker01
-  mkdir -p $TEMP_DIR
-
+  # TEMP_DIR=$CURRENT_DIR/aibroker01
+  # mkdir -p $TEMP_DIR
+  # echo_reset_dim "Temp Directory ........................ ${COLOR_MAGENTA}${TEMP_DIR}"
+  
   AVP_TYPE=aws
   sm_login
 
   # Set up secret key and fetch secret
   export SECRET_ACCOUNT_PATH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
-  export MAS_CONFIG_DIR="$TEMP_DIR"
   export ODH_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio"
-  export ODH_SECRET_FILE="$TEMP_DIR/odh-secret.json"
+  export ODH_SECRET_FILE="$GITOPS_WORKING_DIR/odh-secret.json"
   if [ -z $GIT_SSH ]; then
     export GIT_SSH=false
   fi
@@ -321,7 +320,7 @@ function gitops_odh() {
   sm_get_secret_file "$ODH_SECRET" "$ODH_SECRET_FILE"
   #################################################################
    export MARIA_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb"
-   export MARIA_SECRET_FILE="$TEMP_DIR/mariadb-secret.json"
+   export MARIA_SECRET_FILE="$GITOPS_WORKING_DIR/mariadb-secret.json"
    sm_get_secret_file "$MARIA_SECRET" "$MARIA_SECRET_FILE"
   ######################################################################
    #######################Checking condition Storage_provider#######################################
@@ -411,6 +410,8 @@ function gitops_odh() {
     remove_git_repo_clone "${GITOPS_WORKING_DIR}/${GITHUB_REPO}"
   fi
 
-  rm -rf "$TEMP_DIR"
+  # rm -rf "$TEMP_DIR"
+  rm -rf "$ODH_SECRET_FILE"
+  rm -rf "$MARIA_SECRET_FILE"
   echo_h2 "ODH GitOps completed."
 }

From d028475a0d9fedfbfcea3b57967ce9316a92c5de Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 7 Jun 2025 13:31:13 +0530
Subject: [PATCH 048/258] cherry-pick 2867d5b26a conflict

---
 .secrets.baseline                       | 4 ++++
 image/cli/mascli/functions/gitops_minio | 8 ++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index fb2f746342b..a95e24b2ccf 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,11 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
+<<<<<<< HEAD
   "generated_at": "2026-05-10T18:20:55Z",
+=======
+  "generated_at": "2025-06-07T08:00:50Z",
+>>>>>>> 2867d5b26a (added hardcoded json)
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index 61092e72f02..d5a31707e2b 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -309,8 +309,12 @@ function gitops_minio() {
 
       echo_reset_dim "MINIO_ROOT_PASSWORD ............................. ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip>"
       TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
-      
-      sm_update_secret $SECRET_NAME_MINIO_AUTH "{ \"sm_minio_user\": \"$MINIO_ROOT_USER\", \"sm_minio_password\": \"$MINIO_ROOT_PASSWORD\", \"sm_minio_accesskey\": \"$MINIO_ROOT_USER\", \"sm_minio_secretkey\": \"$MINIO_ROOT_PASSWORD\", \"sm_minio_port\": \"$MINIO_PORT\", \"sm_minio_host\": \"$MINIO_HOST\" }" "${TAGS}"
+      #SREMAT : remove those buckets name if no longer needed
+      MINIO_BUCKET_FIELDS="\"sm_minio_bucket_templates\": \"km-templates\", \
+      \"sm_minio_bucket_tenants\": \"km-tenants\", \
+      \"sm_minio_bucket_pipelines\": \"km-pipelineset\", \
+      \"sm_minio_bucket_default\": \"miniobucket1\""
+      sm_update_secret $SECRET_NAME_MINIO_AUTH "{ \"sm_minio_user\": \"$MINIO_ROOT_USER\", \"sm_minio_password\": \"$MINIO_ROOT_PASSWORD\", \"sm_minio_accesskey\": \"$MINIO_ROOT_USER\", \"sm_minio_secretkey\": \"$MINIO_ROOT_PASSWORD\", \"sm_minio_port\": \"$MINIO_PORT\", \"sm_minio_host\": \"$MINIO_HOST\", $MINIO_BUCKET_FIELDS }" "${TAGS}"
     fi
     
     echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"

From bdfe652f1578e0b954794e6cbc707b248d2b9901 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 7 Jun 2025 16:33:38 +0530
Subject: [PATCH 049/258] cherry-pick 295b2ee0d9 conflict

---
 .secrets.baseline                             |  4 ---
 image/cli/mascli/functions/gitops_aibroker    | 32 ++++++++++++++++---
 .../instance/ibm-mas-odh-install.yaml.j2      |  2 +-
 3 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index a95e24b2ccf..fb2f746342b 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,11 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-<<<<<<< HEAD
   "generated_at": "2026-05-10T18:20:55Z",
-=======
-  "generated_at": "2025-06-07T08:00:50Z",
->>>>>>> 2867d5b26a (added hardcoded json)
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 3c33801cc96..0ee33d6cf0e 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -4,6 +4,8 @@ function gitops_aibroker_help() {
   [[ -n "$1" ]] && echo_warning "$1"
   reset_colors
   cat << EOM
+
+
 Usage:
   mas gitops-aibroker [options]
 Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
@@ -14,6 +16,10 @@ Basic Configuration:
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                  Cluster ID
   -i, --Instace-id ${COLOR_YELLOW}INSTANCE_ID${TEXT_RESET}                                                 Instance ID
 
+Secrets Manager:
+      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
+      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}  
+
 ibm aibroker(required):
       --aibroker-namespace ${TEXT_RESET}AIBROKER_NAMESPACE${TEXT_RESET}
       --mas-instance-id ${TEXT_RESET}MAS_INSTACE_ID${TEXT_RESET}
@@ -124,6 +130,23 @@ function gitops_aibroker_noninteractive() {
       -c|--cluster-id)
         export CLUSTER_ID=$1 && shift
         ;;
+
+      # AWS Secrets Manager Configuration
+      --sm-aws-secret-region)
+        export SM_AWS_REGION=$1
+        export REGION_ID=$1
+        shift
+        ;;
+      --sm-aws-access-key)
+        export SM_AWS_ACCESS_KEY_ID=$1 && shift
+        ;;
+      --sm-aws-secret-key)
+        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
+        ;;
+      --secrets-path)
+        export SECRETS_PATH=$1 && shift
+        ;;
+
       --mas-icr-cp)
         export MAS_ICR_CP=$1 && shift
         ;;
@@ -166,9 +189,6 @@ function gitops_aibroker_noninteractive() {
       --mas-aibroker-storage-ssl)
           export MAS_AIBROKER_STORAGE_SSL=$1 && shift
         ;;
-      # --mas-aibroker-storage-region)
-      #     export MAS_AIBROKER_STORAGE_REGION=$1 && shift
-      #   ;;
       --mas-app-channel)
           export MAS_APP_CHANNEL=$1 && shift
         ;;
@@ -184,11 +204,11 @@ function gitops_aibroker_noninteractive() {
       --mas-aibroker-mariadb-secret)
           export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
         ;;
+
       # Automatic GitHub Push
       -P|--github-push)
         export GITHUB_PUSH=true
         ;;
-
       -H|--github-host)
         export GITHUB_HOST=$1 && shift
         ;;
@@ -198,6 +218,9 @@ function gitops_aibroker_noninteractive() {
       -R|--github-repo)
         export GITHUB_REPO=$1 && shift
         ;;
+      -S|--github-ssh)
+        export GIT_SSH=$1 && shift
+        ;;
       -B|--git-branch)
         export GIT_BRANCH=$1 && shift
         ;;
@@ -222,7 +245,6 @@ function gitops_aibroker_noninteractive() {
   [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_help "CLUSTER_ID is not set"
   #[[ -z "$INSTANCE_ID" ]] && gitops_aibroker_help "INSTANCE_ID is not set"
   [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
-  [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
   #[[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_help "MAS_INSTANCE_ID is not set"
 
    if [[ "$GITHUB_PUSH" == "true" ]]; then
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
index 7b898ce04c2..97f5a22e2f0 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
@@ -19,7 +19,7 @@ ibm_odh:
   odh_namespace: "opendatahub"
 
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
-  pull_secret_name: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}/ibm_entitlement#image_pull_secret_b64>"
+  pull_secret_name: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}ibm_entitlement#image_pull_secret_b64>"
 
   # ODH Pipeline operator
   odh_pipeline_name: "openshift-pipelines-operator"

From b071555c8a5e5487c83f820c5471bbd41c07e574 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 7 Jun 2025 17:21:51 +0530
Subject: [PATCH 050/258] Update gitops_aibroker

resolving issue with clonning
---
 image/cli/mascli/functions/gitops_aibroker | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 0ee33d6cf0e..76317d61921 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -298,9 +298,9 @@ function gitops_aibroker() {
 
   rm -rf $GITOPS_WORKING_DIR
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}
-  TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-aibroker
-  mkdir -p ${TEMP_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
+  # TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-aibroker
+  # mkdir -p ${TEMP_DIR}
   echo
   reset_colors
   echo_h2 "Review Settings"
@@ -408,6 +408,8 @@ function gitops_aibroker() {
     # ---------------------------------------------------------------------------
     if [ "$GITHUB_PUSH" == "true" ]; then
       echo
+      echo "GITOPS_WORKING_DIR  ${GITOPS_WORKING_DIR}"
+      echo "GITOPS_CLUSTER_DIR  ${GITOPS_CLUSTER_DIR}"
       echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
       clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
     fi
@@ -431,7 +433,7 @@ function gitops_aibroker() {
       remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
     fi
 
-    rm -rf $TEMP_DIR
+    # rm -rf $TEMP_DIR
     rm -rf $GITOPS_WORKING_DIR
 
    

From 866d3a55bac2073c8462a24dd3139f4bac16c1c2 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sun, 8 Jun 2025 13:04:20 +0530
Subject: [PATCH 051/258] cherry-pick 18ecf1fc89 conflict

---
 .../instance/{ibm-aibroker-yaml.j2 => ibm-aibroker.yaml.j2}       | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename image/cli/mascli/templates/gitops/appset-configs/cluster/instance/{ibm-aibroker-yaml.j2 => ibm-aibroker.yaml.j2} (100%)

diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
similarity index 100%
rename from image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-yaml.j2
rename to image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2

From 3c384c42dbfdc86b6ef27d87ad00f53692bb4dbb Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sun, 8 Jun 2025 17:43:55 +0530
Subject: [PATCH 052/258] kmodel change added

---
 image/cli/mascli/functions/gitops_kmodel              | 11 +++++++----
 .../cluster/instance/ibm-kmodel.yaml.j2               |  6 +++---
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 068360d551a..7562a76801a 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -294,9 +294,9 @@ function gitops_kmodel_noninteractive() {
   # add validation for those variable which have the value needed for further execution
   [[ -z "$MAS_INSTANCE_ID" ]] && gitops_kmodel_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
   [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_kmodel_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
-  [[ -z "$MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET is not set. Please provide the templates bucket name using --mas-aibroker-storage-templates-bucket."
-  [[ -z "$MAS_AIBROKER_STORAGE_TENANTS_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_TENANTS_BUCKET is not set. Please provide the tenants bucket name using --mas-aibroker-storage-tenants-bucket."
-  [[ -z "$MAS_AIBROKER_STORAGE_PIPELINES_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_PIPELINES_BUCKET is not set. Please provide the pipelines bucket name using --mas-aibroker-storage-pipelines-bucket."
+  # [[ -z "$MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET is not set. Please provide the templates bucket name using --mas-aibroker-storage-templates-bucket."
+  # [[ -z "$MAS_AIBROKER_STORAGE_TENANTS_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_TENANTS_BUCKET is not set. Please provide the tenants bucket name using --mas-aibroker-storage-tenants-bucket."
+  # [[ -z "$MAS_AIBROKER_STORAGE_PIPELINES_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_PIPELINES_BUCKET is not set. Please provide the pipelines bucket name using --mas-aibroker-storage-pipelines-bucket."
 
 }
 
@@ -405,11 +405,14 @@ function gitops_kmodel() {
   export SM_MINIO_SECRETKEY=${SECRETS_PREFIX}minio#sm_minio_secretkey
   export SM_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
   export SM_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
+  export SM_MINIO_BUCKET_TEMPLATES=${SECRETS_PREFIX}minio#sm_minio_bucket_templates
+  export SM_MINIO_BUCKET_TENANTS=${SECRETS_PREFIX}minio#sm_minio_bucket_tenants
+  export SM_MINIO_BUCKET_PIPELINES=${SECRETS_PREFIX}minio#sm_minio_bucket_pipelines
 
 # check for those variables present into the aws sm 
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64"
 
-  sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey"
+  sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_templates,sm_minio_bucket_tenants,sm_minio_bucket_pipelines"
 
     # finally push them into the git repo
     # ---------------------------------------------------------------------------
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index 5dbb9e9c96e..6f2ec1511a3 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -17,9 +17,9 @@ ibm_kmodel:
   mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_PORT }}>"
   mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
 
-  mas_aibroker_storage_templates_bucket: "{{ MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET }}"
-  mas_aibroker_storage_tenants_bucket: "{{ MAS_AIBROKER_STORAGE_TENANTS_BUCKET }}"
-  mas_aibroker_storage_pipelines_bucket: "{{ MAS_AIBROKER_STORAGE_PIPELINES_BUCKET }}"
+  mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_TEMPLATES }}>"
+  mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_TENANTS }}>"
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_PIPELINES }}>"
 
   ssh_secret_name: "{{ SSH_SECRET_NAME }}"
   

From 32e6eb35d246067bc073f6d63d4d3cf8100c4896 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sun, 8 Jun 2025 18:11:01 +0530
Subject: [PATCH 053/258] Update gitops_kmodel

removed temp folder
---
 image/cli/mascli/functions/gitops_kmodel | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 7562a76801a..017d5e6f285 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -389,8 +389,8 @@ function gitops_kmodel() {
   # Set up secrets
   # ---------------------------------------------------------------------------
   CURRENT_DIR=$PWD
-  TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-kmodel
-  mkdir -p ${TEMP_DIR}
+  # TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-kmodel
+  # mkdir -p ${TEMP_DIR}
 
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
@@ -450,7 +450,7 @@ function gitops_kmodel() {
       remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
     fi
 
-    rm -rf $TEMP_DIR
+    # rm -rf $TEMP_DIR
     rm -rf $GITOPS_WORKING_DIR
 
   exit 0

From 3e20c4d67bcb5e04bb99b7590f3ccfbc1fe92640 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sun, 8 Jun 2025 18:33:17 +0530
Subject: [PATCH 054/258] Update gitops_kmodel

added valid folder path
---
 image/cli/mascli/functions/gitops_kmodel | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 017d5e6f285..60701fcdac2 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -317,8 +317,8 @@ function gitops_kmodel() {
 
   # Prepare directories
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}
-
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
+  
   echo
   reset_colors
   echo_h2 "Review Settings"

From 87f4c8c1ed7ebcae102ebfa3b1b7712fea1b8172 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Mon, 9 Jun 2025 11:06:30 +0530
Subject: [PATCH 055/258] remove generating file odh-info.yaml

---
 image/cli/mascli/functions/gitops_odh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 7905fdac8d4..430f6e81212 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -392,9 +392,9 @@ function gitops_odh() {
   jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
 
   # Collect info block for secret update
-  yq eval '.' "${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml" > "${GITOPS_CLUSTER_DIR}/odh-info.yaml"
-  UNESCAPED_INFO="$(cat ${GITOPS_CLUSTER_DIR}/odh-info.yaml)"
-  ESCAPED_INFO="${UNESCAPED_INFO//\"/\\\"}"
+  # yq eval '.' "${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml" > "${GITOPS_CLUSTER_DIR}/odh-info.yaml"
+  # UNESCAPED_INFO="$(cat ${GITOPS_CLUSTER_DIR}/odh-info.yaml)"
+  # ESCAPED_INFO="${UNESCAPED_INFO//\"/\\\"}"
 
   TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_odh\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
 

From 0cb2990ef69e5ee78f91e944580477f696404575 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 9 Jun 2025 12:13:15 +0530
Subject: [PATCH 056/258] Update gitops-mas-aibroker-tenant.yml.j2

rename to gitops-mas-aibroker-tenant
---
 tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index e32d6c8be65..2d75476e2e8 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -1,7 +1,7 @@
 apiVersion: tekton.dev/v1beta1
 kind: Pipeline
 metadata:
-  name: gitops-aibroker-tenant-pipeline
+  name: gitops-mas-aibroker-tenant
 spec:
   params:
     - name: cluster_name

From 08ba924412c73af341f87989a45befd6fd8b879e Mon Sep 17 00:00:00 2001
From: Nikita Kumble <nikitakumble@gmail.com>
Date: Mon, 9 Jun 2025 13:20:03 +0530
Subject: [PATCH 057/258] changes in pullSecretName, IMAGE_PULL_SECRET_B64
 variables

---
 image/cli/mascli/functions/gitops_kmodel                 | 9 +++++++--
 .../appset-configs/cluster/instance/ibm-kmodel.yaml.j2   | 2 ++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 60701fcdac2..e4d6a461b35 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -50,6 +50,7 @@ Kkmodel Configuration:
       --image-store ${COLOR_YELLOW}IMAGE_STORE${TEXT_RESET}                                                             Docker image for storing models and artifacts.
       --image-watcher ${COLOR_YELLOW}IMAGE_WATCHER${TEXT_RESET}                                                         Docker image for monitoring and detecting changes to models or configurations.
       --image-controller ${COLOR_YELLOW}IMAGE_CONTROLLER${TEXT_RESET}                                                   Docker image for controlling and managing the deployment and lifecycle of models.
+      --pullSecretName ${COLOR_YELLOW}PULLSECRETNAME${TEXT_RESET}                                                       IBM Pull Secret name
 
 Automatic GitHub Push (Optional):
   -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
@@ -93,7 +94,7 @@ function gitops_kmodel_noninteractive() {
   export IMAGE_STORE=${IMAGE_STORE:-"${DOCKER_SERVER}/store:1.0.3-pre.maint10xdev"}
   export IMAGE_WATCHER=${IMAGE_WATCHER:-"${DOCKER_SERVER}/watcher:1.0.5-pre.maint10xdev"}
   export IMAGE_CONTROLLER=${IMAGE_CONTROLLER:-"${DOCKER_SERVER}/controller:1.0.8-pre.maint10xdev"}
-  
+  export PULLSECRETNAME=${PULLSECRETNAME:-"ibm-entitlement"}
   
   while [[ $# -gt 0 ]]
   do
@@ -238,6 +239,10 @@ function gitops_kmodel_noninteractive() {
 
       --model-id-prefix)
         export MODEL_ID_PREFIX=$1 && shift
+        ;;
+      
+      --pullSecretName)
+        export PULLSECRETNAME=$1 && shift
         ;;
 
 	    # optional parameters if needed
@@ -398,7 +403,7 @@ function gitops_kmodel() {
   SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
 
   # check if those are already present 
-  export image_pull_secret_b64=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
+  export IMAGE_PULL_SECRET_B64=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
   
   # minio
   export SM_MINIO_ACCESSKEY=${SECRETS_PREFIX}minio#sm_minio_accesskey
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index 6f2ec1511a3..1937c943de0 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -22,6 +22,8 @@ ibm_kmodel:
   mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_PIPELINES }}>"
 
   ssh_secret_name: "{{ SSH_SECRET_NAME }}"
+
+  pullSecretName: "ibm-entitlement"
   
   docker_server: "{{ DOCKER_SERVER }}"
 

From bb83db60ef2aa12a05298899db1b21c64d4ad50e Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 9 Jun 2025 16:02:54 +0530
Subject: [PATCH 058/258] Update gitops-aibroker-tenant.yml.j2

ACCOUNT_ID replaced with ACCOUNT
---
 tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index ad97440fd84..ca36e66e64a 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -225,7 +225,7 @@ spec:
 
         mkdir -p /tmp/init-aibroker-tenant
         
-        mas gitops-aibroker-tenant --account-id "$ACCOUNT_ID" --cluster-id "$CLUSTER_ID" \
+        mas gitops-aibroker-tenant -a $ACCOUNT --cluster-id "$CLUSTER_ID" \
         --secrets-path "$SECRETS_PATH" \
         --github-push \
         --github-host "$GITHUB_HOST" \

From b54aecd7082828a64aa3856fa364b11ab38cb028 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 9 Jun 2025 17:03:23 +0530
Subject: [PATCH 059/258] Update gitops-aibroker-tenant.yml.j2

code updated
---
 .../src/tasks/gitops/gitops-aibroker-tenant.yml.j2   | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index ca36e66e64a..895cbe101d5 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -225,22 +225,14 @@ spec:
 
         mkdir -p /tmp/init-aibroker-tenant
         
-        mas gitops-aibroker-tenant -a $ACCOUNT --cluster-id "$CLUSTER_ID" \
+        mas gitops-aibroker-tenant -a $ACCOUNT \
         --secrets-path "$SECRETS_PATH" \
         --github-push \
         --github-host "$GITHUB_HOST" \
         --github-org "$GITHUB_ORG" \
         --github-repo "$GITHUB_REPO" \
         --git-branch "$GIT_BRANCH" \
-        --mas_instance_id "$MAS_INSTANCE_ID" \
-        --tenantNamespace "$TENANT_NAMESPACE" \
-        --cluster_domain "$CLUSTER_DOMAIN" \
-        --slscfg_url "$SLSCFG_URL" \
-        --slscfg_client_id "$SLSCFG_CLIENT_ID" \
-        --mas_aibroker_watsonxai_url "$MAS_AIBROKER_WATSONXAI_URL" \
-        --mas_aibroker_watsonxai_apikey "$MAS_AIBROKER_WATSONXAI_APIKEY" \
-        --mas_aibroker_watsonxai_project_id "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" \
-        --drocfg_url "$DROCFG_URL"
+
 
         exit $?
       command:

From b18e4f6c7d820f4430842fa4fd9d8a3cbf2f0229 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Mon, 9 Jun 2025 18:23:23 +0530
Subject: [PATCH 060/258] cherry-pick d3a197b3a8 conflict

---
 image/cli/mascli/functions/gitops_odh         | 221 +++++++++++++-----
 .../instance/ibm-mas-odh-install.yaml.j2      |  96 ++++----
 2 files changed, 213 insertions(+), 104 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 430f6e81212..41ad506c8a3 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -99,6 +99,55 @@ function gitops_odh_noninteractive() {
   GITOPS_WORKING_DIR=$PWD/working-dir  
   SECRETS_KEY_SEPERATOR="/"
   GIT_COMMIT_MSG="gitops-odh commit"
+
+
+
+  export OPENSHIFT_NAMESPACE="${OPENSHIFT_NAMESPACE:-"openshift-operators"}"
+  export ODH_PIPELINE_CHANNEL="${ODH_PIPELINE_CHANNEL:-"latest"}"
+  export ODH_PIPELINE_INSTALLPLAN="${ODH_PIPELINE_INSTALLPLAN:-"Automatic"}"
+  export PIPELINE_CATALOG_SOURCE="${PIPELINE_CATALOG_SOURCE:-"redhat-operators"}"
+  export SERVICE_MESH_NAMESPACE="${SERVICE_MESH_NAMESPACE:-"openshift-operators"}"
+  export SERVICE_MESH_CHANNEL="${SERVICE_MESH_CHANNEL:-"stable"}"
+  export SERVICE_MESH_CATALOG_SOURCE="${SERVICE_MESH_CATALOG_SOURCE:-"redhat-operators"}"
+  export SERVICE_MESH_SOURCENAMESPACE="${SERVICE_MESH_SOURCENAMESPACE:-"openshift-marketplace"}"
+  export OPERATOR_NAME="${OPERATOR_NAME:-"openshift-pipelines-operator-rh"}"
+  export SERVERLESS_CHANNEL="${SERVERLESS_CHANNEL:-"stable"}"
+  export AUTHORINO_CATALOG_SOURCE="${AUTHORINO_CATALOG_SOURCE:-"community-operators"}"
+  export ODH_CHANNEL="${ODH_CHANNEL:-"fast"}"
+  export ODH_CATALOG_SOURCE="${ODH_CATALOG_SOURCE:-"community-operators"}"
+  export ODH_OPERATOR_VERSION="${ODH_OPERATOR_VERSION:-"opendatahub-operator.v2.19.0"}"
+  export ODH_NAMESPACE="${ODH_NAMESPACE:-"opendatahub"}"
+
+  export AIBROKER_NAMESPACE="${AIBROKER_NAMESPACE:-"mas-${MAS_INSTANCE_ID}-aibroker"}"
+  # skip pull_secret_name, it is a secret reference
+
+  export ODH_PIPELINE_NAME="${ODH_PIPELINE_NAME:-"openshift-pipelines-operator"}"
+  export ODH_PIPELINE_NAMESPACE="${ODH_PIPELINE_NAMESPACE:-"openshift-operators"}"
+  export ODH_PIPELINE_OPERATOR_NAME="${ODH_PIPELINE_OPERATOR_NAME:-"openshift-pipelines-operator-rh"}"
+  export ODH_PIPELINE_SOURCE="${ODH_PIPELINE_SOURCE:-"redhat_operators"}"
+  export ODH_PIPELINE_SOURCE_NAMESPACE="${ODH_PIPELINE_SOURCE_NAMESPACE:-"openshift_marketplace"}"
+
+  export SERVERLESS_NAMESPACE="${SERVERLESS_NAMESPACE:-"openshift-serverless"}"
+  export SERVERLESS_OPERATOR_NAME="${SERVERLESS_OPERATOR_NAME:-"serverless-operator"}"
+  export SERVERLESS_OPERATOR_SOURCE="${SERVERLESS_OPERATOR_SOURCE:-"redhat-operators"}"
+  export SERVERLESS_OPERATOR_SOURCE_NAMESPACE="${SERVERLESS_OPERATOR_SOURCE_NAMESPACE:-"openshift-marketplace"}"
+
+  export OPENDATAHUB_OPERATORGROUP_NAME="${OPENDATAHUB_OPERATORGROUP_NAME:-"opendatahub-operator-group"}"
+  export OPENDATAHUB_NAME="${OPENDATAHUB_NAME:-"opendatahub-operator"}"
+  export OPENDATAHUB_NAMESPACE="${OPENDATAHUB_NAMESPACE:-"opendatahub"}"
+  export OPENDATAHUB_INSTALLPLAN_APPROVAL="${OPENDATAHUB_INSTALLPLAN_APPROVAL:-"Manual"}"
+  export OPENDATAHUB_CHANNEL="${OPENDATAHUB_CHANNEL:-"fast"}"
+  export OPENDATAHUB_SOURCE="${OPENDATAHUB_SOURCE:-"community-operators"}"
+  export OPENDATAHUB_SOURCE_NAMESPACE="${OPENDATAHUB_SOURCE_NAMESPACE:-"openshift-marketplace"}"
+
+  export MAS_AIBROKER_STORAGE_PROVIDER="${MAS_AIBROKER_STORAGE_PROVIDER:-"minio"}"
+  export MAS_AIBROKER_STORAGE_SSL="${MAS_AIBROKER_STORAGE_SSL:-"true"}"
+  export MAS_AIBROKER_STORAGE_REGION="${MAS_AIBROKER_STORAGE_REGION:-"us-east-2"}"
+  export PRIMARY_STORAGE_CLASS="${PRIMARY_STORAGE_CLASS:-"nfs-client"}"
+
+
+
+
   while [[ $# -gt 0 ]]; do
     key="$1"; shift
     case $key in
@@ -146,55 +195,101 @@ function gitops_odh_noninteractive() {
         ;;
 
 
-      # ODH
-      --odh-channel) export ODH_CHANNEL="$1"; shift ;;
-      --odh-catalog-source) export ODH_CATALOG_SOURCE="$1"; shift ;;
-      --odh-operator-version) export ODH_OPERATOR_VERSION="$1"; shift ;;
-      --odh-namespace) export ODH_NAMESPACE="$1"; shift ;;
-      --pull-secret-name) export PULL_SECRET_NAME="$1"; shift ;;
-      --opendatahub-name) export OPENDATAHUB_NAME="$1"; shift ;;
-      --opendatahub-operator-group) export OPENDATAHUB_OPERATOR_GROUP_NAME="$1"; shift ;;
-      --opendatahub-installplan) export OPENDATAHUB_INSTALLPLAN_APPROVAL="$1"; shift ;;
-      --opendatahub-channel) export OPENDATAHUB_CHANNEL="$1"; shift ;;
-      --opendatahub-source) export OPENDATAHUB_SOURCE="$1"; shift ;;
-      --opendatahub-source-namespace) export OPENDATAHUB_SOURCE_NAMESPACE="$1"; shift ;;
-
-      # Pipeline
-      --odh-pipeline-name) export ODH_PIPELINE_NAME="$1"; shift ;;
-      --odh-pipeline-namespace) export ODH_PIPELINE_NAMESPACE="$1"; shift ;;
-      --odh-pipeline-operator-name) export ODH_PIPELINE_OPERATOR_NAME="$1"; shift ;;
-      --odh-pipeline-source) export ODH_PIPELINE_SOURCE="$1"; shift ;;
-      --odh-pipeline-source-namespace) export ODH_PIPELINE_SOURCE_NAMESPACE="$1"; shift ;;
-      --odh-pipeline-channel) export ODH_PIPELINE_CHANNEL="$1"; shift ;;
-      --odh-pipeline-installplan) export ODH_PIPELINE_INSTALLPLAN="$1"; shift ;;
-      --pipeline-catalog-source) export PIPELINE_CATALOG_SOURCE="$1"; shift ;;
-
-      # Service Mesh
-      --service-mesh-namespace) export SERVICE_MESH_NAMESPACE="$1"; shift ;;
-      --service-mesh-channel) export SERVICE_MESH_CHANNEL="$1"; shift ;;
-      --service-mesh-catalog-source) export SERVICE_MESH_CATALOG_SOURCE="$1"; shift ;;
-      --service-mesh-source-namespace) export SERVICE_MESH_SOURCE_NAMESPACE="$1"; shift ;;
-
-      # Serverless
-      --serverless-namespace) export SERVERLESS_NAMESPACE="$1"; shift ;;
-      --serverless-channel) export SERVERLESS_CHANNEL="$1"; shift ;;
-      --serverless-operator-name) export SERVERLESS_OPERATOR_NAME="$1"; shift ;;
-      --serverless-operator-source) export SERVERLESS_OPERATOR_SOURCE="$1"; shift ;;
-      --serverless-operator-source-namespace) export SERVERLESS_OPERATOR_SOURCE_NAMESPACE="$1"; shift ;;
-
-      # Authorino
-      --authorino-catalog-source) export AUTHORINO_CATALOG_SOURCE="$1"; shift ;;
-
-      # Storage
-      --storage-provider) export MAS_AIBROKER_STORAGE_PROVIDER="$1"; shift ;;
-      --storage-accesskey) export MAS_AIBROKER_STORAGE_ACCESSKEY="$1"; shift ;;
-      --storage-secretkey) export MAS_AIBROKER_STORAGE_SECRETKEY="$1"; shift ;;
-      --storage-host) export MAS_AIBROKER_STORAGE_HOST="$1"; shift ;;
-      --storage-port) export MAS_AIBROKER_STORAGE_PORT="$1"; shift ;;
-      --storage-ssl) export MAS_AIBROKER_STORAGE_SSL="$1"; shift ;;
-      --storage-region) export MAS_AIBROKER_STORAGE_REGION="$1"; shift ;;
-      --pipelines-bucket) export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET="$1"; shift ;;
-      --primary-storage-class) export PRIMARY_STORAGE_CLASS="$1"; shift ;;
+      --odh-channel)
+        export ODH_CHANNEL=$1 && shift
+        ;;
+      --odh-catalog-source)
+        export ODH_CATALOG_SOURCE=$1 && shift
+        ;;
+      --odh-operator-version)
+        export ODH_OPERATOR_VERSION=$1 && shift
+        ;;
+      --odh-namespace)
+        export ODH_NAMESPACE=$1 && shift
+        ;;
+      --openshift-namespace)
+        export OPENSHIFT_NAMESPACE=$1 && shift
+        ;;
+      --pull-secret-name)
+        export PULL_SECRET_NAME=$1 && shift
+        ;;
+
+      --opendatahub-name)
+        export OPENDATAHUB_NAME=$1 && shift
+        ;;
+      --opendatahub-operator-group)
+        export OPENDATAHUB_OPERATORGROUP_NAME=$1 && shift
+        ;;
+      --opendatahub-installplan)
+        export OPENDATAHUB_INSTALLPLAN_APPROVAL=$1 && shift
+        ;;
+      --opendatahub-channel)
+        export OPENDATAHUB_CHANNEL=$1 && shift
+        ;;
+      --opendatahub-source)
+        export OPENDATAHUB_SOURCE=$1 && shift
+        ;;
+      --opendatahub-source-namespace)
+        export OPENDATAHUB_SOURCE_NAMESPACE=$1 && shift
+        ;;
+
+      --odh-pipeline-name)
+        export ODH_PIPELINE_NAME=$1 && shift
+        ;;
+      --odh-pipeline-namespace)
+        export ODH_PIPELINE_NAMESPACE=$1 && shift
+        ;;
+      --odh-pipeline-operator-name)
+        export ODH_PIPELINE_OPERATOR_NAME=$1 && shift
+        ;;
+      --odh-pipeline-source)
+        export ODH_PIPELINE_SOURCE=$1 && shift
+        ;;
+      --odh-pipeline-source-namespace)
+        export ODH_PIPELINE_SOURCE_NAMESPACE=$1 && shift
+        ;;
+      --odh-pipeline-channel)
+        export ODH_PIPELINE_CHANNEL=$1 && shift
+        ;;
+      --odh-pipeline-installplan)
+        export ODH_PIPELINE_INSTALLPLAN=$1 && shift
+        ;;
+      --pipeline-catalog-source)
+        export PIPELINE_CATALOG_SOURCE=$1 && shift
+        ;;
+
+      --service-mesh-namespace)
+        export SERVICE_MESH_NAMESPACE=$1 && shift
+        ;;
+      --service-mesh-channel)
+        export SERVICE_MESH_CHANNEL=$1 && shift
+        ;;
+      --service-mesh-catalog-source)
+        export SERVICE_MESH_CATALOG_SOURCE=$1 && shift
+        ;;
+      --service-mesh-source-namespace)
+        export SERVICE_MESH_SOURCE_NAMESPACE=$1 && shift
+        ;;
+
+      --serverless-namespace)
+        export SERVERLESS_NAMESPACE=$1 && shift
+        ;;
+      --serverless-channel)
+        export SERVERLESS_CHANNEL=$1 && shift
+        ;;
+      --serverless-operator-name)
+        export SERVERLESS_OPERATOR_NAME=$1 && shift
+        ;;
+      --serverless-operator-source)
+        export SERVERLESS_OPERATOR_SOURCE=$1 && shift
+        ;;
+      --serverless-operator-source-namespace)
+        export SERVERLESS_OPERATOR_SOURCE_NAMESPACE=$1 && shift
+        ;;
+
+      --authorino-catalog-source)
+        export AUTHORINO_CATALOG_SOURCE=$1 && shift
+        ;;
 
       --serverless-namespace)
         export SERVERLESS_NAMESPACE=$1 && shift
@@ -239,13 +334,6 @@ function gitops_odh_noninteractive() {
       --operator-name)
         export OPERATOR_NAME=$1 && shift
         ;;
-      # Database
-      --db-host) export MAS_AIBROKER_DB_HOST="$1"; shift ;;
-      --db-port) export MAS_AIBROKER_DB_PORT="$1"; shift ;;
-      --db-user) export MAS_AIBROKER_DB_USER="$1"; shift ;;
-      --db-database) export MAS_AIBROKER_DB_DATABASE="$1"; shift ;;
-      --db-secret-name) export MAS_AIBROKER_DB_SECRET_NAME="$1"; shift ;;
-      --db-secret-value) export MAS_AIBROKER_DB_SECRET_VALUE="$1"; shift ;;
 
       # GitHub
       -P|--github-push) export GITHUB_PUSH=true ;;
@@ -310,6 +398,27 @@ function gitops_odh() {
   # Set up secret key and fetch secret
   export SECRET_ACCOUNT_PATH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
   export ODH_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio"
+
+
+  export SECRET_KEY_IMAGE_PULL_SECRET_B64="${SECRET_ACCOUNT_PATH}ibm_entitlement#image_pull_secret_b64"
+
+  # MinIO
+  export SECRET_KEY_SM_MINIO_ACCESSKEY="${SECRET_ACCOUNT_PATH}minio#sm_minio_accesskey"
+  export SECRET_KEY_SM_MINIO_SECRETKEY="${SECRET_ACCOUNT_PATH}minio#sm_minio_secretkey"
+  export SECRET_KEY_SM_MINIO_HOST="${SECRET_ACCOUNT_PATH}minio#sm_minio_host"
+  export SECRET_KEY_SM_MINIO_PORT="${SECRET_ACCOUNT_PATH}minio#sm_minio_port"
+  export SECRET_KEY_SM_MINIO_BUCKET_DEFAULT="${SECRET_ACCOUNT_PATH}minio#sm_minio_bucket_default"
+
+  # MariaDB
+  export SECRET_KEY_SM_MARIADB_HOST="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_host"
+  export SECRET_KEY_SM_MARIADB_PORT="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_port"
+  export SECRET_KEY_SM_MARIADB_USER="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_user"
+  export SECRET_KEY_SM_MARIADB_DATABASE="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_database"
+  export SECRET_KEY_SM_MARIADB_SECRET_NAME="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_secret_name"
+  export SECRET_KEY_SM_MARIADB_SECRET_VALUE="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_secret_value"
+
+
+
   export ODH_SECRET_FILE="$GITOPS_WORKING_DIR/odh-secret.json"
   if [ -z $GIT_SSH ]; then
     export GIT_SSH=false
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
index 97f5a22e2f0..0c4b65e0abd 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
@@ -2,63 +2,63 @@
 merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
 
 ibm_odh:
-  openshift_namespace: "openshift-operators"
-  odh_pipeline_channel: "latest"
-  odh_pipeline_installplan: "Automatic"
-  pipeline_catalog_source: "redhat-operators"
-  service_mesh_namespace: "openshift-operators"
-  service_mesh_channel: "stable"
-  service_mesh_catalog_source: "redhat-operators"
-  service_mesh_sourceNamespace: "openshift-marketplace"
-  operatorName: "openshift-pipelines-operator-rh"
-  serverless_channel: "stable"
-  authorino_catalog_source: "community-operators"
-  odh_channel: "fast"
-  odh_catalog_source: "community-operators"
-  odh_operator_version: "opendatahub-operator.v2.19.0"
-  odh_namespace: "opendatahub"
+  openshift_namespace: {{ OPENSHIFT_NAMESPACE }}
+  odh_pipeline_channel: {{ ODH_PIPELINE_CHANNEL }}
+  odh_pipeline_installplan: {{ ODH_PIPELINE_INSTALLPLAN }}
+  pipeline_catalog_source: {{ PIPELINE_CATALOG_SOURCE }}
+  service_mesh_namespace: {{ SERVICE_MESH_NAMESPACE }}
+  service_mesh_channel: {{ SERVICE_MESH_CHANNEL }}
+  service_mesh_catalog_source: {{ SERVICE_MESH_CATALOG_SOURCE }}
+  service_mesh_sourceNamespace: {{ SERVICE_MESH_SOURCENAMESPACE }}
+  operatorName: {{ OPERATOR_NAME }}
+  serverless_channel: {{ SERVERLESS_CHANNEL }}
+  authorino_catalog_source: {{ AUTHORINO_CATALOG_SOURCE }}
+  odh_channel: {{ ODH_CHANNEL }}
+  odh_catalog_source: {{ ODH_CATALOG_SOURCE }}
+  odh_operator_version: {{ ODH_OPERATOR_VERSION }}
+  odh_namespace: {{ ODH_NAMESPACE }}
 
-  aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
-  pull_secret_name: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}ibm_entitlement#image_pull_secret_b64>"
+  aibroker_namespace: {{ AIBROKER_NAMESPACE }}
+  pull_secret_name: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IMAGE_PULL_SECRET_B64 }}>"
 
   # ODH Pipeline operator
-  odh_pipeline_name: "openshift-pipelines-operator"
-  odh_pipeline_namespace: "openshift-operators"
-  odh_pipeline_operatorName: "openshift-pipelines-operator-rh"
-  odh_pipeline_source: "redhat_operators"
-  odh_pipeline_sourceNamespace: "openshift_marketplace"
+  odh_pipeline_name: {{ ODH_PIPELINE_NAME }}
+  odh_pipeline_namespace: {{ ODH_PIPELINE_NAMESPACE }}
+  odh_pipeline_operatorName: {{ ODH_PIPELINE_OPERATOR_NAME }}
+  odh_pipeline_source: {{ ODH_PIPELINE_SOURCE }}
+  odh_pipeline_sourceNamespace: {{ ODH_PIPELINE_SOURCE_NAMESPACE }}
 
   # Serverless Operator
-  serverless_namespace: "openshift-serverless"
-  serverless_operator_name: "serverless-operator"
-  serverless_operator_source: "redhat-operators"
-  serverless_operator_sourceNamespace: "openshift-marketplace"
+  serverless_namespace: {{ SERVERLESS_NAMESPACE }}
+  serverless_operator_name: {{ SERVERLESS_OPERATOR_NAME }}
+  serverless_operator_source: {{ SERVERLESS_OPERATOR_SOURCE }}
+  serverless_operator_sourceNamespace: {{ SERVERLESS_OPERATOR_SOURCE_NAMESPACE }}
 
   # OpenDataHub Operator
-  opendatahub_OperatorGroup_name: "opendatahub-operator-group"
-  opendatahub_name: "opendatahub-operator"
-  opendatahub_namespace: "opendatahub"
-  opendatahub_installPlanApproval: "Manual"
-  opendatahub_channel: "fast"
-  opendatahub_source: "community-operators"
-  opendatahub__sourceNamespace: "openshift-marketplace"
+  opendatahub_OperatorGroup_name: {{ OPENDATAHUB_OPERATORGROUP_NAME }}
+  opendatahub_name: {{ OPENDATAHUB_NAME }}
+  opendatahub_namespace: {{ OPENDATAHUB_NAMESPACE }}
+  opendatahub_installPlanApproval: {{ OPENDATAHUB_INSTALLPLAN_APPROVAL }}
+  opendatahub_channel: {{ OPENDATAHUB_CHANNEL }}
+  opendatahub_source: {{ OPENDATAHUB_SOURCE }}
+  opendatahub__sourceNamespace: {{ OPENDATAHUB_SOURCE_NAMESPACE }}
 
   # Storage configuration
-  mas_aibroker_storage_provider: "minio"
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}minio#sm_minio_accesskey>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}minio#sm_minio_secretkey>"
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}minio#sm_minio_host>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}minio#sm_minio_port>"
-  mas_aibroker_storage_ssl: "true"
-  mas_aibroker_storage_region: ""
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}minio#sm_minio_bucket_default>"
+  mas_aibroker_storage_provider: {{ MAS_AIBROKER_STORAGE_PROVIDER }}
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_ACCESSKEY }}>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_SECRETKEY }}>"
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_HOST }}>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_PORT }}>"
+  mas_aibroker_storage_ssl: {{ MAS_AIBROKER_STORAGE_SSL }}
+  mas_aibroker_storage_region: {{ MAS_AIBROKER_STORAGE_REGION }}
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_BUCKET_DEFAULT }}>"
 
   # MariaDB configuration
-  mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_host>"
-  mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_port>"
-  mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_user>"
-  mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_database>"
-  mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_secret_name>"
-  mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}/{{ SECRET_ACCOUNT_PATH }}mariadb#sm_mariadb_secret_value>"
+  mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_HOST }}>"
+  mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_PORT }}>"
+  mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_USER }}>"
+  mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_DATABASE }}>"
+  mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_SECRET_NAME }}>"
+  mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_SECRET_VALUE }}>"
 
-  primary_storage_class: "nfs-client"
+  primary_storage_class: {{ PRIMARY_STORAGE_CLASS }}

From d797015c75ed517ecc6e28ec6d343bc5cc9bfee3 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 9 Jun 2025 18:50:37 +0530
Subject: [PATCH 061/258] Update gitops-aibroker-tenant.yml.j2

removed cluster id
---
 tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index 895cbe101d5..20f14c7262f 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -9,8 +9,6 @@ spec:
       type: string
     - name: account
       type: string
-    - name: cluster_id
-      type: string
     - name: cluster_url
       type: string    
     - name: secrets_path
@@ -100,8 +98,6 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
-      #- name: CLUSTER_ID
-      #  value: $(params.cluster_id)
       - name: CLUSTER_URL
         value: $(params.cluster_url)
       - name: SECRET_PATH

From b79607ad7af27d37597a132f0b8e296fa6a75d55 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 9 Jun 2025 20:15:43 +0530
Subject: [PATCH 062/258] update for aibroker

---
 image/cli/mascli/functions/gitops_aibroker    | 55 ++++++++--------
 .../cluster/instance/ibm-aibroker.yaml.j2     | 62 +++++++++----------
 2 files changed, 57 insertions(+), 60 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 76317d61921..603efd19e7c 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -347,44 +347,43 @@ function gitops_aibroker() {
 
 
 
-  AVP_TYPE=aws  # Support for IBM will be added later
+   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
   # update those varialbe which are necessory to be updated into aws , 
+  SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
 
-  # pull_secret_name
-  export image_pull_secret_b64=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#image_pull_secret_b64
+  export image_pull_secret_b64=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
   # mas_aibroker_storage_accesskey
-  export SM_MINIO_ACCESSKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_accesskey
+  export SM_MINIO_ACCESSKEY=${SECRETS_PREFIX}minio#sm_minio_accesskey
   # mas_aibroker_storage_secretkey
-  export SM_MINIO_SECRETKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_secretkey
+  export SM_MINIO_SECRETKEY=${SECRETS_PREFIX}minio#sm_minio_secretkey
   # mas_aibroker_storage_host
-  export SM_MINIO_HOST=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_host
+  export SM_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
   # mas_aibroker_storage_port
-  export SM_MINIO_PORT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_port
+  export SM_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
   # mas_aibroker_storage_templates_bucket
-  export SM_MINIO_BUCKET_TEMPLATES=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_templates
+  export SM_MINIO_BUCKET_TEMPLATES=${SECRETS_PREFIX}minio#sm_minio_bucket_templates
   # mas_aibroker_storage_tenants_bucket
-  export SM_MINIO_BUCKET_TENANTS=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_tenants
+  export SM_MINIO_BUCKET_TENANTS=${SECRETS_PREFIX}minio#sm_minio_bucket_tenants
   # mas_aibroker_storage_pipelines_bucket
-  export SM_MINIO_BUCKET_PIPELINES=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio#sm_minio_bucket_pipelines
-  export MAS_AIBROKER_DB_HOST=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_host
-  export MAS_AIBROKER_DB_PORT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_port
-  export MAS_AIBROKER_DB_USER=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_user
-  export MAS_AIBROKER_DB_DATABASE=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_database
-  export MAS_AIBROKER_DB_SECRET_NAME=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_secret_name
-  export MAS_AIBROKER_DB_SECRET_VALUE=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb#sm_mariadb_secret_value
-  export SLSCFG_REGISTRATION_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}sls#slscfg_registration_key
-  export DROCFG_CA=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#drocfg_ca
-  export DROCFG_REGISTRATION_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#drocfg_registration_key
-  export DROCFG_URL=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#drocfg_url
-  export JDBCCFG_USERNAME=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}jdbc#jdbccfg_username
-  export JDBCCFG_PASSWORD=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}jdbc#jdbccfg_password
-  export JDBCCFG_URL=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}jdbc#jdbccfg_url
-  export JDBCCFG_SSLENABLED=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}jdbc#jdbccfg_sslenabled
-  export JDBCCFG_CA=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}jdbc#jdbccfg_ca
-  export MAS_ENTITLEMENT_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#entitlement_key
-  export ARTIFACTORY_TOKEN=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#aibroker_image_pull_secret_b64
-
+  export SM_MINIO_BUCKET_PIPELINES=${SECRETS_PREFIX}minio#sm_minio_bucket_pipelines
+  export MAS_AIBROKER_DB_HOST=${SECRETS_PREFIX}mariadb#sm_mariadb_host
+  export MAS_AIBROKER_DB_PORT=${SECRETS_PREFIX}mariadb#sm_mariadb_port
+  export MAS_AIBROKER_DB_USER=${SECRETS_PREFIX}mariadb#sm_mariadb_user
+  export MAS_AIBROKER_DB_DATABASE=${SECRETS_PREFIX}mariadb#sm_mariadb_database
+  export MAS_AIBROKER_DB_SECRET_NAME=${SECRETS_PREFIX}mariadb#sm_mariadb_secret_name
+  export MAS_AIBROKER_DB_SECRET_VALUE=${SECRETS_PREFIX}mariadb#sm_mariadb_secret_value
+  export SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
+  export DROCFG_CA=${SECRETS_PREFIX}dro#drocfg_ca
+  export DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}dro#drocfg_registration_key
+  export DROCFG_URL=${SECRETS_PREFIX}dro#drocfg_url
+  export JDBCCFG_USERNAME=${SECRETS_PREFIX}jdbc#jdbccfg_username
+  export JDBCCFG_PASSWORD=${SECRETS_PREFIX}jdbc#jdbccfg_password
+  export JDBCCFG_URL=${SECRETS_PREFIX}jdbc#jdbccfg_url
+  export JDBCCFG_SSLENABLED=${SECRETS_PREFIX}jdbc#jdbccfg_sslenabled
+  export JDBCCFG_CA=${SECRETS_PREFIX}jdbc#jdbccfg_ca
+  export MAS_ENTITLEMENT_KEY=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
+  export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#aibroker_image_pull_secret_b64
   # check if those are already present 
   # and update them 
 
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
index 84fdbb9c795..30d0e61b8ce 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
@@ -1,61 +1,59 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
 
 ibm_aibroker:
   mas_instance_id: "sremat"
   aibroker_namespace: "mas-sremat-aibroker"
   mas_aibroker_watsonx_secret: "sremat-watsonxcfg"
-  pull_secret_name: "<path:arn:aws:secretsmanager:us-east-2:435377327995:secret:fyre-sre-dev/sremat-test/ibm_entitlement#image_pull_secret_b64>"
+  pull_secret_name: "<path:{{ SECRETS_PATH }}:{{ image_pull_secret_b64 }}>"
+
 
   # Storage vars
   mas_aibroker_storage_provider: "minio"
   mas_aibroker_minio_secret: "minio-secret"
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}/minio#sm_minio_accesskey>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}/minio##sm_minio_host>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}/minio#sm_minio_port>"
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_ACCESSKEY }}>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_SECRETKEY }}>"
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_HOST }}>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_PORT }}>"
   mas_aibroker_storage_ssl: "true"
   mas_aibroker_storage_region: ""
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}/minio##sm_minio_bucket_default>"
-  mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}/minio##sm_minio_bucket_tenants>"
-  mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}/minio##sm_minio_bucket_templates>"
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_PIPELINES }}>"
+  mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_TENANTS }}>"
+  mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_TEMPLATES }}>"
+
   
+
   # MariaDB
-  mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_host>"
+  mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_HOST }}>"
   mas_aibroker_mariadb_secret: "sremat-mariadbcfg"
-  mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_port>"
-
-  mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_user>"
-
-  mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_database>"
-
-  mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_secret_name>"
-
-  mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}/mariadb#sm_mariadb_secret_value>"
-
+  mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_PORT }}>"
+  mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_USER }}>"
+  mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_DATABASE }}>"
+  mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_SECRET_NAME }}>"
+  mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_SECRET_VALUE }}>"
 
   primary_storage_class: "nfs-client"
 
   #SLS
-  slscfg_registration_key: "<path:{{ SECRETS_PATH }}/sls#slscfg_registration_key>"
+  slscfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SLSCFG_REGISTRATION_KEY }}>"
 
   #DRO
-  drocfg_ca: "<path:{{ SECRETS_PATH }}//dro#drocfg_ca>"
-  drocfg_registration_key: "<path:{{ SECRETS_PATH }}/dro#drocfg_registration_key>"
-  drocfg_url: "<path:{{ SECRETS_PATH }}/dro#drocfg_url>"
+  drocfg_ca: "<path:{{ SECRETS_PATH }}:{{ DROCFG_CA }}>"
+  drocfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ DROCFG_REGISTRATION_KEY }}>"
+  drocfg_url: "<path:{{ SECRETS_PATH }}:{{ DROCFG_URL }}>"
 
   #JDBC
-  jdbccfg_username: "<path:{{ SECRETS_PATH }}/jdbc#jdbccfg_username>"
-  jdbccfg_password: "<path:{{ SECRETS_PATH }}/#jdbccfg_password>"
-  jdbccfg_url:"<path:{{ SECRETS_PATH }}/jdbc#jdbccfg_url>"
-  jdbccfg_sslenabled:"<path:{{ SECRETS_PATH }}/jdbc#jdbccfg_sslenabled>"
-  jdbccfg_ca: "<path:{{ SECRETS_PATH }}/jdbc#jdbccfg_ca>"
-
+  jdbccfg_username: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_USERNAME }}>"
+  jdbccfg_password: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_PASSWORD }}>"
+  jdbccfg_url: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_URL }}>"
+  jdbccfg_sslenabled: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_SSLENABLED }}>"
+  jdbccfg_ca: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_CA }}>"  
 
   # MAS Entitlement
-  mas_entitlement_key:"<path:{{ SECRETS_PATH }}/ibm_entitlement#entitlement_key>"
+  mas_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ MAS_ENTITLEMENT_KEY }}>"
   
   # Development Registry Entitlement
   artifactory_username: "pmqcloud@us.ibm.com"
-  artifactory_token: "<path:{{ SECRETS_PATH }}/ibm_entitlement#aibroker_image_pull_secret_b64>"
+  artifactory_token: "<path:{{ SECRETS_PATH }}:{{ ARTIFACTORY_TOKEN }}>"
   # Environment Variable:
   mas_app_channel: "workspace"
   # mas_app_channel: "9.1.x-dev"
@@ -69,4 +67,4 @@ ibm_aibroker:
   mas_icr_cpopen: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"
 
   cluster_domain: "sremat-test.cp.fyre.ibm.com"
-  in_saas_env: "false"
\ No newline at end of file
+  in_saas_env: "false"

From 78705109f5575790a7e4270ad395ad56f984da7c Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 10 Jun 2025 08:38:05 +0530
Subject: [PATCH 063/258] Update gitops-aibroker-tenant.yml.j2

---
 tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index 20f14c7262f..d0b4a419492 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -221,8 +221,9 @@ spec:
 
         mkdir -p /tmp/init-aibroker-tenant
         
-        mas gitops-aibroker-tenant -a $ACCOUNT \
-        --secrets-path "$SECRETS_PATH" \
+        mas gitops-aibroker-tenant -a $ACCOUNT -c $CLUSTER_NAME \
+        --secrets-path $SECRET_PATH \
+        --dir /tmp/init-aibroker-tenant \
         --github-push \
         --github-host "$GITHUB_HOST" \
         --github-org "$GITHUB_ORG" \

From 6d29a6b19f1e19d5cf014112df6123ccb5ca9971 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 10 Jun 2025 12:04:31 +0530
Subject: [PATCH 064/258] cherry-pick 2cd64ee463 conflict

---
 .../mascli/functions/gitops_aibroker_tenant   | 143 +++++++++---------
 1 file changed, 71 insertions(+), 72 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 85f325db12c..a2314a34481 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -16,11 +16,11 @@ Basic Configuration:
   -i, --Instace-id ${COLOR_YELLOW}INSTANCE_ID${TEXT_RESET}                                                  Instance ID
 
 ibm_aibroker_tenant(required):
-      --mas_instance_id ${COLOR_YELLOW}MAS_INSTACE_ID${TEXT_RESET}                                          The MAS instance ID used by AI Broker
+      --mas-instance-id ${COLOR_YELLOW}MAS_INSTACE_ID${TEXT_RESET}                                          The MAS instance ID used by AI Broker
       --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                       The tenant's Kubernetes namespace
-      --cluster_domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                           The domain name of the Kubernetes cluster (e.g., cluster.local)
-      --drocfg_url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
-      --slscfg_url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
+      --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                           The domain name of the Kubernetes cluster (e.g., cluster.local)
+      --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
+      --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
       --slscfg_client_id ${COLOR_YELLOW}SLSCFG_CLIENT_ID${TEXT_RESET}                                       Client ID for SLS (usually generated by GitOps Helm)
       --mas_aibroker_watsonxai_url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                   Endpoint URL for Watsonx.ai
       --mas_aibroker_watsonxai_apikey ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_APIKEY${TEXT_RESET}             API key for authenticating with Watsonx.ai
@@ -28,46 +28,46 @@ ibm_aibroker_tenant(required):
 
 
 AIBroker :
---aibroker_namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
---mas_aibroker_provision_tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant
---mas_instance_id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                               The MAS instance ID used by AI Broker
+--aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
+--mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant
+--mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                               The MAS instance ID used by AI Broker
 --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                             The tenant's Kubernetes namespace
---cluster_domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
---in_saas_env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
---ibm_entitlement_key ${COLOR_YELLOW}IBM_ENTITLEMENT_KEY${TEXT_RESET}                                       IBM Entitlement API key for accessing IBM container registries
+--cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
+--in-saas-env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
+--ibm-entitlement-key ${COLOR_YELLOW}IBM_ENTITLEMENT_KEY${TEXT_RESET}                                       IBM Entitlement API key for accessing IBM container registries
 
---mas_icr_cp ${COLOR_YELLOW}MAS_ICR_CP${TEXT_RESET}                                                         IBM Cloud Pak container registry URL
---mas_icr_cpopen ${COLOR_YELLOW}MAS_ICR_CPOPEN${TEXT_RESET}                                                 IBM Cloud Pak Open container registry URL
+--mas-icr-cp ${COLOR_YELLOW}MAS_ICR_CP${TEXT_RESET}                                                         IBM Cloud Pak container registry URL
+--mas-icr-cpopen ${COLOR_YELLOW}MAS_ICR_CPOPEN${TEXT_RESET}                                                 IBM Cloud Pak Open container registry URL
 
 DRO :
---artifactory_token ${COLOR_YELLOW}ARTIFACTORY_TOKEN${TEXT_RESET}                                           API token used to authenticate with Artifactory
---drocfg_url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                         URL of the DRO configuration service
---mas_aibroker_dro_token_secret ${COLOR_YELLOW}MAS_AIBROKER_DRO_TOKEN_SECRET${TEXT_RESET}                   Secret name containing the DRO token
---drocfg_ca ${COLOR_YELLOW}DROCFG_CA${TEXT_RESET}                                                           CA certificate for secure communication with DRO config
---drocfg_registration_key ${COLOR_YELLOW}DROCFG_REGISTRATION_KEY${TEXT_RESET}                               Registration key used for DRO setup
+--artifactory-token ${COLOR_YELLOW}ARTIFACTORY_TOKEN${TEXT_RESET}                                           API token used to authenticate with Artifactory
+--drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                         URL of the DRO configuration service
+--mas-aibroker-dro-token-secret ${COLOR_YELLOW}MAS_AIBROKER_DRO_TOKEN_SECRET${TEXT_RESET}                   Secret name containing the DRO token
+--drocfg-ca ${COLOR_YELLOW}DROCFG_CA${TEXT_RESET}                                                           CA certificate for secure communication with DRO config
+--drocfg-registration-key ${COLOR_YELLOW}DROCFG_REGISTRATION_KEY${TEXT_RESET}                               Registration key used for DRO setup
 
 SLS :
---slscfg_url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                          URL of the SLS configuration service
---slscfg_registration_key ${COLOR_YELLOW}SLSCFG_REGISTRATION_KEY${TEXT_RESET}                                Registration key used to register with SLS
---mas_aibroker_sls_subscription_id ${COLOR_YELLOW}MAS_AIBROKER_SLS_SUBSCRIPTION_ID${TEXT_RESET}              Subscription ID associated with SLS
+--slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                          URL of the SLS configuration service
+--slscfg-registration-key ${COLOR_YELLOW}SLSCFG_REGISTRATION_KEY${TEXT_RESET}                                Registration key used to register with SLS
+--mas-aibroker-sls-subscription-id ${COLOR_YELLOW}MAS_AIBROKER_SLS_SUBSCRIPTION_ID${TEXT_RESET}              Subscription ID associated with SLS
 --slscfg_client_id ${COLOR_YELLOW}SLSCFG_CLIENT_ID${TEXT_RESET}                                              Client ID for SLS (usually generated by GitOps Helm)
---slscfg_ca ${COLOR_YELLOW}SLSCFG_CA${TEXT_RESET}                                                            CA certificate for SLS TLS connection
---slscfg_tls ${COLOR_YELLOW}SLSCFG_TLS${TEXT_RESET}                                                          TLS certificate used by the SLS client
---slscfg_key ${COLOR_YELLOW}SLSCFG_KEY${TEXT_RESET}                                                          Private key used by the SLS client
+--slscfg-ca ${COLOR_YELLOW}SLSCFG_CA${TEXT_RESET}                                                            CA certificate for SLS TLS connection
+--slscfg-tls ${COLOR_YELLOW}SLSCFG_TLS${TEXT_RESET}                                                          TLS certificate used by the SLS client
+--slscfg-key ${COLOR_YELLOW}SLSCFG_KEY${TEXT_RESET}                                                          Private key used by the SLS client
 
 Watsonx :
---mas_aibroker_watsonxai_url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                          Endpoint URL for Watsonx.ai
---mas_aibroker_watsonxai_apikey ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_APIKEY${TEXT_RESET}                    API key for authenticating with Watsonx.ai
---mas_aibroker_watsonxai_project_id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}            Watsonx.ai project ID used by AI Broker
+--mas-aibroker-watsonxai-url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                          Endpoint URL for Watsonx.ai
+--mas-aibroker-watsonxai-apikey ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_APIKEY${TEXT_RESET}                    API key for authenticating with Watsonx.ai
+--mas-aibroker-watsonxai-project-id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}            Watsonx.ai project ID used by AI Broker
 
 MinIO :
---mas_aibroker_storage_host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                            Hostname or service name of the MinIO backend
---mas_aibroker_storage_port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                            Port number MinIO is exposed on
---mas_aibroker_storage_region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                        Storage region used in MinIO (if applicable)
---mas_aibroker_storage_accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                  Access key to authenticate with MinIO
---mas_aibroker_storage_secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                  Secret key for authenticating with MinIO
---mas_aibroker_storage_pipelines_bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}    The MinIO bucket used to store pipeline assets
---mas_aibroker_storage_ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                              Whether MinIO uses SSL (true/false)
+--mas-aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                            Hostname or service name of the MinIO backend
+--mas-aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                            Port number MinIO is exposed on
+--mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                        Storage region used in MinIO (if applicable)
+--mas-aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                  Access key to authenticate with MinIO
+--mas-aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                  Secret key for authenticating with MinIO
+--mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}    The MinIO bucket used to store pipeline assets
+--mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                              Whether MinIO uses SSL (true/false)
 
 
 Automatic GitHub Push (Optional):
@@ -148,109 +148,108 @@ function gitops_aibroker_tenant_noninteractive() {
         ;;
 
       # -- AIBroker
-      --aibroker_namespace)
+      --aibroker-namespace)
         export AIBROKER_NAMESPACE=$1 && shift
         ;;
-      --mas_aibroker_provision_tenant)
+      --mas-aibroker-provision-tenant)
         export MAS_AIBROKER_PROVISION_TENANT=$1 && shift
         ;;
-      --mas_instance_id)
+      --mas-instance-id)
         export MAS_INSTANCE_ID=$1 && shift
         ;;
       --tenantNamespace)
         export TENANT_NAMESPACE=$1 && shift
         ;;
-      --cluster_domain)
+      --cluster-domain)
         export CLUSTER_DOMAIN=$1 && shift
         ;;
-      --in_saas_env)
+      --in-saas-env)
         export IN_SAAS_ENV=$1 && shift
         ;;
-      --ibm_entitlement_key)
+      --ibm-entitlement-key)
         export IBM_ENTITLEMENT_KEY=$1 && shift
         ;;
-      --mas_icr_cp)
+      --mas-icr-cp)
         export MAS_ICR_CP=$1 && shift
         ;;
-      --mas_icr_cpopen)
+      --mas-icr-cpopen)
         export MAS_ICR_CPOPEN=$1 && shift
         ;;
 
       # -- DRO
-      --artifactory_token)
+      --artifactory-token)
         export ARTIFACTORY_TOKEN=$1 && shift
         ;;
-      --drocfg_url)
+      --drocfg-url)
         export DROCFG_URL=$1 && shift
         ;;
-      --mas_aibroker_dro_token_secret)
+      --mas-aibroker-dro-token-secret)
         export MAS_AIBROKER_DRO_TOKEN_SECRET=$1 && shift
         ;;
-      --drocfg_ca)
+      --drocfg-ca)
         export DROCFG_CA=$1 && shift
         ;;
-      --drocfg_registration_key)
+      --drocfg-registration-key)
         export DROCFG_REGISTRATION_KEY=$1 && shift
         ;;
 
       # -- SLS
-      --slscfg_url)
+      --slscfg-url)
         export SLSCFG_URL=$1 && shift
         ;;
-      --slscfg_registration_key)
+      --slscfg-registration-key)
         export SLSCFG_REGISTRATION_KEY=$1 && shift
         ;;
-      --mas_aibroker_sls_subscription_id)
+      --mas-aibroker-sls-subscription-id)
         export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=$1 && shift
         ;;
-      --slscfg_client_id)
+      --slscfg-clientId)
         export SLSCFG_CLIENT_ID=$1 && shift
         ;;
-      --slscfg_ca)
+      --slscfg-ca)
         export SLSCFG_CA=$1 && shift
         ;;
-      --slscfg_tls)
+      --slscfg-tls)
         export SLSCFG_TLS=$1 && shift
         ;;
-      --slscfg_key)
+      --slscfg-key)
         export SLSCFG_KEY=$1 && shift
         ;;
 
       # -- Watsonx
-      --mas_aibroker_watsonxai_url)
+      --mas-aibroker-watsonxai-url)
         export MAS_AIBROKER_WATSONXAI_URL=$1 && shift
         ;;
-      --mas_aibroker_watsonxai_apikey)
+      --mas-aibroker-watsonxai-apikey)
         export MAS_AIBROKER_WATSONXAI_APIKEY=$1 && shift
         ;;
-      --mas_aibroker_watsonxai_project_id)
+      --mas-aibroker-watsonxai-project-id)
         export MAS_AIBROKER_WATSONXAI_PROJECT_ID=$1 && shift
         ;;
 
       # -- MinIO
-      --mas_aibroker_storage_host)
+      --mas-aibroker-storage-host)
         export MAS_AIBROKER_STORAGE_HOST=$1 && shift
         ;;
-      --mas_aibroker_storage_port)
+      --mas-aibroker-storage-port)
         export MAS_AIBROKER_STORAGE_PORT=$1 && shift
         ;;
-      --mas_aibroker_storage_region)
+      --mas-aibroker-storage-region)
         export MAS_AIBROKER_STORAGE_REGION=$1 && shift
         ;;
-      --mas_aibroker_storage_accesskey)
+      --mas-aibroker-storage-accesskey)
         export MAS_AIBROKER_STORAGE_ACCESSKEY=$1 && shift
         ;;
-      --mas_aibroker_storage_secretkey)
+      --mas-aibroker-storage-secretkey)
         export MAS_AIBROKER_STORAGE_SECRETKEY=$1 && shift
         ;;
-      --mas_aibroker_storage_pipelines_bucket)
+      --mas-aibroker-storage-pipelines-bucket)
         export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET=$1 && shift
         ;;
-      --mas_aibroker_storage_ssl)
+      --mas-aibroker-storage-ssl)
         export MAS_AIBROKER_STORAGE_SSL=$1 && shift
         ;;
 
-     
       # Automatic GitHub Push
       -P|--github-push)
         export GITHUB_PUSH=true
@@ -298,21 +297,21 @@ function gitops_aibroker_tenant_noninteractive() {
 
   # add validation below like above  for those variable which have the value needed for further execution
   # -- AIBroker
-  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas_instance_id."
+  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
   [[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_tenant_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
-  [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_tenant_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster_domain."
+  [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_tenant_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster-domain."
   
   # -- DRO
-  [[ -z "$DROCFG_URL" ]] && gitops_aibroker_tenant_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg_url."
+  [[ -z "$DROCFG_URL" ]] && gitops_aibroker_tenant_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg-url."
   
   # -- SLS
-  [[ -z "$SLSCFG_URL" ]] && gitops_aibroker_tenant_help "SLSCFG_URL is not set. Please specify the SLS configuration URL using --slscfg_url."
-  [[ -z "$SLSCFG_CLIENT_ID" ]] && gitops_aibroker_tenant_help "SLSCFG_CLIENT_ID is not set. Please provide the SLS client ID using --slscfg_client_Id."
+  [[ -z "$SLSCFG_URL" ]] && gitops_aibroker_tenant_help "SLSCFG_URL is not set. Please specify the SLS configuration URL using --slscfg-url."
+  [[ -z "$SLSCFG_CLIENT_ID" ]] && gitops_aibroker_tenant_help "SLSCFG_CLIENT_ID is not set. Please provide the SLS client ID using --slscfg-client-Id."
 
   # -- Watsonx
-  [[ -z "$MAS_AIBROKER_WATSONXAI_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --mas_aibroker_watsonxai_url."
-  [[ -z "$MAS_AIBROKER_WATSONXAI_APIKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_APIKEY is not set. Please provide the Watsonx.ai API key using --mas_aibroker_watsonxai_apikey."
-  [[ -z "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_PROJECT_ID is not set. Please specify the Watsonx.ai project ID using --mas_aibroker_watsonxai_project_id."
+  [[ -z "$MAS_AIBROKER_WATSONXAI_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --mas-aibroker-watsonxai-url."
+  [[ -z "$MAS_AIBROKER_WATSONXAI_APIKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_APIKEY is not set. Please provide the Watsonx.ai API key using --mas-aibroker-watsonxai-apikey."
+  [[ -z "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_PROJECT_ID is not set. Please specify the Watsonx.ai project ID using --mas-aibroker-watsonxai-project-id."
 
 }
 

From 5214dd41464468a274d04c0073b65f1d8e2a57b3 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Tue, 10 Jun 2025 14:56:44 +0530
Subject: [PATCH 065/258] mandatory variable condition added

---
 image/cli/mascli/functions/gitops_odh | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 41ad506c8a3..c9c96a80fdf 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -103,8 +103,8 @@ function gitops_odh_noninteractive() {
 
 
   export OPENSHIFT_NAMESPACE="${OPENSHIFT_NAMESPACE:-"openshift-operators"}"
-  export ODH_PIPELINE_CHANNEL="${ODH_PIPELINE_CHANNEL:-"latest"}"
-  export ODH_PIPELINE_INSTALLPLAN="${ODH_PIPELINE_INSTALLPLAN:-"Automatic"}"
+  #export ODH_PIPELINE_CHANNEL="${ODH_PIPELINE_CHANNEL:-"latest"}"
+  #export ODH_PIPELINE_INSTALLPLAN="${ODH_PIPELINE_INSTALLPLAN:-"Automatic"}"
   export PIPELINE_CATALOG_SOURCE="${PIPELINE_CATALOG_SOURCE:-"redhat-operators"}"
   export SERVICE_MESH_NAMESPACE="${SERVICE_MESH_NAMESPACE:-"openshift-operators"}"
   export SERVICE_MESH_CHANNEL="${SERVICE_MESH_CHANNEL:-"stable"}"
@@ -133,8 +133,8 @@ function gitops_odh_noninteractive() {
   export SERVERLESS_OPERATOR_SOURCE_NAMESPACE="${SERVERLESS_OPERATOR_SOURCE_NAMESPACE:-"openshift-marketplace"}"
 
   export OPENDATAHUB_OPERATORGROUP_NAME="${OPENDATAHUB_OPERATORGROUP_NAME:-"opendatahub-operator-group"}"
-  export OPENDATAHUB_NAME="${OPENDATAHUB_NAME:-"opendatahub-operator"}"
-  export OPENDATAHUB_NAMESPACE="${OPENDATAHUB_NAMESPACE:-"opendatahub"}"
+  #export OPENDATAHUB_NAME="${OPENDATAHUB_NAME:-"opendatahub-operator"}"
+  #export OPENDATAHUB_NAMESPACE="${OPENDATAHUB_NAMESPACE:-"opendatahub"}"
   export OPENDATAHUB_INSTALLPLAN_APPROVAL="${OPENDATAHUB_INSTALLPLAN_APPROVAL:-"Manual"}"
   export OPENDATAHUB_CHANNEL="${OPENDATAHUB_CHANNEL:-"fast"}"
   export OPENDATAHUB_SOURCE="${OPENDATAHUB_SOURCE:-"community-operators"}"
@@ -229,10 +229,12 @@ function gitops_odh_noninteractive() {
       --opendatahub-source)
         export OPENDATAHUB_SOURCE=$1 && shift
         ;;
+      --opendatahub-namespace)
+        export OPENDATAHUB_NAMESPACE=$1 && shift
+        ;;
       --opendatahub-source-namespace)
         export OPENDATAHUB_SOURCE_NAMESPACE=$1 && shift
         ;;
-
       --odh-pipeline-name)
         export ODH_PIPELINE_NAME=$1 && shift
         ;;
@@ -353,6 +355,19 @@ function gitops_odh_noninteractive() {
   [[ -z "$ACCOUNT_ID" ]] && gitops_odh_help "Missing ACCOUNT_ID"
   [[ -z "$CLUSTER_ID" ]] && gitops_odh_help "Missing CLUSTER_ID"
   [[ -z "$MAS_INSTANCE_ID" ]] && gitops_odh_help "Missing MAS_INSTANCE_ID"
+
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    [[ -z "$GITHUB_HOST" ]] && gitops_odh_help "GITHUB_HOST is not set"
+    [[ -z "$GITHUB_ORG" ]] && gitops_odh_help "GITHUB_ORG is not set"
+    [[ -z "$GITHUB_REPO" ]] && gitops_odh_help "GITHUB_REPO is not set"
+    [[ -z "$GIT_BRANCH" ]] && gitops_odh_help "GIT_BRANCH is not set"
+  fi
+  #odh variables
+  [[ -z "$ODH_PIPELINE_CHANNEL" ]] && gitops_odh_help "ODH_PIPELINE_CHANNEL is not set. Please provide the ODH PIPELINE CHANNEL using --odh-pipeline-channel."
+  [[ -z "$ODH_PIPELINE_INSTALLPLAN" ]] && gitops_odh_help "ODH_PIPELINE_INSTALLPLAN is not set. Please provide the OODH_PIPELINE_INSTALLPLAN using --odh-pipeline-installplan."
+  [[ -z "$OPENDATAHUB_NAME" ]] && gitops_odh_help "OPENDATAHUB_NAME is not set. Please provide the OPENDATAHUB NAME using --opendatahub-name."
+  [[ -z "$OPENDATAHUB_NAMESPACE" ]] && gitops_odh_help "OPENDATAHUB_NAMESPACE is not set. Please provide the OPENDATAHUB NAMESPACE using --opendatahub-namespace."
+
 }
 
 function gitops_odh() {

From 66ae4eb4a0e4472f8175211caaeaeded838459ff Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 10 Jun 2025 14:27:14 +0530
Subject: [PATCH 066/258] Update gitops_aibroker_tenant

removed temp dir
---
 image/cli/mascli/functions/gitops_aibroker_tenant | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index a2314a34481..92a9812a4af 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -333,8 +333,8 @@ function gitops_aibroker_tenant() {
   rm -rf $GITOPS_WORKING_DIR
   mkdir -p ${GITOPS_WORKING_DIR}
   GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}
-  TEMP_DIR=$GITOPS_CLUSTER_DIR/${MAS_INSTANCE_ID}
-  mkdir -p ${TEMP_DIR}
+  # TEMP_DIR=$GITOPS_CLUSTER_DIR/${MAS_INSTANCE_ID}
+  # mkdir -p ${TEMP_DIR}
 
   echo
   reset_colors
@@ -469,7 +469,7 @@ function gitops_aibroker_tenant() {
       remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
     fi
 
-    rm -rf $TEMP_DIR
+    # rm -rf $TEMP_DIR
     rm -rf $GITOPS_WORKING_DIR
 
   exit 0

From ee8c5029ad521fd2630f300c92e9355d4ac01676 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 10 Jun 2025 14:30:39 +0530
Subject: [PATCH 067/258] cherry-pick 5199a3f10d conflict

---
 .secrets.baseline | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.secrets.baseline b/.secrets.baseline
index fb2f746342b..133910abee9 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,11 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
+<<<<<<< HEAD
   "generated_at": "2026-05-10T18:20:55Z",
+=======
+  "generated_at": "2025-06-10T09:00:21Z",
+>>>>>>> 5199a3f10d (Update .secrets.baseline)
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From 52b4be5764c3fba8cbc846882c28a1e8b914b713 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 10 Jun 2025 15:21:21 +0530
Subject: [PATCH 068/258] Update gitops_aibroker_tenant

added valid path
---
 image/cli/mascli/functions/gitops_aibroker_tenant | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 92a9812a4af..7c375c04196 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -332,7 +332,7 @@ function gitops_aibroker_tenant() {
 
   rm -rf $GITOPS_WORKING_DIR
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
   # TEMP_DIR=$GITOPS_CLUSTER_DIR/${MAS_INSTANCE_ID}
   # mkdir -p ${TEMP_DIR}
 

From 99a867754ebc245b4b27216c34df3fa4fa872e1c Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 10 Jun 2025 15:23:46 +0530
Subject: [PATCH 069/258] cherry-pick e3aecc6429 conflict

---
 .secrets.baseline | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 133910abee9..fb2f746342b 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,11 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-<<<<<<< HEAD
   "generated_at": "2026-05-10T18:20:55Z",
-=======
-  "generated_at": "2025-06-10T09:00:21Z",
->>>>>>> 5199a3f10d (Update .secrets.baseline)
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From 56f4f75d6e86f43b71e88c69a38a77c35d70eb94 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 10 Jun 2025 16:00:19 +0530
Subject: [PATCH 070/258] cherry-pick f7c6bf12e6 conflict

---
 .../appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 | 2 +-
 tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 359bc4d449c..98f4ab1cd5c 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -24,7 +24,7 @@ ibm_aibroker_tenant:
   slscfg_url: "{{ SLSCFG_URL }}"
   slscfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_REGISTRATION_KEY }}>"
   mas_aibroker_sls_subscription_id: "{{ MAS_AIBROKER_SLS_SUBSCRIPTION_ID }}"
-  slscfg_clientId: "{{ SLSCFG_CLIENTID }}"
+  slscfg_clientId: "{{ SLSCFG_CLIENT_ID }}"
   slscfg_ca: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_CA }}>"
   slscfg_tls: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_TLS }}>"
   slscfg_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_KEY }}>"
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index d0b4a419492..2e82733481d 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -164,7 +164,7 @@ spec:
       - name: MAS_AIBROKER_SLS_SUBSCRIPTION_ID
         value: $(params.mas_aibroker_sls_subscription_id)
 
-      - name: SLSCFG_CLIENTID
+      - name: SLSCFG_CLIENT_ID
         value: $(params.slscfg_clientId)
 
       - name: SLSCFG_CA

From ee94bdd319c70459353db4a800268d14588adaf1 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Wed, 11 Jun 2025 14:25:26 +0530
Subject: [PATCH 071/258] rm hard code ,unused keys

---
 image/cli/mascli/functions/gitops_aibroker    | 221 ++++++++++--------
 .../cluster/instance/ibm-aibroker.yaml.j2     |  51 ++--
 2 files changed, 144 insertions(+), 128 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 603efd19e7c..7ec3f732503 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -92,27 +92,23 @@ function gitops_aibroker_noninteractive() {
    #only export below in whiel loop
 
   #adding default values 
-  export PRIMARY_STORAGE_CLASS=${PRIMARY_STORAGE_CLASS:-"nfs-client"}
+  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${MAS_INSTANCE_ID}-aibroker"}
+  export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
-  export ARTIFACTORY_USERNAME=${ARTIFACTORY_USERNAME:-"pmqcloud@us.ibm.com"}
-  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
-  export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
-  export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
-  export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
-  export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
-  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-sremat-aibroker"}
-  export MAS_INSTACE_ID=${MAS_INSTACE_ID:-"sremat"}
-  export MAS_AIBROKER_WATSONX_SECRET=${MAS_AIBROKER_WATSONX_SECRET:-"sremat-watsonxcfg"}
-  export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"minio"}
-  export MAS_AIBROKER_MINIO_SECRET=${MAS_AIBROKER_MINIO_SECRET:-"minio-secret"}
+  #dro
+  # -- SLS Defaults
+  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}} 
+  export MAS_APP_ID=${MAS_APP_ID:-"aibroker"}
+  export MAS_AIBROKER_WATSONX_SECRET=${MAS_AIBROKER_WATSONX_SECRET:-"${MAS_APP_ID}-watsonxcfg"}
+  export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}
+  #Minio Defaults
+  export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
   export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
- # export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
-  export MAS_APP_CHANNEL=${MAS_APP_CHANNEL:-"workspace"}
+  export MAS_AIBROKER_MINIO_SECRET=${MAS_AIBROKER_MINIO_SECRET:-"${MAS_APP_ID}-miniocfg"}
   export MAS_CATALOG_SOURCE=${MAS_CATALOG_SOURCE:-"ibm-operator-catalog"}
-  export CLUSTER_DOMAIN=${CLUSTER_DOMAIN:-"sremat-test.cp.fyre.ibm.com"}
-  export IN_SAAS_ENV=${IN_SAAS_ENV:-"false"}
-  export MAS_AIBROKER_MARIADB_SECRET=${MAS_AIBROKER_MARIADB_SECRET:-"sremat-mariadbcfge"}
+  #-- mariadb defaults
+  export MAS_AIBROKER_MARIADB_SECRET=${MAS_AIBROKER_MARIADB_SECRET:-"${MAS_APP_ID}-mariadbcfge"}
 
 
   while [[ $# -gt 0 ]]
@@ -147,60 +143,42 @@ function gitops_aibroker_noninteractive() {
         export SECRETS_PATH=$1 && shift
         ;;
 
+       --aibroker-namespace)
+          export AIBROKER_NAMESPACE=$1 && shift
+        ;;
+       --in-saas-env)
+          export IN_SAAS_ENV=$1 && shift
+        ;;
       --mas-icr-cp)
         export MAS_ICR_CP=$1 && shift
         ;;
       --mas-icr-cpopen)
         export MAS_ICR_CPOPEN=$1 && shift
         ;;
-      --artifactory-username)
-        export ARTIFACTORY_USERNAME=$1 && shift
-        ;;
+
       --region-id)
         export REGION_ID=$1 && shift
         ;;
-      --minio_namespace)
-        export MINIO_NAMESPACE=$1 && shift
-        ;;
-      --minio-instance-name)
-          export MINIO_INSTANCE_NAME=$1 && shift
-        ;;
-      --minio-storage-size)
-          export MINIO_STORAGE_SIZE=$1 && shift
-        ;;
-      --minio-image)
-          export MINIO_IMAGE=$1 && shift
-        ;;
-      --aibroker-namespace)
-          export AIBROKER_NAMESPACE=$1 && shift
-        ;;
-      --mas-instance-id)
-          export MAS_INSTACE_ID=$1 && shift
-        ;;
+
       --mas-aibroker-watsonx-secret)
           export MAS_AIBROKER_WATSONX_SECRET=$1 && shift
         ;;
       --mas-aibroker-storage-provider)
           export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
         ;;
-      --mas-aibroker-minio-secret)
-          export MAS_AIBROKER_MINIO_SECRET=$1 && shift
+      --mas-aibroker-storage-region)
+        export MAS_AIBROKER_STORAGE_REGION=$1 && shift
         ;;
       --mas-aibroker-storage-ssl)
-          export MAS_AIBROKER_STORAGE_SSL=$1 && shift
+        export MAS_AIBROKER_STORAGE_SSL=$1 && shift
         ;;
-      --mas-app-channel)
-          export MAS_APP_CHANNEL=$1 && shift
+      --mas-aibroker-minio-secret)
+          export MAS_AIBROKER_MINIO_SECRET=$1 && shift
         ;;
       --mas-catalog-source)
           export MAS_CATALOG_SOURCE=$1 && shift
         ;;
-      --cluster-domain)
-          export CLUSTER_DOMAIN=$1 && shift
-        ;;
-      --in-saas-env)
-          export IN_SAAS_ENV=$1 && shift
-        ;;
+
       --mas-aibroker-mariadb-secret)
           export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
         ;;
@@ -242,42 +220,29 @@ function gitops_aibroker_noninteractive() {
   done
 
 
-  [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_help "CLUSTER_ID is not set"
-  #[[ -z "$INSTANCE_ID" ]] && gitops_aibroker_help "INSTANCE_ID is not set"
+  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_aibroker_help "GITOPS_WORKING_DIR is not set"
   [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
-  #[[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_help "MAS_INSTANCE_ID is not set"
+  [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_help "CLUSTER_ID is not set"
+  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_aibroker_help "REGION_ID or SM_AWS_REGION is not set"
 
-   if [[ "$GITHUB_PUSH" == "true" ]]; then
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
     [[ -z "$GITHUB_HOST" ]] && gitops_aibroker_help "GITHUB_HOST is not set"
     [[ -z "$GITHUB_ORG" ]] && gitops_aibroker_help "GITHUB_ORG is not set"
     [[ -z "$GITHUB_REPO" ]] && gitops_aibroker_help "GITHUB_REPO is not set"
     [[ -z "$GIT_BRANCH" ]] && gitops_aibroker_help "GIT_BRANCH is not set"
-    [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_aibroker_help "PRIMARY_STORAGE_CLASS is not set"
-    [[ -z "$MAS_ICR_CP" ]] && gitops_aibroker_help "MAS_ICR_CP is not set"
-    [[ -z "$MAS_ICR_CPOPEN" ]] && gitops_aibroker_help "MAS_ICR_CPOPEN is not set"
-    [[ -z "$ARTIFACTORY_USERNAME" ]] && gitops_aibroker_help "ARTIFACTORY_USERNAME is not set"
-    [[ -z "$REGION_ID" ]] && gitops_aibroker_help "REGION_ID is not set"
-    [[ -z "$MINIO_NAMESPACE" ]] && gitops_aibroker_help "MINIO_NAMESPACE is not set"
-    [[ -z "$MINIO_INSTANCE_NAME" ]] && gitops_aibroker_help "MINIO_INSTANCE_NAME is not set"
-    [[ -z "$MINIO_STORAGE_SIZE" ]] && gitops_aibroker_help "MINIO_STORAGE_SIZE is not set"
-    [[ -z "$MINIO_IMAGE" ]] && gitops_aibroker_help "MINIO_IMAGE is not set"
-    [[ -z "$AIBROKER_NAMESPACE" ]] && gitops_aibroker_help "AIBROKER_NAMESPACE is not set"
-    [[ -z "$MAS_INSTACE_ID" ]] && gitops_aibroker_help "MAS_INSTACE_ID is not set"
-    [[ -z "$MAS_AIBROKER_WATSONX_SECRET" ]] && gitops_aibroker_help "MAS_AIBROKER_WATSONX_SECRET is not set"
-    [[ -z "$MAS_AIBROKER_STORAGE_PROVIDER" ]] && gitops_aibroker_help "MAS_AIBROKER_STORAGE_PROVIDER is not set"
-    [[ -z "$MAS_AIBROKER_MINIO_SECRET" ]] && gitops_aibroker_help "MAS_AIBROKER_MINIO_SECRET is not set"
-    [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_help "MAS_AIBROKER_STORAGE_SSL is not set"
-   # [[ -z "$MAS_AIBROKER_STORAGE_REGION" ]] && gitops_aibroker_help "MAS_AIBROKER_STORAGE_REGION is not set"
-    [[ -z "$MAS_APP_CHANNEL" ]] && gitops_aibroker_help "MAS_APP_CHANNEL is not set"
-    [[ -z "$MAS_CATALOG_SOURCE" ]] && gitops_aibroker_help "MAS_CATALOG_SOURCE is not set"
-    [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_help "CLUSTER_DOMAIN is not set"
-    [[ -z "$IN_SAAS_ENV" ]] && gitops_aibroker_help "IN_SAAS_ENV is not set"
-    [[ -z "$MAS_AIBROKER_MARIADB_SECRET" ]] && gitops_aibroker_help "MAS_AIBROKER_MARIADB_SECRET is not set"
-
+    
   fi
 
 # add validation below like above  for those variable which have the value needed for further execution
-
+# -- AIBroker
+  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
+  [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_aibroker_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
+  #[[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
+  [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster-domain."
+  [[ -z "$ARTIFACTORY_USERNAME" ]] && gitops_aibroker_help "ARTIFACTORY_USERNAME is not set. Please provide the artifactory username using --artifactory-username"
+  [[ -z "$MAS_APP_CHANNEL" ]] && gitops_aibroker_help "MAS_APP_CHANNEL is not set. Please provide the mas app channel using --mas-app-channel"
+  # -- DRO
+  #[[ -z "$DROCFG_URL" ]] && gitops_aibroker_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg-url."
 
 }
 
@@ -307,8 +272,34 @@ function gitops_aibroker() {
 
   echo "${TEXT_DIM}"
   echo_h2 "Target" "    "
-  echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}"
-  echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
+  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
+  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "AWS Secrets Manager" "    "
+  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
+  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
+  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
+  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+    echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}"
+    echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}"
+    echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}"
+    echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}"
+  else
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+  fi
   reset_colors
 
 # echo all the variables ofgitops+envs
@@ -335,56 +326,78 @@ function gitops_aibroker() {
   echo_reset_dim "MAS AI Broker DB Database ............. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_DATABASE}"
   echo_reset_dim "MAS AI Broker DB Secret Name .......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_NAME}"
   echo_reset_dim "MAS AI Broker DB Secret Value ......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_VALUE}"
-  echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
-  echo_reset_dim "MAS AI Broker DB Host ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_HOST}"
-  echo_reset_dim "MAS AI Broker MariaDB Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_MARIADB_SECRET}"
-  echo_reset_dim "MAS AI Broker DB Port ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_PORT}"
-  echo_reset_dim "MAS AI Broker DB User ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_USER}"
-  echo_reset_dim "MAS AI Broker DB Database ............. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_DATABASE}"
-  echo_reset_dim "MAS AI Broker DB Secret Name .......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_NAME}"
-  echo_reset_dim "MAS AI Broker DB Secret Value ......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_VALUE}"
+  
   echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
 
 
-
-   AVP_TYPE=aws  # Support for IBM will be added later
+  echo_reset_dim "SLS Config Registration Key ............ ${COLOR_MAGENTA}${SLSCFG_REGISTRATION_KEY}"
+  echo_reset_dim "DRO Config CA .......................... ${COLOR_MAGENTA}${DROCFG_CA}"
+  echo_reset_dim "DRO Config Registration Key ............ ${COLOR_MAGENTA}${DROCFG_REGISTRATION_KEY}"
+  echo_reset_dim "DRO Config URL ......................... ${COLOR_MAGENTA}${DROCFG_URL}"
+  echo_reset_dim "JDBC Config Username ................... ${COLOR_MAGENTA}${JDBCCFG_USERNAME}"
+  echo_reset_dim "JDBC Config Password ................... ${COLOR_MAGENTA}${JDBCCFG_PASSWORD}"
+  echo_reset_dim "JDBC Config URL ........................ ${COLOR_MAGENTA}${JDBCCFG_URL}"
+  echo_reset_dim "JDBC SSL Enabled ....................... ${COLOR_MAGENTA}${JDBCCFG_SSLENABLED}"
+  echo_reset_dim "JDBC Config CA ......................... ${COLOR_MAGENTA}${JDBCCFG_CA}"
+  echo_reset_dim "MAS Entitlement Key .................... ${COLOR_MAGENTA}${MAS_ENTITLEMENT_KEY}"
+  echo_reset_dim "Artifactory Username ................... ${COLOR_MAGENTA}${ARTIFACTORY_USERNAME}"
+  echo_reset_dim "Artifactory Token ...................... ${COLOR_MAGENTA}${ARTIFACTORY_TOKEN}"
+  echo_reset_dim "MAS App Channel ........................ ${COLOR_MAGENTA}${MAS_APP_CHANNEL}"
+  echo_reset_dim "MAS Catalog Source ..................... ${COLOR_MAGENTA}${MAS_CATALOG_SOURCE}"
+  echo_reset_dim "MAS ICR CP ............................. ${COLOR_MAGENTA}${MAS_ICR_CP}"
+  echo_reset_dim "MAS ICR CPOpen ......................... ${COLOR_MAGENTA}${MAS_ICR_CPOPEN}"
+  echo_reset_dim "Cluster Domain ......................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
+  echo_reset_dim "In SaaS Environment .................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
+
+
+  AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
   # update those varialbe which are necessory to be updated into aws , 
   SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
 
-  export image_pull_secret_b64=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
+
+  export SECRET_KEY_IBM_ENTITLEMENT=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
+
+  #minio
   # mas_aibroker_storage_accesskey
-  export SM_MINIO_ACCESSKEY=${SECRETS_PREFIX}minio#sm_minio_accesskey
-  # mas_aibroker_storage_secretkey
-  export SM_MINIO_SECRETKEY=${SECRETS_PREFIX}minio#sm_minio_secretkey
+  export SECRET_KEY_MINIO_ACCESSKEY=${SECRETS_PREFIX}minio#sm_minio_accesskey
+  export SECRET_KEY_MINIO_SECRETKEY=${SECRETS_PREFIX}minio#sm_minio_secretkey
   # mas_aibroker_storage_host
-  export SM_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
-  # mas_aibroker_storage_port
-  export SM_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
+  export SECRET_KEY_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
+  export SECRET_KEY_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
   # mas_aibroker_storage_templates_bucket
   export SM_MINIO_BUCKET_TEMPLATES=${SECRETS_PREFIX}minio#sm_minio_bucket_templates
   # mas_aibroker_storage_tenants_bucket
   export SM_MINIO_BUCKET_TENANTS=${SECRETS_PREFIX}minio#sm_minio_bucket_tenants
   # mas_aibroker_storage_pipelines_bucket
   export SM_MINIO_BUCKET_PIPELINES=${SECRETS_PREFIX}minio#sm_minio_bucket_pipelines
+
+
+  #mariadb
   export MAS_AIBROKER_DB_HOST=${SECRETS_PREFIX}mariadb#sm_mariadb_host
   export MAS_AIBROKER_DB_PORT=${SECRETS_PREFIX}mariadb#sm_mariadb_port
   export MAS_AIBROKER_DB_USER=${SECRETS_PREFIX}mariadb#sm_mariadb_user
   export MAS_AIBROKER_DB_DATABASE=${SECRETS_PREFIX}mariadb#sm_mariadb_database
   export MAS_AIBROKER_DB_SECRET_NAME=${SECRETS_PREFIX}mariadb#sm_mariadb_secret_name
   export MAS_AIBROKER_DB_SECRET_VALUE=${SECRETS_PREFIX}mariadb#sm_mariadb_secret_value
+
+  #sls
   export SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
+  #dro
   export DROCFG_CA=${SECRETS_PREFIX}dro#drocfg_ca
   export DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}dro#drocfg_registration_key
   export DROCFG_URL=${SECRETS_PREFIX}dro#drocfg_url
+  #jdbc
   export JDBCCFG_USERNAME=${SECRETS_PREFIX}jdbc#jdbccfg_username
   export JDBCCFG_PASSWORD=${SECRETS_PREFIX}jdbc#jdbccfg_password
   export JDBCCFG_URL=${SECRETS_PREFIX}jdbc#jdbccfg_url
   export JDBCCFG_SSLENABLED=${SECRETS_PREFIX}jdbc#jdbccfg_sslenabled
   export JDBCCFG_CA=${SECRETS_PREFIX}jdbc#jdbccfg_ca
+
   export MAS_ENTITLEMENT_KEY=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
-  export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#aibroker_image_pull_secret_b64
+  export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
   # check if those are already present 
+  
   # and update them 
 
   # finally get values into tempalte 
@@ -394,10 +407,13 @@ function gitops_aibroker() {
   # updated var in sm 
   # and git repo 
 
+  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
+  sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url"
+  sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
+  sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_templates,sm_minio_bucket_tenants,sm_minio_bucket_pipelines"
+  sm_verify_secret_exists ${SECRETS_PREFIX}mariadb "sm_mariadb_host,sm_mariadb_port,sm_mariadb_user,sm_mariadb_database,sm_mariadb_secret_name,sm_mariadb_secret_value"
 
-  # sm_update_secret and need to pss secrert | idempotent
-  # sm_update_secret $SECRET_NAME_MINIO_AUTH "{\"info\": \"$ESCAPED_INFO\", \"username\": \"$SECRET_KEY_MINIO_USER\", \"password\": \"$SECRET_KEY_MINIO_PASSWORD\"}" "${TAGS}"fi
-
+  
 
     if [ -z $GIT_SSH ]; then
       export GIT_SSH=false
@@ -435,6 +451,7 @@ function gitops_aibroker() {
     # rm -rf $TEMP_DIR
     rm -rf $GITOPS_WORKING_DIR
 
-   
-  exit 0
-}
+
+  exit 0 
+
+ }
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
index 30d0e61b8ce..d6ae34dde41 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
@@ -1,37 +1,37 @@
 merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
 
 ibm_aibroker:
-  mas_instance_id: "sremat"
-  aibroker_namespace: "mas-sremat-aibroker"
-  mas_aibroker_watsonx_secret: "sremat-watsonxcfg"
-  pull_secret_name: "<path:{{ SECRETS_PATH }}:{{ image_pull_secret_b64 }}>"
+  mas_instance_id: "{{ MAS_INSTANCE_ID }}"
+  aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
+  mas_aibroker_watsonx_secret: "{{ MAS_AIBROKER_WATSONX_SECRET }}"
+  ibm_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IBM_ENTITLEMENT }}>"
 
+ #minio......
+  mas_aibroker_storage_provider: "{{ MAS_AIBROKER_STORAGE_PROVIDER }}"
+  mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"  #mas_aibroker_minio_secret: "minio-secret"
+  mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
+  mas_aibroker_minio_secret: "{{ MAS_AIBROKER_MINIO_SECRET }}"
+
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_ACCESSKEY }}>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_SECRETKEY }}>"
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_HOST }}>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_PORT }}>"
 
-  # Storage vars
-  mas_aibroker_storage_provider: "minio"
-  mas_aibroker_minio_secret: "minio-secret"
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_ACCESSKEY }}>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_SECRETKEY }}>"
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_HOST }}>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_PORT }}>"
-  mas_aibroker_storage_ssl: "true"
-  mas_aibroker_storage_region: ""
   mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_PIPELINES }}>"
   mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_TENANTS }}>"
   mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_TEMPLATES }}>"
 
-  
+
 
   # MariaDB
   mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_HOST }}>"
-  mas_aibroker_mariadb_secret: "sremat-mariadbcfg"
+  mas_aibroker_mariadb_secret: "{{ MAS_AIBROKER_MARIADB_SECRET }}"
   mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_PORT }}>"
   mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_USER }}>"
   mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_DATABASE }}>"
   mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_SECRET_NAME }}>"
   mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_SECRET_VALUE }}>"
-
-  primary_storage_class: "nfs-client"
+  primary_storage_class: "{{ PRIMARY_STORAGE_CLASS }}"
 
   #SLS
   slscfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SLSCFG_REGISTRATION_KEY }}>"
@@ -52,19 +52,18 @@ ibm_aibroker:
   mas_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ MAS_ENTITLEMENT_KEY }}>"
   
   # Development Registry Entitlement
-  artifactory_username: "pmqcloud@us.ibm.com"
+  artifactory_username: "{{ ARTIFACTORY_USERNAME }}"
   artifactory_token: "<path:{{ SECRETS_PATH }}:{{ ARTIFACTORY_TOKEN }}>"
   # Environment Variable:
-  mas_app_channel: "workspace"
+  mas_app_channel: "{{ MAS_APP_CHANNEL }}"
   # mas_app_channel: "9.1.x-dev"
-  mas_catalog_source: "ibm-operator-catalog"
+  mas_catalog_source: "{{ MAS_CATALOG_SOURCE }}"
 
   # Source container registry
   # -----------------------------------------------------------------------------
-  # mas_icr_cp: "cp.icr.io/cp"
-  # mas_icr_cpopen: "icr.io/cpopen"
-  mas_icr_cp: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"
-  mas_icr_cpopen: "docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"
+ 
+  mas_icr_cp: "{{ MAS_ICR_CP }}"
+  mas_icr_cpopen: "{{ MAS_ICR_CPOPEN }}"
 
-  cluster_domain: "sremat-test.cp.fyre.ibm.com"
-  in_saas_env: "false"
+  cluster_domain: "{{ CLUSTER_DOMAIN }}"
+  in_saas_env: "{{ IN_SAAS_ENV }}"

From aeac49c9221657a131af21ea9b7fb32114234c49 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 10 Jun 2025 16:58:15 +0530
Subject: [PATCH 072/258] cherry-pick f253c5efa1 conflict

---
 image/cli/mascli/functions/gitops_aibroker_tenant          | 7 ++++++-
 .../src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 | 4 ++++
 tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2      | 5 +++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 7c375c04196..46e711f6345 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -17,7 +17,7 @@ Basic Configuration:
 
 ibm_aibroker_tenant(required):
       --mas-instance-id ${COLOR_YELLOW}MAS_INSTACE_ID${TEXT_RESET}                                          The MAS instance ID used by AI Broker
-      --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                       The tenant's Kubernetes namespace
+      --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                        The tenant's Kubernetes namespace
       --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                           The domain name of the Kubernetes cluster (e.g., cluster.local)
       --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
       --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
@@ -31,6 +31,7 @@ AIBroker :
 --aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
 --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant
 --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                               The MAS instance ID used by AI Broker
+--tenant_id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                     The tenant ID for the AI Broker
 --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                             The tenant's Kubernetes namespace
 --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
 --in-saas-env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
@@ -157,6 +158,9 @@ function gitops_aibroker_tenant_noninteractive() {
       --mas-instance-id)
         export MAS_INSTANCE_ID=$1 && shift
         ;;
+      --tenant-id)
+        export TENANT_ID=$1 && shift
+        ;;
       --tenantNamespace)
         export TENANT_NAMESPACE=$1 && shift
         ;;
@@ -378,6 +382,7 @@ function gitops_aibroker_tenant() {
   echo_reset_dim "aibroker namespace ........................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "mas aibroker provision tenant ................ ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
   echo_reset_dim "mas instance ID .............................. ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "tenant ID .................................... ${COLOR_MAGENTA}${TENANT_ID}"
   echo_reset_dim "tenant namespace ............................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
   echo_reset_dim "cluster domain ............................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
   echo_reset_dim "in SaaS environment .......................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index 2d75476e2e8..90bb5d7149d 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -31,6 +31,8 @@ spec:
       type: string
     - name: mas_instance_id
       type: string
+    - name: tenant_id
+      type: string
     - name: tenantNamespace
       type: string
     - name: cluster_domain
@@ -130,6 +132,8 @@ spec:
           value: $(params.mas_aibroker_provision_tenant)
         - name: mas_instance_id
           value: $(params.mas_instance_id)
+        - name: tenant_id
+          value: $(params.tenant_id)
         - name: tenantNamespace
           value: $(params.tenantNamespace)
         - name: cluster_domain
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index 2e82733481d..b7854caacb9 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -30,6 +30,8 @@ spec:
       type: string
     - name: mas_instance_id
       type: string
+    - name: tenant_id
+      type: string
     - name: tenantNamespace
       type: string
     - name: cluster_domain
@@ -122,6 +124,9 @@ spec:
       - name: MAS_INSTANCE_ID
         value: $(params.mas_instance_id)
 
+      - name: TENANT_ID
+        value: $(params.tenant_id)
+
       - name: TENANT_NAMESPACE
         value: $(params.tenantNamespace)
 

From 626f8fb2d02fc8576e7806400756e363cc33e835 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 10 Jun 2025 21:01:06 +0530
Subject: [PATCH 073/258] cherry-pick ee1918c82e conflict

---
 image/cli/mascli/functions/gitops_aibroker_tenant            | 5 -----
 .../src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2   | 4 ----
 tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2        | 5 -----
 3 files changed, 14 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 46e711f6345..54651bee1e7 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -31,7 +31,6 @@ AIBroker :
 --aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
 --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant
 --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                               The MAS instance ID used by AI Broker
---tenant_id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                     The tenant ID for the AI Broker
 --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                             The tenant's Kubernetes namespace
 --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
 --in-saas-env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
@@ -158,9 +157,6 @@ function gitops_aibroker_tenant_noninteractive() {
       --mas-instance-id)
         export MAS_INSTANCE_ID=$1 && shift
         ;;
-      --tenant-id)
-        export TENANT_ID=$1 && shift
-        ;;
       --tenantNamespace)
         export TENANT_NAMESPACE=$1 && shift
         ;;
@@ -382,7 +378,6 @@ function gitops_aibroker_tenant() {
   echo_reset_dim "aibroker namespace ........................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "mas aibroker provision tenant ................ ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
   echo_reset_dim "mas instance ID .............................. ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
-  echo_reset_dim "tenant ID .................................... ${COLOR_MAGENTA}${TENANT_ID}"
   echo_reset_dim "tenant namespace ............................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
   echo_reset_dim "cluster domain ............................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
   echo_reset_dim "in SaaS environment .......................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index 90bb5d7149d..2d75476e2e8 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -31,8 +31,6 @@ spec:
       type: string
     - name: mas_instance_id
       type: string
-    - name: tenant_id
-      type: string
     - name: tenantNamespace
       type: string
     - name: cluster_domain
@@ -132,8 +130,6 @@ spec:
           value: $(params.mas_aibroker_provision_tenant)
         - name: mas_instance_id
           value: $(params.mas_instance_id)
-        - name: tenant_id
-          value: $(params.tenant_id)
         - name: tenantNamespace
           value: $(params.tenantNamespace)
         - name: cluster_domain
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index b7854caacb9..2e82733481d 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -30,8 +30,6 @@ spec:
       type: string
     - name: mas_instance_id
       type: string
-    - name: tenant_id
-      type: string
     - name: tenantNamespace
       type: string
     - name: cluster_domain
@@ -124,9 +122,6 @@ spec:
       - name: MAS_INSTANCE_ID
         value: $(params.mas_instance_id)
 
-      - name: TENANT_ID
-        value: $(params.tenant_id)
-
       - name: TENANT_NAMESPACE
         value: $(params.tenantNamespace)
 

From f914d733f2ace7b0e5c1b6337f25313c5aa4f629 Mon Sep 17 00:00:00 2001
From: Yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Wed, 11 Jun 2025 17:43:48 +0530
Subject: [PATCH 074/258] cherry-pick 90e8ebddd0 conflict

---
 .../mascli/functions/gitops_aibroker_tenant   | 61 +++++++++++++++++-
 .../instance/ibm-aibroker-tenant.yaml.j2      | 19 ++++++
 .../gitops/gitops-mas-aibroker-tenant.yml.j2  | 62 +++++++++++++++++++
 .../gitops/gitops-aibroker-tenant.yml.j2      | 61 ++++++++++++++++++
 4 files changed, 201 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 54651bee1e7..8f7c41284e4 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -102,6 +102,14 @@ function gitops_aibroker_tenant_noninteractive() {
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
+  
+  ##review
+  export MAS_AIBROKER_S3_BUCKET_PREFIX=${MAS_AIBROKER_S3_BUCKET_PREFIX:-"m"}
+  export MAS_AIBROKER_S3_REGION=${MAS_AIBROKER_S3_REGION:-"us-east-2"}
+  export TENANT_ENTITLEMENT_TYPE=${TENANT_ENTITLEMENT_TYPE:-"standard"}
+  export TENANT_ENTITLEMENT_START_DATE=${TENANT_ENTITLEMENT_START_DATE:-"2025-06-11"}
+  export TENANT_ENTITLEMENT_END_DATE=${TENANT_ENTITLEMENT_END_DATE:-"2049-11-11"}
+  ##review
 
   # -- DRO Defaults
   export MAS_AIBROKER_DRO_TOKEN_SECRET=${MAS_AIBROKER_DRO_TOKEN_SECRET:-"dro-token"}
@@ -250,6 +258,44 @@ function gitops_aibroker_tenant_noninteractive() {
         export MAS_AIBROKER_STORAGE_SSL=$1 && shift
         ;;
 
+      ##review
+      --rsl-url)
+        export RSL_URL=$1 && shift
+        ;;
+
+      --rsl-org-id)
+        export SECRET_KEY_RSL_ORG_ID=$1 && shift
+        ;;
+
+      --rsl-token)
+        export SECRET_KEY_RSL_TOKEN=$1 && shift
+        ;;
+
+      --mas-aibroker-s3-endpoint-url)
+        export MAS_AIBROKER_S3_ENDPOINT_URL=$1 && shift
+        ;;
+
+      --mas-aibroker-s3-region)
+        export MAS_AIBROKER_S3_REGION=$1 && shift
+        ;;
+
+      --mas-aibroker-s3-bucket-prefix)
+        export MAS_AIBROKER_S3_BUCKET_PREFIX=$1 && shift
+        ;;
+
+      --tenant-entitlement-type)
+        export TENANT_ENTITLEMENT_TYPE=$1 && shift
+        ;;
+
+      --tenant-entitlement-start-date)
+        export TENANT_ENTITLEMENT_START_DATE=$1 && shift
+        ;;
+
+      --tenant-entitlement-end-date)
+        export TENANT_ENTITLEMENT_END_DATE=$1 && shift
+        ;;
+      ##review  
+
       # Automatic GitHub Push
       -P|--github-push)
         export GITHUB_PUSH=true
@@ -312,7 +358,11 @@ function gitops_aibroker_tenant_noninteractive() {
   [[ -z "$MAS_AIBROKER_WATSONXAI_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --mas-aibroker-watsonxai-url."
   [[ -z "$MAS_AIBROKER_WATSONXAI_APIKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_APIKEY is not set. Please provide the Watsonx.ai API key using --mas-aibroker-watsonxai-apikey."
   [[ -z "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_PROJECT_ID is not set. Please specify the Watsonx.ai project ID using --mas-aibroker-watsonxai-project-id."
-
+  
+  ##review
+  [[ -z "$RSL_URL" ]] && gitops_aibroker_tenant_help "RSL_URL is not set. Please specify the RSL URL using --rsl-url."
+  [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
+  ##review
 }
 
 function gitops_aibroker_tenant() {
@@ -419,6 +469,11 @@ function gitops_aibroker_tenant() {
   export SECRET_KEY_SLSCFG_TLS=${SECRETS_PREFIX}sls#slscfg_tls
   export SECRET_KEY_SLSCFG_KEY=${SECRETS_PREFIX}sls#slscfg_key
 
+  #rsl  ##review
+  export SECRET_KEY_RSL_ORG_ID=${SECRETS_PREFIX}rsl#rsl_org_id
+  export SECRET_KEY_RSL_TOKEN=${SECRETS_PREFIX}rsl#rsl_token
+  ##review
+
   # minio
   export SECRET_KEY_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
   export SECRET_KEY_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
@@ -435,7 +490,9 @@ function gitops_aibroker_tenant() {
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca,slscfg_tls,slscfg_key"
  
   sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_default"
-
+  ##review
+  sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token"
+  ##review
   # finally push them into the git repo
 
     if [ -z $GIT_SSH ]; then
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 98f4ab1cd5c..0313ae656c5 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -13,6 +13,12 @@ ibm_aibroker_tenant:
   mas_icr_cp: "{{ MAS_ICR_CP }}"
   mas_icr_cpopen: "{{ MAS_ICR_CPOPEN }}"
 
+  #tenant ##review
+  tenant_entitlement_type: "{{ TENANT_ENTITLEMENT_TYPE }}"
+  tenant_entitlement_start_date: "{{ TENANT_ENTITLEMENT_START_DATE }}"
+  tenant_entitlement_end_date: "{{ TENANT_ENTITLEMENT_END_DATE }}"
+  ##review
+  
   # dro
   artifactory_token: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_ARTIFACTORY_TOKEN }}>"
   drocfg_url: "{{ DROCFG_URL }}"
@@ -28,7 +34,20 @@ ibm_aibroker_tenant:
   slscfg_ca: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_CA }}>"
   slscfg_tls: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_TLS }}>"
   slscfg_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_KEY }}>"
+  
+  # RSL ##review
+  rsl_url: "{{ RSL_URL }}"
+  rsl_org_id: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_RSL_ORG_ID }}>"
+  rsl_token: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_RSL_TOKEN }}>"
 
+
+  # S3
+  mas_aibroker_s3_endpoint_url: "{{ MAS_AIBROKER_S3_ENDPOINT_URL }}"
+  mas_aibroker_s3_region: "{{ MAS_AIBROKER_S3_REGION }}"
+  mas_aibroker_s3_bucket_prefix: "{{ MAS_AIBROKER_S3_BUCKET_PREFIX }}"
+  ##review
+
+  
   # watsonx
   mas_aibroker_watsonxai_url: "{{ MAS_AIBROKER_WATSONXAI_URL }}"
   mas_aibroker_watsonxai_apikey: "{{ MAS_AIBROKER_WATSONXAI_APIKEY }}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index 2d75476e2e8..e60b228c9a1 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -91,6 +91,38 @@ spec:
       type: string
     - name: mas_aibroker_storage_ssl
       type: string
+    
+    ##review
+    - name: mas_aibroker_s3_endpoint_url
+      type: string
+
+    - name: mas_aibroker_s3_region
+      type: string
+
+    - name: mas_aibroker_s3_bucket_prefix
+      type: string
+
+    - name: rsl_url
+      type: string
+
+    - name: rsl_org_id
+      type: string
+
+    - name: rsl_token
+      type: string
+
+    - name: tenant_entitlement_type
+      type: string
+
+    - name: tenant_entitlement_start_date
+      type: string
+
+    - name: tenant_entitlement_end_date
+      type: string
+
+    ##review
+
+
 
   workspaces:
     - name: configs
@@ -190,3 +222,33 @@ spec:
           value: $(params.mas_aibroker_storage_pipelines_bucket)
         - name: mas_aibroker_storage_ssl
           value: $(params.mas_aibroker_storage_ssl)
+        
+        ##review
+        - name: mas_aibroker_s3_endpoint_url
+          value: $(params.mas_aibroker_s3_endpoint_url)
+
+        - name: mas_aibroker_s3_region
+          value: $(params.mas_aibroker_s3_region)
+
+        - name: mas_aibroker_s3_bucket_prefix
+          value: $(params.mas_aibroker_s3_bucket_prefix)
+
+        - name: rsl_url
+          value: $(params.rsl_url)
+
+        - name: rsl_org_id
+          value: $(params.rsl_org_id)
+
+        - name: rsl_token
+          value: $(params.rsl_token)
+
+        - name: tenant_entitlement_type
+          value: $(params.tenant_entitlement_type)
+
+        - name: tenant_entitlement_start_date
+          value: $(params.tenant_entitlement_start_date)
+
+        - name: tenant_entitlement_end_date
+          value: $(params.tenant_entitlement_end_date)
+        ##review
+
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index 2e82733481d..cb079e25441 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -90,6 +90,37 @@ spec:
       type: string
     - name: mas_aibroker_storage_ssl
       type: string
+
+        ##review
+    - name: mas_aibroker_s3_endpoint_url
+      type: string
+
+    - name: mas_aibroker_s3_region
+      type: string
+
+    - name: mas_aibroker_s3_bucket_prefix
+      type: string
+
+    - name: rsl_url
+      type: string
+
+    - name: rsl_org_id
+      type: string
+
+    - name: rsl_token
+      type: string
+
+    - name: tenant_entitlement_type
+      type: string
+
+    - name: tenant_entitlement_start_date
+      type: string
+
+    - name: tenant_entitlement_end_date
+      type: string
+
+    ##review
+
       
   stepTemplate:
     name: gitops-aibroker-tenant
@@ -206,6 +237,36 @@ spec:
       - name: MAS_AIBROKER_STORAGE_SSL
         value: $(params.mas_aibroker_storage_ssl)
 
+      ##review
+      - name: MAS_AIBROKER_S3_ENDPOINT_URL
+        value: $(params.mas_aibroker_s3_endpoint_url)
+
+      - name: MAS_AIBROKER_S3_REGION
+        value: $(params.mas_aibroker_s3_region)
+
+      - name: MAS_AIBROKER_S3_BUCKET_PREFIX
+        value: $(params.mas_aibroker_s3_bucket_prefix)
+
+      - name: RSL_URL
+        value: $(params.rsl_url)
+
+      - name: RSL_ORG_ID
+        value: $(params.rsl_org_id)
+
+      - name: RSL_TOKEN
+        value: $(params.rsl_token)
+
+      - name: TENANT_ENTITLEMENT_TYPE
+        value: $(params.tenant_entitlement_type)
+
+      - name: TENANT_ENTITLEMENT_START_DATE
+        value: $(params.tenant_entitlement_start_date)
+
+      - name: TENANT_ENTITLEMENT_END_DATE
+        value: $(params.tenant_entitlement_end_date)
+
+      ##review
+            
     envFrom:
       - configMapRef:
           name: environment-properties

From dde83d5d84e6eb04aba1c5b5e881dca14669c83d Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Wed, 11 Jun 2025 16:33:01 +0530
Subject: [PATCH 075/258] new ansible changes added

---
 image/cli/mascli/functions/gitops_aibroker_tenant | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 8f7c41284e4..877bb51ff98 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -259,7 +259,7 @@ function gitops_aibroker_tenant_noninteractive() {
         ;;
 
       ##review
-      --rsl-url)
+            --rsl-url)
         export RSL_URL=$1 && shift
         ;;
 
@@ -361,6 +361,8 @@ function gitops_aibroker_tenant_noninteractive() {
   
   ##review
   [[ -z "$RSL_URL" ]] && gitops_aibroker_tenant_help "RSL_URL is not set. Please specify the RSL URL using --rsl-url."
+  [[ -z "$SECRET_KEY_RSL_ORG_ID" ]] && gitops_aibroker_tenant_help "SECRET_KEY_RSL_ORG_ID is not set. Please specify the RSL Org ID secret key using --rsl-org-id."
+  [[ -z "$SECRET_KEY_RSL_TOKEN" ]] && gitops_aibroker_tenant_help "SECRET_KEY_RSL_TOKEN is not set. Please specify the RSL token secret key using --rsl-token."
   [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
   ##review
 }

From 9298188500bfcdcd37292af25615a615854d367f Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Wed, 11 Jun 2025 16:48:31 +0530
Subject: [PATCH 076/258] Update gitops_aibroker_tenant

---
 image/cli/mascli/functions/gitops_aibroker_tenant | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 877bb51ff98..8f7c41284e4 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -259,7 +259,7 @@ function gitops_aibroker_tenant_noninteractive() {
         ;;
 
       ##review
-            --rsl-url)
+      --rsl-url)
         export RSL_URL=$1 && shift
         ;;
 
@@ -361,8 +361,6 @@ function gitops_aibroker_tenant_noninteractive() {
   
   ##review
   [[ -z "$RSL_URL" ]] && gitops_aibroker_tenant_help "RSL_URL is not set. Please specify the RSL URL using --rsl-url."
-  [[ -z "$SECRET_KEY_RSL_ORG_ID" ]] && gitops_aibroker_tenant_help "SECRET_KEY_RSL_ORG_ID is not set. Please specify the RSL Org ID secret key using --rsl-org-id."
-  [[ -z "$SECRET_KEY_RSL_TOKEN" ]] && gitops_aibroker_tenant_help "SECRET_KEY_RSL_TOKEN is not set. Please specify the RSL token secret key using --rsl-token."
   [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
   ##review
 }

From 62b96a1b14954360cf23879056e6c7ab259a0bc0 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 11 Jun 2025 17:01:10 +0530
Subject: [PATCH 077/258] cherry-pick a0c7a37fbc conflict

---
 .secrets.baseline | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index fb2f746342b..4e15beb4bc8 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -250,9 +250,54 @@
     "image/cli/mascli/functions/gitops_aiservice_tenant": [
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "line_number": 374,
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 338,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_aibroker": [
+      {
+        "hashed_secret": "b60295a714204bc97c6996f5570488d5b20dd46a",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 374,
+        "line_number": 106,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "9f7f51718285e6ea258c75badd21583afe42935e",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 108,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "96af1a52cd8c0d495417dea58e814be0b41891f6",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 115,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_aibroker_tenant": [
+      {
+        "hashed_secret": "db40a6131d9b574bb057875df98fb03f9874d5b4",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 115,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 405,
         "type": "Secret Keyword",
         "verified_result": null
       }

From 9f34390278b7390eff0ef928621a46e623c3d9b5 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Wed, 11 Jun 2025 18:03:49 +0530
Subject: [PATCH 078/258] ansible changes aibroker

---
 image/cli/mascli/functions/gitops_aibroker    | 29 +++++++++++++++++--
 .../cluster/instance/ibm-aibroker.yaml.j2     | 10 +++++++
 .../gitops/gitops-mas-aibroker.yml.j2         | 28 ++++++++++++++++++
 .../src/tasks/gitops/gitops-aibroker.yml.j2   | 27 +++++++++++++++++
 4 files changed, 91 insertions(+), 3 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 7ec3f732503..6a9f4ada6e6 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -110,6 +110,11 @@ function gitops_aibroker_noninteractive() {
   #-- mariadb defaults
   export MAS_AIBROKER_MARIADB_SECRET=${MAS_AIBROKER_MARIADB_SECRET:-"${MAS_APP_ID}-mariadbcfge"}
 
+    ##review
+  export MAS_AIBROKER_S3_BUCKET_PREFIX=${MAS_AIBROKER_S3_BUCKET_PREFIX:-"m"}
+  export MAS_AIBROKER_S3_REGION=${MAS_AIBROKER_S3_REGION:-"us-east-2"}
+  export ENVIRONMENT_TYPE=${ENVIRONMENT_TYPE:-"standard"}
+  ##review
 
   while [[ $# -gt 0 ]]
   do
@@ -182,6 +187,23 @@ function gitops_aibroker_noninteractive() {
       --mas-aibroker-mariadb-secret)
           export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
         ;;
+      ##review
+      --environment-type)
+        export ENVIRONMENT_TYPE=$1 && shift
+        ;;
+
+      --mas-aibroker-s3-endpoint-url)
+        export MAS_AIBROKER_S3_ENDPOINT_URL=$1 && shift
+        ;;
+
+      --mas-aibroker-s3-region)
+        export MAS_AIBROKER_S3_REGION=$1 && shift
+        ;;
+
+      --mas-aibroker-s3-bucket-prefix)
+        export MAS_AIBROKER_S3_BUCKET_PREFIX=$1 && shift
+        ;;
+      ##review
 
       # Automatic GitHub Push
       -P|--github-push)
@@ -243,6 +265,9 @@ function gitops_aibroker_noninteractive() {
   [[ -z "$MAS_APP_CHANNEL" ]] && gitops_aibroker_help "MAS_APP_CHANNEL is not set. Please provide the mas app channel using --mas-app-channel"
   # -- DRO
   #[[ -z "$DROCFG_URL" ]] && gitops_aibroker_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg-url."
+  ##review
+  [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
+  ##review
 
 }
 
@@ -452,6 +477,4 @@ function gitops_aibroker() {
     rm -rf $GITOPS_WORKING_DIR
 
 
-  exit 0 
-
- }
+  exit 0 
\ No newline at end of file
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
index d6ae34dde41..d5b0f0fc507 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
@@ -41,6 +41,16 @@ ibm_aibroker:
   drocfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ DROCFG_REGISTRATION_KEY }}>"
   drocfg_url: "<path:{{ SECRETS_PATH }}:{{ DROCFG_URL }}>"
 
+
+
+  ##review
+  environment_type: "{{ ENVIRONMENT_TYPE }}"
+  # S3 
+  mas_aibroker_s3_endpoint_url: "{{ MAS_AIBROKER_S3_ENDPOINT_URL }}"
+  mas_aibroker_s3_region: "{{ MAS_AIBROKER_S3_REGION }}"
+  mas_aibroker_s3_bucket_prefix: "{{ MAS_AIBROKER_S3_BUCKET_PREFIX }}"
+  ##review  
+
   #JDBC
   jdbccfg_username: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_USERNAME }}>"
   jdbccfg_password: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_PASSWORD }}>"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index f8484a9072c..47b6c0b05c7 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -166,6 +166,21 @@ spec:
     - name: tenantNamespace
       type: string   
 
+    ##review
+    - name: environment_type
+      type: string
+
+    - name: mas_aibroker_s3_endpoint_url
+      type: string
+
+    - name: mas_aibroker_s3_region
+      type: string
+
+    - name: mas_aibroker_s3_bucket_prefix
+      type: string
+
+    ##review
+
   workspaces:
     - name: configs
 
@@ -376,6 +391,19 @@ spec:
           value: $(params.cluster_domain)
         - name: in_saas_env
           value: $(params.in_saas_env)
+        ##review
+        - name: environment_type
+          value: $(params.environment_type)
+
+        - name: mas_aibroker_s3_endpoint_url
+          value: $(params.mas_aibroker_s3_endpoint_url)
+
+        - name: mas_aibroker_s3_region
+          value: $(params.mas_aibroker_s3_region)
+
+        - name: mas_aibroker_s3_bucket_prefix
+          value: $(params.mas_aibroker_s3_bucket_prefix)
+        ##review
 
     # 3.gitops-Kmodel
     # -------------------------------------------------------------------------
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 5eaa8083af1..a36d7180228 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -106,6 +106,20 @@ spec:
       type: string
     - name: in_saas_env
       type: string
+    ##review
+    - name: environment_type
+      type: string
+
+    - name: mas_aibroker_s3_endpoint_url
+      type: string
+
+    - name: mas_aibroker_s3_region
+      type: string
+
+    - name: mas_aibroker_s3_bucket_prefix
+      type: string
+        ##review
+
 
   stepTemplate:
     name: gitops-aibroker
@@ -210,6 +224,19 @@ spec:
         value: $(params.cluster_domain)
       - name: IN_SAAS_ENV
         value: $(params.in_saas_env)
+      ##review
+      - name: environment_type
+        value: $(params.environment_type)
+
+      - name: mas_aibroker_s3_endpoint_url
+        value: $(params.mas_aibroker_s3_endpoint_url)
+
+      - name: mas_aibroker_s3_region
+        value: $(params.mas_aibroker_s3_region)
+
+      - name: mas_aibroker_s3_bucket_prefix
+        value: $(params.mas_aibroker_s3_bucket_prefix)
+      ##review
     envFrom:
       - configMapRef:
           name: environment-properties

From 7d3fda0642f08ac9839c2ac5fadd4d633dc4dd7c Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 11 Jun 2025 17:27:00 +0530
Subject: [PATCH 079/258] cherry-pick ea9c305761 conflict

---
 .secrets.baseline | 47 +----------------------------------------------
 1 file changed, 1 insertion(+), 46 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 4e15beb4bc8..2d0ed51b9d4 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -250,54 +250,9 @@
     "image/cli/mascli/functions/gitops_aiservice_tenant": [
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "line_number": 374,
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 338,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_aibroker": [
-      {
-        "hashed_secret": "b60295a714204bc97c6996f5570488d5b20dd46a",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 106,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "9f7f51718285e6ea258c75badd21583afe42935e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 108,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "96af1a52cd8c0d495417dea58e814be0b41891f6",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 115,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_aibroker_tenant": [
-      {
-        "hashed_secret": "db40a6131d9b574bb057875df98fb03f9874d5b4",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 115,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 405,
+        "line_number": 368,
         "type": "Secret Keyword",
         "verified_result": null
       }

From 271efe0c7aba5a9f01e0b8195b70cdce43fd83dc Mon Sep 17 00:00:00 2001
From: Yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Thu, 12 Jun 2025 10:55:45 +0530
Subject: [PATCH 080/258] cherry-pick 544230b7ab conflict

---
 .../mascli/functions/gitops_aibroker_tenant   |  3 +++
 image/cli/mascli/functions/gitops_kmodel      | 21 ++++++++++++-------
 .../instance/ibm-aibroker-tenant.yaml.j2      |  4 ++--
 .../cluster/instance/ibm-kmodel.yaml.j2       |  4 +++-
 .../gitops/gitops-mas-aibroker.yml.j2         | 13 ++++++------
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2  | 12 +++++++----
 6 files changed, 36 insertions(+), 21 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 8f7c41284e4..c7a8f9aa967 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -472,8 +472,11 @@ function gitops_aibroker_tenant() {
   #rsl  ##review
   export SECRET_KEY_RSL_ORG_ID=${SECRETS_PREFIX}rsl#rsl_org_id
   export SECRET_KEY_RSL_TOKEN=${SECRETS_PREFIX}rsl#rsl_token
+  #watsonx
+  export SECRET_KEY_WATSONXAI_APIKEY=${SECRETS_PREFIX}watsonx#watsonxai_apikey
   ##review
 
+
   # minio
   export SECRET_KEY_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
   export SECRET_KEY_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index e4d6a461b35..2b6681ff325 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -41,7 +41,6 @@ Kkmodel Configuration:
       --mas_aibroker_tenant_name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                                   Aibroker Tenant name
       --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                         Whether to provision the AI Broker tenant (true/false)
       --mas-aibroker-connector-tag ${COLOR_YELLOW}MAS_AIBROKER_CONNECTOR_TAG${TEXT_RESET}                               AI Broker connector for integration or communication.
-      --mas-aibroker-pipeline-steps-tag ${COLOR_YELLOW}MAS_AIBROKER_PIPELINE_STEPS_TAG${TEXT_RESET}                     Version tag of the AI Broker pipeline steps image used to run model-related processing tasks in KModel deployments
       --mas-aibroker-saas ${COLOR_YELLOW}MAS_AIBROKER_SAAS${TEXT_RESET}                                                 AI Broker is deployed as a SaaS
       --model-id-unique-length ${COLOR_YELLOW}MODEL_ID_UNIQUE_LENGTH${TEXT_RESET}                                       Length of the unique identifier used for model IDs
       --model-id-prefix ${COLOR_YELLOW}MODEL_ID_PREFIX${TEXT_RESET}                                                     Model ID prefix
@@ -85,16 +84,18 @@ function gitops_kmodel_noninteractive() {
   export TENANT_NAMESPACE=${TENANT_NAMESPACE:-"aibroker-${MAS_AIBROKER_TENANT_NAME}"}
   export MAS_AIBROKER_PROVISION_TENANT=${MAS_AIBROKER_PROVISION_TENANT:-"provision-tenant"}
   export MAS_AIBROKER_CONNECTOR_TAG=${MAS_AIBROKER_CONNECTOR_TAG:-"1.0.2"}
-  export MAS_AIBROKER_PIPELINE_STEPS_TAG=${MAS_AIBROKER_PIPELINE_STEPS_TAG:-"1.0.3"}
+  #export MAS_AIBROKER_PIPELINE_STEPS_TAG=${MAS_AIBROKER_PIPELINE_STEPS_TAG:-"1.0.3"}
   export MAS_AIBROKER_SAAS=${MAS_AIBROKER_SAAS:-"false"}
   export MODEL_ID_UNIQUE_LENGTH=${MODEL_ID_UNIQUE_LENGTH:-"15"}
   export MODEL_ID_PREFIX=${MODEL_ID_PREFIX:-"m"}  
-  export MAS_ICR_CP=${MAS_ICR_CP:-"cp.icr.io/cp"}
+  export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export DOCKER_SERVER=${DOCKER_SERVER:-"${MAS_ICR_CP}/aibroker"}
   export IMAGE_STORE=${IMAGE_STORE:-"${DOCKER_SERVER}/store:1.0.3-pre.maint10xdev"}
   export IMAGE_WATCHER=${IMAGE_WATCHER:-"${DOCKER_SERVER}/watcher:1.0.5-pre.maint10xdev"}
   export IMAGE_CONTROLLER=${IMAGE_CONTROLLER:-"${DOCKER_SERVER}/controller:1.0.8-pre.maint10xdev"}
   export PULLSECRETNAME=${PULLSECRETNAME:-"ibm-entitlement"}
+  ##review
+  export MAS_APP_CHANNEL=${MAS_APP_CHANNEL:-"workspace"}
   
   while [[ $# -gt 0 ]]
   do
@@ -192,7 +193,11 @@ function gitops_kmodel_noninteractive() {
       --mas_icr_cp)
         export MAS_ICR_CP=$1 && shift
         ;;
-
+        ##review
+      --mas-app-channel)
+        export MAS_APP_CHANNEL=$1 && shift
+        ;;
+        ##review
       --docker-server)
         export DOCKER_SERVER=$1 && shift
         ;;
@@ -221,9 +226,9 @@ function gitops_kmodel_noninteractive() {
         export IMAGE_CONTROLLER=$1 && shift
         ;;
 
-      --mas-aibroker-pipeline-steps-tag)
-        export MAS_AIBROKER_PIPELINE_STEPS_TAG=$1 && shift
-        ;;
+      # --mas-aibroker-pipeline-steps-tag)
+      #   export MAS_AIBROKER_PIPELINE_STEPS_TAG=$1 && shift
+      #   ;;
 
       --mas-aibroker-connector-tag)
         export MAS_AIBROKER_CONNECTOR_TAG=$1 && shift
@@ -383,7 +388,7 @@ function gitops_kmodel() {
   echo_reset_dim "Image Store ....................................... ${COLOR_MAGENTA}${IMAGE_STORE}"
   echo_reset_dim "Image Watcher ..................................... ${COLOR_MAGENTA}${IMAGE_WATCHER}"
   echo_reset_dim "Image Controller .................................. ${COLOR_MAGENTA}${IMAGE_CONTROLLER}"
-  echo_reset_dim "MAS AI Broker Pipeline Steps Tag .................. ${COLOR_MAGENTA}${MAS_AIBROKER_PIPELINE_STEPS_TAG}"
+  #echo_reset_dim "MAS AI Broker Pipeline Steps Tag .................. ${COLOR_MAGENTA}${MAS_AIBROKER_PIPELINE_STEPS_TAG}"
   echo_reset_dim "MAS AI Broker Connector Tag ....................... ${COLOR_MAGENTA}${MAS_AIBROKER_CONNECTOR_TAG}"
   echo_reset_dim "MAS AI Broker SAAS ................................ ${COLOR_MAGENTA}${MAS_AIBROKER_SAAS}"
   echo_reset_dim "Model ID Unique Length ............................ ${COLOR_MAGENTA}${MODEL_ID_UNIQUE_LENGTH}"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 0313ae656c5..8a49cd39884 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -18,7 +18,7 @@ ibm_aibroker_tenant:
   tenant_entitlement_start_date: "{{ TENANT_ENTITLEMENT_START_DATE }}"
   tenant_entitlement_end_date: "{{ TENANT_ENTITLEMENT_END_DATE }}"
   ##review
-  
+
   # dro
   artifactory_token: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_ARTIFACTORY_TOKEN }}>"
   drocfg_url: "{{ DROCFG_URL }}"
@@ -50,8 +50,8 @@ ibm_aibroker_tenant:
   
   # watsonx
   mas_aibroker_watsonxai_url: "{{ MAS_AIBROKER_WATSONXAI_URL }}"
-  mas_aibroker_watsonxai_apikey: "{{ MAS_AIBROKER_WATSONXAI_APIKEY }}"
   mas_aibroker_watsonxai_project_id: "{{ MAS_AIBROKER_WATSONXAI_PROJECT_ID }}"
+  mas_aibroker_watsonxai_apikey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_WATSONXAI_APIKEY }}>"
 
   # minio
   mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_HOST }}>"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index 1937c943de0..e9097fbcda1 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -41,6 +41,8 @@ ibm_kmodel:
   mas_aibroker_connector_tag: "{{ MAS_AIBROKER_CONNECTOR_TAG }}"
 
   mas_aibroker_saas: "{{ MAS_AIBROKER_SAAS }}"
-  
+  ##review
+  mas_app_channel: "{{ MAS_APP_CHANNEL }}"
+  ##review
   model_id_unique_length: "{{ MODEL_ID_UNIQUE_LENGTH }}"
   model_id_prefix: "{{ MODEL_ID_PREFIX }}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index 47b6c0b05c7..85393c231be 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -151,8 +151,6 @@ spec:
       type: string
     - name: mas_aibroker_connector_tag
       type: string
-    - name: mas_aibroker_pipeline_steps_tag
-      type: string
     - name: mas_aibroker_provision_tenant
       type: string
     - name: mas_aibroker_saas
@@ -164,7 +162,10 @@ spec:
     - name: ssh_secret_name
       type: string
     - name: tenantNamespace
-      type: string   
+      type: string 
+    ##review  
+    - name: mas_app_channel
+      type: string  
 
     ##review
     - name: environment_type
@@ -480,8 +481,6 @@ spec:
           value: $(params.image_watcher)
         - name: image_controller
           value: $(params.image_controller)
-        - name: mas_aibroker_pipeline_steps_tag
-          value: $(params.mas_aibroker_pipeline_steps_tag)
         - name: mas_aibroker_connector_tag
           value: $(params.mas_aibroker_connector_tag)
         - name: mas_aibroker_saas
@@ -489,4 +488,6 @@ spec:
         - name: model_id_unique_length
           value: $(params.model_id_unique_length)
         - name: model_id_prefix
-          value: $(params.model_id_prefix)
\ No newline at end of file
+          value: $(params.model_id_prefix)
+        - name: mas_app_channel
+          value: $(params.mas_app_channel)
\ No newline at end of file
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
index 54b69cf5fb7..ffb8de3634a 100644
--- a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -71,8 +71,6 @@ spec:
       type: string
     - name: image_controller
       type: string
-    - name: mas_aibroker_pipeline_steps_tag
-      type: string
     - name: mas_aibroker_connector_tag
       type: string
     - name: mas_aibroker_saas
@@ -81,6 +79,9 @@ spec:
       type: string
     - name: model_id_prefix
       type: string
+      ##review
+    - name: mas_app_channel
+      type: string
 
   stepTemplate:
     name: gitops-kmodel
@@ -150,8 +151,6 @@ spec:
         value: $(params.image_watcher)
       - name: IMAGE_CONTROLLER
         value: $(params.image_controller)
-      - name: MAS_AIBROKER_PIPELINE_STEPS_TAG
-        value: $(params.mas_aibroker_pipeline_steps_tag)
       - name: MAS_AIBROKER_CONNECTOR_TAG
         value: $(params.mas_aibroker_connector_tag)
       - name: MAS_AIBROKER_SAAS
@@ -160,6 +159,11 @@ spec:
         value: $(params.model_id_unique_length)
       - name: MODEL_ID_PREFIX
         value: $(params.model_id_prefix)
+      ##review
+      - name: MAS_APP_CHANNEL
+        value: $(params.mas_app_channel)
+
+
     envFrom:
       - configMapRef:
           name: environment-properties

From 4cf8290aca054ae49c1fb601e5dc57c9c37c18c8 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 12 Jun 2025 12:09:37 +0530
Subject: [PATCH 081/258] Update gitops_aibroker_tenant

---
 image/cli/mascli/functions/gitops_aibroker_tenant | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index c7a8f9aa967..bdfc03aa89f 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -21,7 +21,7 @@ ibm_aibroker_tenant(required):
       --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                           The domain name of the Kubernetes cluster (e.g., cluster.local)
       --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
       --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
-      --slscfg_client_id ${COLOR_YELLOW}SLSCFG_CLIENT_ID${TEXT_RESET}                                       Client ID for SLS (usually generated by GitOps Helm)
+      --slscfg-clientId ${COLOR_YELLOW}SLSCFG_CLIENT_ID${TEXT_RESET}                                        Client ID for SLS (usually generated by GitOps Helm)
       --mas_aibroker_watsonxai_url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                   Endpoint URL for Watsonx.ai
       --mas_aibroker_watsonxai_apikey ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_APIKEY${TEXT_RESET}             API key for authenticating with Watsonx.ai
       --mas_aibroker_watsonxai_project_id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}     Watsonx.ai project ID used by AI Broker
@@ -50,7 +50,7 @@ SLS :
 --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                          URL of the SLS configuration service
 --slscfg-registration-key ${COLOR_YELLOW}SLSCFG_REGISTRATION_KEY${TEXT_RESET}                                Registration key used to register with SLS
 --mas-aibroker-sls-subscription-id ${COLOR_YELLOW}MAS_AIBROKER_SLS_SUBSCRIPTION_ID${TEXT_RESET}              Subscription ID associated with SLS
---slscfg_client_id ${COLOR_YELLOW}SLSCFG_CLIENT_ID${TEXT_RESET}                                              Client ID for SLS (usually generated by GitOps Helm)
+--slscfg-clientId ${COLOR_YELLOW}SLSCFG_CLIENT_ID${TEXT_RESET}                                               Client ID for SLS (usually generated by GitOps Helm)
 --slscfg-ca ${COLOR_YELLOW}SLSCFG_CA${TEXT_RESET}                                                            CA certificate for SLS TLS connection
 --slscfg-tls ${COLOR_YELLOW}SLSCFG_TLS${TEXT_RESET}                                                          TLS certificate used by the SLS client
 --slscfg-key ${COLOR_YELLOW}SLSCFG_KEY${TEXT_RESET}                                                          Private key used by the SLS client

From b1b33b6a592b0387a5a5b0bd646c49b53948bc56 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Thu, 12 Jun 2025 12:31:17 +0530
Subject: [PATCH 082/258] Update gitops_odh

---
 image/cli/mascli/functions/gitops_odh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index c9c96a80fdf..2dafd2c04b2 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -103,8 +103,8 @@ function gitops_odh_noninteractive() {
 
 
   export OPENSHIFT_NAMESPACE="${OPENSHIFT_NAMESPACE:-"openshift-operators"}"
-  #export ODH_PIPELINE_CHANNEL="${ODH_PIPELINE_CHANNEL:-"latest"}"
-  #export ODH_PIPELINE_INSTALLPLAN="${ODH_PIPELINE_INSTALLPLAN:-"Automatic"}"
+  export ODH_PIPELINE_CHANNEL="${ODH_PIPELINE_CHANNEL:-"latest"}"
+  export ODH_PIPELINE_INSTALLPLAN="${ODH_PIPELINE_INSTALLPLAN:-"manual"}"
   export PIPELINE_CATALOG_SOURCE="${PIPELINE_CATALOG_SOURCE:-"redhat-operators"}"
   export SERVICE_MESH_NAMESPACE="${SERVICE_MESH_NAMESPACE:-"openshift-operators"}"
   export SERVICE_MESH_CHANNEL="${SERVICE_MESH_CHANNEL:-"stable"}"
@@ -363,8 +363,8 @@ function gitops_odh_noninteractive() {
     [[ -z "$GIT_BRANCH" ]] && gitops_odh_help "GIT_BRANCH is not set"
   fi
   #odh variables
-  [[ -z "$ODH_PIPELINE_CHANNEL" ]] && gitops_odh_help "ODH_PIPELINE_CHANNEL is not set. Please provide the ODH PIPELINE CHANNEL using --odh-pipeline-channel."
-  [[ -z "$ODH_PIPELINE_INSTALLPLAN" ]] && gitops_odh_help "ODH_PIPELINE_INSTALLPLAN is not set. Please provide the OODH_PIPELINE_INSTALLPLAN using --odh-pipeline-installplan."
+  #[[ -z "$ODH_PIPELINE_CHANNEL" ]] && gitops_odh_help "ODH_PIPELINE_CHANNEL is not set. Please provide the ODH PIPELINE CHANNEL using --odh-pipeline-channel."
+  #[[ -z "$ODH_PIPELINE_INSTALLPLAN" ]] && gitops_odh_help "ODH_PIPELINE_INSTALLPLAN is not set. Please provide the OODH_PIPELINE_INSTALLPLAN using --odh-pipeline-installplan."
   [[ -z "$OPENDATAHUB_NAME" ]] && gitops_odh_help "OPENDATAHUB_NAME is not set. Please provide the OPENDATAHUB NAME using --opendatahub-name."
   [[ -z "$OPENDATAHUB_NAMESPACE" ]] && gitops_odh_help "OPENDATAHUB_NAMESPACE is not set. Please provide the OPENDATAHUB NAMESPACE using --opendatahub-namespace."
 

From 2a16325b368920ea822fd7b7585a3dcc60e117ac Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 12 Jun 2025 12:30:55 +0530
Subject: [PATCH 083/258] cherry-pick e8da898e95 conflict

---
 .secrets.baseline                             |  2 +-
 .../mascli/functions/gitops_aibroker_tenant   | 35 +------------------
 .../instance/ibm-aibroker-tenant.yaml.j2      |  5 ---
 .../gitops/gitops-mas-aibroker-tenant.yml.j2  | 21 +----------
 .../gitops/gitops-aibroker-tenant.yml.j2      | 26 +-------------
 5 files changed, 4 insertions(+), 85 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 2d0ed51b9d4..b9eca4b9ecc 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-05-10T18:20:55Z",
+  "generated_at": "2025-06-12T06:57:19Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index bdfc03aa89f..471895affbb 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -21,7 +21,6 @@ ibm_aibroker_tenant(required):
       --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                           The domain name of the Kubernetes cluster (e.g., cluster.local)
       --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
       --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
-      --slscfg-clientId ${COLOR_YELLOW}SLSCFG_CLIENT_ID${TEXT_RESET}                                        Client ID for SLS (usually generated by GitOps Helm)
       --mas_aibroker_watsonxai_url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                   Endpoint URL for Watsonx.ai
       --mas_aibroker_watsonxai_apikey ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_APIKEY${TEXT_RESET}             API key for authenticating with Watsonx.ai
       --mas_aibroker_watsonxai_project_id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}     Watsonx.ai project ID used by AI Broker
@@ -42,7 +41,6 @@ AIBroker :
 DRO :
 --artifactory-token ${COLOR_YELLOW}ARTIFACTORY_TOKEN${TEXT_RESET}                                           API token used to authenticate with Artifactory
 --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                         URL of the DRO configuration service
---mas-aibroker-dro-token-secret ${COLOR_YELLOW}MAS_AIBROKER_DRO_TOKEN_SECRET${TEXT_RESET}                   Secret name containing the DRO token
 --drocfg-ca ${COLOR_YELLOW}DROCFG_CA${TEXT_RESET}                                                           CA certificate for secure communication with DRO config
 --drocfg-registration-key ${COLOR_YELLOW}DROCFG_REGISTRATION_KEY${TEXT_RESET}                               Registration key used for DRO setup
 
@@ -50,10 +48,6 @@ SLS :
 --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                          URL of the SLS configuration service
 --slscfg-registration-key ${COLOR_YELLOW}SLSCFG_REGISTRATION_KEY${TEXT_RESET}                                Registration key used to register with SLS
 --mas-aibroker-sls-subscription-id ${COLOR_YELLOW}MAS_AIBROKER_SLS_SUBSCRIPTION_ID${TEXT_RESET}              Subscription ID associated with SLS
---slscfg-clientId ${COLOR_YELLOW}SLSCFG_CLIENT_ID${TEXT_RESET}                                               Client ID for SLS (usually generated by GitOps Helm)
---slscfg-ca ${COLOR_YELLOW}SLSCFG_CA${TEXT_RESET}                                                            CA certificate for SLS TLS connection
---slscfg-tls ${COLOR_YELLOW}SLSCFG_TLS${TEXT_RESET}                                                          TLS certificate used by the SLS client
---slscfg-key ${COLOR_YELLOW}SLSCFG_KEY${TEXT_RESET}                                                          Private key used by the SLS client
 
 Watsonx :
 --mas-aibroker-watsonxai-url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                          Endpoint URL for Watsonx.ai
@@ -111,9 +105,6 @@ function gitops_aibroker_tenant_noninteractive() {
   export TENANT_ENTITLEMENT_END_DATE=${TENANT_ENTITLEMENT_END_DATE:-"2049-11-11"}
   ##review
 
-  # -- DRO Defaults
-  export MAS_AIBROKER_DRO_TOKEN_SECRET=${MAS_AIBROKER_DRO_TOKEN_SECRET:-"dro-token"}
-
   # -- SLS Defaults
   export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=${MAS_AIBROKER_SLS_SUBSCRIPTION_ID:-"001"}
 
@@ -191,9 +182,6 @@ function gitops_aibroker_tenant_noninteractive() {
       --drocfg-url)
         export DROCFG_URL=$1 && shift
         ;;
-      --mas-aibroker-dro-token-secret)
-        export MAS_AIBROKER_DRO_TOKEN_SECRET=$1 && shift
-        ;;
       --drocfg-ca)
         export DROCFG_CA=$1 && shift
         ;;
@@ -211,18 +199,6 @@ function gitops_aibroker_tenant_noninteractive() {
       --mas-aibroker-sls-subscription-id)
         export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=$1 && shift
         ;;
-      --slscfg-clientId)
-        export SLSCFG_CLIENT_ID=$1 && shift
-        ;;
-      --slscfg-ca)
-        export SLSCFG_CA=$1 && shift
-        ;;
-      --slscfg-tls)
-        export SLSCFG_TLS=$1 && shift
-        ;;
-      --slscfg-key)
-        export SLSCFG_KEY=$1 && shift
-        ;;
 
       # -- Watsonx
       --mas-aibroker-watsonxai-url)
@@ -352,7 +328,6 @@ function gitops_aibroker_tenant_noninteractive() {
   
   # -- SLS
   [[ -z "$SLSCFG_URL" ]] && gitops_aibroker_tenant_help "SLSCFG_URL is not set. Please specify the SLS configuration URL using --slscfg-url."
-  [[ -z "$SLSCFG_CLIENT_ID" ]] && gitops_aibroker_tenant_help "SLSCFG_CLIENT_ID is not set. Please provide the SLS client ID using --slscfg-client-Id."
 
   # -- Watsonx
   [[ -z "$MAS_AIBROKER_WATSONXAI_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --mas-aibroker-watsonxai-url."
@@ -435,13 +410,8 @@ function gitops_aibroker_tenant() {
   echo_reset_dim "MAS ICR CP registry .......................... ${COLOR_MAGENTA}${MAS_ICR_CP}"
   echo_reset_dim "MAS ICR CPOPEN registry ...................... ${COLOR_MAGENTA}${MAS_ICR_CPOPEN}"
 
-  # -- DRO
-  echo_reset_dim "DRO token secret name ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_DRO_TOKEN_SECRET}"
-
   # -- SLS
   echo_reset_dim "SLS subscription ID .......................... ${COLOR_MAGENTA}${MAS_AIBROKER_SLS_SUBSCRIPTION_ID}"
-  echo_reset_dim "SLS client ID ................................ ${COLOR_MAGENTA}${SLSCFG_CLIENT_ID}"
-
 
   # -- Watsonx
   echo_reset_dim "Watsonx.ai URL ............................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_URL}"
@@ -465,9 +435,6 @@ function gitops_aibroker_tenant() {
 
   # sls
   export SECRET_KEY_SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
-  export SECRET_KEY_SLSCFG_CA=${SECRETS_PREFIX}sls#slscfg_ca
-  export SECRET_KEY_SLSCFG_TLS=${SECRETS_PREFIX}sls#slscfg_tls
-  export SECRET_KEY_SLSCFG_KEY=${SECRETS_PREFIX}sls#slscfg_key
 
   #rsl  ##review
   export SECRET_KEY_RSL_ORG_ID=${SECRETS_PREFIX}rsl#rsl_org_id
@@ -490,7 +457,7 @@ function gitops_aibroker_tenant() {
  
   sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key"
 
-  sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca,slscfg_tls,slscfg_key"
+  sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
  
   sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_default"
   ##review
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 8a49cd39884..c7624542de4 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -22,7 +22,6 @@ ibm_aibroker_tenant:
   # dro
   artifactory_token: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_ARTIFACTORY_TOKEN }}>"
   drocfg_url: "{{ DROCFG_URL }}"
-  mas_aibroker_dro_token_secret: "{{ MAS_AIBROKER_DRO_TOKEN_SECRET }}"
   drocfg_ca: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DROCFG_CA }}>"
   drocfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DROCFG_REGISTRATION_KEY }}>"
 
@@ -30,10 +29,6 @@ ibm_aibroker_tenant:
   slscfg_url: "{{ SLSCFG_URL }}"
   slscfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_REGISTRATION_KEY }}>"
   mas_aibroker_sls_subscription_id: "{{ MAS_AIBROKER_SLS_SUBSCRIPTION_ID }}"
-  slscfg_clientId: "{{ SLSCFG_CLIENT_ID }}"
-  slscfg_ca: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_CA }}>"
-  slscfg_tls: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_TLS }}>"
-  slscfg_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_KEY }}>"
   
   # RSL ##review
   rsl_url: "{{ RSL_URL }}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index e60b228c9a1..1e589a87d8d 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -48,8 +48,6 @@ spec:
       type: string
     - name: drocfg_url
       type: string
-    - name: mas_aibroker_dro_token_secret
-      type: string
     - name: drocfg_ca
       type: string
     - name: drocfg_registration_key
@@ -61,14 +59,6 @@ spec:
       type: string
     - name: mas_aibroker_sls_subscription_id
       type: string
-    - name: slscfg_clientId
-      type: string
-    - name: slscfg_ca
-      type: string
-    - name: slscfg_tls
-      type: string
-    - name: slscfg_key
-      type: string
 
     - name: mas_aibroker_watsonxai_url
       type: string
@@ -179,8 +169,7 @@ spec:
           value: $(params.artifactory_token)
         - name: drocfg_url
           value: $(params.drocfg_url)
-        - name: mas_aibroker_dro_token_secret
-          value: $(params.mas_aibroker_dro_token_secret)
+
         - name: drocfg_ca
           value: $(params.drocfg_ca)
         - name: drocfg_registration_key
@@ -192,14 +181,6 @@ spec:
           value: $(params.slscfg_registration_key)
         - name: mas_aibroker_sls_subscription_id
           value: $(params.mas_aibroker_sls_subscription_id)
-        - name: slscfg_clientId
-          value: $(params.slscfg_clientId)
-        - name: slscfg_ca
-          value: $(params.slscfg_ca)
-        - name: slscfg_tls
-          value: $(params.slscfg_tls)
-        - name: slscfg_key
-          value: $(params.slscfg_key)
 
         - name: mas_aibroker_watsonxai_url
           value: $(params.mas_aibroker_watsonxai_url)
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index cb079e25441..7734617371f 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -47,8 +47,7 @@ spec:
       type: string
     - name: drocfg_url
       type: string
-    - name: mas_aibroker_dro_token_secret
-      type: string
+
     - name: drocfg_ca
       type: string
     - name: drocfg_registration_key
@@ -60,14 +59,6 @@ spec:
       type: string
     - name: mas_aibroker_sls_subscription_id
       type: string
-    - name: slscfg_clientId
-      type: string
-    - name: slscfg_ca
-      type: string
-    - name: slscfg_tls
-      type: string
-    - name: slscfg_key
-      type: string
     
     - name: mas_aibroker_watsonxai_url
       type: string
@@ -177,9 +168,6 @@ spec:
       - name: DROCFG_URL
         value: $(params.drocfg_url)
 
-      - name: MAS_AIBROKER_DRO_TOKEN_SECRET
-        value: $(params.mas_aibroker_dro_token_secret)
-
       - name: DROCFG_CA
         value: $(params.drocfg_ca)
 
@@ -195,18 +183,6 @@ spec:
       - name: MAS_AIBROKER_SLS_SUBSCRIPTION_ID
         value: $(params.mas_aibroker_sls_subscription_id)
 
-      - name: SLSCFG_CLIENT_ID
-        value: $(params.slscfg_clientId)
-
-      - name: SLSCFG_CA
-        value: $(params.slscfg_ca)
-
-      - name: SLSCFG_TLS
-        value: $(params.slscfg_tls)
-
-      - name: SLSCFG_KEY
-        value: $(params.slscfg_key)
-
       - name: MAS_AIBROKER_WATSONXAI_URL
         value: $(params.mas_aibroker_watsonxai_url)
 

From f202d165a128443aa4b048efaab90f94718443e3 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 12 Jun 2025 12:33:19 +0530
Subject: [PATCH 084/258] Update .secrets.baseline

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index b9eca4b9ecc..60b56dab092 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-12T06:57:19Z",
+  "generated_at": "2025-06-12T07:03:08Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From 37f3c66212567ab5c94cdde9935ab352787f8045 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 12 Jun 2025 13:18:34 +0530
Subject: [PATCH 085/258] Update .secrets.baseline

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 60b56dab092..95e555bf68a 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-12T07:03:08Z",
+  "generated_at": "2025-06-12T07:45:14Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From 493dcc669e4c693bf7f81d7eb7324801b750ce7f Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 12 Jun 2025 13:48:06 +0530
Subject: [PATCH 086/258] removed mas_app_channel

---
 .secrets.baseline                                      | 2 +-
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 | 3 ---
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 95e555bf68a..c474b8e4b8a 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-12T07:45:14Z",
+  "generated_at": "2025-06-12T08:15:58Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index 85393c231be..d0f8bd85e50 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -163,9 +163,6 @@ spec:
       type: string
     - name: tenantNamespace
       type: string 
-    ##review  
-    - name: mas_app_channel
-      type: string  
 
     ##review
     - name: environment_type

From f29c1a559d792cba1e1550f83e592801e0e6d561 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 12 Jun 2025 14:11:36 +0530
Subject: [PATCH 087/258] Update gitops_odh

---
 image/cli/mascli/functions/gitops_odh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 2dafd2c04b2..565e801aeef 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -133,8 +133,8 @@ function gitops_odh_noninteractive() {
   export SERVERLESS_OPERATOR_SOURCE_NAMESPACE="${SERVERLESS_OPERATOR_SOURCE_NAMESPACE:-"openshift-marketplace"}"
 
   export OPENDATAHUB_OPERATORGROUP_NAME="${OPENDATAHUB_OPERATORGROUP_NAME:-"opendatahub-operator-group"}"
-  #export OPENDATAHUB_NAME="${OPENDATAHUB_NAME:-"opendatahub-operator"}"
-  #export OPENDATAHUB_NAMESPACE="${OPENDATAHUB_NAMESPACE:-"opendatahub"}"
+  export OPENDATAHUB_NAME="${OPENDATAHUB_NAME:-"opendatahub-operator"}"
+  export OPENDATAHUB_NAMESPACE="${OPENDATAHUB_NAMESPACE:-"opendatahub"}"
   export OPENDATAHUB_INSTALLPLAN_APPROVAL="${OPENDATAHUB_INSTALLPLAN_APPROVAL:-"Manual"}"
   export OPENDATAHUB_CHANNEL="${OPENDATAHUB_CHANNEL:-"fast"}"
   export OPENDATAHUB_SOURCE="${OPENDATAHUB_SOURCE:-"community-operators"}"
@@ -365,8 +365,8 @@ function gitops_odh_noninteractive() {
   #odh variables
   #[[ -z "$ODH_PIPELINE_CHANNEL" ]] && gitops_odh_help "ODH_PIPELINE_CHANNEL is not set. Please provide the ODH PIPELINE CHANNEL using --odh-pipeline-channel."
   #[[ -z "$ODH_PIPELINE_INSTALLPLAN" ]] && gitops_odh_help "ODH_PIPELINE_INSTALLPLAN is not set. Please provide the OODH_PIPELINE_INSTALLPLAN using --odh-pipeline-installplan."
-  [[ -z "$OPENDATAHUB_NAME" ]] && gitops_odh_help "OPENDATAHUB_NAME is not set. Please provide the OPENDATAHUB NAME using --opendatahub-name."
-  [[ -z "$OPENDATAHUB_NAMESPACE" ]] && gitops_odh_help "OPENDATAHUB_NAMESPACE is not set. Please provide the OPENDATAHUB NAMESPACE using --opendatahub-namespace."
+  # [[ -z "$OPENDATAHUB_NAME" ]] && gitops_odh_help "OPENDATAHUB_NAME is not set. Please provide the OPENDATAHUB NAME using --opendatahub-name."
+  # [[ -z "$OPENDATAHUB_NAMESPACE" ]] && gitops_odh_help "OPENDATAHUB_NAMESPACE is not set. Please provide the OPENDATAHUB NAMESPACE using --opendatahub-namespace."
 
 }
 

From c0713b7c66296d58061bf1924bf4ad36e55563b5 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 12 Jun 2025 14:36:49 +0530
Subject: [PATCH 088/258] Update gitops_aibroker

added closing curly bracket
---
 image/cli/mascli/functions/gitops_aibroker | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 6a9f4ada6e6..4870faf684c 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -477,4 +477,5 @@ function gitops_aibroker() {
     rm -rf $GITOPS_WORKING_DIR
 
 
-  exit 0 
\ No newline at end of file
+  exit 0 
+}
\ No newline at end of file

From c27473cd0320f30b8fa5cbcb55fe1b8b16eef19a Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Thu, 12 Jun 2025 16:40:27 +0530
Subject: [PATCH 089/258] odh_operator_version update

---
 tekton/src/tasks/gitops/gitops-odh.yml.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tekton/src/tasks/gitops/gitops-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-odh.yml.j2
index d7e106e5cbe..941dc1f70d2 100644
--- a/tekton/src/tasks/gitops/gitops-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-odh.yml.j2
@@ -37,6 +37,8 @@ spec:
       type: string
     - name: opendatahub_namespace
       type: string
+    - name: odh_operator_version
+      type: string
   stepTemplate:
     name: gitops-odh
     env:
@@ -72,6 +74,8 @@ spec:
         value: $(params.opendatahub_operator_group)
       - name: ODH_NAMESPACE
         value: $(params.opendatahub_namespace)
+      - name: odh_operator_version
+        value: $(params.odh_operator_version)
     envFrom:
       - configMapRef:
           name: environment-properties

From 560d336559266783dbd7aff5949f2172f202f216 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Thu, 12 Jun 2025 16:46:44 +0530
Subject: [PATCH 090/258] gitops_aibroker_help function name update

---
 image/cli/mascli/functions/gitops_aibroker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 4870faf684c..e368564ea21 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -266,7 +266,7 @@ function gitops_aibroker_noninteractive() {
   # -- DRO
   #[[ -z "$DROCFG_URL" ]] && gitops_aibroker_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg-url."
   ##review
-  [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
+  [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
   ##review
 
 }

From cde17103c3ad84094718d6f5ebc5bf0df424d907 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Thu, 12 Jun 2025 18:09:59 +0530
Subject: [PATCH 091/258] cherry-pick c0c5ea3bb0 conflict

---
 .secrets.baseline | 299 ++++++++++++++++++++++++++++++----------------
 1 file changed, 198 insertions(+), 101 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index c474b8e4b8a..ac540a29fb9 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -6,37 +6,36 @@
   "generated_at": "2025-06-12T08:15:58Z",
   "plugins_used": [
     {
-      "name": "AWSKeyDetector"
+      "name": "ArtifactoryDetector"
     },
     {
-      "name": "ArtifactoryDetector"
+      "name": "AWSKeyDetector"
     },
     {
       "name": "AzureStorageKeyDetector"
     },
     {
-      "base64_limit": 4.5,
-      "name": "Base64HighEntropyString"
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
     },
     {
       "name": "BasicAuthDetector"
     },
-    {
-      "name": "BoxDetector"
-    },
     {
       "name": "CloudantDetector"
     },
     {
-      "ghe_instance": "github.ibm.com",
-      "name": "GheDetector"
+      "name": "DiscordBotTokenDetector"
     },
     {
       "name": "GitHubTokenDetector"
     },
     {
-      "hex_limit": 3,
-      "name": "HexHighEntropyString"
+      "name": "GitLabTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
     },
     {
       "name": "IbmCloudIamDetector"
@@ -44,12 +43,15 @@
     {
       "name": "IbmCosHmacDetector"
     },
+    {
+      "name": "IPPublicDetector"
+    },
     {
       "name": "JwtTokenDetector"
     },
     {
-      "keyword_exclude": null,
-      "name": "KeywordDetector"
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
     },
     {
       "name": "MailchimpDetector"
@@ -57,9 +59,18 @@
     {
       "name": "NpmDetector"
     },
+    {
+      "name": "OpenAIDetector"
+    },
     {
       "name": "PrivateKeyDetector"
     },
+    {
+      "name": "PypiTokenDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
     {
       "name": "SlackDetector"
     },
@@ -72,10 +83,49 @@
     {
       "name": "StripeDetector"
     },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
     {
       "name": "TwilioKeyDetector"
     }
   ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
   "results": {
     ".bob/rules/python/development-guide.md": [
       {
@@ -89,10 +139,18 @@
     ],
     "docs/guides/configure-airgap.md": [
       {
-        "hashed_secret": "354b3a4b7715d3694c88a4fa7db49e41de86568e",
-        "is_secret": false,
+        "type": "Secret Keyword",
+        "filename": "docs/examples/eam-migration.md",
+        "hashed_secret": "a17c4050dc5dfc91f582a6649423c976ab21867d",
+        "is_verified": false,
+        "line_number": 107
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/examples/eam-migration.md",
+        "hashed_secret": "bd9eab6039ba4b62c4b9ddc0b1f324dc5a6fe4ec",
         "is_verified": false,
-        "line_number": 145,
+        "line_number": 31,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -157,20 +215,15 @@
     ],
     "image/cli/app-root/src/register-start.py": [
       {
+        "type": "Basic Auth Credentials",
+        "filename": "image/cli/app-root/src/register-start.py",
         "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
-        "is_secret": false,
         "is_verified": false,
-        "line_number": 4,
-        "type": "Basic Auth Credentials",
-        "verified_result": null
+        "line_number": 4
       }
     ],
     "image/cli/app-root/src/save-junit-to-mongo.py": [
       {
-        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 4,
         "type": "Basic Auth Credentials",
         "verified_result": null
       }
@@ -284,17 +337,35 @@
         "is_verified": false,
         "line_number": 153,
         "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_db2u_database": [
+        "filename": "image/cli/mascli/functions/gitops_cos",
+        "hashed_secret": "5bcc2c4d81811ed80bdd75460668f2bc84ab2137",
+        "is_verified": false,
+        "line_number": 305
+      },
       {
         "hashed_secret": "1459943ba5fd876f7ef6e48f566a40b448a2bf08",
         "is_secret": false,
         "is_verified": false,
         "line_number": 488,
         "type": "Secret Keyword",
-        "verified_result": null
+        "filename": "image/cli/mascli/functions/gitops_cos",
+        "hashed_secret": "ac6402fecd64e90dc6ba48a0b533988e179aa4d8",
+        "is_verified": false,
+        "line_number": 321
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "image/cli/mascli/functions/gitops_cos",
+        "hashed_secret": "ba905b584b89d1717c4d278679443762c515ce2a",
+        "is_verified": false,
+        "line_number": 337
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "image/cli/mascli/functions/gitops_cos",
+        "hashed_secret": "44d54155c3c518b7cf98349d03ddbfc0d9d2f11a",
+        "is_verified": false,
+        "line_number": 353
       }
     ],
     "image/cli/mascli/functions/gitops_deprovision_aiservice": [
@@ -324,13 +395,8 @@
         "is_verified": false,
         "line_number": 177,
         "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_deprovision_efs": [
-      {
-        "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
-        "is_secret": false,
+        "filename": "image/cli/mascli/functions/gitops_deprovision_cos",
+        "hashed_secret": "5bcc2c4d81811ed80bdd75460668f2bc84ab2137",
         "is_verified": false,
         "line_number": 117,
         "type": "Secret Keyword",
@@ -397,10 +463,6 @@
         "verified_result": null
       },
       {
-        "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 283,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -412,7 +474,10 @@
         "is_verified": false,
         "line_number": 140,
         "type": "Secret Keyword",
-        "verified_result": null
+        "filename": "image/cli/mascli/functions/gitops_deprovision_cos",
+        "hashed_secret": "44d54155c3c518b7cf98349d03ddbfc0d9d2f11a",
+        "is_verified": false,
+        "line_number": 357
       }
     ],
     "image/cli/mascli/functions/gitops_mas_config": [
@@ -422,7 +487,10 @@
         "is_verified": false,
         "line_number": 704,
         "type": "Secret Keyword",
-        "verified_result": null
+        "filename": "image/cli/mascli/functions/gitops_mas_config",
+        "hashed_secret": "c1da82792ffb8b665d42102d41918b0a9bfb5e08",
+        "is_verified": false,
+        "line_number": 731
       },
       {
         "hashed_secret": "effb7852555adce89885fb075fb43a77a1e0e77e",
@@ -430,29 +498,19 @@
         "is_verified": false,
         "line_number": 923,
         "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
-        "is_secret": false,
+        "filename": "image/cli/mascli/functions/gitops_mas_config",
+        "hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db",
         "is_verified": false,
         "line_number": 925,
         "type": "Secret Keyword",
         "verified_result": null
       }
     ],
-    "image/cli/mascli/functions/gitops_mongo": [
+    "image/cli/mascli/must-gather/mg-collect-secrets": [
       {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 205,
         "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
-        "is_secret": false,
+        "filename": "image/cli/mascli/must-gather/mg-collect-secrets",
+        "hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db",
         "is_verified": false,
         "line_number": 213,
         "type": "Secret Keyword",
@@ -695,17 +753,16 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2": [
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2": [
       {
-        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 18,
         "type": "Secret Keyword",
-        "verified_result": null
+        "filename": "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2",
+        "hashed_secret": "b57c57657aa3c2ad644a6ee54e50d3167b19b2e3",
+        "is_verified": false,
+        "line_number": 26
       }
     ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-suite.yaml.j2": [
+    "image/cli/mascli/templates/gitops/bootstrap/argocd.yaml": [
       {
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,
@@ -807,22 +864,18 @@
     ],
     "python/src/mas/cli/templates/jdbccfg.yml.j2": [
       {
-        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 14,
         "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "python/src/mas/cli/templates/suite_mongocfg.yml.j2": [
-      {
-        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
-        "is_secret": false,
+        "filename": "python/src/mas/cli/templates/jdbccfg.yml.j2",
+        "hashed_secret": "df07e853c455f931fa6024fce4e0d239230aa719",
         "is_verified": false,
-        "line_number": 17,
+        "line_number": 39
+      },
+      {
         "type": "Secret Keyword",
-        "verified_result": null
+        "filename": "python/src/mas/cli/templates/jdbccfg.yml.j2",
+        "hashed_secret": "ec3eb36780f70572e5f618a24e9f72c5ef6f9aec",
+        "is_verified": false,
+        "line_number": 41
       }
     ],
     "python/test/mirror/test_mirror_advanced.py": [
@@ -867,52 +920,96 @@
     ],
     "tekton/src/tasks/fvt/mas-fvt-assist-desktop.yml.j2": [
       {
+        "type": "Base64 High Entropy String",
+        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "ff0c19d6cf999d585c440a2143db929839c48fb6",
-        "is_secret": false,
         "is_verified": false,
-        "line_number": 161,
-        "type": "Base64 High Entropy String",
-        "verified_result": null
+        "line_number": 161
       },
       {
+        "type": "Base64 High Entropy String",
+        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "1db454f601fe47c2df13ec091f27948411c26e00",
-        "is_secret": false,
         "is_verified": false,
-        "line_number": 175,
-        "type": "Base64 High Entropy String",
-        "verified_result": null
+        "line_number": 175
       },
       {
+        "type": "Base64 High Entropy String",
+        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "3e61e7bae865181a61e9ecd8235a4e23013f72ef",
-        "is_secret": false,
         "is_verified": false,
-        "line_number": 210,
-        "type": "Base64 High Entropy String",
-        "verified_result": null
+        "line_number": 210
       },
       {
+        "type": "Base64 High Entropy String",
+        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "0e725943bfac21fd1def25b74b875cd1fcb01dcb",
-        "is_secret": false,
         "is_verified": false,
-        "line_number": 231,
-        "type": "Base64 High Entropy String",
-        "verified_result": null
+        "line_number": 231
       },
       {
+        "type": "Base64 High Entropy String",
+        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "48e1d17235a1ce04b4b319c6288e95957251dccc",
-        "is_secret": false,
         "is_verified": false,
-        "line_number": 238,
-        "type": "Base64 High Entropy String",
-        "verified_result": null
+        "line_number": 238
       },
       {
+        "type": "Base64 High Entropy String",
+        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "dff4237287a43a4021cabfc10c7902d40df724ad",
-        "is_secret": false,
         "is_verified": false,
-        "line_number": 259,
-        "type": "Base64 High Entropy String",
-        "verified_result": null
+        "line_number": 259
+      }
+    ],
+    "tekton/src/tasks/gitops/gitops-deprovision-suite-sendgrid-subuser.yml.j2": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tekton/src/tasks/gitops/gitops-deprovision-suite-sendgrid-subuser.yml.j2",
+        "hashed_secret": "dca00774dc9414aef8fdd810e901af818bb1d514",
+        "is_verified": false,
+        "line_number": 105
+      }
+    ],
+    "tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2",
+        "hashed_secret": "dca00774dc9414aef8fdd810e901af818bb1d514",
+        "is_verified": false,
+        "line_number": 416
+      }
+    ],
+    "tekton/src/tasks/gitops/gitops-suite-smtp-config-sendgrid.yml.j2": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tekton/src/tasks/gitops/gitops-suite-smtp-config-sendgrid.yml.j2",
+        "hashed_secret": "dca00774dc9414aef8fdd810e901af818bb1d514",
+        "is_verified": false,
+        "line_number": 161
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tekton/src/tasks/gitops/gitops-suite-smtp-config-sendgrid.yml.j2",
+        "hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db",
+        "is_verified": false,
+        "line_number": 215
+      }
+    ],
+    "tekton/src/tasks/gitops/gitops-suite-watson-studio-config.yml.j2": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tekton/src/tasks/gitops/gitops-suite-watson-studio-config.yml.j2",
+        "hashed_secret": "7cb6efb98ba5972a9b5090dc2e517fe14d12cb04",
+        "is_verified": false,
+        "line_number": 83
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tekton/src/tasks/gitops/gitops-suite-watson-studio-config.yml.j2",
+        "hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db",
+        "is_verified": false,
+        "line_number": 85
       }
     ]
   },

From ffa3b0b703e22da5149a4ce433e6ce3b5fb97abb Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Thu, 12 Jun 2025 20:45:54 +0530
Subject: [PATCH 092/258] cherry-pick 0d9f575726 conflict

---
 .secrets.baseline | 267 +++++++++++++++-------------------------------
 1 file changed, 88 insertions(+), 179 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index ac540a29fb9..d13aaf2c94c 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -6,36 +6,37 @@
   "generated_at": "2025-06-12T08:15:58Z",
   "plugins_used": [
     {
-      "name": "ArtifactoryDetector"
+      "name": "AWSKeyDetector"
     },
     {
-      "name": "AWSKeyDetector"
+      "name": "ArtifactoryDetector"
     },
     {
       "name": "AzureStorageKeyDetector"
     },
     {
-      "name": "Base64HighEntropyString",
-      "limit": 4.5
+      "base64_limit": 4.5,
+      "name": "Base64HighEntropyString"
     },
     {
       "name": "BasicAuthDetector"
     },
     {
-      "name": "CloudantDetector"
+      "name": "BoxDetector"
     },
     {
-      "name": "DiscordBotTokenDetector"
+      "name": "CloudantDetector"
     },
     {
-      "name": "GitHubTokenDetector"
+      "ghe_instance": "github.ibm.com",
+      "name": "GheDetector"
     },
     {
-      "name": "GitLabTokenDetector"
+      "name": "GitHubTokenDetector"
     },
     {
-      "name": "HexHighEntropyString",
-      "limit": 3.0
+      "hex_limit": 3,
+      "name": "HexHighEntropyString"
     },
     {
       "name": "IbmCloudIamDetector"
@@ -43,15 +44,12 @@
     {
       "name": "IbmCosHmacDetector"
     },
-    {
-      "name": "IPPublicDetector"
-    },
     {
       "name": "JwtTokenDetector"
     },
     {
-      "name": "KeywordDetector",
-      "keyword_exclude": ""
+      "keyword_exclude": null,
+      "name": "KeywordDetector"
     },
     {
       "name": "MailchimpDetector"
@@ -59,18 +57,9 @@
     {
       "name": "NpmDetector"
     },
-    {
-      "name": "OpenAIDetector"
-    },
     {
       "name": "PrivateKeyDetector"
     },
-    {
-      "name": "PypiTokenDetector"
-    },
-    {
-      "name": "SendGridDetector"
-    },
     {
       "name": "SlackDetector"
     },
@@ -83,49 +72,10 @@
     {
       "name": "StripeDetector"
     },
-    {
-      "name": "TelegramBotTokenDetector"
-    },
     {
       "name": "TwilioKeyDetector"
     }
   ],
-  "filters_used": [
-    {
-      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
-    },
-    {
-      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
-      "min_level": 2
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_lock_file"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_sequential_string"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_swagger_file"
-    },
-    {
-      "path": "detect_secrets.filters.heuristic.is_templated_secret"
-    }
-  ],
   "results": {
     ".bob/rules/python/development-guide.md": [
       {
@@ -139,16 +89,18 @@
     ],
     "docs/guides/configure-airgap.md": [
       {
-        "type": "Secret Keyword",
-        "filename": "docs/examples/eam-migration.md",
-        "hashed_secret": "a17c4050dc5dfc91f582a6649423c976ab21867d",
+        "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 107
-      },
-      {
+        "line_number": 44,
         "type": "Secret Keyword",
-        "filename": "docs/examples/eam-migration.md",
-        "hashed_secret": "bd9eab6039ba4b62c4b9ddc0b1f324dc5a6fe4ec",
+        "verified_result": null
+      }
+    ],
+    "docs/commands/provision-roks.md": [
+      {
+        "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
+        "is_secret": false,
         "is_verified": false,
         "line_number": 31,
         "type": "Secret Keyword",
@@ -215,11 +167,12 @@
     ],
     "image/cli/app-root/src/register-start.py": [
       {
-        "type": "Basic Auth Credentials",
-        "filename": "image/cli/app-root/src/register-start.py",
         "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 4
+        "line_number": 4,
+        "type": "Basic Auth Credentials",
+        "verified_result": null
       }
     ],
     "image/cli/app-root/src/save-junit-to-mongo.py": [
@@ -340,8 +293,12 @@
         "filename": "image/cli/mascli/functions/gitops_cos",
         "hashed_secret": "5bcc2c4d81811ed80bdd75460668f2bc84ab2137",
         "is_verified": false,
-        "line_number": 305
-      },
+        "line_number": 154,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_db2u_database": [
       {
         "hashed_secret": "1459943ba5fd876f7ef6e48f566a40b448a2bf08",
         "is_secret": false,
@@ -351,21 +308,9 @@
         "filename": "image/cli/mascli/functions/gitops_cos",
         "hashed_secret": "ac6402fecd64e90dc6ba48a0b533988e179aa4d8",
         "is_verified": false,
-        "line_number": 321
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "image/cli/mascli/functions/gitops_cos",
-        "hashed_secret": "ba905b584b89d1717c4d278679443762c515ce2a",
-        "is_verified": false,
-        "line_number": 337
-      },
-      {
+        "line_number": 481,
         "type": "Secret Keyword",
-        "filename": "image/cli/mascli/functions/gitops_cos",
-        "hashed_secret": "44d54155c3c518b7cf98349d03ddbfc0d9d2f11a",
-        "is_verified": false,
-        "line_number": 353
+        "verified_result": null
       }
     ],
     "image/cli/mascli/functions/gitops_deprovision_aiservice": [
@@ -477,7 +422,9 @@
         "filename": "image/cli/mascli/functions/gitops_deprovision_cos",
         "hashed_secret": "44d54155c3c518b7cf98349d03ddbfc0d9d2f11a",
         "is_verified": false,
-        "line_number": 357
+        "line_number": 112,
+        "type": "Secret Keyword",
+        "verified_result": null
       }
     ],
     "image/cli/mascli/functions/gitops_mas_config": [
@@ -490,7 +437,9 @@
         "filename": "image/cli/mascli/functions/gitops_mas_config",
         "hashed_secret": "c1da82792ffb8b665d42102d41918b0a9bfb5e08",
         "is_verified": false,
-        "line_number": 731
+        "line_number": 628,
+        "type": "Secret Keyword",
+        "verified_result": null
       },
       {
         "hashed_secret": "effb7852555adce89885fb075fb43a77a1e0e77e",
@@ -506,11 +455,10 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/must-gather/mg-collect-secrets": [
+    "image/cli/mascli/functions/gitops_mongo": [
       {
-        "type": "Secret Keyword",
-        "filename": "image/cli/mascli/must-gather/mg-collect-secrets",
-        "hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db",
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
         "is_verified": false,
         "line_number": 213,
         "type": "Secret Keyword",
@@ -753,16 +701,17 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2": [
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2": [
       {
-        "type": "Secret Keyword",
-        "filename": "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2",
-        "hashed_secret": "b57c57657aa3c2ad644a6ee54e50d3167b19b2e3",
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 26
+        "line_number": 18,
+        "type": "Secret Keyword",
+        "verified_result": null
       }
     ],
-    "image/cli/mascli/templates/gitops/bootstrap/argocd.yaml": [
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-suite.yaml.j2": [
       {
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,
@@ -864,18 +813,22 @@
     ],
     "python/src/mas/cli/templates/jdbccfg.yml.j2": [
       {
-        "type": "Secret Keyword",
-        "filename": "python/src/mas/cli/templates/jdbccfg.yml.j2",
-        "hashed_secret": "df07e853c455f931fa6024fce4e0d239230aa719",
+        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 39
-      },
-      {
+        "line_number": 14,
         "type": "Secret Keyword",
-        "filename": "python/src/mas/cli/templates/jdbccfg.yml.j2",
-        "hashed_secret": "ec3eb36780f70572e5f618a24e9f72c5ef6f9aec",
+        "verified_result": null
+      }
+    ],
+    "python/src/mas/cli/templates/suite_mongocfg.yml.j2": [
+      {
+        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 41
+        "line_number": 17,
+        "type": "Secret Keyword",
+        "verified_result": null
       }
     ],
     "python/test/mirror/test_mirror_advanced.py": [
@@ -920,96 +873,52 @@
     ],
     "tekton/src/tasks/fvt/mas-fvt-assist-desktop.yml.j2": [
       {
-        "type": "Base64 High Entropy String",
-        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "ff0c19d6cf999d585c440a2143db929839c48fb6",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 161
+        "line_number": 161,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
       },
       {
-        "type": "Base64 High Entropy String",
-        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "1db454f601fe47c2df13ec091f27948411c26e00",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 175
+        "line_number": 175,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
       },
       {
-        "type": "Base64 High Entropy String",
-        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "3e61e7bae865181a61e9ecd8235a4e23013f72ef",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 210
+        "line_number": 210,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
       },
       {
-        "type": "Base64 High Entropy String",
-        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "0e725943bfac21fd1def25b74b875cd1fcb01dcb",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 231
+        "line_number": 231,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
       },
       {
-        "type": "Base64 High Entropy String",
-        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
         "hashed_secret": "48e1d17235a1ce04b4b319c6288e95957251dccc",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 238
-      },
-      {
+        "line_number": 238,
         "type": "Base64 High Entropy String",
-        "filename": "tekton/src/tasks/fvt/fvt-assist-desktop.yml.j2",
-        "hashed_secret": "dff4237287a43a4021cabfc10c7902d40df724ad",
-        "is_verified": false,
-        "line_number": 259
-      }
-    ],
-    "tekton/src/tasks/gitops/gitops-deprovision-suite-sendgrid-subuser.yml.j2": [
-      {
-        "type": "Secret Keyword",
-        "filename": "tekton/src/tasks/gitops/gitops-deprovision-suite-sendgrid-subuser.yml.j2",
-        "hashed_secret": "dca00774dc9414aef8fdd810e901af818bb1d514",
-        "is_verified": false,
-        "line_number": 105
-      }
-    ],
-    "tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2": [
-      {
-        "type": "Secret Keyword",
-        "filename": "tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2",
-        "hashed_secret": "dca00774dc9414aef8fdd810e901af818bb1d514",
-        "is_verified": false,
-        "line_number": 416
-      }
-    ],
-    "tekton/src/tasks/gitops/gitops-suite-smtp-config-sendgrid.yml.j2": [
-      {
-        "type": "Secret Keyword",
-        "filename": "tekton/src/tasks/gitops/gitops-suite-smtp-config-sendgrid.yml.j2",
-        "hashed_secret": "dca00774dc9414aef8fdd810e901af818bb1d514",
-        "is_verified": false,
-        "line_number": 161
-      },
-      {
-        "type": "Secret Keyword",
-        "filename": "tekton/src/tasks/gitops/gitops-suite-smtp-config-sendgrid.yml.j2",
-        "hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db",
-        "is_verified": false,
-        "line_number": 215
-      }
-    ],
-    "tekton/src/tasks/gitops/gitops-suite-watson-studio-config.yml.j2": [
-      {
-        "type": "Secret Keyword",
-        "filename": "tekton/src/tasks/gitops/gitops-suite-watson-studio-config.yml.j2",
-        "hashed_secret": "7cb6efb98ba5972a9b5090dc2e517fe14d12cb04",
-        "is_verified": false,
-        "line_number": 83
+        "verified_result": null
       },
       {
-        "type": "Secret Keyword",
-        "filename": "tekton/src/tasks/gitops/gitops-suite-watson-studio-config.yml.j2",
-        "hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db",
+        "hashed_secret": "dff4237287a43a4021cabfc10c7902d40df724ad",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 85
+        "line_number": 259,
+        "type": "Base64 High Entropy String",
+        "verified_result": null
       }
     ]
   },

From 4f3371c97e033bbcf8f779797ea86c92d9756c9c Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 12 Jun 2025 20:48:57 +0530
Subject: [PATCH 093/258] resolved issue odh_operator_version

---
 .secrets.baseline                                           | 2 +-
 image/cli/mascli/functions/gitops_aibroker                  | 2 +-
 image/cli/mascli/functions/gitops_aibroker_tenant           | 6 ++++--
 .../cluster/instance/ibm-aibroker-tenant.yaml.j2            | 2 +-
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2      | 6 +++++-
 5 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index d13aaf2c94c..fcf281511a1 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-12T08:15:58Z",
+  "generated_at": "2025-06-12T15:17:38Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index e368564ea21..22f77e37155 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -327,7 +327,7 @@ function gitops_aibroker() {
   fi
   reset_colors
 
-# echo all the variables ofgitops+envs
+  # echo all the variables ofgitops+envs
   echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
   echo_reset_dim "AI Broker Namespace ................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "MAS AI Broker WatsonX Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONX_SECRET}"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 471895affbb..4eb7ffdb7d2 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -331,8 +331,8 @@ function gitops_aibroker_tenant_noninteractive() {
 
   # -- Watsonx
   [[ -z "$MAS_AIBROKER_WATSONXAI_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --mas-aibroker-watsonxai-url."
-  [[ -z "$MAS_AIBROKER_WATSONXAI_APIKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_APIKEY is not set. Please provide the Watsonx.ai API key using --mas-aibroker-watsonxai-apikey."
-  [[ -z "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_PROJECT_ID is not set. Please specify the Watsonx.ai project ID using --mas-aibroker-watsonxai-project-id."
+  # [[ -z "$MAS_AIBROKER_WATSONXAI_APIKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_APIKEY is not set. Please provide the Watsonx.ai API key using --mas-aibroker-watsonxai-apikey."
+  # [[ -z "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_PROJECT_ID is not set. Please specify the Watsonx.ai project ID using --mas-aibroker-watsonxai-project-id."
   
   ##review
   [[ -z "$RSL_URL" ]] && gitops_aibroker_tenant_help "RSL_URL is not set. Please specify the RSL URL using --rsl-url."
@@ -441,6 +441,7 @@ function gitops_aibroker_tenant() {
   export SECRET_KEY_RSL_TOKEN=${SECRETS_PREFIX}rsl#rsl_token
   #watsonx
   export SECRET_KEY_WATSONXAI_APIKEY=${SECRETS_PREFIX}watsonx#watsonxai_apikey
+  export MAS_AIBROKER_WATSONXAI_PROJECT_ID=${SECRETS_PREFIX}watsonx#watsonxai_project_id
   ##review
 
 
@@ -462,6 +463,7 @@ function gitops_aibroker_tenant() {
   sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_default"
   ##review
   sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token"
+  sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id"
   ##review
   # finally push them into the git repo
 
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index c7624542de4..5a4fa56e842 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -45,7 +45,7 @@ ibm_aibroker_tenant:
   
   # watsonx
   mas_aibroker_watsonxai_url: "{{ MAS_AIBROKER_WATSONXAI_URL }}"
-  mas_aibroker_watsonxai_project_id: "{{ MAS_AIBROKER_WATSONXAI_PROJECT_ID }}"
+  mas_aibroker_watsonxai_project_id: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_WATSONXAI_PROJECT_ID }}"
   mas_aibroker_watsonxai_apikey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_WATSONXAI_APIKEY }}>"
 
   # minio
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index d0f8bd85e50..467659e15b7 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -137,7 +137,9 @@ spec:
       type: string
     - name: opendatahub_namespace
       type: string
- 
+    - name: odh_operator_version
+      type: string
+
     # KMODEL-specific 
     - name: aibroker_internal_tls
       type: string
@@ -275,6 +277,8 @@ spec:
           value: $(params.opendatahub_operator_group)
         - name: opendatahub_namespace
           value: $(params.opendatahub_namespace)
+        - name: odh_operator_version
+          value: $(params.odh_operator_version)
 
     # 3.gitops-Aibroker
     # -------------------------------------------------------------------------

From 73ee0ca6d0047589b7374c4d0f67ff05f3f5c278 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 12 Jun 2025 21:30:38 +0530
Subject: [PATCH 094/258] capitalise all names

---
 .secrets.baseline                              | 2 +-
 tekton/src/tasks/gitops/gitops-aibroker.yml.j2 | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index fcf281511a1..aa99d57d570 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-12T15:17:38Z",
+  "generated_at": "2025-06-12T16:00:12Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index a36d7180228..919903cbf1e 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -225,17 +225,18 @@ spec:
       - name: IN_SAAS_ENV
         value: $(params.in_saas_env)
       ##review
-      - name: environment_type
+      - name: ENVIRONMENT_TYPE
         value: $(params.environment_type)
 
-      - name: mas_aibroker_s3_endpoint_url
+      - name: MAS_AIBROKER_S3_ENDPOINT_URL
         value: $(params.mas_aibroker_s3_endpoint_url)
 
-      - name: mas_aibroker_s3_region
+      - name: MAS_AIBROKER_S3_REGION
         value: $(params.mas_aibroker_s3_region)
 
-      - name: mas_aibroker_s3_bucket_prefix
+      - name: MAS_AIBROKER_S3_BUCKET_PREFIX
         value: $(params.mas_aibroker_s3_bucket_prefix)
+        
       ##review
     envFrom:
       - configMapRef:

From 52a697fd149e6b93ae3b3258c4f859270e4f0213 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 12 Jun 2025 22:08:02 +0530
Subject: [PATCH 095/258] mas_icr_cp added

---
 .secrets.baseline                                               | 2 +-
 .../gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2   | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index aa99d57d570..aa0d1239ee1 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-12T16:00:12Z",
+  "generated_at": "2025-06-12T16:37:39Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index e9097fbcda1..384e41e538c 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -46,3 +46,5 @@ ibm_kmodel:
   ##review
   model_id_unique_length: "{{ MODEL_ID_UNIQUE_LENGTH }}"
   model_id_prefix: "{{ MODEL_ID_PREFIX }}"
+
+  mas_icr_cp: "{{ MAS_ICR_CP }}"

From 2d5a02cb81e51dc72a60995fddc1b253a6f7ac17 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 13 Jun 2025 12:29:50 +0530
Subject: [PATCH 096/258] Update ibm-mas-odh-install.yaml.j2

---
 .../appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
index 0c4b65e0abd..4af29fae7c2 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
@@ -50,7 +50,7 @@ ibm_odh:
   mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_HOST }}>"
   mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_PORT }}>"
   mas_aibroker_storage_ssl: {{ MAS_AIBROKER_STORAGE_SSL }}
-  mas_aibroker_storage_region: {{ MAS_AIBROKER_STORAGE_REGION }}
+  mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
   mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_BUCKET_DEFAULT }}>"
 
   # MariaDB configuration

From dcd0c74083d4bfa485e55df458cb52d70dbdb880 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 13 Jun 2025 12:46:24 +0530
Subject: [PATCH 097/258] Update .secrets.baseline

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index aa0d1239ee1..70c1800718d 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-12T16:37:39Z",
+  "generated_at": "2025-06-13T07:16:17Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From 564af749c7feb9473476959b96f4b0e1ec5e8ab7 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 14 Jun 2025 09:49:16 +0530
Subject: [PATCH 098/258] cherry-pick e36928b6ce conflict

---
 .secrets.baseline                             |  2 +-
 .../mascli/functions/gitops_aibroker_tenant   | 11 ++++++--
 image/cli/mascli/functions/gitops_odh         |  4 +--
 .../instance/ibm-aibroker-tenant.yaml.j2      | 26 +++++++++----------
 .../cluster/instance/ibm-aibroker.yaml.j2     |  3 +--
 .../gitops/gitops-mas-aibroker-tenant.yml.j2  |  4 +++
 .../gitops/gitops-aibroker-tenant.yml.j2      |  6 ++++-
 7 files changed, 35 insertions(+), 21 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 70c1800718d..47457ed60dc 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-13T07:16:17Z",
+  "generated_at": "2025-06-14T04:18:13Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 4eb7ffdb7d2..d7d929fcc69 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -18,6 +18,7 @@ Basic Configuration:
 ibm_aibroker_tenant(required):
       --mas-instance-id ${COLOR_YELLOW}MAS_INSTACE_ID${TEXT_RESET}                                          The MAS instance ID used by AI Broker
       --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                        The tenant's Kubernetes namespace
+      --tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                     The tenant ID for the AI Broker instance
       --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                           The domain name of the Kubernetes cluster (e.g., cluster.local)
       --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
       --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
@@ -30,7 +31,8 @@ AIBroker :
 --aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
 --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant
 --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                               The MAS instance ID used by AI Broker
---tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                             The tenant's Kubernetes namespace
+--tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                              The tenant's Kubernetes namespace
+--tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                           The tenant ID for the AI Broker instance
 --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
 --in-saas-env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
 --ibm-entitlement-key ${COLOR_YELLOW}IBM_ENTITLEMENT_KEY${TEXT_RESET}                                       IBM Entitlement API key for accessing IBM container registries
@@ -159,6 +161,9 @@ function gitops_aibroker_tenant_noninteractive() {
       --tenantNamespace)
         export TENANT_NAMESPACE=$1 && shift
         ;;
+      --tenant-id)
+        export TENANT_ID=$1 && shift
+        ;;
       --cluster-domain)
         export CLUSTER_DOMAIN=$1 && shift
         ;;
@@ -321,6 +326,7 @@ function gitops_aibroker_tenant_noninteractive() {
   # -- AIBroker
   [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
   [[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_tenant_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
+  [[ -z "$TENANT_ID" ]] && gitops_aibroker_tenant_help "TENANT_ID is not set. Please provide the tenant ID using --tenant-id."
   [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_tenant_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster-domain."
   
   # -- DRO
@@ -357,7 +363,7 @@ function gitops_aibroker_tenant() {
 
   rm -rf $GITOPS_WORKING_DIR
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}/${TENANT_ID}
   # TEMP_DIR=$GITOPS_CLUSTER_DIR/${MAS_INSTANCE_ID}
   # mkdir -p ${TEMP_DIR}
 
@@ -404,6 +410,7 @@ function gitops_aibroker_tenant() {
   echo_reset_dim "mas aibroker provision tenant ................ ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
   echo_reset_dim "mas instance ID .............................. ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
   echo_reset_dim "tenant namespace ............................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
+  echo_reset_dim "tenant ID .................................... ${COLOR_MAGENTA}${TENANT_ID}"
   echo_reset_dim "cluster domain ............................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
   echo_reset_dim "in SaaS environment .......................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
 
diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 565e801aeef..3b9751c3d90 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -124,8 +124,8 @@ function gitops_odh_noninteractive() {
   export ODH_PIPELINE_NAME="${ODH_PIPELINE_NAME:-"openshift-pipelines-operator"}"
   export ODH_PIPELINE_NAMESPACE="${ODH_PIPELINE_NAMESPACE:-"openshift-operators"}"
   export ODH_PIPELINE_OPERATOR_NAME="${ODH_PIPELINE_OPERATOR_NAME:-"openshift-pipelines-operator-rh"}"
-  export ODH_PIPELINE_SOURCE="${ODH_PIPELINE_SOURCE:-"redhat_operators"}"
-  export ODH_PIPELINE_SOURCE_NAMESPACE="${ODH_PIPELINE_SOURCE_NAMESPACE:-"openshift_marketplace"}"
+  export ODH_PIPELINE_SOURCE="${ODH_PIPELINE_SOURCE:-"redhat-operators"}"
+  export ODH_PIPELINE_SOURCE_NAMESPACE="${ODH_PIPELINE_SOURCE_NAMESPACE:-"openshift-marketplace"}"
 
   export SERVERLESS_NAMESPACE="${SERVERLESS_NAMESPACE:-"openshift-serverless"}"
   export SERVERLESS_OPERATOR_NAME="${SERVERLESS_OPERATOR_NAME:-"serverless-operator"}"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 5a4fa56e842..5bab46b6771 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -5,7 +5,7 @@ ibm_aibroker_tenant:
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
   mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
   mas_instance_id: "{{ MAS_INSTANCE_ID }}"
-  tenantNamespace: "{{ TENANTNAMESPACE }}"
+  tenantNamespace: "{{ TENANT_NAMESPACE }}"
   cluster_domain: "{{ CLUSTER_DOMAIN }}"
   in_saas_env: "{{ IN_SAAS_ENV }}"
   ibm_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IBM_ENTITLEMENT }}>"
@@ -13,12 +13,6 @@ ibm_aibroker_tenant:
   mas_icr_cp: "{{ MAS_ICR_CP }}"
   mas_icr_cpopen: "{{ MAS_ICR_CPOPEN }}"
 
-  #tenant ##review
-  tenant_entitlement_type: "{{ TENANT_ENTITLEMENT_TYPE }}"
-  tenant_entitlement_start_date: "{{ TENANT_ENTITLEMENT_START_DATE }}"
-  tenant_entitlement_end_date: "{{ TENANT_ENTITLEMENT_END_DATE }}"
-  ##review
-
   # dro
   artifactory_token: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_ARTIFACTORY_TOKEN }}>"
   drocfg_url: "{{ DROCFG_URL }}"
@@ -34,12 +28,6 @@ ibm_aibroker_tenant:
   rsl_url: "{{ RSL_URL }}"
   rsl_org_id: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_RSL_ORG_ID }}>"
   rsl_token: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_RSL_TOKEN }}>"
-
-
-  # S3
-  mas_aibroker_s3_endpoint_url: "{{ MAS_AIBROKER_S3_ENDPOINT_URL }}"
-  mas_aibroker_s3_region: "{{ MAS_AIBROKER_S3_REGION }}"
-  mas_aibroker_s3_bucket_prefix: "{{ MAS_AIBROKER_S3_BUCKET_PREFIX }}"
   ##review
 
   
@@ -56,3 +44,15 @@ ibm_aibroker_tenant:
   mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_SECRETKEY }}>"
   mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_BUCKET }}>"
   mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
+
+
+  #tenant ##review
+  # S3
+  mas_aibroker_s3_endpoint_url: "{{ MAS_AIBROKER_S3_ENDPOINT_URL }}"
+  mas_aibroker_s3_region: "{{ MAS_AIBROKER_S3_REGION }}"
+  mas_aibroker_s3_bucket_prefix: "{{ MAS_AIBROKER_S3_BUCKET_PREFIX }}"
+
+  tenant_entitlement_type: "{{ TENANT_ENTITLEMENT_TYPE }}"
+  tenant_entitlement_start_date: "{{ TENANT_ENTITLEMENT_START_DATE }}"
+  tenant_entitlement_end_date: "{{ TENANT_ENTITLEMENT_END_DATE }}"
+  ##review
\ No newline at end of file
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
index d5b0f0fc507..7981fe91d14 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
@@ -6,9 +6,8 @@ ibm_aibroker:
   mas_aibroker_watsonx_secret: "{{ MAS_AIBROKER_WATSONX_SECRET }}"
   ibm_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IBM_ENTITLEMENT }}>"
 
- #minio......
   mas_aibroker_storage_provider: "{{ MAS_AIBROKER_STORAGE_PROVIDER }}"
-  mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"  #mas_aibroker_minio_secret: "minio-secret"
+  mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
   mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
   mas_aibroker_minio_secret: "{{ MAS_AIBROKER_MINIO_SECRET }}"
 
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index 1e589a87d8d..766bc835f57 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -33,6 +33,8 @@ spec:
       type: string
     - name: tenantNamespace
       type: string
+    - name: tenant_id
+      type: string
     - name: cluster_domain
       type: string
     - name: in_saas_env
@@ -154,6 +156,8 @@ spec:
           value: $(params.mas_instance_id)
         - name: tenantNamespace
           value: $(params.tenantNamespace)
+        - name: tenant_id
+          value: $(params.tenant_id)
         - name: cluster_domain
           value: $(params.cluster_domain)
         - name: in_saas_env
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index 7734617371f..5d06a5b698b 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -32,6 +32,8 @@ spec:
       type: string
     - name: tenantNamespace
       type: string
+    - name: tenant_id
+      type: string
     - name: cluster_domain
       type: string
     - name: in_saas_env
@@ -146,7 +148,9 @@ spec:
 
       - name: TENANT_NAMESPACE
         value: $(params.tenantNamespace)
-
+      - name: TENANT_ID
+        value: $(params.tenant_id)
+        
       - name: CLUSTER_DOMAIN
         value: $(params.cluster_domain)
 

From 10fcae3db32405fa53857d0c3dfc86759951a978 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sun, 15 Jun 2025 12:35:41 +0530
Subject: [PATCH 099/258] tenant id added into merge para

---
 .secrets.baseline                                               | 2 +-
 .../appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 47457ed60dc..78d88694d48 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-14T04:18:13Z",
+  "generated_at": "2025-06-15T06:53:45Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 5bab46b6771..0fbcfee1d52 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -1,4 +1,4 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}/{{ TENANT_ID }}"
 
 ibm_aibroker_tenant:
   # aibroker

From 236a4487516e88f96ec4127eccc3d7f6c7ab6ee7 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 16 Jun 2025 17:00:46 +0530
Subject: [PATCH 100/258] cherry-pick dae71a7ca3 conflict

---
 .secrets.baseline                             |  2 +-
 image/cli/mascli/functions/gitops_aibroker    | 25 +++++++++++++++++--
 .../instance/ibm-aibroker-tenant.yaml.j2      |  1 +
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 78d88694d48..452b4d46d31 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-15T06:53:45Z",
+  "generated_at": "2025-06-16T11:22:02Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 22f77e37155..d8bd1675d02 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -68,6 +68,9 @@ sls_dro_jdbc
       --cluster-domain ${TEXT_RESET}CLUSTER_DOMAIN${TEXT_RESET}
       --in-saas-env ${TEXT_RESET}IN_SAAS_ENV${TEXT_RESET}
 
+Target Cluster (Optional):
+      --cluster-url ${COLOR_YELLOW}CLUSTER_URL${TEXT_RESET}       Set to target a remote Kubernetes cluster (defaults to 'https://kubernetes.default.svc')
+
 Automatic GitHub Push (Optional):
   -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
   -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
@@ -110,12 +113,15 @@ function gitops_aibroker_noninteractive() {
   #-- mariadb defaults
   export MAS_AIBROKER_MARIADB_SECRET=${MAS_AIBROKER_MARIADB_SECRET:-"${MAS_APP_ID}-mariadbcfge"}
 
-    ##review
+  ##review
   export MAS_AIBROKER_S3_BUCKET_PREFIX=${MAS_AIBROKER_S3_BUCKET_PREFIX:-"m"}
   export MAS_AIBROKER_S3_REGION=${MAS_AIBROKER_S3_REGION:-"us-east-2"}
   export ENVIRONMENT_TYPE=${ENVIRONMENT_TYPE:-"standard"}
   ##review
 
+  # Target the local (to ArgoCD) cluster
+  export CLUSTER_URL=${CLUSTER_URL:-"https://kubernetes.default.svc"}
+
   while [[ $# -gt 0 ]]
   do
     key="$1"
@@ -205,6 +211,11 @@ function gitops_aibroker_noninteractive() {
         ;;
       ##review
 
+     # Target Cluster (Optional)
+      --cluster-url)
+        export CLUSTER_URL=$1 && shift
+        ;;
+        
       # Automatic GitHub Push
       -P|--github-push)
         export GITHUB_PUSH=true
@@ -246,7 +257,8 @@ function gitops_aibroker_noninteractive() {
   [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
   [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_help "CLUSTER_ID is not set"
   [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_aibroker_help "REGION_ID or SM_AWS_REGION is not set"
-
+  [[ -z "$CLUSTER_URL" ]] && gitops_suite_help "CLUSTER_URL is not set"
+  
   if [[ "$GITHUB_PUSH" == "true" ]]; then
     [[ -z "$GITHUB_HOST" ]] && gitops_aibroker_help "GITHUB_HOST is not set"
     [[ -z "$GITHUB_ORG" ]] && gitops_aibroker_help "GITHUB_ORG is not set"
@@ -300,6 +312,7 @@ function gitops_aibroker() {
   echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
   echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
   echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "Cluster URL .................... ${COLOR_MAGENTA}${CLUSTER_URL}"
   echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
   reset_colors
 
@@ -455,6 +468,14 @@ function gitops_aibroker() {
     fi
     mkdir -p ${GITOPS_CLUSTER_DIR}
 
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Generating Argo Project and Applications"
+
+    echo "- Base Config"
+    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2 ${GITOPS_INSTANCE_DIR}/ibm-aibroker-instance-base.yaml
+
     # Generate ArgoApps
     # ---------------------------------------------------------------------------
     echo
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 0fbcfee1d52..471630a6819 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -2,6 +2,7 @@ merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}/{{ TENANT_ID
 
 ibm_aibroker_tenant:
   # aibroker
+  tenant_id: "{{ TENANT_ID }}"
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
   mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
   mas_instance_id: "{{ MAS_INSTANCE_ID }}"

From 120036522e16cb2d5b358a0d6ed14efc227833a9 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 16 Jun 2025 17:41:22 +0530
Subject: [PATCH 101/258] Update gitops_aibroker

debug logs added
---
 image/cli/mascli/functions/gitops_aibroker | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index d8bd1675d02..e720711649a 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -472,15 +472,15 @@ function gitops_aibroker() {
     # ---------------------------------------------------------------------------
     echo
     echo_h2 "Generating Argo Project and Applications"
-
     echo "- Base Config"
+    echo "Generating aibroker base file ${GITOPS_CLUSTER_DIR}/ibm-aibroker-instance-base.yaml"
     jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2 ${GITOPS_INSTANCE_DIR}/ibm-aibroker-instance-base.yaml
 
     # Generate ArgoApps
     # ---------------------------------------------------------------------------
     echo
     echo_h2 "Generating aibroker operator Applications"
-    echo "- minio operator"
+    echo "- aibroker operator"
 
     echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml"
     jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml

From d118576b18b7d250f23de7d30a0abb38c430ee1c Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 17 Jun 2025 08:57:56 +0530
Subject: [PATCH 102/258] Update gitops_aibroker

updated correct directory path
---
 image/cli/mascli/functions/gitops_aibroker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index e720711649a..8d8dd828d7b 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -474,7 +474,7 @@ function gitops_aibroker() {
     echo_h2 "Generating Argo Project and Applications"
     echo "- Base Config"
     echo "Generating aibroker base file ${GITOPS_CLUSTER_DIR}/ibm-aibroker-instance-base.yaml"
-    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2 ${GITOPS_INSTANCE_DIR}/ibm-aibroker-instance-base.yaml
+    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker-instance-base.yaml
 
     # Generate ArgoApps
     # ---------------------------------------------------------------------------

From f37e0c9722b2b33bce0d891a511d159d057ce54f Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 17 Jun 2025 14:27:26 +0530
Subject: [PATCH 103/258] Update gitops_aibroker

---
 image/cli/mascli/functions/gitops_aibroker | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 8d8dd828d7b..aca093273b5 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -433,7 +433,7 @@ function gitops_aibroker() {
   export JDBCCFG_CA=${SECRETS_PREFIX}jdbc#jdbccfg_ca
 
   export MAS_ENTITLEMENT_KEY=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
-  export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
+  export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#aibroker_image_pull_secret_b64
   # check if those are already present 
   
   # and update them 
@@ -445,7 +445,7 @@ function gitops_aibroker() {
   # updated var in sm 
   # and git repo 
 
-  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
+  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "aibroker_image_pull_secret_b64,entitlement_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url"
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_templates,sm_minio_bucket_tenants,sm_minio_bucket_pipelines"

From 26c3da901cacdf4ffa93caf4a8572ca11ecec797 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 20 Jun 2025 11:47:13 +0530
Subject: [PATCH 104/258] cherry-pick 9bb40f27e8 conflict

---
 .secrets.baseline                             |  2 +-
 .../mascli/functions/gitops_aibroker_tenant   | 10 ++++++-
 .../instance/ibm-aibroker-tenant-base.yaml.j2 | 27 +++++++++++++++++++
 3 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2

diff --git a/.secrets.baseline b/.secrets.baseline
index 452b4d46d31..829701f5724 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-16T11:22:02Z",
+  "generated_at": "2025-06-20T06:15:46Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index d7d929fcc69..bce013e8b0d 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -426,7 +426,7 @@ function gitops_aibroker_tenant() {
   echo_reset_dim "Watsonx.ai project ID ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_PROJECT_ID}"
 
   # -- MinIO
-  echo_reset_dim "MinIO SSL enabled ............................ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
+  echo_reset_dim "SSL enabled ............................ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
 
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
@@ -487,6 +487,14 @@ function gitops_aibroker_tenant() {
     fi
     mkdir -p ${GITOPS_CLUSTER_DIR}
 
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Generating Argo Project and Applications"
+    echo "- Base Config"
+    echo "Generating aibroker base file ${GITOPS_CLUSTER_DIR}/ibm-aibroker-instance-base.yaml"
+    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant-base.yaml
+
     # Generate ArgoApps
     # ---------------------------------------------------------------------------
     echo
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
new file mode 100644
index 00000000000..3a94580ae1f
--- /dev/null
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
@@ -0,0 +1,27 @@
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}/{{ TENANT_ID }}"
+
+account:
+  id: {{ ACCOUNT_ID }}
+
+region:
+  id: {{ REGION_ID }}
+
+cluster:
+  id: {{ CLUSTER_ID }}
+  url: {{ CLUSTER_URL }}
+
+instance:
+  id: {{ MAS_INSTANCE_ID }}
+
+tenant:
+  id: "{{ TENANT_ID }}"
+
+sm:
+  aws_access_key_id: "<path:{{ SECRETS_PATH }}:{{ACCOUNT_ID}}/{{CLUSTER_ID}}/aws#sm_aws_access_key_id>"
+  aws_secret_access_key: "<path:{{ SECRETS_PATH }}:{{ACCOUNT_ID}}/{{CLUSTER_ID}}/aws#sm_aws_secret_access_key>"
+
+{% if MAS_WIPE_MONGO_DATA == 'true' %}
+mas_wipe_mongo_data: true
+{% else %}
+mas_wipe_mongo_data: false
+{% endif %}

From 238a5e5d2a41949262fdb65614c2d1ce8ea324b3 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 20 Jun 2025 12:18:26 +0530
Subject: [PATCH 105/258] cherry-pick 054f31fd7f conflict

---
 .secrets.baseline                             |  2 +-
 .../mascli/functions/gitops_aibroker_tenant   | 25 ++++++++++---------
 .../instance/ibm-aibroker-tenant-base.yaml.j2 |  3 +--
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 829701f5724..43db659383c 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-20T06:15:46Z",
+  "generated_at": "2025-06-20T06:48:17Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index bce013e8b0d..d391e3c7198 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -112,7 +112,6 @@ function gitops_aibroker_tenant_noninteractive() {
 
   # -- MinIO Defaults
   export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
-  export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
 
   while [[ $# -gt 0 ]]
   do
@@ -344,6 +343,8 @@ function gitops_aibroker_tenant_noninteractive() {
   [[ -z "$RSL_URL" ]] && gitops_aibroker_tenant_help "RSL_URL is not set. Please specify the RSL URL using --rsl-url."
   [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
   ##review
+  [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_SSL is not set. Please specify whether SSL is enabled for MinIO using --mas-aibroker-storage-ssl."
+
 }
 
 function gitops_aibroker_tenant() {
@@ -390,16 +391,16 @@ function gitops_aibroker_tenant() {
   echo "${TEXT_DIM}"
   if [[ "$GITHUB_PUSH" == "true" ]]; then
     echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled"
-    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-    echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}"
-    echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}"
-    echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}"
-    echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}"
+    echo_reset_dim "Automatic Push ............................. ${COLOR_GREEN}Enabled"
+    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+    echo_reset_dim "Host ....................................... ${COLOR_MAGENTA}${GITHUB_HOST}"
+    echo_reset_dim "Organization ............................... ${COLOR_MAGENTA}${GITHUB_ORG}"
+    echo_reset_dim "Repository ................................. ${COLOR_MAGENTA}${GITHUB_REPO}"
+    echo_reset_dim "Branch ..................................... ${COLOR_MAGENTA}${GIT_BRANCH}"
   else
     echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled"
-    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+    echo_reset_dim "Automatic Push ............................. ${COLOR_RED}Disabled"
+    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
   fi
   reset_colors
 
@@ -426,7 +427,7 @@ function gitops_aibroker_tenant() {
   echo_reset_dim "Watsonx.ai project ID ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_PROJECT_ID}"
 
   # -- MinIO
-  echo_reset_dim "SSL enabled ............................ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
+  echo_reset_dim "SSL enabled .................................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
 
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
@@ -492,14 +493,14 @@ function gitops_aibroker_tenant() {
     echo
     echo_h2 "Generating Argo Project and Applications"
     echo "- Base Config"
-    echo "Generating aibroker base file ${GITOPS_CLUSTER_DIR}/ibm-aibroker-instance-base.yaml"
+    echo "Generating aibroker base file ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant-base.yaml"
     jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant-base.yaml
 
     # Generate ArgoApps
     # ---------------------------------------------------------------------------
     echo
     echo_h2 "Generating aibroker operator Applications"
-    echo "- minio operator"
+    echo "- aibroker tenant operator"
 
     echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant.yaml"
     jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant.yaml
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
index 3a94580ae1f..899f6540d06 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
@@ -14,12 +14,11 @@ instance:
   id: {{ MAS_INSTANCE_ID }}
 
 tenant:
-  id: "{{ TENANT_ID }}"
+  id: {{ TENANT_ID }}
 
 sm:
   aws_access_key_id: "<path:{{ SECRETS_PATH }}:{{ACCOUNT_ID}}/{{CLUSTER_ID}}/aws#sm_aws_access_key_id>"
   aws_secret_access_key: "<path:{{ SECRETS_PATH }}:{{ACCOUNT_ID}}/{{CLUSTER_ID}}/aws#sm_aws_secret_access_key>"
-
 {% if MAS_WIPE_MONGO_DATA == 'true' %}
 mas_wipe_mongo_data: true
 {% else %}

From cde3b756912946659350dd4a2c150b08626c14db Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 21 Jun 2025 17:24:20 +0530
Subject: [PATCH 106/258] cherry-pick 0513356926 conflict

---
 .secrets.baseline                                        | 2 +-
 image/cli/mascli/functions/gitops_kmodel                 | 9 +++------
 image/cli/mascli/functions/gitops_odh                    | 1 +
 .../cluster/instance/ibm-aibroker-tenant.yaml.j2         | 2 +-
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2   | 4 +++-
 tekton/src/tasks/gitops/gitops-odh.yml.j2                | 7 ++++++-
 6 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 43db659383c..ff305bc6a75 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-20T06:48:17Z",
+  "generated_at": "2025-06-21T11:51:27Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 2b6681ff325..4079ae998a3 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -90,9 +90,6 @@ function gitops_kmodel_noninteractive() {
   export MODEL_ID_PREFIX=${MODEL_ID_PREFIX:-"m"}  
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export DOCKER_SERVER=${DOCKER_SERVER:-"${MAS_ICR_CP}/aibroker"}
-  export IMAGE_STORE=${IMAGE_STORE:-"${DOCKER_SERVER}/store:1.0.3-pre.maint10xdev"}
-  export IMAGE_WATCHER=${IMAGE_WATCHER:-"${DOCKER_SERVER}/watcher:1.0.5-pre.maint10xdev"}
-  export IMAGE_CONTROLLER=${IMAGE_CONTROLLER:-"${DOCKER_SERVER}/controller:1.0.8-pre.maint10xdev"}
   export PULLSECRETNAME=${PULLSECRETNAME:-"ibm-entitlement"}
   ##review
   export MAS_APP_CHANNEL=${MAS_APP_CHANNEL:-"workspace"}
@@ -304,9 +301,9 @@ function gitops_kmodel_noninteractive() {
   # add validation for those variable which have the value needed for further execution
   [[ -z "$MAS_INSTANCE_ID" ]] && gitops_kmodel_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
   [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_kmodel_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
-  # [[ -z "$MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET is not set. Please provide the templates bucket name using --mas-aibroker-storage-templates-bucket."
-  # [[ -z "$MAS_AIBROKER_STORAGE_TENANTS_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_TENANTS_BUCKET is not set. Please provide the tenants bucket name using --mas-aibroker-storage-tenants-bucket."
-  # [[ -z "$MAS_AIBROKER_STORAGE_PIPELINES_BUCKET" ]] && gitops_kmodel_help "MAS_AIBROKER_STORAGE_PIPELINES_BUCKET is not set. Please provide the pipelines bucket name using --mas-aibroker-storage-pipelines-bucket."
+  [[ -z "$IMAGE_STORE" ]] && gitops_kmodel_help "IMAGE_STORE is not set. Please provide the image store using --image-store."
+  [[ -z "$IMAGE_WATCHER" ]] && gitops_kmodel_help "IMAGE_WATCHER is not set. Please provide the image watcher using --image-watcher."
+  [[ -z "$IMAGE_CONTROLLER" ]] && gitops_kmodel_help "IMAGE_CONTROLLER is not set. Please provide the image controller using --image-controller."
 
 }
 
diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 3b9751c3d90..ad4ea22f8da 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -495,6 +495,7 @@ function gitops_odh() {
   echo_reset_dim "MINIO_BUCKET ........................... ${COLOR_MAGENTA}${MINIO_BUCKET}"
   echo_reset_dim "MARIADB_HOST ........................... ${COLOR_MAGENTA}${MARIADB_HOST}"
   echo_reset_dim "MARIADB_DATABASE ....................... ${COLOR_MAGENTA}${MARIADB_DATABASE}"
+  echo_reset_dim "MAS_AIBROKER_STORAGE_SSL ................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
   reset_colors
 
 
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 471630a6819..da440a12477 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -34,7 +34,7 @@ ibm_aibroker_tenant:
   
   # watsonx
   mas_aibroker_watsonxai_url: "{{ MAS_AIBROKER_WATSONXAI_URL }}"
-  mas_aibroker_watsonxai_project_id: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_WATSONXAI_PROJECT_ID }}"
+  mas_aibroker_watsonxai_project_id: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_WATSONXAI_PROJECT_ID }}>"
   mas_aibroker_watsonxai_apikey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_WATSONXAI_APIKEY }}>"
 
   # minio
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index 467659e15b7..0831f5361af 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -279,7 +279,9 @@ spec:
           value: $(params.opendatahub_namespace)
         - name: odh_operator_version
           value: $(params.odh_operator_version)
-
+        - name: mas_aibroker_storage_ssl
+          value: $(params.mas_aibroker_storage_ssl)
+          
     # 3.gitops-Aibroker
     # -------------------------------------------------------------------------
 
diff --git a/tekton/src/tasks/gitops/gitops-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-odh.yml.j2
index 941dc1f70d2..78d44f2a97e 100644
--- a/tekton/src/tasks/gitops/gitops-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-odh.yml.j2
@@ -39,6 +39,9 @@ spec:
       type: string
     - name: odh_operator_version
       type: string
+    - name: mas_aibroker_storage_ssl
+      type: string
+      default: "true"
   stepTemplate:
     name: gitops-odh
     env:
@@ -74,8 +77,10 @@ spec:
         value: $(params.opendatahub_operator_group)
       - name: ODH_NAMESPACE
         value: $(params.opendatahub_namespace)
-      - name: odh_operator_version
+      - name: ODH_OPERATOR_VERSION
         value: $(params.odh_operator_version)
+      - name: MAS_AIBROKER_STORAGE_SSL
+        value: $(params.mas_aibroker_storage_ssl)
     envFrom:
       - configMapRef:
           name: environment-properties

From bee7205bdd6c0f2fca19110fef6c4649777bcbf7 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 28 Jun 2025 18:29:49 +0530
Subject: [PATCH 107/258] cherry-pick b195c03e5f conflict

---
 .secrets.baseline                                          | 2 +-
 image/cli/mascli/functions/gitops_aibroker                 | 7 +++++--
 .../appset-configs/cluster/instance/ibm-aibroker.yaml.j2   | 3 +--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index ff305bc6a75..90aa0379547 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-21T11:51:27Z",
+  "generated_at": "2025-06-28T12:59:19Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index aca093273b5..6c3c98073e9 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -50,6 +50,7 @@ mariadb storage
 sls_dro_jdbc
       --slscfg-registration-key ${TEXT_RESET}SLSCFG_REGISTRATION_KEY${TEXT_RESET}
       --drocfg-ca ${TEXT_RESET}DROCFG_CA${TEXT_RESET}
+      --drocfg-tenant ${TEXT_RESET}DROCFG_TENANT${TEXT_RESET}
       --drocfg-registration-key ${TEXT_RESET}DROCFG_REGISTRATION_KEY${TEXT_RESET}
       --drocfg-url ${TEXT_RESET}DROCFG_URL${TEXT_RESET}
       --jdbccfg-username ${TEXT_RESET}JDBCCFG_USERNAME${TEXT_RESET}
@@ -116,7 +117,7 @@ function gitops_aibroker_noninteractive() {
   ##review
   export MAS_AIBROKER_S3_BUCKET_PREFIX=${MAS_AIBROKER_S3_BUCKET_PREFIX:-"m"}
   export MAS_AIBROKER_S3_REGION=${MAS_AIBROKER_S3_REGION:-"us-east-2"}
-  export ENVIRONMENT_TYPE=${ENVIRONMENT_TYPE:-"standard"}
+  export ENVIRONMENT_TYPE=${ENVIRONMENT_TYPE:-"PRODUCTION"}
   ##review
 
   # Target the local (to ArgoCD) cluster
@@ -370,6 +371,7 @@ function gitops_aibroker() {
 
   echo_reset_dim "SLS Config Registration Key ............ ${COLOR_MAGENTA}${SLSCFG_REGISTRATION_KEY}"
   echo_reset_dim "DRO Config CA .......................... ${COLOR_MAGENTA}${DROCFG_CA}"
+  echo_reset_dim "DRO Config Tenant ...................... ${COLOR_MAGENTA}${DROCFG_TENANT}"
   echo_reset_dim "DRO Config Registration Key ............ ${COLOR_MAGENTA}${DROCFG_REGISTRATION_KEY}"
   echo_reset_dim "DRO Config URL ......................... ${COLOR_MAGENTA}${DROCFG_URL}"
   echo_reset_dim "JDBC Config Username ................... ${COLOR_MAGENTA}${JDBCCFG_USERNAME}"
@@ -423,6 +425,7 @@ function gitops_aibroker() {
   export SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
   #dro
   export DROCFG_CA=${SECRETS_PREFIX}dro#drocfg_ca
+  export DROCFG_TENANT=${SECRETS_PREFIX}dro#drocfg_ca_tenant
   export DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}dro#drocfg_registration_key
   export DROCFG_URL=${SECRETS_PREFIX}dro#drocfg_url
   #jdbc
@@ -446,7 +449,7 @@ function gitops_aibroker() {
   # and git repo 
 
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "aibroker_image_pull_secret_b64,entitlement_key"
-  sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url"
+  sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_tenant"
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_templates,sm_minio_bucket_tenants,sm_minio_bucket_pipelines"
   sm_verify_secret_exists ${SECRETS_PREFIX}mariadb "sm_mariadb_host,sm_mariadb_port,sm_mariadb_user,sm_mariadb_database,sm_mariadb_secret_name,sm_mariadb_secret_value"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
index 7981fe91d14..fed053c1096 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
@@ -39,8 +39,7 @@ ibm_aibroker:
   drocfg_ca: "<path:{{ SECRETS_PATH }}:{{ DROCFG_CA }}>"
   drocfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ DROCFG_REGISTRATION_KEY }}>"
   drocfg_url: "<path:{{ SECRETS_PATH }}:{{ DROCFG_URL }}>"
-
-
+  drocfg_ca_tenant: "<path:{{ SECRETS_PATH }}:{{ DROCFG_TENANT }}>"
 
   ##review
   environment_type: "{{ ENVIRONMENT_TYPE }}"

From e4d80d010038d5707b67b94f3aed1abef1990e61 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 28 Jun 2025 19:34:41 +0530
Subject: [PATCH 108/258] cherry-pick 6b1b5935aa conflict

---
 .secrets.baseline                             |  2 +-
 image/cli/mascli/functions/gitops_aibroker    | 20 ++++----
 .../mascli/functions/gitops_aibroker_tenant   | 43 +++++++++--------
 image/cli/mascli/functions/gitops_kmodel      | 30 ++++++------
 image/cli/mascli/functions/gitops_odh         | 48 +++++++++----------
 .../instance/ibm-aibroker-tenant.yaml.j2      | 11 +++--
 .../cluster/instance/ibm-aibroker.yaml.j2     | 14 +++---
 .../cluster/instance/ibm-kmodel.yaml.j2       | 14 +++---
 .../instance/ibm-mas-odh-install.yaml.j2      | 10 ++--
 9 files changed, 97 insertions(+), 95 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 90aa0379547..163bfc2c5b5 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-28T12:59:19Z",
+  "generated_at": "2025-06-28T14:03:47Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 6c3c98073e9..ff2e6f0bb50 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -25,7 +25,7 @@ ibm aibroker(required):
       --mas-instance-id ${TEXT_RESET}MAS_INSTACE_ID${TEXT_RESET}
       --primary-storage-class ${TEXT_RESET}PRIMARY_STORAGE_CLASS${TEXT_RESET}
 
-minio storage:
+storage provider:
       --mas-aibroker-storage-provider ${TEXT_RESET}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}
       --mas-aibroker-minio-secret ${TEXT_RESET}MAS_AIBROKER_MINIO_SECRET${TEXT_RESET}
       --mas-aibroker-storage-accesskey ${TEXT_RESET}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}
@@ -398,19 +398,19 @@ function gitops_aibroker() {
 
   export SECRET_KEY_IBM_ENTITLEMENT=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
 
-  #minio
+  #storage
   # mas_aibroker_storage_accesskey
-  export SECRET_KEY_MINIO_ACCESSKEY=${SECRETS_PREFIX}minio#sm_minio_accesskey
-  export SECRET_KEY_MINIO_SECRETKEY=${SECRETS_PREFIX}minio#sm_minio_secretkey
+  export SECRET_KEY_STORAGE_ACCESSKEY=${SECRETS_PREFIX}storage#sm_storage_accesskey
+  export SECRET_KEY_STORAGE_SECRETKEY=${SECRETS_PREFIX}storage#sm_storage_secretkey
   # mas_aibroker_storage_host
-  export SECRET_KEY_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
-  export SECRET_KEY_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
+  export SECRET_KEY_STORAGE_HOST=${SECRETS_PREFIX}storage#sm_storage_host
+  export SECRET_KEY_STORAGE_PORT=${SECRETS_PREFIX}storage#sm_storage_port
   # mas_aibroker_storage_templates_bucket
-  export SM_MINIO_BUCKET_TEMPLATES=${SECRETS_PREFIX}minio#sm_minio_bucket_templates
+  export SM_STORAGE_BUCKET_TEMPLATES=${SECRETS_PREFIX}storage#sm_storage_bucket_templates
   # mas_aibroker_storage_tenants_bucket
-  export SM_MINIO_BUCKET_TENANTS=${SECRETS_PREFIX}minio#sm_minio_bucket_tenants
+  export SM_STORAGE_BUCKET_TENANTS=${SECRETS_PREFIX}storage#sm_storage_bucket_tenants
   # mas_aibroker_storage_pipelines_bucket
-  export SM_MINIO_BUCKET_PIPELINES=${SECRETS_PREFIX}minio#sm_minio_bucket_pipelines
+  export SM_STORAGE_BUCKET_PIPELINES=${SECRETS_PREFIX}storage#sm_storage_bucket_pipelines
 
 
   #mariadb
@@ -451,7 +451,7 @@ function gitops_aibroker() {
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "aibroker_image_pull_secret_b64,entitlement_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_tenant"
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
-  sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_templates,sm_minio_bucket_tenants,sm_minio_bucket_pipelines"
+  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_port,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
   sm_verify_secret_exists ${SECRETS_PREFIX}mariadb "sm_mariadb_host,sm_mariadb_port,sm_mariadb_user,sm_mariadb_database,sm_mariadb_secret_name,sm_mariadb_secret_value"
 
   
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index d391e3c7198..c8a3a62dcd3 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -56,14 +56,14 @@ Watsonx :
 --mas-aibroker-watsonxai-apikey ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_APIKEY${TEXT_RESET}                    API key for authenticating with Watsonx.ai
 --mas-aibroker-watsonxai-project-id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}            Watsonx.ai project ID used by AI Broker
 
-MinIO :
---mas-aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                            Hostname or service name of the MinIO backend
---mas-aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                            Port number MinIO is exposed on
---mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                        Storage region used in MinIO (if applicable)
---mas-aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                  Access key to authenticate with MinIO
---mas-aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                  Secret key for authenticating with MinIO
---mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}    The MinIO bucket used to store pipeline assets
---mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                              Whether MinIO uses SSL (true/false)
+Storage :
+--mas-aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                            Hostname or service name of the STORAGE backend
+--mas-aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                            Port number STORAGE is exposed on
+--mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                        Storage region used in STORAGE (if applicable)
+--mas-aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                  Access key to authenticate with STORAGE
+--mas-aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                  Secret key for authenticating with STORAGE
+--mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}    The STORAGE bucket used to store pipeline assets
+--mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                              Whether STORAGE uses SSL (true/false)
 
 
 Automatic GitHub Push (Optional):
@@ -110,7 +110,7 @@ function gitops_aibroker_tenant_noninteractive() {
   # -- SLS Defaults
   export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=${MAS_AIBROKER_SLS_SUBSCRIPTION_ID:-"001"}
 
-  # -- MinIO Defaults
+  # -- STORAGE Defaults
   export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
 
   while [[ $# -gt 0 ]]
@@ -215,7 +215,7 @@ function gitops_aibroker_tenant_noninteractive() {
         export MAS_AIBROKER_WATSONXAI_PROJECT_ID=$1 && shift
         ;;
 
-      # -- MinIO
+      # -- STORAGE
       --mas-aibroker-storage-host)
         export MAS_AIBROKER_STORAGE_HOST=$1 && shift
         ;;
@@ -343,7 +343,7 @@ function gitops_aibroker_tenant_noninteractive() {
   [[ -z "$RSL_URL" ]] && gitops_aibroker_tenant_help "RSL_URL is not set. Please specify the RSL URL using --rsl-url."
   [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
   ##review
-  [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_SSL is not set. Please specify whether SSL is enabled for MinIO using --mas-aibroker-storage-ssl."
+  [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_SSL is not set. Please specify whether SSL is enabled for STORAGE using --mas-aibroker-storage-ssl."
 
 }
 
@@ -426,7 +426,7 @@ function gitops_aibroker_tenant() {
   echo_reset_dim "Watsonx.ai API key ........................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_APIKEY}"
   echo_reset_dim "Watsonx.ai project ID ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_PROJECT_ID}"
 
-  # -- MinIO
+  # -- STORAGE
   echo_reset_dim "SSL enabled .................................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
 
   AVP_TYPE=aws  # Support for IBM will be added later
@@ -438,11 +438,12 @@ function gitops_aibroker_tenant() {
   export SECRET_KEY_IBM_ENTITLEMENT=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
   # dro
   export SECRET_KEY_ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#aibroker_image_pull_secret_b64
-  export SECRET_KEY_DROCFG_CA=${SECRETS_PREFIX}dro#drocfg_ca
+  export SECRET_KEY_DROCFG_CA=${SECRETS_PREFIX}dro#drocfg_ca_tenant
   export SECRET_KEY_DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}dro#drocfg_registration_key
 
   # sls
   export SECRET_KEY_SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
+  export SECRET_KEY_SLSCFG_CA_TENANT=${SECRETS_PREFIX}sls#slscfg_ca_tenant
 
   #rsl  ##review
   export SECRET_KEY_RSL_ORG_ID=${SECRETS_PREFIX}rsl#rsl_org_id
@@ -453,12 +454,12 @@ function gitops_aibroker_tenant() {
   ##review
 
 
-  # minio
-  export SECRET_KEY_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
-  export SECRET_KEY_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
-  export SECRET_KEY_MINIO_ACCESSKEY=${SECRETS_PREFIX}minio#sm_minio_accesskey
-  export SECRET_KEY_MINIO_SECRETKEY=${SECRETS_PREFIX}minio#sm_minio_secretkey
-  export SECRET_KEY_MINIO_BUCKET=${SECRETS_PREFIX}minio#sm_minio_bucket_default
+  # STORAGE
+  export SECRET_KEY_STORAGE_HOST=${SECRETS_PREFIX}storage#sm_storage_host
+  export SECRET_KEY_STORAGE_PORT=${SECRETS_PREFIX}storage#sm_storage_port
+  export SECRET_KEY_STORAGE_ACCESSKEY=${SECRETS_PREFIX}storage#sm_storage_accesskey
+  export SECRET_KEY_STORAGE_SECRETKEY=${SECRETS_PREFIX}storage#sm_storage_secretkey
+  export SECRET_KEY_STORAGE_BUCKET=${SECRETS_PREFIX}storage#sm_storage_bucket_default
 
   # check for those variables present into the aws sm 
 
@@ -466,9 +467,9 @@ function gitops_aibroker_tenant() {
  
   sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key"
 
-  sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
+  sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_tenant"
  
-  sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_default"
+  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_port,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_default"
   ##review
   sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token"
   sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id"
diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 4079ae998a3..ca0e9824fba 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -31,12 +31,12 @@ Kkmodel Configuration:
       --aibroker-internal-tls ${COLOR_YELLOW}AIBROKER_INTERNAL_TLS${TEXT_RESET}                                         Identifier for the internal TLS configuration 
       --aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                               The namespace where AI Broker is deployed
       --mas-aibroker-storage-provider ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}                         Backend storage service used by AI Broker to store models, pipelines, and tenant data
-      --mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                                   Whether MinIO uses SSL (true/false)
-      --mas_aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                                 Hostname or service name of the MinIO backend
-      --mas_aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                                 Port number MinIO is exposed on
-      --mas_aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                       Access key to authenticate with MinIO
-      --mas_aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                       Secret key for authenticating with MinIO
-      --mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                             Storage region used in MinIO (if applicable)
+      --mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                                   Whether STORAGE uses SSL (true/false)
+      --mas_aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                                 Hostname or service name of the STORAGE backend
+      --mas_aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                                 Port number STORAGE is exposed on
+      --mas_aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                       Access key to authenticate with STORAGE
+      --mas_aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                       Secret key for authenticating with STORAGE
+      --mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                             Storage region used in STORAGE (if applicable)
       --ssh-secret-name ${COLOR_YELLOW}SSH_SECRET_NAME${TEXT_RESET}                                                     SSH secret for securely provide SSH credentials
       --mas_aibroker_tenant_name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                                   Aibroker Tenant name
       --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                         Whether to provision the AI Broker tenant (true/false)
@@ -407,19 +407,19 @@ function gitops_kmodel() {
   # check if those are already present 
   export IMAGE_PULL_SECRET_B64=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
   
-  # minio
-  export SM_MINIO_ACCESSKEY=${SECRETS_PREFIX}minio#sm_minio_accesskey
-  export SM_MINIO_SECRETKEY=${SECRETS_PREFIX}minio#sm_minio_secretkey
-  export SM_MINIO_HOST=${SECRETS_PREFIX}minio#sm_minio_host
-  export SM_MINIO_PORT=${SECRETS_PREFIX}minio#sm_minio_port
-  export SM_MINIO_BUCKET_TEMPLATES=${SECRETS_PREFIX}minio#sm_minio_bucket_templates
-  export SM_MINIO_BUCKET_TENANTS=${SECRETS_PREFIX}minio#sm_minio_bucket_tenants
-  export SM_MINIO_BUCKET_PIPELINES=${SECRETS_PREFIX}minio#sm_minio_bucket_pipelines
+  # STORAGE
+  export SM_STORAGE_ACCESSKEY=${SECRETS_PREFIX}storage#sm_storage_accesskey
+  export SM_STORAGE_SECRETKEY=${SECRETS_PREFIX}storage#sm_storage_secretkey
+  export SM_STORAGE_HOST=${SECRETS_PREFIX}storage#sm_storage_host
+  export SM_STORAGE_PORT=${SECRETS_PREFIX}storage#sm_storage_port
+  export SM_STORAGE_BUCKET_TEMPLATES=${SECRETS_PREFIX}storage#sm_storage_bucket_templates
+  export SM_STORAGE_BUCKET_TENANTS=${SECRETS_PREFIX}storage#sm_storage_bucket_tenants
+  export SM_STORAGE_BUCKET_PIPELINES=${SECRETS_PREFIX}storage#sm_storage_bucket_pipelines
 
 # check for those variables present into the aws sm 
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64"
 
-  sm_verify_secret_exists ${SECRETS_PREFIX}minio "sm_minio_host,sm_minio_port,sm_minio_accesskey,sm_minio_secretkey,sm_minio_bucket_templates,sm_minio_bucket_tenants,sm_minio_bucket_pipelines"
+  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_port,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
 
     # finally push them into the git repo
     # ---------------------------------------------------------------------------
diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index ad4ea22f8da..6d94a159aaa 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -140,7 +140,7 @@ function gitops_odh_noninteractive() {
   export OPENDATAHUB_SOURCE="${OPENDATAHUB_SOURCE:-"community-operators"}"
   export OPENDATAHUB_SOURCE_NAMESPACE="${OPENDATAHUB_SOURCE_NAMESPACE:-"openshift-marketplace"}"
 
-  export MAS_AIBROKER_STORAGE_PROVIDER="${MAS_AIBROKER_STORAGE_PROVIDER:-"minio"}"
+  export MAS_AIBROKER_STORAGE_PROVIDER="${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}"
   export MAS_AIBROKER_STORAGE_SSL="${MAS_AIBROKER_STORAGE_SSL:-"true"}"
   export MAS_AIBROKER_STORAGE_REGION="${MAS_AIBROKER_STORAGE_REGION:-"us-east-2"}"
   export PRIMARY_STORAGE_CLASS="${PRIMARY_STORAGE_CLASS:-"nfs-client"}"
@@ -412,17 +412,17 @@ function gitops_odh() {
 
   # Set up secret key and fetch secret
   export SECRET_ACCOUNT_PATH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
-  export ODH_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio"
+  export ODH_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage"
 
 
   export SECRET_KEY_IMAGE_PULL_SECRET_B64="${SECRET_ACCOUNT_PATH}ibm_entitlement#image_pull_secret_b64"
 
-  # MinIO
-  export SECRET_KEY_SM_MINIO_ACCESSKEY="${SECRET_ACCOUNT_PATH}minio#sm_minio_accesskey"
-  export SECRET_KEY_SM_MINIO_SECRETKEY="${SECRET_ACCOUNT_PATH}minio#sm_minio_secretkey"
-  export SECRET_KEY_SM_MINIO_HOST="${SECRET_ACCOUNT_PATH}minio#sm_minio_host"
-  export SECRET_KEY_SM_MINIO_PORT="${SECRET_ACCOUNT_PATH}minio#sm_minio_port"
-  export SECRET_KEY_SM_MINIO_BUCKET_DEFAULT="${SECRET_ACCOUNT_PATH}minio#sm_minio_bucket_default"
+  # Storage
+  export SECRET_KEY_SM_STORAGE_ACCESSKEY="${SECRET_ACCOUNT_PATH}storage#sm_storage_accesskey"
+  export SECRET_KEY_SM_STORAGE_SECRETKEY="${SECRET_ACCOUNT_PATH}storage#sm_storage_secretkey"
+  export SECRET_KEY_SM_STORAGE_HOST="${SECRET_ACCOUNT_PATH}storage#sm_storage_host"
+  export SECRET_KEY_SM_STORAGE_PORT="${SECRET_ACCOUNT_PATH}storage#sm_storage_port"
+  export SECRET_KEY_SM_STORAGE_BUCKET_DEFAULT="${SECRET_ACCOUNT_PATH}storage#sm_storage_bucket_pipelines"
 
   # MariaDB
   export SECRET_KEY_SM_MARIADB_HOST="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_host"
@@ -439,7 +439,7 @@ function gitops_odh() {
     export GIT_SSH=false
   fi
 
-  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio "sm_minio_bucket_templates,sm_minio_bucket_tenants,sm_minio_bucket_pipelines,sm_minio_bucket_default"
+  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage "sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
   sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb "sm_mariadb_host,sm_mariadb_database"
   sm_get_secret_file "$ODH_SECRET" "$ODH_SECRET_FILE"
   #################################################################
@@ -451,16 +451,16 @@ function gitops_odh() {
    #mas_aibroker_storage_provider
   ######################################################################
   # Reuse existing secret values if present
-  TEMP_MINIO_ACCESS_KEY=$(jq -r .sm_minio_accesskey "$ODH_SECRET_FILE")
-  if [[ -n ${TEMP_MINIO_ACCESS_KEY} ]]; then
-    export MINIO_ACCESS_KEY="${TEMP_MINIO_ACCESS_KEY}"
-    echo "gitops_odh : MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY:0:3}<snip> is available in the secret, using existing value."
+  TEMP_STORAGE_ACCESS_KEY=$(jq -r .sm_storage_accesskey "$ODH_SECRET_FILE")
+  if [[ -n ${TEMP_STORAGE_ACCESS_KEY} ]]; then
+    export STORAGE_ACCESS_KEY="${TEMP_STORAGE_ACCESS_KEY}"
+    echo "gitops_odh : STORAGE_ACCESS_KEY=${STORAGE_ACCESS_KEY:0:3}<snip> is available in the secret, using existing value."
   fi
 
-  TEMP_MINIO_SECRET_KEY=$(jq -r .sm_minio_secretkey "$ODH_SECRET_FILE")
-  if [[ -n ${TEMP_MINIO_SECRET_KEY} ]]; then
-    export MINIO_SECRET_KEY="${TEMP_MINIO_SECRET_KEY}"
-    echo "gitops_odh : MINIO_SECRET_KEY=${MINIO_SECRET_KEY:0:3}<snip> is available in the secret, using existing value."
+  TEMP_STORAGE_SECRET_KEY=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE")
+  if [[ -n ${TEMP_STORAGE_SECRET_KEY} ]]; then
+    export STORAGE_SECRET_KEY="${TEMP_STORAGE_SECRET_KEY}"
+    echo "gitops_odh : STORAGE_SECRET_KEY=${STORAGE_SECRET_KEY:0:3}<snip> is available in the secret, using existing value."
   fi
 
   TEMP_MARIADB_USER=$(jq -r .sm_mariadb_user "$ODH_SECRET_FILE")
@@ -477,11 +477,11 @@ function gitops_odh() {
 
 
   # Extract and export secrets
-  export MINIO_ACCESS_KEY=$(jq -r .sm_minio_accesskey "$ODH_SECRET_FILE")
-  export MINIO_SECRET_KEY=$(jq -r .sm_minio_secretkey "$ODH_SECRET_FILE")
-  export MINIO_HOST=$(jq -r .sm_minio_host "$ODH_SECRET_FILE")
-  export MINIO_PORT=$(jq -r .sm_minio_port "$ODH_SECRET_FILE")
-  export MINIO_BUCKET=$(jq -r .sm_minio_bucket_default "$ODH_SECRET_FILE")
+  export STORAGE_ACCESS_KEY=$(jq -r .sm_storage_accesskey "$ODH_SECRET_FILE")
+  export STORAGE_SECRET_KEY=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE")
+  export STORAGE_HOST=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE")
+  export STORAGE_PORT=$(jq -r .sm_storage_port "$ODH_SECRET_FILE")
+  export STORAGE_BUCKET=$(jq -r .sm_storage_bucket_pipelines "$ODH_SECRET_FILE")
 
   export MARIADB_HOST=$(jq -r .sm_mariadb_host "$MARIA_SECRET_FILE")
   export MARIADB_PORT=$(jq -r .sm_mariadb_port "$MARIA_SECRET_FILE")
@@ -491,8 +491,8 @@ function gitops_odh() {
   export MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$MARIA_SECRET_FILE")
 
   echo_h2 "ODH Secret Summary"
-  echo_reset_dim "MINIO_HOST ............................. ${COLOR_MAGENTA}${MINIO_HOST}"
-  echo_reset_dim "MINIO_BUCKET ........................... ${COLOR_MAGENTA}${MINIO_BUCKET}"
+  echo_reset_dim "STORAGE_HOST ............................. ${COLOR_MAGENTA}${STORAGE_HOST}"
+  echo_reset_dim "STORAGE_BUCKET ........................... ${COLOR_MAGENTA}${STORAGE_BUCKET}"
   echo_reset_dim "MARIADB_HOST ........................... ${COLOR_MAGENTA}${MARIADB_HOST}"
   echo_reset_dim "MARIADB_DATABASE ....................... ${COLOR_MAGENTA}${MARIADB_DATABASE}"
   echo_reset_dim "MAS_AIBROKER_STORAGE_SSL ................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index da440a12477..366907c1751 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -21,6 +21,7 @@ ibm_aibroker_tenant:
   drocfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DROCFG_REGISTRATION_KEY }}>"
 
   # sls
+  slscfg_ca_tenant: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_CA_TENANT }}>"
   slscfg_url: "{{ SLSCFG_URL }}"
   slscfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_REGISTRATION_KEY }}>"
   mas_aibroker_sls_subscription_id: "{{ MAS_AIBROKER_SLS_SUBSCRIPTION_ID }}"
@@ -38,12 +39,12 @@ ibm_aibroker_tenant:
   mas_aibroker_watsonxai_apikey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_WATSONXAI_APIKEY }}>"
 
   # minio
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_HOST }}>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_PORT }}>"
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_HOST }}>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_PORT }}>"
   mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_ACCESSKEY }}>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_SECRETKEY }}>"
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_BUCKET }}>"
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_ACCESSKEY }}>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_SECRETKEY }}>"
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_BUCKET }}>"
   mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
 
 
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
index fed053c1096..bd533d6269e 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
@@ -11,14 +11,14 @@ ibm_aibroker:
   mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
   mas_aibroker_minio_secret: "{{ MAS_AIBROKER_MINIO_SECRET }}"
 
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_ACCESSKEY }}>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_SECRETKEY }}>"
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_HOST }}>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_PORT }}>"
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_ACCESSKEY }}>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_SECRETKEY }}>"
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_HOST }}>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_PORT }}>"
 
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_PIPELINES }}>"
-  mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_TENANTS }}>"
-  mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_TEMPLATES }}>"
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_PIPELINES }}>"
+  mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_TENANTS }}>"
+  mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_TEMPLATES }}>"
 
 
 
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index 384e41e538c..59a28f96aa4 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -11,15 +11,15 @@ ibm_kmodel:
   mas_aibroker_storage_provider: "{{ MAS_AIBROKER_STORAGE_PROVIDER }}"
   mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
 
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_ACCESSKEY }}>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_SECRETKEY }}>"
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_HOST }}>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_PORT }}>"
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_ACCESSKEY }}>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_SECRETKEY }}>"
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_HOST }}>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_PORT }}>"
   mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
 
-  mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_TEMPLATES }}>"
-  mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_TENANTS }}>"
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_MINIO_BUCKET_PIPELINES }}>"
+  mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_TEMPLATES }}>"
+  mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_TENANTS }}>"
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_PIPELINES }}>"
 
   ssh_secret_name: "{{ SSH_SECRET_NAME }}"
 
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
index 4af29fae7c2..1a7c220206c 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
@@ -45,13 +45,13 @@ ibm_odh:
 
   # Storage configuration
   mas_aibroker_storage_provider: {{ MAS_AIBROKER_STORAGE_PROVIDER }}
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_ACCESSKEY }}>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_SECRETKEY }}>"
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_HOST }}>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_PORT }}>"
+  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_ACCESSKEY }}>"
+  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_SECRETKEY }}>"
+  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_HOST }}>"
+  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_PORT }}>"
   mas_aibroker_storage_ssl: {{ MAS_AIBROKER_STORAGE_SSL }}
   mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MINIO_BUCKET_DEFAULT }}>"
+  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_BUCKET_DEFAULT }}>"
 
   # MariaDB configuration
   mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_HOST }}>"

From 3bf0869de05e9c0cd72c9a482ff6125b7b93d89f Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 28 Jun 2025 19:54:49 +0530
Subject: [PATCH 109/258] Update gitops_aibroker

---
 image/cli/mascli/functions/gitops_aibroker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index ff2e6f0bb50..81d1268cc60 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -449,7 +449,7 @@ function gitops_aibroker() {
   # and git repo 
 
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "aibroker_image_pull_secret_b64,entitlement_key"
-  sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_tenant"
+  sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_ca_tenant"
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_port,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
   sm_verify_secret_exists ${SECRETS_PREFIX}mariadb "sm_mariadb_host,sm_mariadb_port,sm_mariadb_user,sm_mariadb_database,sm_mariadb_secret_name,sm_mariadb_secret_value"

From 8ec006c0e8d362601dd63cfa93ea4a7d175ef304 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sat, 28 Jun 2025 20:24:38 +0530
Subject: [PATCH 110/258] removed sm_storage_bucket_default

---
 image/cli/mascli/functions/gitops_aibroker_tenant              | 3 +--
 .../cluster/instance/ibm-aibroker-tenant.yaml.j2               | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index c8a3a62dcd3..08362ffd2ec 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -459,7 +459,6 @@ function gitops_aibroker_tenant() {
   export SECRET_KEY_STORAGE_PORT=${SECRETS_PREFIX}storage#sm_storage_port
   export SECRET_KEY_STORAGE_ACCESSKEY=${SECRETS_PREFIX}storage#sm_storage_accesskey
   export SECRET_KEY_STORAGE_SECRETKEY=${SECRETS_PREFIX}storage#sm_storage_secretkey
-  export SECRET_KEY_STORAGE_BUCKET=${SECRETS_PREFIX}storage#sm_storage_bucket_default
 
   # check for those variables present into the aws sm 
 
@@ -469,7 +468,7 @@ function gitops_aibroker_tenant() {
 
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_tenant"
  
-  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_port,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_default"
+  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_port,sm_storage_accesskey,sm_storage_secretkey"
   ##review
   sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token"
   sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 366907c1751..5f997d1be6b 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -44,7 +44,6 @@ ibm_aibroker_tenant:
   mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
   mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_ACCESSKEY }}>"
   mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_SECRETKEY }}>"
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_BUCKET }}>"
   mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
 
 

From 1f7b766cfce780ab9991e18efdfb52e58a1de589 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Sun, 29 Jun 2025 22:41:10 +0530
Subject: [PATCH 111/258] cherry-pick 41283b9db0 conflict

---
 .secrets.baseline                             |  2 +-
 .../mascli/functions/gitops_aibroker_tenant   | 20 ++++++++++++++-----
 .../instance/ibm-aibroker-tenant.yaml.j2      |  2 ++
 .../gitops/gitops-mas-aibroker-tenant.yml.j2  |  8 ++++++++
 .../gitops/gitops-aibroker-tenant.yml.j2      | 13 +++++++++++-
 5 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 163bfc2c5b5..58c8c050ec5 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-28T14:03:47Z",
+  "generated_at": "2025-06-29T17:10:52Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 08362ffd2ec..8863fc0b4b1 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -19,6 +19,7 @@ ibm_aibroker_tenant(required):
       --mas-instance-id ${COLOR_YELLOW}MAS_INSTACE_ID${TEXT_RESET}                                          The MAS instance ID used by AI Broker
       --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                        The tenant's Kubernetes namespace
       --tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                     The tenant ID for the AI Broker instance
+      --mas-aibroker-tenant-name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                       The name of the AI Broker tenant
       --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                           The domain name of the Kubernetes cluster (e.g., cluster.local)
       --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
       --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
@@ -33,6 +34,7 @@ AIBroker :
 --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                               The MAS instance ID used by AI Broker
 --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                              The tenant's Kubernetes namespace
 --tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                           The tenant ID for the AI Broker instance
+--mas_aibroker_tenant_name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                             The name of the AI Broker tenant
 --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
 --in-saas-env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
 --ibm-entitlement-key ${COLOR_YELLOW}IBM_ENTITLEMENT_KEY${TEXT_RESET}                                       IBM Entitlement API key for accessing IBM container registries
@@ -57,6 +59,7 @@ Watsonx :
 --mas-aibroker-watsonxai-project-id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}            Watsonx.ai project ID used by AI Broker
 
 Storage :
+--mas_aibroker_storage_provider ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}                    The storage provider used by AI Broker (e.g., S3, MinIO)
 --mas-aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                            Hostname or service name of the STORAGE backend
 --mas-aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                            Port number STORAGE is exposed on
 --mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                        Storage region used in STORAGE (if applicable)
@@ -163,6 +166,9 @@ function gitops_aibroker_tenant_noninteractive() {
       --tenant-id)
         export TENANT_ID=$1 && shift
         ;;
+      --mas-aibroker-tenant-name)
+        export MAS_AIBROKER_TENANT_NAME=$1 && shift
+        ;;
       --cluster-domain)
         export CLUSTER_DOMAIN=$1 && shift
         ;;
@@ -250,11 +256,12 @@ function gitops_aibroker_tenant_noninteractive() {
       --rsl-token)
         export SECRET_KEY_RSL_TOKEN=$1 && shift
         ;;
-
+      --mas-aibroker-storage-provider)
+        export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
+        ;;
       --mas-aibroker-s3-endpoint-url)
         export MAS_AIBROKER_S3_ENDPOINT_URL=$1 && shift
         ;;
-
       --mas-aibroker-s3-region)
         export MAS_AIBROKER_S3_REGION=$1 && shift
         ;;
@@ -326,6 +333,7 @@ function gitops_aibroker_tenant_noninteractive() {
   [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
   [[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_tenant_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
   [[ -z "$TENANT_ID" ]] && gitops_aibroker_tenant_help "TENANT_ID is not set. Please provide the tenant ID using --tenant-id."
+  [[ -z "$MAS_AIBROKER_TENANT_NAME" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_TENANT_NAME is not set. Please provide the AI Broker tenant name using --mas-aibroker-tenant-name."
   [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_tenant_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster-domain."
   
   # -- DRO
@@ -344,8 +352,9 @@ function gitops_aibroker_tenant_noninteractive() {
   [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
   ##review
   [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_SSL is not set. Please specify whether SSL is enabled for STORAGE using --mas-aibroker-storage-ssl."
-
-}
+  [[ -z "$MAS_AIBROKER_STORAGE_PROVIDER" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_PROVIDER is not set. Please specify the STORAGE provider using --mas-aibroker-storage-provider."
+ 
+ }
 
 function gitops_aibroker_tenant() {
   # Take the first parameter off (it will be create-gitops)
@@ -412,6 +421,7 @@ function gitops_aibroker_tenant() {
   echo_reset_dim "mas instance ID .............................. ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
   echo_reset_dim "tenant namespace ............................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
   echo_reset_dim "tenant ID .................................... ${COLOR_MAGENTA}${TENANT_ID}"
+  echo_reset_dim "mas aibroker tenant name ..................... ${COLOR_MAGENTA}${MAS_AIBROKER_TENANT_NAME}"
   echo_reset_dim "cluster domain ............................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
   echo_reset_dim "in SaaS environment .......................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
 
@@ -428,7 +438,7 @@ function gitops_aibroker_tenant() {
 
   # -- STORAGE
   echo_reset_dim "SSL enabled .................................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
-
+  echo_reset_dim "Storage provider ............................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
 
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 5f997d1be6b..c973050a858 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -3,6 +3,7 @@ merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}/{{ TENANT_ID
 ibm_aibroker_tenant:
   # aibroker
   tenant_id: "{{ TENANT_ID }}"
+  mas_aibroker_tenant_name: "{{ MAS_AIBROKER_TENANT_NAME }}"
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
   mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
   mas_instance_id: "{{ MAS_INSTANCE_ID }}"
@@ -49,6 +50,7 @@ ibm_aibroker_tenant:
 
   #tenant ##review
   # S3
+  mas_aibroker_storage_provider: "{{ MAS_AIBROKER_STORAGE_PROVIDER }}"
   mas_aibroker_s3_endpoint_url: "{{ MAS_AIBROKER_S3_ENDPOINT_URL }}"
   mas_aibroker_s3_region: "{{ MAS_AIBROKER_S3_REGION }}"
   mas_aibroker_s3_bucket_prefix: "{{ MAS_AIBROKER_S3_BUCKET_PREFIX }}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index 766bc835f57..f35d937ed5c 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -35,6 +35,8 @@ spec:
       type: string
     - name: tenant_id
       type: string
+    - name: mas_aibroker_tenant_name
+      type: string
     - name: cluster_domain
       type: string
     - name: in_saas_env
@@ -75,6 +77,8 @@ spec:
       type: string
     - name: mas_aibroker_storage_region
       type: string
+    - name: mas_aibroker_storage_provider
+      type: string
     - name: mas_aibroker_storage_accesskey
       type: string
     - name: mas_aibroker_storage_secretkey
@@ -158,6 +162,8 @@ spec:
           value: $(params.tenantNamespace)
         - name: tenant_id
           value: $(params.tenant_id)
+        - name: mas_aibroker_tenant_name
+          value: $(params.mas_aibroker_tenant_name)
         - name: cluster_domain
           value: $(params.cluster_domain)
         - name: in_saas_env
@@ -199,6 +205,8 @@ spec:
           value: $(params.mas_aibroker_storage_port)
         - name: mas_aibroker_storage_region
           value: $(params.mas_aibroker_storage_region)
+        - name: mas_aibroker_storage_provider
+          value: $(params.mas_aibroker_storage_provider)
         - name: mas_aibroker_storage_accesskey
           value: $(params.mas_aibroker_storage_accesskey)
         - name: mas_aibroker_storage_secretkey
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index 5d06a5b698b..764298a9f93 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -34,6 +34,8 @@ spec:
       type: string
     - name: tenant_id
       type: string
+    - name: mas_aibroker_tenant_name
+      type: string
     - name: cluster_domain
       type: string
     - name: in_saas_env
@@ -75,6 +77,8 @@ spec:
       type: string
     - name: mas_aibroker_storage_region
       type: string
+    - name: mas_aibroker_storage_provider
+      type: string
     - name: mas_aibroker_storage_accesskey
       type: string
     - name: mas_aibroker_storage_secretkey
@@ -148,9 +152,13 @@ spec:
 
       - name: TENANT_NAMESPACE
         value: $(params.tenantNamespace)
+        
       - name: TENANT_ID
         value: $(params.tenant_id)
-        
+
+      - name: MAS_AIBROKER_TENANT_NAME
+        value: $(params.mas_aibroker_tenant_name)
+
       - name: CLUSTER_DOMAIN
         value: $(params.cluster_domain)
 
@@ -205,6 +213,9 @@ spec:
       - name: MAS_AIBROKER_STORAGE_REGION
         value: $(params.mas_aibroker_storage_region)
 
+      - name: MAS_AIBROKER_STORAGE_PROVIDER
+        value: $(params.mas_aibroker_storage_provider)
+
       - name: MAS_AIBROKER_STORAGE_ACCESSKEY
         value: $(params.mas_aibroker_storage_accesskey)
 

From c60fc6621f55cb7fcb1b108c9a6f9b0053b13e43 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 30 Jun 2025 11:35:48 +0530
Subject: [PATCH 112/258] Update gitops_aibroker

---
 image/cli/mascli/functions/gitops_aibroker | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 81d1268cc60..b336f1e925a 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -451,7 +451,12 @@ function gitops_aibroker() {
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "aibroker_image_pull_secret_b64,entitlement_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_ca_tenant"
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
-  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_port,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
+  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
+  # Conditionally include sm_storage_port for minio
+  if [[ "${MAS_AIBROKER_STORAGE_PROVIDER}" == "minio" ]]; then
+  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_port"
+  fi
+
   sm_verify_secret_exists ${SECRETS_PREFIX}mariadb "sm_mariadb_host,sm_mariadb_port,sm_mariadb_user,sm_mariadb_database,sm_mariadb_secret_name,sm_mariadb_secret_value"
 
   

From 9b246644d639b846c342673125367b57e382eedc Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 30 Jun 2025 16:11:13 +0530
Subject: [PATCH 113/258] Update gitops-mas-aibroker.yml.j2

---
 .../src/pipelines/gitops/gitops-mas-aibroker.yml.j2   | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index 0831f5361af..4888731ba2d 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -186,9 +186,6 @@ spec:
 
   tasks:
     # 1.gitops-minio  
-    # MINIO-Condition Added but mas_aibroker_storage_provider is part of ODH 
-    # S3 pending for testing  When we test at that time whatever condition needed here we have to Added
-    # -------------------------------------------------------------------------
     - name: gitops-minio
       taskRef:
         name: gitops-minio
@@ -230,10 +227,10 @@ spec:
           value: $(params.minio_storage_size)
         - name: minio_image
           value: $(params.minio_image)
-      #when:
-       # - input: "$(params.mas_aibroker_storage_provider)"
-       #   operator: notin
-      #  values: ["minio"]
+      when:
+        - input: "$(params.mas_aibroker_storage_provider)"
+          operator: in
+          values: ["minio"]
 
     # 2.gitops-odh
     # -------------------------------------------------------------------------

From bb3ce9cac5294310cb10be94383a3c5b14d02ba7 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 1 Jul 2025 16:36:32 +0530
Subject: [PATCH 114/258] MAS_ICR_CP added in kmodel

---
 image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 | 1 -
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2     | 4 +++-
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2               | 5 ++++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
index ae492d1a7cc..78dfcd5824f 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
@@ -1737,7 +1737,6 @@ spec:
         name: avp
         resources: {}
         securityContext:
-          runAsNonRoot: true
           allowPrivilegeEscalation: false
           runAsUser: 999
         volumeMounts:
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index 4888731ba2d..345deed704b 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -490,4 +490,6 @@ spec:
         - name: model_id_prefix
           value: $(params.model_id_prefix)
         - name: mas_app_channel
-          value: $(params.mas_app_channel)
\ No newline at end of file
+          value: $(params.mas_app_channel)
+        - name: mas_icr_cp
+          value: $(params.mas_icr_cp)
\ No newline at end of file
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
index ffb8de3634a..67abed4e6ea 100644
--- a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -82,6 +82,8 @@ spec:
       ##review
     - name: mas_app_channel
       type: string
+    - name: mas_icr_cp
+      type: string
 
   stepTemplate:
     name: gitops-kmodel
@@ -162,7 +164,8 @@ spec:
       ##review
       - name: MAS_APP_CHANNEL
         value: $(params.mas_app_channel)
-
+      - name: MAS_ICR_CP
+        value: $(params.mas_icr_cp)
 
     envFrom:
       - configMapRef:

From 1ab09861a356462f1b44646cddea581d90a657ce Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 1 Jul 2025 18:50:53 +0530
Subject: [PATCH 115/258] aibroker_image_pull_secret_b64 updated to
 image_pull_secret_b64

---
 .secrets.baseline                                 | 2 +-
 image/cli/mascli/functions/gitops_aibroker        | 4 ++--
 image/cli/mascli/functions/gitops_aibroker_tenant | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 58c8c050ec5..ff08ce8d2e9 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-06-29T17:10:52Z",
+  "generated_at": "2025-07-01T11:08:18Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index b336f1e925a..9c422b11451 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -436,7 +436,7 @@ function gitops_aibroker() {
   export JDBCCFG_CA=${SECRETS_PREFIX}jdbc#jdbccfg_ca
 
   export MAS_ENTITLEMENT_KEY=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
-  export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#aibroker_image_pull_secret_b64
+  export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
   # check if those are already present 
   
   # and update them 
@@ -448,7 +448,7 @@ function gitops_aibroker() {
   # updated var in sm 
   # and git repo 
 
-  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "aibroker_image_pull_secret_b64,entitlement_key"
+  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_ca_tenant"
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 8863fc0b4b1..4af8ed7cf10 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -447,7 +447,7 @@ function gitops_aibroker_tenant() {
   # aibroker
   export SECRET_KEY_IBM_ENTITLEMENT=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
   # dro
-  export SECRET_KEY_ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#aibroker_image_pull_secret_b64
+  export SECRET_KEY_ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
   export SECRET_KEY_DROCFG_CA=${SECRETS_PREFIX}dro#drocfg_ca_tenant
   export SECRET_KEY_DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}dro#drocfg_registration_key
 

From 0fe4a9119f65a9699948537b9f30bec63bd22366 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 2 Jul 2025 10:59:50 +0530
Subject: [PATCH 116/258] Update .secrets.baseline

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index ff08ce8d2e9..a33af49856b 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-01T11:08:18Z",
+  "generated_at": "2025-07-02T05:29:26Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From 515f2ae78323035d4b9cd550c86c7a6915b82859 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 2 Jul 2025 11:51:28 +0530
Subject: [PATCH 117/258] runAsNonRoot: true added

---
 image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
index 78dfcd5824f..ae492d1a7cc 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
@@ -1737,6 +1737,7 @@ spec:
         name: avp
         resources: {}
         securityContext:
+          runAsNonRoot: true
           allowPrivilegeEscalation: false
           runAsUser: 999
         volumeMounts:

From 9dc105802a740763f3a0c4fc75b289577249447f Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 2 Jul 2025 12:02:10 +0530
Subject: [PATCH 118/258] cherry-pick b3fc9c69ff conflict

---
 .secrets.baseline                             |  2 +-
 image/cli/mascli/functions/gitops_aibroker    |  9 +++------
 .../mascli/functions/gitops_aibroker_tenant   | 19 +++++++++----------
 image/cli/mascli/functions/gitops_kmodel      |  6 +++---
 .../instance/ibm-aibroker-tenant.yaml.j2      |  7 +++----
 .../cluster/instance/ibm-aibroker.yaml.j2     |  4 ++--
 .../cluster/instance/ibm-kmodel.yaml.j2       |  4 ++--
 .../gitops/gitops-mas-aibroker-tenant.yml.j2  |  8 ++++----
 .../gitops/gitops-mas-aibroker.yml.j2         |  8 ++++----
 .../gitops/gitops-aibroker-tenant.yml.j2      |  8 ++++----
 .../src/tasks/gitops/gitops-aibroker.yml.j2   |  8 ++++----
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2  |  4 ++--
 12 files changed, 41 insertions(+), 46 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index a33af49856b..0a3003f2c67 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-02T05:29:26Z",
+  "generated_at": "2025-07-02T06:29:16Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 9c422b11451..20f5830e4ca 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -114,11 +114,10 @@ function gitops_aibroker_noninteractive() {
   #-- mariadb defaults
   export MAS_AIBROKER_MARIADB_SECRET=${MAS_AIBROKER_MARIADB_SECRET:-"${MAS_APP_ID}-mariadbcfge"}
 
-  ##review
   export MAS_AIBROKER_S3_BUCKET_PREFIX=${MAS_AIBROKER_S3_BUCKET_PREFIX:-"m"}
   export MAS_AIBROKER_S3_REGION=${MAS_AIBROKER_S3_REGION:-"us-east-2"}
   export ENVIRONMENT_TYPE=${ENVIRONMENT_TYPE:-"PRODUCTION"}
-  ##review
+
 
   # Target the local (to ArgoCD) cluster
   export CLUSTER_URL=${CLUSTER_URL:-"https://kubernetes.default.svc"}
@@ -194,7 +193,6 @@ function gitops_aibroker_noninteractive() {
       --mas-aibroker-mariadb-secret)
           export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
         ;;
-      ##review
       --environment-type)
         export ENVIRONMENT_TYPE=$1 && shift
         ;;
@@ -210,7 +208,6 @@ function gitops_aibroker_noninteractive() {
       --mas-aibroker-s3-bucket-prefix)
         export MAS_AIBROKER_S3_BUCKET_PREFIX=$1 && shift
         ;;
-      ##review
 
      # Target Cluster (Optional)
       --cluster-url)
@@ -278,9 +275,9 @@ function gitops_aibroker_noninteractive() {
   [[ -z "$MAS_APP_CHANNEL" ]] && gitops_aibroker_help "MAS_APP_CHANNEL is not set. Please provide the mas app channel using --mas-app-channel"
   # -- DRO
   #[[ -z "$DROCFG_URL" ]] && gitops_aibroker_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg-url."
-  ##review
+
   [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
-  ##review
+
 
 }
 
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 4af8ed7cf10..c513dbf8562 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -102,13 +102,13 @@ function gitops_aibroker_tenant_noninteractive() {
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
   
-  ##review
+  
   export MAS_AIBROKER_S3_BUCKET_PREFIX=${MAS_AIBROKER_S3_BUCKET_PREFIX:-"m"}
   export MAS_AIBROKER_S3_REGION=${MAS_AIBROKER_S3_REGION:-"us-east-2"}
   export TENANT_ENTITLEMENT_TYPE=${TENANT_ENTITLEMENT_TYPE:-"standard"}
   export TENANT_ENTITLEMENT_START_DATE=${TENANT_ENTITLEMENT_START_DATE:-"2025-06-11"}
   export TENANT_ENTITLEMENT_END_DATE=${TENANT_ENTITLEMENT_END_DATE:-"2049-11-11"}
-  ##review
+  
 
   # -- SLS Defaults
   export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=${MAS_AIBROKER_SLS_SUBSCRIPTION_ID:-"001"}
@@ -244,7 +244,7 @@ function gitops_aibroker_tenant_noninteractive() {
         export MAS_AIBROKER_STORAGE_SSL=$1 && shift
         ;;
 
-      ##review
+      
       --rsl-url)
         export RSL_URL=$1 && shift
         ;;
@@ -281,7 +281,7 @@ function gitops_aibroker_tenant_noninteractive() {
       --tenant-entitlement-end-date)
         export TENANT_ENTITLEMENT_END_DATE=$1 && shift
         ;;
-      ##review  
+        
 
       # Automatic GitHub Push
       -P|--github-push)
@@ -347,10 +347,10 @@ function gitops_aibroker_tenant_noninteractive() {
   # [[ -z "$MAS_AIBROKER_WATSONXAI_APIKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_APIKEY is not set. Please provide the Watsonx.ai API key using --mas-aibroker-watsonxai-apikey."
   # [[ -z "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_PROJECT_ID is not set. Please specify the Watsonx.ai project ID using --mas-aibroker-watsonxai-project-id."
   
-  ##review
+  
   [[ -z "$RSL_URL" ]] && gitops_aibroker_tenant_help "RSL_URL is not set. Please specify the RSL URL using --rsl-url."
   [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
-  ##review
+  
   [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_SSL is not set. Please specify whether SSL is enabled for STORAGE using --mas-aibroker-storage-ssl."
   [[ -z "$MAS_AIBROKER_STORAGE_PROVIDER" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_PROVIDER is not set. Please specify the STORAGE provider using --mas-aibroker-storage-provider."
  
@@ -455,13 +455,12 @@ function gitops_aibroker_tenant() {
   export SECRET_KEY_SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
   export SECRET_KEY_SLSCFG_CA_TENANT=${SECRETS_PREFIX}sls#slscfg_ca_tenant
 
-  #rsl  ##review
   export SECRET_KEY_RSL_ORG_ID=${SECRETS_PREFIX}rsl#rsl_org_id
   export SECRET_KEY_RSL_TOKEN=${SECRETS_PREFIX}rsl#rsl_token
   #watsonx
   export SECRET_KEY_WATSONXAI_APIKEY=${SECRETS_PREFIX}watsonx#watsonxai_apikey
   export MAS_AIBROKER_WATSONXAI_PROJECT_ID=${SECRETS_PREFIX}watsonx#watsonxai_project_id
-  ##review
+  
 
 
   # STORAGE
@@ -479,10 +478,10 @@ function gitops_aibroker_tenant() {
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_tenant"
  
   sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_port,sm_storage_accesskey,sm_storage_secretkey"
-  ##review
+  
   sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token"
   sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id"
-  ##review
+  
   # finally push them into the git repo
 
     if [ -z $GIT_SSH ]; then
diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index ca0e9824fba..6b6753171d3 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -91,7 +91,7 @@ function gitops_kmodel_noninteractive() {
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export DOCKER_SERVER=${DOCKER_SERVER:-"${MAS_ICR_CP}/aibroker"}
   export PULLSECRETNAME=${PULLSECRETNAME:-"ibm-entitlement"}
-  ##review
+  
   export MAS_APP_CHANNEL=${MAS_APP_CHANNEL:-"workspace"}
   
   while [[ $# -gt 0 ]]
@@ -190,11 +190,11 @@ function gitops_kmodel_noninteractive() {
       --mas_icr_cp)
         export MAS_ICR_CP=$1 && shift
         ;;
-        ##review
+        
       --mas-app-channel)
         export MAS_APP_CHANNEL=$1 && shift
         ;;
-        ##review
+        
       --docker-server)
         export DOCKER_SERVER=$1 && shift
         ;;
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index c973050a858..f5fc9e926b9 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -27,11 +27,10 @@ ibm_aibroker_tenant:
   slscfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_REGISTRATION_KEY }}>"
   mas_aibroker_sls_subscription_id: "{{ MAS_AIBROKER_SLS_SUBSCRIPTION_ID }}"
   
-  # RSL ##review
   rsl_url: "{{ RSL_URL }}"
   rsl_org_id: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_RSL_ORG_ID }}>"
   rsl_token: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_RSL_TOKEN }}>"
-  ##review
+  
 
   
   # watsonx
@@ -48,7 +47,7 @@ ibm_aibroker_tenant:
   mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
 
 
-  #tenant ##review
+  #tenant 
   # S3
   mas_aibroker_storage_provider: "{{ MAS_AIBROKER_STORAGE_PROVIDER }}"
   mas_aibroker_s3_endpoint_url: "{{ MAS_AIBROKER_S3_ENDPOINT_URL }}"
@@ -58,4 +57,4 @@ ibm_aibroker_tenant:
   tenant_entitlement_type: "{{ TENANT_ENTITLEMENT_TYPE }}"
   tenant_entitlement_start_date: "{{ TENANT_ENTITLEMENT_START_DATE }}"
   tenant_entitlement_end_date: "{{ TENANT_ENTITLEMENT_END_DATE }}"
-  ##review
\ No newline at end of file
+  
\ No newline at end of file
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
index bd533d6269e..7071a63f32c 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
@@ -41,13 +41,13 @@ ibm_aibroker:
   drocfg_url: "<path:{{ SECRETS_PATH }}:{{ DROCFG_URL }}>"
   drocfg_ca_tenant: "<path:{{ SECRETS_PATH }}:{{ DROCFG_TENANT }}>"
 
-  ##review
+  
   environment_type: "{{ ENVIRONMENT_TYPE }}"
   # S3 
   mas_aibroker_s3_endpoint_url: "{{ MAS_AIBROKER_S3_ENDPOINT_URL }}"
   mas_aibroker_s3_region: "{{ MAS_AIBROKER_S3_REGION }}"
   mas_aibroker_s3_bucket_prefix: "{{ MAS_AIBROKER_S3_BUCKET_PREFIX }}"
-  ##review  
+    
 
   #JDBC
   jdbccfg_username: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_USERNAME }}>"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index 59a28f96aa4..defd711b3bb 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -41,9 +41,9 @@ ibm_kmodel:
   mas_aibroker_connector_tag: "{{ MAS_AIBROKER_CONNECTOR_TAG }}"
 
   mas_aibroker_saas: "{{ MAS_AIBROKER_SAAS }}"
-  ##review
+  
   mas_app_channel: "{{ MAS_APP_CHANNEL }}"
-  ##review
+  
   model_id_unique_length: "{{ MODEL_ID_UNIQUE_LENGTH }}"
   model_id_prefix: "{{ MODEL_ID_PREFIX }}"
 
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index f35d937ed5c..c8e2a44c6e7 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -88,7 +88,7 @@ spec:
     - name: mas_aibroker_storage_ssl
       type: string
     
-    ##review
+    
     - name: mas_aibroker_s3_endpoint_url
       type: string
 
@@ -116,7 +116,7 @@ spec:
     - name: tenant_entitlement_end_date
       type: string
 
-    ##review
+    
 
 
 
@@ -216,7 +216,7 @@ spec:
         - name: mas_aibroker_storage_ssl
           value: $(params.mas_aibroker_storage_ssl)
         
-        ##review
+        
         - name: mas_aibroker_s3_endpoint_url
           value: $(params.mas_aibroker_s3_endpoint_url)
 
@@ -243,5 +243,5 @@ spec:
 
         - name: tenant_entitlement_end_date
           value: $(params.tenant_entitlement_end_date)
-        ##review
+        
 
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index 345deed704b..cc70553f173 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -166,7 +166,7 @@ spec:
     - name: tenantNamespace
       type: string 
 
-    ##review
+    
     - name: environment_type
       type: string
 
@@ -179,7 +179,7 @@ spec:
     - name: mas_aibroker_s3_bucket_prefix
       type: string
 
-    ##review
+    
 
   workspaces:
     - name: configs
@@ -392,7 +392,7 @@ spec:
           value: $(params.cluster_domain)
         - name: in_saas_env
           value: $(params.in_saas_env)
-        ##review
+        
         - name: environment_type
           value: $(params.environment_type)
 
@@ -404,7 +404,7 @@ spec:
 
         - name: mas_aibroker_s3_bucket_prefix
           value: $(params.mas_aibroker_s3_bucket_prefix)
-        ##review
+        
 
     # 3.gitops-Kmodel
     # -------------------------------------------------------------------------
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index 764298a9f93..fe6bf167863 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -88,7 +88,7 @@ spec:
     - name: mas_aibroker_storage_ssl
       type: string
 
-        ##review
+        
     - name: mas_aibroker_s3_endpoint_url
       type: string
 
@@ -116,7 +116,7 @@ spec:
     - name: tenant_entitlement_end_date
       type: string
 
-    ##review
+    
 
       
   stepTemplate:
@@ -228,7 +228,7 @@ spec:
       - name: MAS_AIBROKER_STORAGE_SSL
         value: $(params.mas_aibroker_storage_ssl)
 
-      ##review
+      
       - name: MAS_AIBROKER_S3_ENDPOINT_URL
         value: $(params.mas_aibroker_s3_endpoint_url)
 
@@ -256,7 +256,7 @@ spec:
       - name: TENANT_ENTITLEMENT_END_DATE
         value: $(params.tenant_entitlement_end_date)
 
-      ##review
+      
             
     envFrom:
       - configMapRef:
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 919903cbf1e..3ffbcf4db00 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -106,7 +106,7 @@ spec:
       type: string
     - name: in_saas_env
       type: string
-    ##review
+    
     - name: environment_type
       type: string
 
@@ -118,7 +118,7 @@ spec:
 
     - name: mas_aibroker_s3_bucket_prefix
       type: string
-        ##review
+        
 
 
   stepTemplate:
@@ -224,7 +224,7 @@ spec:
         value: $(params.cluster_domain)
       - name: IN_SAAS_ENV
         value: $(params.in_saas_env)
-      ##review
+      
       - name: ENVIRONMENT_TYPE
         value: $(params.environment_type)
 
@@ -237,7 +237,7 @@ spec:
       - name: MAS_AIBROKER_S3_BUCKET_PREFIX
         value: $(params.mas_aibroker_s3_bucket_prefix)
         
-      ##review
+      
     envFrom:
       - configMapRef:
           name: environment-properties
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
index 67abed4e6ea..6f8f0c13c4f 100644
--- a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -79,7 +79,7 @@ spec:
       type: string
     - name: model_id_prefix
       type: string
-      ##review
+      
     - name: mas_app_channel
       type: string
     - name: mas_icr_cp
@@ -161,7 +161,7 @@ spec:
         value: $(params.model_id_unique_length)
       - name: MODEL_ID_PREFIX
         value: $(params.model_id_prefix)
-      ##review
+      
       - name: MAS_APP_CHANNEL
         value: $(params.mas_app_channel)
       - name: MAS_ICR_CP

From 243a27341e247e8addbfb4e9862f761f0852e7fe Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 4 Jul 2025 12:15:04 +0530
Subject: [PATCH 119/258] cherry-pick 6042027838 conflict

---
 .secrets.baseline                             |  2 +-
 image/cli/mascli/functions/gitops_aibroker    |  4 +-
 image/cli/mascli/functions/gitops_kmodel      | 28 ++++----
 image/cli/mascli/functions/gitops_minio       | 29 +++++----
 .../cluster/instance/ibm-minio.yaml.j2        |  2 +-
 .../gitops/gitops-mas-aibroker.yml.j2         | 11 ++--
 .../gitops/gitops-aibroker-tenant.yml.j2      | 64 +------------------
 .../src/tasks/gitops/gitops-aibroker.yml.j2   | 20 ++----
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2  | 16 ++---
 tekton/src/tasks/gitops/gitops-minio.yml.j2   |  8 +--
 10 files changed, 61 insertions(+), 123 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 0a3003f2c67..152cbd1c2fc 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-02T06:29:16Z",
+  "generated_at": "2025-07-04T06:44:58Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 20f5830e4ca..9a5b57eacfb 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -54,7 +54,7 @@ sls_dro_jdbc
       --drocfg-registration-key ${TEXT_RESET}DROCFG_REGISTRATION_KEY${TEXT_RESET}
       --drocfg-url ${TEXT_RESET}DROCFG_URL${TEXT_RESET}
       --jdbccfg-username ${TEXT_RESET}JDBCCFG_USERNAME${TEXT_RESET}
-      --jdbccfg-password ${TEXT_RESET}JDBCCFG_PASSWORD${TEXT_RESET}
+      # --jdbccfg-password ${TEXT_RESET}JDBCCFG_PASSWORD${TEXT_RESET}
       --jdbccfg-url ${TEXT_RESET}JDBCCFG_URL${TEXT_RESET}
       --jdbccfg-sslenabled ${TEXT_RESET}JDBCCFG_SSLENABLED${TEXT_RESET}
       --jdbccfg-ca ${TEXT_RESET}JDBCCFG_CA${TEXT_RESET}
@@ -372,7 +372,7 @@ function gitops_aibroker() {
   echo_reset_dim "DRO Config Registration Key ............ ${COLOR_MAGENTA}${DROCFG_REGISTRATION_KEY}"
   echo_reset_dim "DRO Config URL ......................... ${COLOR_MAGENTA}${DROCFG_URL}"
   echo_reset_dim "JDBC Config Username ................... ${COLOR_MAGENTA}${JDBCCFG_USERNAME}"
-  echo_reset_dim "JDBC Config Password ................... ${COLOR_MAGENTA}${JDBCCFG_PASSWORD}"
+  # echo_reset_dim "JDBC Config Password ................... ${COLOR_MAGENTA}${JDBCCFG_PASSWORD}"
   echo_reset_dim "JDBC Config URL ........................ ${COLOR_MAGENTA}${JDBCCFG_URL}"
   echo_reset_dim "JDBC SSL Enabled ....................... ${COLOR_MAGENTA}${JDBCCFG_SSLENABLED}"
   echo_reset_dim "JDBC Config CA ......................... ${COLOR_MAGENTA}${JDBCCFG_CA}"
diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 6b6753171d3..71428304c04 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -34,8 +34,8 @@ Kkmodel Configuration:
       --mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                                   Whether STORAGE uses SSL (true/false)
       --mas_aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                                 Hostname or service name of the STORAGE backend
       --mas_aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                                 Port number STORAGE is exposed on
-      --mas_aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                       Access key to authenticate with STORAGE
-      --mas_aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                       Secret key for authenticating with STORAGE
+      # --mas_aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                       Access key to authenticate with STORAGE
+      # --mas_aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                       Secret key for authenticating with STORAGE
       --mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                             Storage region used in STORAGE (if applicable)
       --ssh-secret-name ${COLOR_YELLOW}SSH_SECRET_NAME${TEXT_RESET}                                                     SSH secret for securely provide SSH credentials
       --mas_aibroker_tenant_name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                                   Aibroker Tenant name
@@ -92,7 +92,7 @@ function gitops_kmodel_noninteractive() {
   export DOCKER_SERVER=${DOCKER_SERVER:-"${MAS_ICR_CP}/aibroker"}
   export PULLSECRETNAME=${PULLSECRETNAME:-"ibm-entitlement"}
   
-  export MAS_APP_CHANNEL=${MAS_APP_CHANNEL:-"workspace"}
+  export MAS_APP_CHANNEL=${MAS_APP_CHANNEL:-"9.1.x"}
   
   while [[ $# -gt 0 ]]
   do
@@ -151,13 +151,13 @@ function gitops_kmodel_noninteractive() {
         export MAS_AIBROKER_STORAGE_SSL=$1 && shift
         ;;
 
-      --mas-aibroker-storage-accesskey)
-        export MAS_AIBROKER_STORAGE_ACCESSKEY=$1 && shift
-        ;;
+      # --mas-aibroker-storage-accesskey)
+      #   export MAS_AIBROKER_STORAGE_ACCESSKEY=$1 && shift
+      #   ;;
 
-      --mas-aibroker-storage-secretkey)
-        export MAS_AIBROKER_STORAGE_SECRETKEY=$1 && shift
-        ;;
+      # --mas-aibroker-storage-secretkey)
+      #   export MAS_AIBROKER_STORAGE_SECRETKEY=$1 && shift
+      #   ;;
 
       --mas-aibroker-storage-host)
         export MAS_AIBROKER_STORAGE_HOST=$1 && shift
@@ -371,8 +371,8 @@ function gitops_kmodel() {
   echo_reset_dim "AI Broker Namespace ............................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "MAS AI Broker Storage Provider .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
   echo_reset_dim "MAS AI Broker Storage SSL ......................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
-  echo_reset_dim "MAS AI Broker Storage Access Key .................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
-  echo_reset_dim "MAS AI Broker Storage Secret Key .................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
+  # echo_reset_dim "MAS AI Broker Storage Access Key .................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
+  # echo_reset_dim "MAS AI Broker Storage Secret Key .................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
   echo_reset_dim "MAS AI Broker Storage Templates Bucket ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
   echo_reset_dim "MAS AI Broker Storage Tenants Bucket .............. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
   echo_reset_dim "MAS AI Broker Storage Pipelines Bucket ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
@@ -419,7 +419,11 @@ function gitops_kmodel() {
 # check for those variables present into the aws sm 
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64"
 
-  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_port,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
+  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
+  # Conditionally include sm_storage_port for minio
+  if [[ "${MAS_AIBROKER_STORAGE_PROVIDER}" == "minio" ]]; then
+  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_port"
+  fi
 
     # finally push them into the git repo
     # ---------------------------------------------------------------------------
diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index d5a31707e2b..2987d3dd8be 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -32,8 +32,9 @@ minio Provider Selection / Version:
       --minio_secret_key=${COLOR_YELLOW}MINIO_SECRET_KEY${TEXT_RESET}                                    The secret key for MinIO, used as the password
       --minio_host=${COLOR_YELLOW}MINIO_HOST${TEXT_RESET}                                                The hostname or service URL where MinIO is reachable
       --minio_port=${COLOR_YELLOW}MINIO_PORT${TEXT_RESET}                                                The port number on which MinIO is exposed
-      --aibroker_instance_id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                             The AI Broker instance ID
-
+      # --aibroker_instance_id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                             The AI Broker instance ID
+      --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                        The Maximo AI Broker instance ID, used for identifying the specific instance in the GitOps repository
+      
 Automatic GitHub Push (Optional):
   -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
   -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
@@ -63,7 +64,7 @@ function gitops_minio_noninteractive() {
   export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
   export MINIO_PORT=${MINIO_PORT:-"9000"}
   export MINIO_HOST=${MINIO_HOST:-"minio-service.minio.svc.cluster.local"}
-  export AIBROKER_INSTANCE_ID=${AIBROKER_INSTANCE_ID:-"aibroker-inst-1"}
+  # export AIBROKER_INSTANCE_ID=${AIBROKER_INSTANCE_ID:-"aibroker-inst-1"}
   
   while [[ $# -gt 0 ]]
   do
@@ -119,9 +120,12 @@ function gitops_minio_noninteractive() {
       --minio_port)
           export MINIO_PORT=$1 && shift
           ;;
-      --aibroker_instance_id)
-          export AIBROKER_INSTANCE_ID=$1 && shift
-          ;;
+      --mas-instance-id)
+        export MAS_INSTANCE_ID=$1 && shift
+        ;;
+      # --aibroker_instance_id)
+      #     export AIBROKER_INSTANCE_ID=$1 && shift
+      #     ;;
 
       # Automatic GitHub Push
       -P|--github-push)
@@ -173,7 +177,8 @@ function gitops_minio_noninteractive() {
   fi
 
   [[ -z "$MINIO_STORAGE_CLASS" ]] && gitops_minio_help "MINIO_STORAGE_CLASS is not set. Please specify the Kubernetes storage class using --minio_storage_class."
-  
+  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_minio_help "MAS_INSTANCE_ID is not set. Please specify the Maximo AI Broker instance ID using --mas-instance-id."
+  # [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
 }
 
 function gitops_minio() {
@@ -237,8 +242,8 @@ function gitops_minio() {
   echo_reset_dim "MinIO Storage Class (minio_storage_class)  ............ ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
   echo_reset_dim "MinIO Storage Size (minio_storage_size)  .............. ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
   echo_reset_dim "MinIO Image (minio_image)  .............................${COLOR_MAGENTA}${MINIO_IMAGE}"
-  echo_reset_dim "AiBroker (aibroker_instance_id)  ..................... ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-
+  echo_reset_dim "AiBroker (MAS_INSTANCE_ID)  ..................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  
   reset_colors
 
   # Set up secrets
@@ -328,8 +333,8 @@ function gitops_minio() {
     echo_reset_dim "minio_secret_key ...................... ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:4}<snip>"
     echo_reset_dim "minio_port ............................ ${COLOR_MAGENTA}${MINIO_PORT}"
     echo_reset_dim "minio_host ............................ ${COLOR_MAGENTA}${MINIO_HOST}"
-    echo_reset_dim "aibroker_instance_id .................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-
+    # echo_reset_dim "aibroker_instance_id .................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+    echo_reset_dim "mas_instance_id ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
     if [ -z $GIT_SSH ]; then
       export GIT_SSH=false
     fi
@@ -344,7 +349,7 @@ function gitops_minio() {
     
     # Create cluster directory to clone the repo into
     # ---------------------------------------------------------------------------
-    GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
+    GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
     mkdir -p ${GITOPS_CLUSTER_DIR}
 
     # Generate ArgoApps
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
index b11d510833f..9c737f7267d 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
@@ -1,4 +1,4 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
 
 ibm_minio:
   minio_namespace: "{{ MINIO_NAMESPACE }}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index cc70553f173..509c08c0fff 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -83,8 +83,8 @@ spec:
       type: string
     - name: jdbccfg_username
       type: string
-    - name: jdbccfg_password
-      type: string
+    # - name: jdbccfg_password
+    #   type: string
     - name: jdbccfg_url
       type: string
     - name: jdbccfg_sslenabled
@@ -227,6 +227,9 @@ spec:
           value: $(params.minio_storage_size)
         - name: minio_image
           value: $(params.minio_image)
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+
       when:
         - input: "$(params.mas_aibroker_storage_provider)"
           operator: in
@@ -366,8 +369,8 @@ spec:
           value: $(params.drocfg_url)
         - name: jdbccfg_username
           value: $(params.jdbccfg_username)
-        - name: jdbccfg_password
-          value: $(params.jdbccfg_password)
+        # - name: jdbccfg_password
+        #   value: $(params.jdbccfg_password)
         - name: jdbccfg_url
           value: $(params.jdbccfg_url)
         - name: jdbccfg_sslenabled
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index fe6bf167863..b063cafcc58 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -10,7 +10,7 @@ spec:
     - name: account
       type: string
     - name: cluster_url
-      type: string    
+      type: string
     - name: secrets_path
       type: string
     - name: avp_aws_secret_region
@@ -23,7 +23,6 @@ spec:
       type: string
     - name: github_host
       type: string
-
     - name: aibroker_namespace
       type: string
     - name: mas_aibroker_provision_tenant
@@ -46,31 +45,26 @@ spec:
       type: string
     - name: mas_icr_cpopen
       type: string
-
     - name: artifactory_token
       type: string
     - name: drocfg_url
       type: string
-
     - name: drocfg_ca
       type: string
     - name: drocfg_registration_key
       type: string
-
     - name: slscfg_url
       type: string
     - name: slscfg_registration_key
       type: string
     - name: mas_aibroker_sls_subscription_id
       type: string
-    
     - name: mas_aibroker_watsonxai_url
       type: string
     - name: mas_aibroker_watsonxai_apikey
       type: string
     - name: mas_aibroker_watsonxai_project_id
       type: string
-    
     - name: mas_aibroker_storage_host
       type: string
     - name: mas_aibroker_storage_port
@@ -87,38 +81,24 @@ spec:
       type: string
     - name: mas_aibroker_storage_ssl
       type: string
-
-        
     - name: mas_aibroker_s3_endpoint_url
       type: string
-
     - name: mas_aibroker_s3_region
       type: string
-
     - name: mas_aibroker_s3_bucket_prefix
       type: string
-
     - name: rsl_url
       type: string
-
     - name: rsl_org_id
       type: string
-
     - name: rsl_token
       type: string
-
     - name: tenant_entitlement_type
       type: string
-
     - name: tenant_entitlement_start_date
       type: string
-
     - name: tenant_entitlement_end_date
       type: string
-
-    
-
-      
   stepTemplate:
     name: gitops-aibroker-tenant
     env:
@@ -140,124 +120,82 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-
       - name: AIBROKER_NAMESPACE
         value: $(params.aibroker_namespace)
-
       - name: MAS_AIBROKER_PROVISION_TENANT
         value: $(params.mas_aibroker_provision_tenant)
-
       - name: MAS_INSTANCE_ID
         value: $(params.mas_instance_id)
-
       - name: TENANT_NAMESPACE
         value: $(params.tenantNamespace)
-        
       - name: TENANT_ID
         value: $(params.tenant_id)
-
       - name: MAS_AIBROKER_TENANT_NAME
         value: $(params.mas_aibroker_tenant_name)
-
       - name: CLUSTER_DOMAIN
         value: $(params.cluster_domain)
-
       - name: IN_SAAS_ENV
         value: $(params.in_saas_env)
-
       - name: IBM_ENTITLEMENT_KEY
         value: $(params.ibm_entitlement_key)
-
       - name: MAS_ICR_CP
         value: $(params.mas_icr_cp)
-
       - name: MAS_ICR_CPOPEN
         value: $(params.mas_icr_cpopen)
-
       - name: ARTIFACTORY_TOKEN
         value: $(params.artifactory_token)
-
       - name: DROCFG_URL
         value: $(params.drocfg_url)
-
       - name: DROCFG_CA
         value: $(params.drocfg_ca)
-
       - name: DROCFG_REGISTRATION_KEY
         value: $(params.drocfg_registration_key)
-
       - name: SLSCFG_URL
         value: $(params.slscfg_url)
-
       - name: SLSCFG_REGISTRATION_KEY
         value: $(params.slscfg_registration_key)
-
       - name: MAS_AIBROKER_SLS_SUBSCRIPTION_ID
         value: $(params.mas_aibroker_sls_subscription_id)
-
       - name: MAS_AIBROKER_WATSONXAI_URL
         value: $(params.mas_aibroker_watsonxai_url)
-
       - name: MAS_AIBROKER_WATSONXAI_APIKEY
         value: $(params.mas_aibroker_watsonxai_apikey)
-
       - name: MAS_AIBROKER_WATSONXAI_PROJECT_ID
         value: $(params.mas_aibroker_watsonxai_project_id)
-
       - name: MAS_AIBROKER_STORAGE_HOST
         value: $(params.mas_aibroker_storage_host)
-
       - name: MAS_AIBROKER_STORAGE_PORT
         value: $(params.mas_aibroker_storage_port)
-
       - name: MAS_AIBROKER_STORAGE_REGION
         value: $(params.mas_aibroker_storage_region)
-
       - name: MAS_AIBROKER_STORAGE_PROVIDER
         value: $(params.mas_aibroker_storage_provider)
-
       - name: MAS_AIBROKER_STORAGE_ACCESSKEY
         value: $(params.mas_aibroker_storage_accesskey)
-
       - name: MAS_AIBROKER_STORAGE_SECRETKEY
         value: $(params.mas_aibroker_storage_secretkey)
-
       - name: MAS_AIBROKER_STORAGE_PIPELINES_BUCKET
         value: $(params.mas_aibroker_storage_pipelines_bucket)
-
       - name: MAS_AIBROKER_STORAGE_SSL
         value: $(params.mas_aibroker_storage_ssl)
-
-      
       - name: MAS_AIBROKER_S3_ENDPOINT_URL
         value: $(params.mas_aibroker_s3_endpoint_url)
-
       - name: MAS_AIBROKER_S3_REGION
         value: $(params.mas_aibroker_s3_region)
-
       - name: MAS_AIBROKER_S3_BUCKET_PREFIX
         value: $(params.mas_aibroker_s3_bucket_prefix)
-
       - name: RSL_URL
         value: $(params.rsl_url)
-
       - name: RSL_ORG_ID
         value: $(params.rsl_org_id)
-
       - name: RSL_TOKEN
         value: $(params.rsl_token)
-
       - name: TENANT_ENTITLEMENT_TYPE
         value: $(params.tenant_entitlement_type)
-
       - name: TENANT_ENTITLEMENT_START_DATE
         value: $(params.tenant_entitlement_start_date)
-
       - name: TENANT_ENTITLEMENT_END_DATE
         value: $(params.tenant_entitlement_end_date)
-
-      
-            
     envFrom:
       - configMapRef:
           name: environment-properties
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 3ffbcf4db00..20d293f5a5d 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -80,8 +80,8 @@ spec:
       type: string
     - name: jdbccfg_username
       type: string
-    - name: jdbccfg_password
-      type: string
+    # - name: jdbccfg_password
+    #   type: string
     - name: jdbccfg_url
       type: string
     - name: jdbccfg_sslenabled
@@ -106,20 +106,14 @@ spec:
       type: string
     - name: in_saas_env
       type: string
-    
     - name: environment_type
       type: string
-
     - name: mas_aibroker_s3_endpoint_url
       type: string
-
     - name: mas_aibroker_s3_region
       type: string
-
     - name: mas_aibroker_s3_bucket_prefix
       type: string
-        
-
 
   stepTemplate:
     name: gitops-aibroker
@@ -198,8 +192,8 @@ spec:
         value: $(params.drocfg_url)
       - name: JDBCCFG_USERNAME
         value: $(params.jdbccfg_username)
-      - name: JDBCCFG_PASSWORD
-        value: $(params.jdbccfg_password)
+      # - name: JDBCCFG_PASSWORD
+      #  value: $(params.jdbccfg_password)
       - name: JDBCCFG_URL
         value: $(params.jdbccfg_url)
       - name: JDBCCFG_SSLENABLED
@@ -224,20 +218,14 @@ spec:
         value: $(params.cluster_domain)
       - name: IN_SAAS_ENV
         value: $(params.in_saas_env)
-      
       - name: ENVIRONMENT_TYPE
         value: $(params.environment_type)
-
       - name: MAS_AIBROKER_S3_ENDPOINT_URL
         value: $(params.mas_aibroker_s3_endpoint_url)
-
       - name: MAS_AIBROKER_S3_REGION
         value: $(params.mas_aibroker_s3_region)
-
       - name: MAS_AIBROKER_S3_BUCKET_PREFIX
         value: $(params.mas_aibroker_s3_bucket_prefix)
-        
-      
     envFrom:
       - configMapRef:
           name: environment-properties
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
index 6f8f0c13c4f..d7d0457267d 100644
--- a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -39,10 +39,10 @@ spec:
       type: string
     - name: mas_aibroker_storage_ssl
       type: string
-    - name: mas_aibroker_storage_accesskey
-      type: string
-    - name: mas_aibroker_storage_secretkey
-      type: string
+    #- name: mas_aibroker_storage_accesskey
+    #  type: string
+    # - name: mas_aibroker_storage_secretkey
+    #   type: string
     - name: mas_aibroker_storage_host
       type: string
     - name: mas_aibroker_storage_port
@@ -121,10 +121,10 @@ spec:
         value: $(params.mas_aibroker_storage_provider)
       - name: MAS_AIBROKER_STORAGE_SSL
         value: $(params.mas_aibroker_storage_ssl)
-      - name: MAS_AIBROKER_STORAGE_ACCESSKEY
-        value: $(params.mas_aibroker_storage_accesskey)
-      - name: MAS_AIBROKER_STORAGE_SECRETKEY
-        value: $(params.mas_aibroker_storage_secretkey)
+      # - name: MAS_AIBROKER_STORAGE_ACCESSKEY
+      #   value: $(params.mas_aibroker_storage_accesskey)
+      # - name: MAS_AIBROKER_STORAGE_SECRETKEY
+      #   value: $(params.mas_aibroker_storage_secretkey)
       - name: MAS_AIBROKER_STORAGE_HOST
         value: $(params.mas_aibroker_storage_host)
       - name: MAS_AIBROKER_STORAGE_PORT
diff --git a/tekton/src/tasks/gitops/gitops-minio.yml.j2 b/tekton/src/tasks/gitops/gitops-minio.yml.j2
index 7a3e6a4721b..d18b025af9c 100644
--- a/tekton/src/tasks/gitops/gitops-minio.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-minio.yml.j2
@@ -9,8 +9,8 @@ spec:
       type: string
     - name: account
       type: string
-    #- name: mas_instance_id
-    #  type: string
+    - name: mas_instance_id
+      type: string
     - name: cluster_id
       type: string
     - name: cluster_url
@@ -55,8 +55,8 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
-      #- name: MAS_INSTANCE_ID
-      #  value: $(params.mas_instance_id)
+      - name: MAS_INSTANCE_ID
+        value: $(params.mas_instance_id)
       #- name: CLUSTER_ID
       #  value: $(params.cluster_id)
       - name: CLUSTER_URL

From 1c66014af9cf62f540496f4565619811b6bb109f Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 4 Jul 2025 12:21:36 +0530
Subject: [PATCH 120/258] Update gitops-mas-aibroker.yml.j2

activated minio task
---
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index 509c08c0fff..cd11210cfe7 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -230,10 +230,10 @@ spec:
         - name: mas_instance_id
           value: $(params.mas_instance_id)
 
-      when:
-        - input: "$(params.mas_aibroker_storage_provider)"
-          operator: in
-          values: ["minio"]
+      # when:
+      #  - input: "$(params.mas_aibroker_storage_provider)"
+      #    operator: in
+      #    values: ["minio"]
 
     # 2.gitops-odh
     # -------------------------------------------------------------------------

From 52b13c804da9e7ca5b07dffc7a4d77c95f942f82 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 4 Jul 2025 14:59:51 +0530
Subject: [PATCH 121/258] Update gitops_aibroker_tenant

---
 image/cli/mascli/functions/gitops_aibroker_tenant | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index c513dbf8562..5245b610da1 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -477,8 +477,11 @@ function gitops_aibroker_tenant() {
 
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_tenant"
  
-  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_port,sm_storage_accesskey,sm_storage_secretkey"
-  
+  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey"
+  # Conditionally include sm_storage_port for minio
+  if [[ "${MAS_AIBROKER_STORAGE_PROVIDER}" == "minio" ]]; then
+  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_port"
+  fi
   sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token"
   sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id"
   

From 5863eae1d9b63a71f9d28a9f5ec651eaa9c8cf4c Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 4 Jul 2025 18:09:37 +0530
Subject: [PATCH 122/258] Update gitops-mas-aibroker.yml.j2

removed minio
---
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index cd11210cfe7..ac147f2340b 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -230,11 +230,6 @@ spec:
         - name: mas_instance_id
           value: $(params.mas_instance_id)
 
-      # when:
-      #  - input: "$(params.mas_aibroker_storage_provider)"
-      #    operator: in
-      #    values: ["minio"]
-
     # 2.gitops-odh
     # -------------------------------------------------------------------------
 

From 9c5d6bb14411bb237e3644266f01abb29dd1de1e Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 4 Jul 2025 18:40:28 +0530
Subject: [PATCH 123/258] Revert "Update gitops-mas-aibroker.yml.j2"

This reverts commit 7ee82f1adfb2fbbe8d26382c226d12ef6875e2d6.
---
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index ac147f2340b..cd11210cfe7 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -230,6 +230,11 @@ spec:
         - name: mas_instance_id
           value: $(params.mas_instance_id)
 
+      # when:
+      #  - input: "$(params.mas_aibroker_storage_provider)"
+      #    operator: in
+      #    values: ["minio"]
+
     # 2.gitops-odh
     # -------------------------------------------------------------------------
 

From 192da4638dbc7fe9f07759252188d2e8096c751d Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 4 Jul 2025 18:40:34 +0530
Subject: [PATCH 124/258] Revert "Update gitops-mas-aibroker.yml.j2"

This reverts commit 207c7bf54153eba4146fb3a612106be403147d5b.
---
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index cd11210cfe7..509c08c0fff 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -230,10 +230,10 @@ spec:
         - name: mas_instance_id
           value: $(params.mas_instance_id)
 
-      # when:
-      #  - input: "$(params.mas_aibroker_storage_provider)"
-      #    operator: in
-      #    values: ["minio"]
+      when:
+        - input: "$(params.mas_aibroker_storage_provider)"
+          operator: in
+          values: ["minio"]
 
     # 2.gitops-odh
     # -------------------------------------------------------------------------

From 0c2419e4878fd3a3a499a2b471a2d105ff6bf652 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 8 Jul 2025 13:23:41 +0530
Subject: [PATCH 125/258] Reapply "Update gitops-mas-aibroker.yml.j2"

This reverts commit d9dc1aa48e56d7f588c8b531e32180d26dbc4c4a.
---
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index 509c08c0fff..cd11210cfe7 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -230,10 +230,10 @@ spec:
         - name: mas_instance_id
           value: $(params.mas_instance_id)
 
-      when:
-        - input: "$(params.mas_aibroker_storage_provider)"
-          operator: in
-          values: ["minio"]
+      # when:
+      #  - input: "$(params.mas_aibroker_storage_provider)"
+      #    operator: in
+      #    values: ["minio"]
 
     # 2.gitops-odh
     # -------------------------------------------------------------------------

From dc592218ef5f1744a480194bfd7c6648868990c3 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 8 Jul 2025 13:31:16 +0530
Subject: [PATCH 126/258] pr review suggestion

---
 image/cli/mascli/functions/gitops_minio       | 58 +++++++++----------
 image/cli/mascli/functions/gitops_odh         | 19 ------
 .../instance/ibm-aibroker-tenant-base.yaml.j2 |  6 +-
 tekton/src/tasks/gitops/gitops-minio.yml.j2   |  4 --
 4 files changed, 30 insertions(+), 57 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index 2987d3dd8be..40983e8af09 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -259,14 +259,14 @@ function gitops_minio() {
 
     #minio provider role specific env variables
 
-    export SECRET_NAME_MINIO_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
-    echo_reset_dim "SECRET_NAME_MINIO_AUTH ................ ${COLOR_MAGENTA}$SECRET_NAME_MINIO_AUTH"
-    export SECRET_KEY_MINIO_USER=${SECRET_NAME_MINIO_AUTH}#sm_minio_user
-    export SECRET_KEY_MINIO_PASSWORD=${SECRET_NAME_MINIO_AUTH}#sm_minio_password
+    export SECRET_NAME_STORAGE_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
+    echo_reset_dim "SECRET_NAME_STORAGE_AUTH ................ ${COLOR_MAGENTA}$SECRET_NAME_STORAGE_AUTH"
+    export SECRET_KEY_STORAGE_USER=${SECRET_NAME_STORAGE_AUTH}#sm_storage_user
+    export SECRET_KEY_STORAGE_PASSWORD=${SECRET_NAME_STORAGE_AUTH}#sm_storage_password
     
     # Create a secret in SM containing the username/password for this specific minio instance.
     export MINIO_SECRET_FILE=$GITOPS_WORKING_DIR/minio-secret.json
-    sm_get_secret_file ${SECRET_NAME_MINIO_AUTH} $MINIO_SECRET_FILE
+    sm_get_secret_file ${SECRET_NAME_STORAGE_AUTH} $MINIO_SECRET_FILE
     
     if [ -z "$MINIO_ROOT_PASSWORD" ]; then
 
@@ -274,52 +274,52 @@ function gitops_minio() {
       echo_reset_dim "MINIO_ROOT_USER ............................. ${COLOR_MAGENTA}$MINIO_ROOT_USER"
 
       export MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
-      # Extract and export sm_minio_accesskey
-      TEMP_MINIO_ACCESSKEY=$(jq -r .sm_minio_accesskey $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_MINIO_ACCESSKEY} && ${TEMP_MINIO_ACCESSKEY} != "null" ]]; then
-        export MINIO_ACCESS_KEY=${TEMP_MINIO_ACCESSKEY}
+      # Extract and export sm_storage_accesskey
+      TEMP_STORAGE_ACCESSKEY=$(jq -r .sm_storage_accesskey $MINIO_SECRET_FILE)
+      if [[ -n ${TEMP_STORAGE_ACCESSKEY} && ${TEMP_STORAGE_ACCESSKEY} != "null" ]]; then
+        export MINIO_ACCESS_KEY=${TEMP_STORAGE_ACCESSKEY}
         echo_reset_dim "MINIO_ACCESS_KEY .............................. ${COLOR_MAGENTA}${MINIO_ACCESS_KEY:0:8}<snip> is available in the secret, using that value"
       fi
       
       export MINIO_PORT=${MINIO_PORT:-"9000"}
-      # Extract and export sm_minio_port
-      TEMP_MINIO_PORT=$(jq -r .sm_minio_port $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_MINIO_PORT} && ${TEMP_MINIO_PORT} != "null" ]]; then
-        export MINIO_PORT=${TEMP_MINIO_PORT}
+      # Extract and export sm_storage_port
+      TEMP_STORAGE_PORT=$(jq -r .sm_storage_port $MINIO_SECRET_FILE)
+      if [[ -n ${TEMP_STORAGE_PORT} && ${TEMP_STORAGE_PORT} != "null" ]]; then
+        export MINIO_PORT=${TEMP_STORAGE_PORT}
         echo_reset_dim "MINIO_PORT .................................... ${COLOR_MAGENTA}${MINIO_PORT} is available in the secret, using that value"
       fi
       
       export MINIO_HOST=${MINIO_HOST:-"minio-service.minio.svc.cluster.local"}
-      # Extract and export sm_minio_host
-      TEMP_MINIO_HOST=$(jq -r .sm_minio_host $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_MINIO_HOST} && ${TEMP_MINIO_HOST} != "null" ]]; then
-        export MINIO_HOST=${TEMP_MINIO_HOST}
+      # Extract and export sm_storage_host
+      TEMP_STORAGE_HOST=$(jq -r .sm_storage_host $MINIO_SECRET_FILE)
+      if [[ -n ${TEMP_STORAGE_HOST} && ${TEMP_STORAGE_HOST} != "null" ]]; then
+        export MINIO_HOST=${TEMP_STORAGE_HOST}
         echo_reset_dim "MINIO_HOST .................................... ${COLOR_MAGENTA}${MINIO_HOST} is available in the secret, using that value"
       fi
 
       export MINIO_ROOT_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
-      TEMP_MINIO_PASSWORD=$(jq -r .sm_minio_password $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_MINIO_PASSWORD} && ${TEMP_MINIO_PASSWORD} != "null" ]]; then
-        export MINIO_ROOT_PASSWORD=${TEMP_MINIO_PASSWORD}
+      TEMP_STORAGE_PASSWORD=$(jq -r .sm_storage_password $MINIO_SECRET_FILE)
+      if [[ -n ${TEMP_STORAGE_PASSWORD} && ${TEMP_STORAGE_PASSWORD} != "null" ]]; then
+        export MINIO_ROOT_PASSWORD=${TEMP_STORAGE_PASSWORD}
         echo_reset_dim "MINIO_ROOT_PASSWORD ........................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip> is available in the secret, using that value"
       fi
 
       export MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
-      # Extract and export sm_minio_secretkey
-      TEMP_MINIO_SECRETKEY=$(jq -r .sm_minio_secretkey $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_MINIO_SECRETKEY} && ${TEMP_MINIO_SECRETKEY} != "null" ]]; then
-        export MINIO_SECRET_KEY=${TEMP_MINIO_SECRETKEY}
+      # Extract and export sm_storage_secretkey
+      TEMP_STORAGE_SECRETKEY=$(jq -r .sm_storage_secretkey $MINIO_SECRET_FILE)
+      if [[ -n ${TEMP_STORAGE_SECRETKEY} && ${TEMP_STORAGE_SECRETKEY} != "null" ]]; then
+        export MINIO_SECRET_KEY=${TEMP_STORAGE_SECRETKEY}
         echo_reset_dim "MINIO_SECRET_KEY .............................. ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:8}<snip> is available in the secret, using that value"
       fi
 
       echo_reset_dim "MINIO_ROOT_PASSWORD ............................. ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip>"
       TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
       #SREMAT : remove those buckets name if no longer needed
-      MINIO_BUCKET_FIELDS="\"sm_minio_bucket_templates\": \"km-templates\", \
-      \"sm_minio_bucket_tenants\": \"km-tenants\", \
-      \"sm_minio_bucket_pipelines\": \"km-pipelineset\", \
-      \"sm_minio_bucket_default\": \"miniobucket1\""
-      sm_update_secret $SECRET_NAME_MINIO_AUTH "{ \"sm_minio_user\": \"$MINIO_ROOT_USER\", \"sm_minio_password\": \"$MINIO_ROOT_PASSWORD\", \"sm_minio_accesskey\": \"$MINIO_ROOT_USER\", \"sm_minio_secretkey\": \"$MINIO_ROOT_PASSWORD\", \"sm_minio_port\": \"$MINIO_PORT\", \"sm_minio_host\": \"$MINIO_HOST\", $MINIO_BUCKET_FIELDS }" "${TAGS}"
+      MINIO_BUCKET_FIELDS="\"sm_storage_bucket_templates\": \"km-templates\", \
+      \"sm_storage_bucket_tenants\": \"km-tenants\", \
+      \"sm_storage_bucket_pipelines\": \"km-pipelineset\", \
+      \"sm_storage_bucket_default\": \"miniobucket1\""
+      sm_update_secret $SECRET_NAME_STORAGE_AUTH "{ \"sm_storage_user\": \"$MINIO_ROOT_USER\", \"sm_storage_password\": \"$MINIO_ROOT_PASSWORD\", \"sm_storage_accesskey\": \"$MINIO_ROOT_USER\", \"sm_storage_secretkey\": \"$MINIO_ROOT_PASSWORD\", \"sm_storage_port\": \"$MINIO_PORT\", \"sm_storage_host\": \"$MINIO_HOST\", $MINIO_BUCKET_FIELDS }" "${TAGS}"
     fi
     
     echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 6d94a159aaa..97ed57efeaf 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -119,7 +119,6 @@ function gitops_odh_noninteractive() {
   export ODH_NAMESPACE="${ODH_NAMESPACE:-"opendatahub"}"
 
   export AIBROKER_NAMESPACE="${AIBROKER_NAMESPACE:-"mas-${MAS_INSTANCE_ID}-aibroker"}"
-  # skip pull_secret_name, it is a secret reference
 
   export ODH_PIPELINE_NAME="${ODH_PIPELINE_NAME:-"openshift-pipelines-operator"}"
   export ODH_PIPELINE_NAMESPACE="${ODH_PIPELINE_NAMESPACE:-"openshift-operators"}"
@@ -362,11 +361,6 @@ function gitops_odh_noninteractive() {
     [[ -z "$GITHUB_REPO" ]] && gitops_odh_help "GITHUB_REPO is not set"
     [[ -z "$GIT_BRANCH" ]] && gitops_odh_help "GIT_BRANCH is not set"
   fi
-  #odh variables
-  #[[ -z "$ODH_PIPELINE_CHANNEL" ]] && gitops_odh_help "ODH_PIPELINE_CHANNEL is not set. Please provide the ODH PIPELINE CHANNEL using --odh-pipeline-channel."
-  #[[ -z "$ODH_PIPELINE_INSTALLPLAN" ]] && gitops_odh_help "ODH_PIPELINE_INSTALLPLAN is not set. Please provide the OODH_PIPELINE_INSTALLPLAN using --odh-pipeline-installplan."
-  # [[ -z "$OPENDATAHUB_NAME" ]] && gitops_odh_help "OPENDATAHUB_NAME is not set. Please provide the OPENDATAHUB NAME using --opendatahub-name."
-  # [[ -z "$OPENDATAHUB_NAMESPACE" ]] && gitops_odh_help "OPENDATAHUB_NAMESPACE is not set. Please provide the OPENDATAHUB NAMESPACE using --opendatahub-namespace."
 
 }
 
@@ -387,7 +381,6 @@ function gitops_odh() {
   # Prepare directories
   rm -rf "$GITOPS_WORKING_DIR"
   mkdir -p "${GITOPS_WORKING_DIR}"
-  #GITOPS_CLUSTER_DIR="${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${CLUSTER_ID}"
   GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
   
 
@@ -403,9 +396,6 @@ function gitops_odh() {
   reset_colors
 
   CURRENT_DIR=$PWD
-  # TEMP_DIR=$CURRENT_DIR/aibroker01
-  # mkdir -p $TEMP_DIR
-  # echo_reset_dim "Temp Directory ........................ ${COLOR_MAGENTA}${TEMP_DIR}"
   
   AVP_TYPE=aws
   sm_login
@@ -516,17 +506,9 @@ function gitops_odh() {
 
   jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
 
-  # Collect info block for secret update
-  # yq eval '.' "${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml" > "${GITOPS_CLUSTER_DIR}/odh-info.yaml"
-  # UNESCAPED_INFO="$(cat ${GITOPS_CLUSTER_DIR}/odh-info.yaml)"
-  # ESCAPED_INFO="${UNESCAPED_INFO//\"/\\\"}"
 
   TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_odh\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
 
-  # sm_update_secret "$ODH_SECRET" \
-  #   "{\"minio_access_key\": \"${MINIO_ACCESS_KEY}\", \"minio_secret_key\": \"${MINIO_SECRET_KEY}\", \"mariadb_user\": \"${MARIADB_USER}\"}" \
-  #   "$TAGS"
-  #rm -rf "$TEMP_DIR"
   # GitHub push
   if [[ "$GITHUB_PUSH" == "true" ]]; then
     echo_h2 "Pushing changes to GitHub"
@@ -535,7 +517,6 @@ function gitops_odh() {
     remove_git_repo_clone "${GITOPS_WORKING_DIR}/${GITHUB_REPO}"
   fi
 
-  # rm -rf "$TEMP_DIR"
   rm -rf "$ODH_SECRET_FILE"
   rm -rf "$MARIA_SECRET_FILE"
   echo_h2 "ODH GitOps completed."
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
index 899f6540d06..e4032ad29d4 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
@@ -19,8 +19,4 @@ tenant:
 sm:
   aws_access_key_id: "<path:{{ SECRETS_PATH }}:{{ACCOUNT_ID}}/{{CLUSTER_ID}}/aws#sm_aws_access_key_id>"
   aws_secret_access_key: "<path:{{ SECRETS_PATH }}:{{ACCOUNT_ID}}/{{CLUSTER_ID}}/aws#sm_aws_secret_access_key>"
-{% if MAS_WIPE_MONGO_DATA == 'true' %}
-mas_wipe_mongo_data: true
-{% else %}
-mas_wipe_mongo_data: false
-{% endif %}
+
diff --git a/tekton/src/tasks/gitops/gitops-minio.yml.j2 b/tekton/src/tasks/gitops/gitops-minio.yml.j2
index d18b025af9c..ac5efad64ec 100644
--- a/tekton/src/tasks/gitops/gitops-minio.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-minio.yml.j2
@@ -37,8 +37,6 @@ spec:
       default: minio
     - name: minio_root_user
       type: string
-    - name: minio_root_password
-      type: string
     - name: minio_storage_class
       type: string
       default: nfs-client
@@ -80,8 +78,6 @@ spec:
         value: $(params.minio_instance_name)
       - name: MINIO_ROOT_USER
         value: $(params.minio_root_user)
-      - name: MINIO_ROOT_PASSWORD
-        value: $(params.minio_root_password)
       - name: MINIO_STORAGE_CLASS
         value: $(params.minio_storage_class)
       - name: MINIO_STORAGE_SIZE

From 0724d700b4add6a454d8df87d8a6442385aca528 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 8 Jul 2025 13:33:58 +0530
Subject: [PATCH 127/258] cherry-pick 0af78680bf conflict

---
 image/cli/mascli/mas                      | 2 +-
 tekton/src/tasks/gitops/gitops-odh.yml.j2 | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index 5bed58fa054..1b06da4e378 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -853,7 +853,7 @@ case $1 in
     gitops_minio "$@"
     ;;
 
-    gitops-kmodel)
+  gitops-kmodel)
     echo "${TEXT_UNDERLINE}IBM Maximo Application Suite kmodel Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
diff --git a/tekton/src/tasks/gitops/gitops-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-odh.yml.j2
index 78d44f2a97e..bd3f4423255 100644
--- a/tekton/src/tasks/gitops/gitops-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-odh.yml.j2
@@ -93,7 +93,6 @@ spec:
         git config --global user.name "MAS Automation"
         git config --global user.email "you@example.com"
         git config --global user.password $GITHUB_PAT
-        #mas gitops-odh --account-id "$ACCOUNT_ID" --cluster-id "$CLUSTER_ID"   --secrets-path "$SECRETS_PATH"   --github-host "$GITHUB_HOST"   --github-org "$GITHUB_ORG"   --github-repo "$GITHUB_REPO"   --git-branch "$GIT_BRANCH" --github-push
         mkdir -p /tmp/init-odh
         mas gitops-odh -a $ACCOUNT -c $CLUSTER_NAME \
         --secrets-path $SECRET_PATH \

From e7ce84575dce9e44ffc0c7fefbe55c81b0dbf05f Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 8 Jul 2025 14:54:08 +0530
Subject: [PATCH 128/258] rename to storage

---
 image/cli/mascli/functions/gitops_minio                       | 4 ++--
 .../gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index 40983e8af09..c79003be5c3 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -24,7 +24,7 @@ minio Provider Selection / Version:
       --minio_namespace ${COLOR_YELLOW}MINIO_NAMESPACE${TEXT_RESET}                                         The minio namespace to install
       --minio_instance_name ${COLOR_YELLOW}MINIO_INSTANCE_NAME${TEXT_RESET}                                 The minio instance name
       --minio_root_user ${COLOR_YELLOW}MINIO_ROOT_USER${TEXT_RESET}                                         The minio user name
-      --minio_root_password ${COLOR_YELLOW}MINIO_ROOT_PASSWORD${TEXT_RESET}                                 The minio user password
+      # --minio_root_password ${COLOR_YELLOW}MINIO_ROOT_PASSWORD${TEXT_RESET}                                 The minio user password
       --minio_storage_class ${COLOR_YELLOW}MINIO_STORAGE_CLASS${TEXT_RESET}                                 The minio storage class
       --minio_storage_size ${COLOR_YELLOW}MINIO_STORAGE_SIZE${TEXT_RESET}                                   The minio storage size
       --minio_image ${COLOR_YELLOW}MINIO_IMAGE${TEXT_RESET}                                                 The minio image name
@@ -259,7 +259,7 @@ function gitops_minio() {
 
     #minio provider role specific env variables
 
-    export SECRET_NAME_STORAGE_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}minio
+    export SECRET_NAME_STORAGE_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage
     echo_reset_dim "SECRET_NAME_STORAGE_AUTH ................ ${COLOR_MAGENTA}$SECRET_NAME_STORAGE_AUTH"
     export SECRET_KEY_STORAGE_USER=${SECRET_NAME_STORAGE_AUTH}#sm_storage_user
     export SECRET_KEY_STORAGE_PASSWORD=${SECRET_NAME_STORAGE_AUTH}#sm_storage_password
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
index 9c737f7267d..2025207e1ca 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
@@ -3,8 +3,8 @@ merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
 ibm_minio:
   minio_namespace: "{{ MINIO_NAMESPACE }}"
   minio_instance_name: "{{ MINIO_INSTANCE_NAME }}"
-  minio_root_user: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_USER }}>"
-  minio_root_password: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_MINIO_PASSWORD }}>"
+  minio_root_user: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_USER }}>"
+  minio_root_password: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_PASSWORD }}>"
   minio_storage_class: "{{ MINIO_STORAGE_CLASS }}"
   minio_storage_size: "{{ MINIO_STORAGE_SIZE }}"
   minio_image: "{{ MINIO_IMAGE }}"

From 86a53813efea95546c5203261b82431dd1c968a8 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 10 Jul 2025 11:13:14 +0530
Subject: [PATCH 129/258] cherry-pick 163dcc8558 conflict

---
 .secrets.baseline                                     |  2 +-
 image/cli/mascli/functions/gitops_aibroker            | 11 ++++++++---
 .../cluster/instance/ibm-aibroker-tenant.yaml.j2      |  2 +-
 .../src/pipelines/gitops/gitops-mas-aibroker.yml.j2   |  9 ++++-----
 tekton/src/tasks/gitops/gitops-aibroker.yml.j2        |  4 ++++
 5 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 152cbd1c2fc..f16adb198f7 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-04T06:44:58Z",
+  "generated_at": "2025-07-10T05:13:08Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 9a5b57eacfb..4af73e05d66 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -68,6 +68,7 @@ sls_dro_jdbc
       --mas-icr-cpopen ${TEXT_RESET}MAS_ICR_CPOPEN${TEXT_RESET}
       --cluster-domain ${TEXT_RESET}CLUSTER_DOMAIN${TEXT_RESET}
       --in-saas-env ${TEXT_RESET}IN_SAAS_ENV${TEXT_RESET}
+      --route_type ${TEXT_RESET}ROUTE_TYPE${TEXT_RESET}  # Optional, e.g., "route" or "ingress"
 
 Target Cluster (Optional):
       --cluster-url ${COLOR_YELLOW}CLUSTER_URL${TEXT_RESET}       Set to target a remote Kubernetes cluster (defaults to 'https://kubernetes.default.svc')
@@ -98,6 +99,7 @@ function gitops_aibroker_noninteractive() {
   #adding default values 
   export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${MAS_INSTANCE_ID}-aibroker"}
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
+  export ROUTE_TYPE=${ROUTE_TYPE:-""}  # Default to "", can be set to "ingress" if needed
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
   #dro
@@ -154,12 +156,15 @@ function gitops_aibroker_noninteractive() {
         export SECRETS_PATH=$1 && shift
         ;;
 
-       --aibroker-namespace)
+      --aibroker-namespace)
           export AIBROKER_NAMESPACE=$1 && shift
         ;;
-       --in-saas-env)
+      --in-saas-env)
           export IN_SAAS_ENV=$1 && shift
         ;;
+      --route-type)
+          export ROUTE_TYPE=$1 && shift
+        ;;
       --mas-icr-cp)
         export MAS_ICR_CP=$1 && shift
         ;;
@@ -385,7 +390,7 @@ function gitops_aibroker() {
   echo_reset_dim "MAS ICR CPOpen ......................... ${COLOR_MAGENTA}${MAS_ICR_CPOPEN}"
   echo_reset_dim "Cluster Domain ......................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
   echo_reset_dim "In SaaS Environment .................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
-
+  echo_reset_dim "Route Type ............................ ${COLOR_MAGENTA}${ROUTE_TYPE}"
 
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index f5fc9e926b9..38d64bd3c45 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -8,7 +8,7 @@ ibm_aibroker_tenant:
   mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
   mas_instance_id: "{{ MAS_INSTANCE_ID }}"
   tenantNamespace: "{{ TENANT_NAMESPACE }}"
-  cluster_domain: "{{ CLUSTER_DOMAIN }}"
+  # cluster_domain: "{{ CLUSTER_DOMAIN }}"
   in_saas_env: "{{ IN_SAAS_ENV }}"
   ibm_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IBM_ENTITLEMENT }}>"
 
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index cd11210cfe7..f24e9c059fe 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -109,7 +109,8 @@ spec:
       type: string
     - name: in_saas_env
       type: string
-
+    - name: route_type
+      type: string
     # MINIO-specific
     - name: minio_namespace
       type: string
@@ -395,16 +396,14 @@ spec:
           value: $(params.cluster_domain)
         - name: in_saas_env
           value: $(params.in_saas_env)
-        
+        - name: route_type
+          value: $(params.route_type)
         - name: environment_type
           value: $(params.environment_type)
-
         - name: mas_aibroker_s3_endpoint_url
           value: $(params.mas_aibroker_s3_endpoint_url)
-
         - name: mas_aibroker_s3_region
           value: $(params.mas_aibroker_s3_region)
-
         - name: mas_aibroker_s3_bucket_prefix
           value: $(params.mas_aibroker_s3_bucket_prefix)
         
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 20d293f5a5d..7c95676bc18 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -106,6 +106,8 @@ spec:
       type: string
     - name: in_saas_env
       type: string
+    - name: route_type
+      type: string
     - name: environment_type
       type: string
     - name: mas_aibroker_s3_endpoint_url
@@ -218,6 +220,8 @@ spec:
         value: $(params.cluster_domain)
       - name: IN_SAAS_ENV
         value: $(params.in_saas_env)
+      - name: ROUTE_TYPE
+        value: $(params.route_type)
       - name: ENVIRONMENT_TYPE
         value: $(params.environment_type)
       - name: MAS_AIBROKER_S3_ENDPOINT_URL

From ae177620cedfce703819663344e4d5812aaf8992 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 10 Jul 2025 18:38:08 +0530
Subject: [PATCH 130/258] cherry-pick e3f6240ef6 conflict

---
 .secrets.baseline                             |  2 +-
 image/cli/mascli/functions/gitops_aibroker    | 10 ++--
 .../mascli/functions/gitops_aibroker_tenant   | 23 +++++----
 image/cli/mascli/functions/gitops_kmodel      | 24 ++++++----
 image/cli/mascli/functions/gitops_minio       | 48 +++++++++----------
 image/cli/mascli/functions/gitops_odh         | 17 ++++---
 .../instance/ibm-aibroker-tenant-base.yaml.j2 |  4 +-
 .../instance/ibm-aibroker-tenant.yaml.j2      |  4 +-
 .../cluster/instance/ibm-aibroker.yaml.j2     |  4 +-
 .../cluster/instance/ibm-kmodel.yaml.j2       |  4 +-
 .../instance/ibm-mas-instance-base.yaml.j2    |  4 +-
 .../instance/ibm-mas-odh-install.yaml.j2      |  2 +-
 .../cluster/instance/ibm-minio.yaml.j2        |  2 +-
 .../gitops/gitops-mas-aibroker-tenant.yml.j2  |  6 +--
 .../gitops/gitops-mas-aibroker.yml.j2         | 20 ++++----
 .../gitops/gitops-aibroker-tenant.yml.j2      |  6 +--
 .../src/tasks/gitops/gitops-aibroker.yml.j2   |  6 +--
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2  |  8 ++--
 tekton/src/tasks/gitops/gitops-minio.yml.j2   |  6 +--
 tekton/src/tasks/gitops/gitops-odh.yml.j2     |  6 +--
 20 files changed, 111 insertions(+), 95 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index f16adb198f7..b6a0631b359 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-10T05:13:08Z",
+  "generated_at": "2025-07-10T13:01:43Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 4af73e05d66..73732e7c73e 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -97,7 +97,7 @@ function gitops_aibroker_noninteractive() {
    #only export below in whiel loop
 
   #adding default values 
-  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${MAS_INSTANCE_ID}-aibroker"}
+  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${AIBROKER_INSTANCE_ID}-aibroker"}
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
   export ROUTE_TYPE=${ROUTE_TYPE:-""}  # Default to "", can be set to "ingress" if needed
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
@@ -272,7 +272,8 @@ function gitops_aibroker_noninteractive() {
 
 # add validation below like above  for those variable which have the value needed for further execution
 # -- AIBroker
-  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
+  # [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
   [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_aibroker_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
   #[[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
   [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster-domain."
@@ -303,7 +304,7 @@ function gitops_aibroker() {
 
   rm -rf $GITOPS_WORKING_DIR
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
   # TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-aibroker
   # mkdir -p ${TEMP_DIR}
   echo
@@ -344,7 +345,8 @@ function gitops_aibroker() {
   reset_colors
 
   # echo all the variables ofgitops+envs
-  echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  # echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
   echo_reset_dim "AI Broker Namespace ................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "MAS AI Broker WatsonX Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONX_SECRET}"
   echo_reset_dim "Pull Secret Name ...................... ${COLOR_MAGENTA}${PULL_SECRET_NAME}"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 5245b610da1..823fcfa64e0 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -31,7 +31,8 @@ ibm_aibroker_tenant(required):
 AIBroker :
 --aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
 --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant
---mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                               The MAS instance ID used by AI Broker
+# --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                             The MAS instance ID used by AI Broker
+--aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                                     The AI Broker instance ID
 --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                              The tenant's Kubernetes namespace
 --tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                           The tenant ID for the AI Broker instance
 --mas_aibroker_tenant_name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                             The name of the AI Broker tenant
@@ -96,7 +97,7 @@ function gitops_aibroker_tenant_noninteractive() {
   export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
 
   #adding default values # -- AIBroker Defaults
-  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${MAS_INSTANCE_ID}-aibroker"}
+  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${AIBROKER_INSTANCE_ID}-aibroker"}
   export MAS_AIBROKER_PROVISION_TENANT=${MAS_AIBROKER_PROVISION_TENANT:-"provision-tenant"}
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
@@ -157,8 +158,11 @@ function gitops_aibroker_tenant_noninteractive() {
       --mas-aibroker-provision-tenant)
         export MAS_AIBROKER_PROVISION_TENANT=$1 && shift
         ;;
-      --mas-instance-id)
-        export MAS_INSTANCE_ID=$1 && shift
+      # --mas-instance-id)
+      #   export MAS_INSTANCE_ID=$1 && shift
+      #   ;;
+      --aibroker-instance-id)
+        export AIBROKER_INSTANCE_ID=$1 && shift
         ;;
       --tenantNamespace)
         export TENANT_NAMESPACE=$1 && shift
@@ -330,7 +334,8 @@ function gitops_aibroker_tenant_noninteractive() {
 
   # add validation below like above  for those variable which have the value needed for further execution
   # -- AIBroker
-  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
+  # [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
   [[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_tenant_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
   [[ -z "$TENANT_ID" ]] && gitops_aibroker_tenant_help "TENANT_ID is not set. Please provide the tenant ID using --tenant-id."
   [[ -z "$MAS_AIBROKER_TENANT_NAME" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_TENANT_NAME is not set. Please provide the AI Broker tenant name using --mas-aibroker-tenant-name."
@@ -373,9 +378,8 @@ function gitops_aibroker_tenant() {
 
   rm -rf $GITOPS_WORKING_DIR
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}/${TENANT_ID}
-  # TEMP_DIR=$GITOPS_CLUSTER_DIR/${MAS_INSTANCE_ID}
-  # mkdir -p ${TEMP_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}/${TENANT_ID}
+
 
   echo
   reset_colors
@@ -418,7 +422,8 @@ function gitops_aibroker_tenant() {
   # -- AIBroker
   echo_reset_dim "aibroker namespace ........................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "mas aibroker provision tenant ................ ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
-  echo_reset_dim "mas instance ID .............................. ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  # echo_reset_dim "mas instance ID .............................. ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "aibroker instance ID ......................... ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
   echo_reset_dim "tenant namespace ............................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
   echo_reset_dim "tenant ID .................................... ${COLOR_MAGENTA}${TENANT_ID}"
   echo_reset_dim "mas aibroker tenant name ..................... ${COLOR_MAGENTA}${MAS_AIBROKER_TENANT_NAME}"
diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 71428304c04..55cb5b1407b 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -21,7 +21,8 @@ Secrets Manager:
       --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
 
 ibm_kmodel(required):
-      --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                                     The MAS instance ID used by AI Broker
+      # --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                                   The MAS instance ID used by AI Broker
+      --aibroker_instance_id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                                           The AI Broker instance ID
       --primary-storage-class ${COLOR_YELLOW}PRIMARY_STORAGE_CLASS${TEXT_RESET}                                         Kubernetes storage class to be used for provisioning persistent volumes
       --mas-aibroker-storage-templates-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}         Storage templates bucket for Kmodels role
       --mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}         Storage piplines bucket for Kmodels role
@@ -74,12 +75,12 @@ function gitops_kmodel_noninteractive() {
   export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
 
   #adding default values 
-  export AIBROKER_INTERNAL_TLS=${AIBROKER_INTERNAL_TLS:-"${MAS_INSTANCE_ID}-internal-aibroker-tls"}
-  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${MAS_INSTANCE_ID}-aibroker"}
+  export AIBROKER_INTERNAL_TLS=${AIBROKER_INTERNAL_TLS:-"${AIBROKER_INSTANCE_ID}-internal-aibroker-tls"}
+  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${AIBROKER_INSTANCE_ID}-aibroker"}
   export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}
   export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
   export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
-  export SSH_SECRET_NAME=${SSH_SECRET_NAME:-"${MAS_INSTANCE_ID}-kmodel-aibroker-tls"}
+  export SSH_SECRET_NAME=${SSH_SECRET_NAME:-"${AIBROKER_INSTANCE_ID}-kmodel-aibroker-tls"}
   export MAS_AIBROKER_TENANT_NAME=${MAS_AIBROKER_TENANT_NAME:-"user"}
   export TENANT_NAMESPACE=${TENANT_NAMESPACE:-"aibroker-${MAS_AIBROKER_TENANT_NAME}"}
   export MAS_AIBROKER_PROVISION_TENANT=${MAS_AIBROKER_PROVISION_TENANT:-"provision-tenant"}
@@ -127,8 +128,11 @@ function gitops_kmodel_noninteractive() {
         ;;
 
       # kmodel - all input params default + sm
-      --mas-instance-id)
-        export MAS_INSTANCE_ID=$1 && shift
+      # --mas-instance-id)
+      #   export MAS_INSTANCE_ID=$1 && shift
+      #   ;;
+      --aibroker-instance-id)
+        export AIBROKER_INSTANCE_ID=$1 && shift
         ;;
 
       --aibroker-internal-tls)
@@ -299,7 +303,8 @@ function gitops_kmodel_noninteractive() {
   fi
 
   # add validation for those variable which have the value needed for further execution
-  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_kmodel_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
+  # [[ -z "$MAS_INSTANCE_ID" ]] && gitops_kmodel_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_kmodel_help "AIBROKER_INSTANCE_ID is not set. Please provide the AI Broker instance ID using --aibroker-instance-id."
   [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_kmodel_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
   [[ -z "$IMAGE_STORE" ]] && gitops_kmodel_help "IMAGE_STORE is not set. Please provide the image store using --image-store."
   [[ -z "$IMAGE_WATCHER" ]] && gitops_kmodel_help "IMAGE_WATCHER is not set. Please provide the image watcher using --image-watcher."
@@ -324,7 +329,7 @@ function gitops_kmodel() {
 
   # Prepare directories
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
   
   echo
   reset_colors
@@ -366,7 +371,8 @@ function gitops_kmodel() {
 
   echo "${TEXT_DIM}"
   echo_h2 "kmodel" "    "
-  echo_reset_dim "Mas Instance Id ................................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  # echo_reset_dim "Mas Instance Id ................................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "AI Broker Instance Id ............................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
   echo_reset_dim "AI Broker Internal TLS ............................ ${COLOR_MAGENTA}${AIBROKER_INTERNAL_TLS}"
   echo_reset_dim "AI Broker Namespace ............................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "MAS AI Broker Storage Provider .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index c79003be5c3..70ba4a11203 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -17,23 +17,23 @@ GitOps Configuration:
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}          Cluster ID
 
 Secrets Manager:
-      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
-      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
+      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                            Secrets Manager path
+      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                          Secrets Manager key seperator string
 
 minio Provider Selection / Version:
-      --minio_namespace ${COLOR_YELLOW}MINIO_NAMESPACE${TEXT_RESET}                                         The minio namespace to install
-      --minio_instance_name ${COLOR_YELLOW}MINIO_INSTANCE_NAME${TEXT_RESET}                                 The minio instance name
-      --minio_root_user ${COLOR_YELLOW}MINIO_ROOT_USER${TEXT_RESET}                                         The minio user name
-      # --minio_root_password ${COLOR_YELLOW}MINIO_ROOT_PASSWORD${TEXT_RESET}                                 The minio user password
-      --minio_storage_class ${COLOR_YELLOW}MINIO_STORAGE_CLASS${TEXT_RESET}                                 The minio storage class
-      --minio_storage_size ${COLOR_YELLOW}MINIO_STORAGE_SIZE${TEXT_RESET}                                   The minio storage size
-      --minio_image ${COLOR_YELLOW}MINIO_IMAGE${TEXT_RESET}                                                 The minio image name
+      --minio_namespace ${COLOR_YELLOW}MINIO_NAMESPACE${TEXT_RESET}                                      The minio namespace to install
+      --minio_instance_name ${COLOR_YELLOW}MINIO_INSTANCE_NAME${TEXT_RESET}                              The minio instance name
+      --minio_root_user ${COLOR_YELLOW}MINIO_ROOT_USER${TEXT_RESET}                                      The minio user name
+      # --minio_root_password ${COLOR_YELLOW}MINIO_ROOT_PASSWORD${TEXT_RESET}                            The minio user password
+      --minio_storage_class ${COLOR_YELLOW}MINIO_STORAGE_CLASS${TEXT_RESET}                              The minio storage class
+      --minio_storage_size ${COLOR_YELLOW}MINIO_STORAGE_SIZE${TEXT_RESET}                                The minio storage size
+      --minio_image ${COLOR_YELLOW}MINIO_IMAGE${TEXT_RESET}                                              The minio image name
       --minio_access_key=${COLOR_YELLOW}MINIO_ACCESS_KEY${TEXT_RESET}                                    The access key for MinIO, used as the username
       --minio_secret_key=${COLOR_YELLOW}MINIO_SECRET_KEY${TEXT_RESET}                                    The secret key for MinIO, used as the password
       --minio_host=${COLOR_YELLOW}MINIO_HOST${TEXT_RESET}                                                The hostname or service URL where MinIO is reachable
       --minio_port=${COLOR_YELLOW}MINIO_PORT${TEXT_RESET}                                                The port number on which MinIO is exposed
-      # --aibroker_instance_id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                             The AI Broker instance ID
-      --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                        The Maximo AI Broker instance ID, used for identifying the specific instance in the GitOps repository
+      --aibroker_instance_id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                            The AI Broker instance ID
+      # --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                    The Maximo AI Broker instance ID, used for identifying the specific instance in the GitOps repository
       
 Automatic GitHub Push (Optional):
   -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
@@ -120,12 +120,12 @@ function gitops_minio_noninteractive() {
       --minio_port)
           export MINIO_PORT=$1 && shift
           ;;
-      --mas-instance-id)
-        export MAS_INSTANCE_ID=$1 && shift
-        ;;
-      # --aibroker_instance_id)
-      #     export AIBROKER_INSTANCE_ID=$1 && shift
-      #     ;;
+      # --mas-instance-id)
+      #   export MAS_INSTANCE_ID=$1 && shift
+      #   ;;
+      --aibroker_instance_id)
+          export AIBROKER_INSTANCE_ID=$1 && shift
+          ;;
 
       # Automatic GitHub Push
       -P|--github-push)
@@ -177,8 +177,8 @@ function gitops_minio_noninteractive() {
   fi
 
   [[ -z "$MINIO_STORAGE_CLASS" ]] && gitops_minio_help "MINIO_STORAGE_CLASS is not set. Please specify the Kubernetes storage class using --minio_storage_class."
-  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_minio_help "MAS_INSTANCE_ID is not set. Please specify the Maximo AI Broker instance ID using --mas-instance-id."
-  # [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
+  # [[ -z "$MAS_INSTANCE_ID" ]] && gitops_minio_help "MAS_INSTANCE_ID is not set. Please specify the Maximo AI Broker instance ID using --mas-instance-id."
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
 }
 
 function gitops_minio() {
@@ -241,8 +241,8 @@ function gitops_minio() {
   echo_reset_dim "MinIO Instance Name (minio_instance_name)  ............ ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
   echo_reset_dim "MinIO Storage Class (minio_storage_class)  ............ ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
   echo_reset_dim "MinIO Storage Size (minio_storage_size)  .............. ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
-  echo_reset_dim "MinIO Image (minio_image)  .............................${COLOR_MAGENTA}${MINIO_IMAGE}"
-  echo_reset_dim "AiBroker (MAS_INSTANCE_ID)  ..................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "MinIO Image (minio_image)  ...........................  ${COLOR_MAGENTA}${MINIO_IMAGE}"
+  echo_reset_dim "AiBroker (AIBROKER_INSTANCE_ID)  .....................  ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
   
   reset_colors
 
@@ -333,8 +333,8 @@ function gitops_minio() {
     echo_reset_dim "minio_secret_key ...................... ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:4}<snip>"
     echo_reset_dim "minio_port ............................ ${COLOR_MAGENTA}${MINIO_PORT}"
     echo_reset_dim "minio_host ............................ ${COLOR_MAGENTA}${MINIO_HOST}"
-    # echo_reset_dim "aibroker_instance_id .................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-    echo_reset_dim "mas_instance_id ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+    echo_reset_dim "aibroker_instance_id .................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+    # echo_reset_dim "mas_instance_id ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
     if [ -z $GIT_SSH ]; then
       export GIT_SSH=false
     fi
@@ -349,7 +349,7 @@ function gitops_minio() {
     
     # Create cluster directory to clone the repo into
     # ---------------------------------------------------------------------------
-    GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
+    GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
     mkdir -p ${GITOPS_CLUSTER_DIR}
 
     # Generate ArgoApps
diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 97ed57efeaf..2027d842d23 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -15,7 +15,8 @@ GitOps Configuration:
   -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}            Account name that the cluster belongs to
   -r, --region-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}             Region ID
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}            Cluster ID
-  -m, --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}  IBM Suite Maximo Application Suite Instance ID
+  # -m, --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}  IBM Suite Maximo Application Suite Instance ID
+  -m, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}  AI Broker Instance ID
 
 Secrets Manager:
       --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                    Secrets Manager path
@@ -118,7 +119,7 @@ function gitops_odh_noninteractive() {
   export ODH_OPERATOR_VERSION="${ODH_OPERATOR_VERSION:-"opendatahub-operator.v2.19.0"}"
   export ODH_NAMESPACE="${ODH_NAMESPACE:-"opendatahub"}"
 
-  export AIBROKER_NAMESPACE="${AIBROKER_NAMESPACE:-"mas-${MAS_INSTANCE_ID}-aibroker"}"
+  export AIBROKER_NAMESPACE="${AIBROKER_NAMESPACE:-"mas-${AIBROKER_INSTANCE_ID}-aibroker"}"
 
   export ODH_PIPELINE_NAME="${ODH_PIPELINE_NAME:-"openshift-pipelines-operator"}"
   export ODH_PIPELINE_NAMESPACE="${ODH_PIPELINE_NAMESPACE:-"openshift-operators"}"
@@ -153,7 +154,9 @@ function gitops_odh_noninteractive() {
       -d|--dir|--gitops-working-dir) export GITOPS_WORKING_DIR="$1"; shift ;;
       -a|--account-id) export ACCOUNT_ID="$1"; shift ;;
       -c|--cluster-id) export CLUSTER_ID="$1"; shift ;;
-      -m|--mas-instance-id) export MAS_INSTANCE_ID="$1"; shift ;;
+      # -m|--mas-instance-id) export MAS_INSTANCE_ID="$1"; shift ;;
+      -m|--aibroker-instance-id) export AIBROKER_INSTANCE_ID="$1"; shift ;;
+
       # AWS Secrets Manager Configuration
       --sm-aws-secret-region)
         export SM_AWS_REGION=$1
@@ -353,7 +356,8 @@ function gitops_odh_noninteractive() {
   [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_odh_help "Missing GITOPS_WORKING_DIR"
   [[ -z "$ACCOUNT_ID" ]] && gitops_odh_help "Missing ACCOUNT_ID"
   [[ -z "$CLUSTER_ID" ]] && gitops_odh_help "Missing CLUSTER_ID"
-  [[ -z "$MAS_INSTANCE_ID" ]] && gitops_odh_help "Missing MAS_INSTANCE_ID"
+  # [[ -z "$MAS_INSTANCE_ID" ]] && gitops_odh_help "Missing MAS_INSTANCE_ID"
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_odh_help "Missing AIBROKER_INSTANCE_ID"
 
   if [[ "$GITHUB_PUSH" == "true" ]]; then
     [[ -z "$GITHUB_HOST" ]] && gitops_odh_help "GITHUB_HOST is not set"
@@ -381,7 +385,7 @@ function gitops_odh() {
   # Prepare directories
   rm -rf "$GITOPS_WORKING_DIR"
   mkdir -p "${GITOPS_WORKING_DIR}"
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${MAS_INSTANCE_ID}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
   
 
   echo
@@ -390,7 +394,8 @@ function gitops_odh() {
   echo_h2 "Target"
   echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}"
   echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}"
-  echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  # echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  echo_reset_dim "AI Broker Instance ID ................ ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
 
   echo_reset_dim "Secrets Path .......................... ${COLOR_MAGENTA}${SECRETS_PATH}"
   reset_colors
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
index e4032ad29d4..9ad2d1a8c07 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
@@ -1,4 +1,4 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}/{{ TENANT_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}/{{ TENANT_ID }}"
 
 account:
   id: {{ ACCOUNT_ID }}
@@ -11,7 +11,7 @@ cluster:
   url: {{ CLUSTER_URL }}
 
 instance:
-  id: {{ MAS_INSTANCE_ID }}
+  id: {{ AIBROKER_INSTANCE_ID }}
 
 tenant:
   id: {{ TENANT_ID }}
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 38d64bd3c45..2c329dfb5d2 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -1,4 +1,4 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}/{{ TENANT_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}/{{ TENANT_ID }}"
 
 ibm_aibroker_tenant:
   # aibroker
@@ -6,7 +6,7 @@ ibm_aibroker_tenant:
   mas_aibroker_tenant_name: "{{ MAS_AIBROKER_TENANT_NAME }}"
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
   mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
-  mas_instance_id: "{{ MAS_INSTANCE_ID }}"
+  aibroker_instance_id: "{{ AIBROKER_INSTANCE_ID }}"
   tenantNamespace: "{{ TENANT_NAMESPACE }}"
   # cluster_domain: "{{ CLUSTER_DOMAIN }}"
   in_saas_env: "{{ IN_SAAS_ENV }}"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
index 7071a63f32c..e91b607045e 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
@@ -1,7 +1,7 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
 
 ibm_aibroker:
-  mas_instance_id: "{{ MAS_INSTANCE_ID }}"
+  aibroker_instance_id: "{{ AIBROKER_INSTANCE_ID }}"
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
   mas_aibroker_watsonx_secret: "{{ MAS_AIBROKER_WATSONX_SECRET }}"
   ibm_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IBM_ENTITLEMENT }}>"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index defd711b3bb..21981aea056 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -1,7 +1,7 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
 
 ibm_kmodel:
-  mas_instance_id: {{ MAS_INSTANCE_ID }}
+  aibroker_instance_id: {{ AIBROKER_INSTANCE_ID }}
   aibroker_internal_tls: "{{ AIBROKER_INTERNAL_TLS }}"
 
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2
index 2bb3b608eb1..4202b7cfa09 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2
@@ -1,4 +1,4 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
 
 account:
   id: {{ ACCOUNT_ID }}
@@ -11,7 +11,7 @@ cluster:
   url: {{ CLUSTER_URL }}
 
 instance:
-  id: {{ MAS_INSTANCE_ID }}
+  id: {{ AIBROKER_INSTANCE_ID }}
 
 sm:
   aws_access_key_id: "<path:{{ SECRETS_PATH }}:{{ACCOUNT_ID}}/{{CLUSTER_ID}}/aws#sm_aws_access_key_id>"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
index 1a7c220206c..77348f41348 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
@@ -1,5 +1,5 @@
 ---
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
 
 ibm_odh:
   openshift_namespace: {{ OPENSHIFT_NAMESPACE }}
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
index 2025207e1ca..c78b3395682 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
@@ -1,4 +1,4 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
 
 ibm_minio:
   minio_namespace: "{{ MINIO_NAMESPACE }}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index c8e2a44c6e7..c72c3239fab 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -29,7 +29,7 @@ spec:
       type: string
     - name: mas_aibroker_provision_tenant
       type: string
-    - name: mas_instance_id
+    - name: aibroker_instance_id
       type: string
     - name: tenantNamespace
       type: string
@@ -156,8 +156,8 @@ spec:
           value: $(params.aibroker_namespace)
         - name: mas_aibroker_provision_tenant
           value: $(params.mas_aibroker_provision_tenant)
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
+        - name: aibroker_instance_id
+          value: $(params.aibroker_instance_id)
         - name: tenantNamespace
           value: $(params.tenantNamespace)
         - name: tenant_id
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index f24e9c059fe..4f9351c6192 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -10,7 +10,7 @@ spec:
       type: string
     - name: account
       type: string
-    - name: mas_instance_id
+    - name: aibroker_instance_id
       type: string
     - name: cluster_url
       type: string
@@ -228,8 +228,8 @@ spec:
           value: $(params.minio_storage_size)
         - name: minio_image
           value: $(params.minio_image)
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
+        - name: aibroker_instance_id
+          value: $(params.aibroker_instance_id)
 
       # when:
       #  - input: "$(params.mas_aibroker_storage_provider)"
@@ -252,8 +252,8 @@ spec:
           value: $(params.cluster_name)
         - name: account
           value: $(params.account)
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
+        - name: aibroker_instance_id
+          value: $(params.aibroker_instance_id)
         - name: cluster_url
           value: $(params.cluster_url)
         - name: git_branch
@@ -314,8 +314,8 @@ spec:
           value: $(params.github_repo)
         - name: github_host
           value: $(params.github_host)
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
+        - name: aibroker_instance_id
+          value: $(params.aibroker_instance_id)
         - name: aibroker_namespace
           value: $(params.aibroker_namespace)
         - name: mas_aibroker_watsonx_secret
@@ -408,7 +408,7 @@ spec:
           value: $(params.mas_aibroker_s3_bucket_prefix)
         
 
-    # 3.gitops-Kmodel
+    # 4.gitops-Kmodel
     # -------------------------------------------------------------------------
     - name: gitops-kmodel
       taskRef:
@@ -439,8 +439,8 @@ spec:
           value: $(params.github_repo)
         - name: github_host
           value: $(params.github_host)
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
+        - name: aibroker_instance_id
+          value: $(params.aibroker_instance_id)
         - name: aibroker_internal_tls
           value: $(params.aibroker_internal_tls)
         - name: aibroker_namespace
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index b063cafcc58..816697efcf4 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -27,7 +27,7 @@ spec:
       type: string
     - name: mas_aibroker_provision_tenant
       type: string
-    - name: mas_instance_id
+    - name: aibroker_instance_id
       type: string
     - name: tenantNamespace
       type: string
@@ -124,8 +124,8 @@ spec:
         value: $(params.aibroker_namespace)
       - name: MAS_AIBROKER_PROVISION_TENANT
         value: $(params.mas_aibroker_provision_tenant)
-      - name: MAS_INSTANCE_ID
-        value: $(params.mas_instance_id)
+      - name: AIBROKER_INSTANCE_ID
+        value: $(params.aibroker_instance_id)
       - name: TENANT_NAMESPACE
         value: $(params.tenantNamespace)
       - name: TENANT_ID
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 7c95676bc18..85fea761d59 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -24,7 +24,7 @@ spec:
       type: string
     - name: github_host
       type: string
-    - name: mas_instance_id
+    - name: aibroker_instance_id
       type: string
     - name: aibroker_namespace
       type: string
@@ -138,8 +138,8 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-      - name: MAS_INSTANCE_ID
-        value: $(params.mas_instance_id)
+      - name: AIBROKER_INSTANCE_ID
+        value: $(params.aibroker_instance_id)
       - name: AIBROKER_NAMESPACE
         value: $(params.aibroker_namespace)
       - name: MAS_AIBROKER_WATSONX_SECRET
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
index d7d0457267d..057a41a9cbf 100644
--- a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -27,7 +27,7 @@ spec:
     - name: github_host
       type: string
 
-    - name: mas_instance_id
+    - name: aibroker_instance_id
       type: string
     - name: aibroker_internal_tls
       type: string
@@ -108,9 +108,8 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-
-      - name: MAS_INSTANCE_ID
-        value: $(params.mas_instance_id)
+      - name: AIBROKER_INSTANCE_ID
+        value: $(params.aibroker_instance_id)
       - name: AIBROKER_INTERNAL_TLS
         value: $(params.aibroker_internal_tls)
       - name: AIBROKER_NAMESPACE
@@ -161,7 +160,6 @@ spec:
         value: $(params.model_id_unique_length)
       - name: MODEL_ID_PREFIX
         value: $(params.model_id_prefix)
-      
       - name: MAS_APP_CHANNEL
         value: $(params.mas_app_channel)
       - name: MAS_ICR_CP
diff --git a/tekton/src/tasks/gitops/gitops-minio.yml.j2 b/tekton/src/tasks/gitops/gitops-minio.yml.j2
index ac5efad64ec..9be4da5dc40 100644
--- a/tekton/src/tasks/gitops/gitops-minio.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-minio.yml.j2
@@ -9,7 +9,7 @@ spec:
       type: string
     - name: account
       type: string
-    - name: mas_instance_id
+    - name: aibroker_instance_id
       type: string
     - name: cluster_id
       type: string
@@ -53,8 +53,8 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
-      - name: MAS_INSTANCE_ID
-        value: $(params.mas_instance_id)
+      - name: AIBROKER_INSTANCE_ID
+        value: $(params.aibroker_instance_id)
       #- name: CLUSTER_ID
       #  value: $(params.cluster_id)
       - name: CLUSTER_URL
diff --git a/tekton/src/tasks/gitops/gitops-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-odh.yml.j2
index bd3f4423255..5addc416a8a 100644
--- a/tekton/src/tasks/gitops/gitops-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-odh.yml.j2
@@ -9,7 +9,7 @@ spec:
       type: string
     - name: account
       type: string
-    - name: mas_instance_id
+    - name: aibroker_instance_id
       type: string
     - name: cluster_url
       type: string
@@ -49,8 +49,8 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
-      - name: MAS_INSTANCE_ID
-        value: $(params.mas_instance_id)
+      - name: AIBROKER_INSTANCE_ID
+        value: $(params.aibroker_instance_id)
       - name: CLUSTER_URL
         value: $(params.cluster_url)
       - name: GITHUB_REPO

From 2cea24f2a4b402438f37431760d68aa323c3a5c2 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Fri, 11 Jul 2025 12:20:36 +0530
Subject: [PATCH 131/258] Update mas-instance-id to aibroker-instance-id

---
 image/cli/mascli/functions/gitops_aibroker        |  6 +++---
 image/cli/mascli/functions/gitops_aibroker_tenant | 11 ++---------
 image/cli/mascli/functions/gitops_kmodel          |  6 ------
 image/cli/mascli/functions/gitops_odh             |  4 ----
 4 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 73732e7c73e..627cda613b7 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -22,7 +22,7 @@ Secrets Manager:
 
 ibm aibroker(required):
       --aibroker-namespace ${TEXT_RESET}AIBROKER_NAMESPACE${TEXT_RESET}
-      --mas-instance-id ${TEXT_RESET}MAS_INSTACE_ID${TEXT_RESET}
+      --aibroker-instance-id ${TEXT_RESET}MAS_INSTACE_ID${TEXT_RESET}
       --primary-storage-class ${TEXT_RESET}PRIMARY_STORAGE_CLASS${TEXT_RESET}
 
 storage provider:
@@ -272,7 +272,7 @@ function gitops_aibroker_noninteractive() {
 
 # add validation below like above  for those variable which have the value needed for further execution
 # -- AIBroker
-  # [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
+  # [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_aibroker_help "AIBROKER_INSTANCE_ID is not set. Please provide the AIBROKER instance ID using --aibroker-instance-id."
   [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
   [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_aibroker_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
   #[[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
@@ -345,7 +345,7 @@ function gitops_aibroker() {
   reset_colors
 
   # echo all the variables ofgitops+envs
-  # echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
+  # echo_reset_dim "AIBROKER Instance ID ....................... ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
   echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
   echo_reset_dim "AI Broker Namespace ................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "MAS AI Broker WatsonX Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONX_SECRET}"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 823fcfa64e0..3bba6060557 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -13,10 +13,10 @@ Basic Configuration:
   -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                  Directory for GitOps repository
   -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                   Account name that the cluster belongs to
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                   Cluster ID
-  -i, --Instace-id ${COLOR_YELLOW}INSTANCE_ID${TEXT_RESET}                                                  Instance ID
+  -i, --Instance-id ${COLOR_YELLOW}INSTANCE_ID${TEXT_RESET}                                                  Instance ID
 
 ibm_aibroker_tenant(required):
-      --mas-instance-id ${COLOR_YELLOW}MAS_INSTACE_ID${TEXT_RESET}                                          The MAS instance ID used by AI Broker
+      --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                                          The AIBROKER instance ID used by AI Broker
       --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                        The tenant's Kubernetes namespace
       --tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                     The tenant ID for the AI Broker instance
       --mas-aibroker-tenant-name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                       The name of the AI Broker tenant
@@ -31,7 +31,6 @@ ibm_aibroker_tenant(required):
 AIBroker :
 --aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
 --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant
-# --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                             The MAS instance ID used by AI Broker
 --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                                     The AI Broker instance ID
 --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                              The tenant's Kubernetes namespace
 --tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                           The tenant ID for the AI Broker instance
@@ -158,9 +157,6 @@ function gitops_aibroker_tenant_noninteractive() {
       --mas-aibroker-provision-tenant)
         export MAS_AIBROKER_PROVISION_TENANT=$1 && shift
         ;;
-      # --mas-instance-id)
-      #   export MAS_INSTANCE_ID=$1 && shift
-      #   ;;
       --aibroker-instance-id)
         export AIBROKER_INSTANCE_ID=$1 && shift
         ;;
@@ -333,8 +329,6 @@ function gitops_aibroker_tenant_noninteractive() {
   fi
 
   # add validation below like above  for those variable which have the value needed for further execution
-  # -- AIBroker
-  # [[ -z "$MAS_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
   [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
   [[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_tenant_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
   [[ -z "$TENANT_ID" ]] && gitops_aibroker_tenant_help "TENANT_ID is not set. Please provide the tenant ID using --tenant-id."
@@ -422,7 +416,6 @@ function gitops_aibroker_tenant() {
   # -- AIBroker
   echo_reset_dim "aibroker namespace ........................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "mas aibroker provision tenant ................ ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
-  # echo_reset_dim "mas instance ID .............................. ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
   echo_reset_dim "aibroker instance ID ......................... ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
   echo_reset_dim "tenant namespace ............................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
   echo_reset_dim "tenant ID .................................... ${COLOR_MAGENTA}${TENANT_ID}"
diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 55cb5b1407b..3a4a281827b 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -21,7 +21,6 @@ Secrets Manager:
       --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
 
 ibm_kmodel(required):
-      # --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                                   The MAS instance ID used by AI Broker
       --aibroker_instance_id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                                           The AI Broker instance ID
       --primary-storage-class ${COLOR_YELLOW}PRIMARY_STORAGE_CLASS${TEXT_RESET}                                         Kubernetes storage class to be used for provisioning persistent volumes
       --mas-aibroker-storage-templates-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}         Storage templates bucket for Kmodels role
@@ -128,9 +127,6 @@ function gitops_kmodel_noninteractive() {
         ;;
 
       # kmodel - all input params default + sm
-      # --mas-instance-id)
-      #   export MAS_INSTANCE_ID=$1 && shift
-      #   ;;
       --aibroker-instance-id)
         export AIBROKER_INSTANCE_ID=$1 && shift
         ;;
@@ -303,7 +299,6 @@ function gitops_kmodel_noninteractive() {
   fi
 
   # add validation for those variable which have the value needed for further execution
-  # [[ -z "$MAS_INSTANCE_ID" ]] && gitops_kmodel_help "MAS_INSTANCE_ID is not set. Please provide the MAS instance ID using --mas-instance-id."
   [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_kmodel_help "AIBROKER_INSTANCE_ID is not set. Please provide the AI Broker instance ID using --aibroker-instance-id."
   [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_kmodel_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
   [[ -z "$IMAGE_STORE" ]] && gitops_kmodel_help "IMAGE_STORE is not set. Please provide the image store using --image-store."
@@ -371,7 +366,6 @@ function gitops_kmodel() {
 
   echo "${TEXT_DIM}"
   echo_h2 "kmodel" "    "
-  # echo_reset_dim "Mas Instance Id ................................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
   echo_reset_dim "AI Broker Instance Id ............................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
   echo_reset_dim "AI Broker Internal TLS ............................ ${COLOR_MAGENTA}${AIBROKER_INTERNAL_TLS}"
   echo_reset_dim "AI Broker Namespace ............................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 2027d842d23..bc902a6eb0a 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -15,7 +15,6 @@ GitOps Configuration:
   -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}            Account name that the cluster belongs to
   -r, --region-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}             Region ID
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}            Cluster ID
-  # -m, --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}  IBM Suite Maximo Application Suite Instance ID
   -m, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}  AI Broker Instance ID
 
 Secrets Manager:
@@ -154,7 +153,6 @@ function gitops_odh_noninteractive() {
       -d|--dir|--gitops-working-dir) export GITOPS_WORKING_DIR="$1"; shift ;;
       -a|--account-id) export ACCOUNT_ID="$1"; shift ;;
       -c|--cluster-id) export CLUSTER_ID="$1"; shift ;;
-      # -m|--mas-instance-id) export MAS_INSTANCE_ID="$1"; shift ;;
       -m|--aibroker-instance-id) export AIBROKER_INSTANCE_ID="$1"; shift ;;
 
       # AWS Secrets Manager Configuration
@@ -356,7 +354,6 @@ function gitops_odh_noninteractive() {
   [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_odh_help "Missing GITOPS_WORKING_DIR"
   [[ -z "$ACCOUNT_ID" ]] && gitops_odh_help "Missing ACCOUNT_ID"
   [[ -z "$CLUSTER_ID" ]] && gitops_odh_help "Missing CLUSTER_ID"
-  # [[ -z "$MAS_INSTANCE_ID" ]] && gitops_odh_help "Missing MAS_INSTANCE_ID"
   [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_odh_help "Missing AIBROKER_INSTANCE_ID"
 
   if [[ "$GITHUB_PUSH" == "true" ]]; then
@@ -394,7 +391,6 @@ function gitops_odh() {
   echo_h2 "Target"
   echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}"
   echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}"
-  # echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
   echo_reset_dim "AI Broker Instance ID ................ ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
 
   echo_reset_dim "Secrets Path .......................... ${COLOR_MAGENTA}${SECRETS_PATH}"

From 1bb414307fd9500947fd4f939da98ab904a0100e Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Fri, 11 Jul 2025 13:41:01 +0530
Subject: [PATCH 132/258] cherry-pick dbfcf43ab5 conflict

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index b6a0631b359..928a17e9093 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-10T13:01:43Z",
+  "generated_at": "2025-07-11T08:09:36Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From b454b7c633bda8a9774578d7785c910c0f236ff1 Mon Sep 17 00:00:00 2001
From: yogeshkumar <prajapati.yogeshkumar@ibm.com>
Date: Fri, 11 Jul 2025 13:52:03 +0530
Subject: [PATCH 133/258] Update MAS_INSTANCE_ID in
 ibm-mas-instance-base.yaml.j2

---
 .../cluster/instance/ibm-mas-instance-base.yaml.j2            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2
index 4202b7cfa09..2bb3b608eb1 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2
@@ -1,4 +1,4 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ MAS_INSTANCE_ID }}"
 
 account:
   id: {{ ACCOUNT_ID }}
@@ -11,7 +11,7 @@ cluster:
   url: {{ CLUSTER_URL }}
 
 instance:
-  id: {{ AIBROKER_INSTANCE_ID }}
+  id: {{ MAS_INSTANCE_ID }}
 
 sm:
   aws_access_key_id: "<path:{{ SECRETS_PATH }}:{{ACCOUNT_ID}}/{{CLUSTER_ID}}/aws#sm_aws_access_key_id>"

From 9d6692c922bd9cfa73898bd83bcb7c5662b4d510 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 14:23:02 +0530
Subject: [PATCH 134/258] cherry-pick 7a2458143e conflict

---
 .secrets.baseline                             |  2 +-
 .../mascli/functions/gitops_aibroker_tenant   | 50 +------------
 .../gitops/gitops-mas-aibroker-tenant.yml.j2  | 75 +------------------
 .../gitops/gitops-aibroker-tenant.yml.j2      | 42 +----------
 4 files changed, 6 insertions(+), 163 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 928a17e9093..452b26aa3f6 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-11T08:09:36Z",
+  "generated_at": "2025-07-15T08:52:20Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 3bba6060557..97a3c68373d 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -24,7 +24,6 @@ ibm_aibroker_tenant(required):
       --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
       --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
       --mas_aibroker_watsonxai_url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                   Endpoint URL for Watsonx.ai
-      --mas_aibroker_watsonxai_apikey ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_APIKEY${TEXT_RESET}             API key for authenticating with Watsonx.ai
       --mas_aibroker_watsonxai_project_id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}     Watsonx.ai project ID used by AI Broker
 
 
@@ -37,34 +36,25 @@ AIBroker :
 --mas_aibroker_tenant_name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                             The name of the AI Broker tenant
 --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
 --in-saas-env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
---ibm-entitlement-key ${COLOR_YELLOW}IBM_ENTITLEMENT_KEY${TEXT_RESET}                                       IBM Entitlement API key for accessing IBM container registries
 
 --mas-icr-cp ${COLOR_YELLOW}MAS_ICR_CP${TEXT_RESET}                                                         IBM Cloud Pak container registry URL
 --mas-icr-cpopen ${COLOR_YELLOW}MAS_ICR_CPOPEN${TEXT_RESET}                                                 IBM Cloud Pak Open container registry URL
 
 DRO :
---artifactory-token ${COLOR_YELLOW}ARTIFACTORY_TOKEN${TEXT_RESET}                                           API token used to authenticate with Artifactory
 --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                         URL of the DRO configuration service
---drocfg-ca ${COLOR_YELLOW}DROCFG_CA${TEXT_RESET}                                                           CA certificate for secure communication with DRO config
---drocfg-registration-key ${COLOR_YELLOW}DROCFG_REGISTRATION_KEY${TEXT_RESET}                               Registration key used for DRO setup
 
 SLS :
 --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                          URL of the SLS configuration service
---slscfg-registration-key ${COLOR_YELLOW}SLSCFG_REGISTRATION_KEY${TEXT_RESET}                                Registration key used to register with SLS
 --mas-aibroker-sls-subscription-id ${COLOR_YELLOW}MAS_AIBROKER_SLS_SUBSCRIPTION_ID${TEXT_RESET}              Subscription ID associated with SLS
 
 Watsonx :
 --mas-aibroker-watsonxai-url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                          Endpoint URL for Watsonx.ai
---mas-aibroker-watsonxai-apikey ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_APIKEY${TEXT_RESET}                    API key for authenticating with Watsonx.ai
 --mas-aibroker-watsonxai-project-id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}            Watsonx.ai project ID used by AI Broker
 
 Storage :
 --mas_aibroker_storage_provider ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}                    The storage provider used by AI Broker (e.g., S3, MinIO)
---mas-aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                            Hostname or service name of the STORAGE backend
 --mas-aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                            Port number STORAGE is exposed on
 --mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                        Storage region used in STORAGE (if applicable)
---mas-aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                  Access key to authenticate with STORAGE
---mas-aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                  Secret key for authenticating with STORAGE
 --mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}    The STORAGE bucket used to store pipeline assets
 --mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                              Whether STORAGE uses SSL (true/false)
 
@@ -175,9 +165,6 @@ function gitops_aibroker_tenant_noninteractive() {
       --in-saas-env)
         export IN_SAAS_ENV=$1 && shift
         ;;
-      --ibm-entitlement-key)
-        export IBM_ENTITLEMENT_KEY=$1 && shift
-        ;;
       --mas-icr-cp)
         export MAS_ICR_CP=$1 && shift
         ;;
@@ -186,26 +173,15 @@ function gitops_aibroker_tenant_noninteractive() {
         ;;
 
       # -- DRO
-      --artifactory-token)
-        export ARTIFACTORY_TOKEN=$1 && shift
-        ;;
       --drocfg-url)
         export DROCFG_URL=$1 && shift
         ;;
-      --drocfg-ca)
-        export DROCFG_CA=$1 && shift
-        ;;
-      --drocfg-registration-key)
-        export DROCFG_REGISTRATION_KEY=$1 && shift
-        ;;
 
       # -- SLS
       --slscfg-url)
         export SLSCFG_URL=$1 && shift
         ;;
-      --slscfg-registration-key)
-        export SLSCFG_REGISTRATION_KEY=$1 && shift
-        ;;
+
       --mas-aibroker-sls-subscription-id)
         export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=$1 && shift
         ;;
@@ -214,29 +190,17 @@ function gitops_aibroker_tenant_noninteractive() {
       --mas-aibroker-watsonxai-url)
         export MAS_AIBROKER_WATSONXAI_URL=$1 && shift
         ;;
-      --mas-aibroker-watsonxai-apikey)
-        export MAS_AIBROKER_WATSONXAI_APIKEY=$1 && shift
-        ;;
       --mas-aibroker-watsonxai-project-id)
         export MAS_AIBROKER_WATSONXAI_PROJECT_ID=$1 && shift
         ;;
 
       # -- STORAGE
-      --mas-aibroker-storage-host)
-        export MAS_AIBROKER_STORAGE_HOST=$1 && shift
-        ;;
       --mas-aibroker-storage-port)
         export MAS_AIBROKER_STORAGE_PORT=$1 && shift
         ;;
       --mas-aibroker-storage-region)
         export MAS_AIBROKER_STORAGE_REGION=$1 && shift
         ;;
-      --mas-aibroker-storage-accesskey)
-        export MAS_AIBROKER_STORAGE_ACCESSKEY=$1 && shift
-        ;;
-      --mas-aibroker-storage-secretkey)
-        export MAS_AIBROKER_STORAGE_SECRETKEY=$1 && shift
-        ;;
       --mas-aibroker-storage-pipelines-bucket)
         export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET=$1 && shift
         ;;
@@ -249,13 +213,6 @@ function gitops_aibroker_tenant_noninteractive() {
         export RSL_URL=$1 && shift
         ;;
 
-      --rsl-org-id)
-        export SECRET_KEY_RSL_ORG_ID=$1 && shift
-        ;;
-
-      --rsl-token)
-        export SECRET_KEY_RSL_TOKEN=$1 && shift
-        ;;
       --mas-aibroker-storage-provider)
         export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
         ;;
@@ -343,9 +300,6 @@ function gitops_aibroker_tenant_noninteractive() {
 
   # -- Watsonx
   [[ -z "$MAS_AIBROKER_WATSONXAI_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --mas-aibroker-watsonxai-url."
-  # [[ -z "$MAS_AIBROKER_WATSONXAI_APIKEY" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_APIKEY is not set. Please provide the Watsonx.ai API key using --mas-aibroker-watsonxai-apikey."
-  # [[ -z "$MAS_AIBROKER_WATSONXAI_PROJECT_ID" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_PROJECT_ID is not set. Please specify the Watsonx.ai project ID using --mas-aibroker-watsonxai-project-id."
-  
   
   [[ -z "$RSL_URL" ]] && gitops_aibroker_tenant_help "RSL_URL is not set. Please specify the RSL URL using --rsl-url."
   [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
@@ -431,7 +385,7 @@ function gitops_aibroker_tenant() {
 
   # -- Watsonx
   echo_reset_dim "Watsonx.ai URL ............................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_URL}"
-  echo_reset_dim "Watsonx.ai API key ........................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_APIKEY}"
+  # echo_reset_dim "Watsonx.ai API key ........................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_APIKEY}"
   echo_reset_dim "Watsonx.ai project ID ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_PROJECT_ID}"
 
   # -- STORAGE
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index c72c3239fab..e7fa7f08e93 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -24,7 +24,6 @@ spec:
       type: string
     - name: github_host
       type: string
-
     - name: aibroker_namespace
       type: string
     - name: mas_aibroker_provision_tenant
@@ -41,88 +40,51 @@ spec:
       type: string
     - name: in_saas_env
       type: string
-    - name: ibm_entitlement_key
-      type: string
     - name: mas_icr_cp
       type: string
     - name: mas_icr_cpopen
       type: string
-
-    - name: artifactory_token
-      type: string
     - name: drocfg_url
       type: string
-    - name: drocfg_ca
-      type: string
-    - name: drocfg_registration_key
-      type: string
-
     - name: slscfg_url
       type: string
-    - name: slscfg_registration_key
-      type: string
     - name: mas_aibroker_sls_subscription_id
       type: string
-
     - name: mas_aibroker_watsonxai_url
       type: string
-    - name: mas_aibroker_watsonxai_apikey
-      type: string
     - name: mas_aibroker_watsonxai_project_id
       type: string
-
-    - name: mas_aibroker_storage_host
-      type: string
     - name: mas_aibroker_storage_port
       type: string
     - name: mas_aibroker_storage_region
       type: string
     - name: mas_aibroker_storage_provider
       type: string
-    - name: mas_aibroker_storage_accesskey
-      type: string
-    - name: mas_aibroker_storage_secretkey
-      type: string
     - name: mas_aibroker_storage_pipelines_bucket
       type: string
     - name: mas_aibroker_storage_ssl
       type: string
-    
-    
     - name: mas_aibroker_s3_endpoint_url
       type: string
-
     - name: mas_aibroker_s3_region
       type: string
-
     - name: mas_aibroker_s3_bucket_prefix
       type: string
-
     - name: rsl_url
       type: string
-
     - name: rsl_org_id
       type: string
-
     - name: rsl_token
       type: string
-
     - name: tenant_entitlement_type
       type: string
-
     - name: tenant_entitlement_start_date
       type: string
-
     - name: tenant_entitlement_end_date
       type: string
 
-    
-
-
-
   workspaces:
     - name: configs
-
   tasks:
     - name: run-gitops-aibroker-tenant
       taskRef:
@@ -151,7 +113,6 @@ spec:
           value: $(params.github_repo)
         - name: github_host
           value: $(params.github_host)
-
         - name: aibroker_namespace
           value: $(params.aibroker_namespace)
         - name: mas_aibroker_provision_tenant
@@ -168,80 +129,46 @@ spec:
           value: $(params.cluster_domain)
         - name: in_saas_env
           value: $(params.in_saas_env)
-        - name: ibm_entitlement_key
-          value: $(params.ibm_entitlement_key)
         - name: mas_icr_cp
           value: $(params.mas_icr_cp)
         - name: mas_icr_cpopen
           value: $(params.mas_icr_cpopen)
-
-        - name: artifactory_token
-          value: $(params.artifactory_token)
         - name: drocfg_url
           value: $(params.drocfg_url)
-
-        - name: drocfg_ca
-          value: $(params.drocfg_ca)
-        - name: drocfg_registration_key
-          value: $(params.drocfg_registration_key)
-
         - name: slscfg_url
           value: $(params.slscfg_url)
-        - name: slscfg_registration_key
-          value: $(params.slscfg_registration_key)
         - name: mas_aibroker_sls_subscription_id
           value: $(params.mas_aibroker_sls_subscription_id)
-
         - name: mas_aibroker_watsonxai_url
           value: $(params.mas_aibroker_watsonxai_url)
-        - name: mas_aibroker_watsonxai_apikey
-          value: $(params.mas_aibroker_watsonxai_apikey)
         - name: mas_aibroker_watsonxai_project_id
           value: $(params.mas_aibroker_watsonxai_project_id)
-
-        - name: mas_aibroker_storage_host
-          value: $(params.mas_aibroker_storage_host)
         - name: mas_aibroker_storage_port
           value: $(params.mas_aibroker_storage_port)
         - name: mas_aibroker_storage_region
           value: $(params.mas_aibroker_storage_region)
         - name: mas_aibroker_storage_provider
           value: $(params.mas_aibroker_storage_provider)
-        - name: mas_aibroker_storage_accesskey
-          value: $(params.mas_aibroker_storage_accesskey)
-        - name: mas_aibroker_storage_secretkey
-          value: $(params.mas_aibroker_storage_secretkey)
         - name: mas_aibroker_storage_pipelines_bucket
           value: $(params.mas_aibroker_storage_pipelines_bucket)
         - name: mas_aibroker_storage_ssl
           value: $(params.mas_aibroker_storage_ssl)
-        
-        
         - name: mas_aibroker_s3_endpoint_url
           value: $(params.mas_aibroker_s3_endpoint_url)
-
         - name: mas_aibroker_s3_region
           value: $(params.mas_aibroker_s3_region)
-
         - name: mas_aibroker_s3_bucket_prefix
           value: $(params.mas_aibroker_s3_bucket_prefix)
-
         - name: rsl_url
           value: $(params.rsl_url)
-
         - name: rsl_org_id
           value: $(params.rsl_org_id)
-
         - name: rsl_token
           value: $(params.rsl_token)
-
         - name: tenant_entitlement_type
           value: $(params.tenant_entitlement_type)
-
         - name: tenant_entitlement_start_date
           value: $(params.tenant_entitlement_start_date)
-
         - name: tenant_entitlement_end_date
           value: $(params.tenant_entitlement_end_date)
-        
-
+        
\ No newline at end of file
diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index 816697efcf4..9bd3263f96c 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -39,14 +39,10 @@ spec:
       type: string
     - name: in_saas_env
       type: string
-    - name: ibm_entitlement_key
-      type: string
     - name: mas_icr_cp
       type: string
     - name: mas_icr_cpopen
       type: string
-    - name: artifactory_token
-      type: string
     - name: drocfg_url
       type: string
     - name: drocfg_ca
@@ -55,28 +51,19 @@ spec:
       type: string
     - name: slscfg_url
       type: string
-    - name: slscfg_registration_key
-      type: string
+
     - name: mas_aibroker_sls_subscription_id
       type: string
     - name: mas_aibroker_watsonxai_url
       type: string
-    - name: mas_aibroker_watsonxai_apikey
-      type: string
     - name: mas_aibroker_watsonxai_project_id
       type: string
-    - name: mas_aibroker_storage_host
-      type: string
     - name: mas_aibroker_storage_port
       type: string
     - name: mas_aibroker_storage_region
       type: string
     - name: mas_aibroker_storage_provider
       type: string
-    - name: mas_aibroker_storage_accesskey
-      type: string
-    - name: mas_aibroker_storage_secretkey
-      type: string
     - name: mas_aibroker_storage_pipelines_bucket
       type: string
     - name: mas_aibroker_storage_ssl
@@ -89,10 +76,6 @@ spec:
       type: string
     - name: rsl_url
       type: string
-    - name: rsl_org_id
-      type: string
-    - name: rsl_token
-      type: string
     - name: tenant_entitlement_type
       type: string
     - name: tenant_entitlement_start_date
@@ -136,44 +119,27 @@ spec:
         value: $(params.cluster_domain)
       - name: IN_SAAS_ENV
         value: $(params.in_saas_env)
-      - name: IBM_ENTITLEMENT_KEY
-        value: $(params.ibm_entitlement_key)
       - name: MAS_ICR_CP
         value: $(params.mas_icr_cp)
       - name: MAS_ICR_CPOPEN
         value: $(params.mas_icr_cpopen)
-      - name: ARTIFACTORY_TOKEN
-        value: $(params.artifactory_token)
       - name: DROCFG_URL
         value: $(params.drocfg_url)
-      - name: DROCFG_CA
-        value: $(params.drocfg_ca)
-      - name: DROCFG_REGISTRATION_KEY
-        value: $(params.drocfg_registration_key)
       - name: SLSCFG_URL
         value: $(params.slscfg_url)
-      - name: SLSCFG_REGISTRATION_KEY
-        value: $(params.slscfg_registration_key)
+
       - name: MAS_AIBROKER_SLS_SUBSCRIPTION_ID
         value: $(params.mas_aibroker_sls_subscription_id)
       - name: MAS_AIBROKER_WATSONXAI_URL
         value: $(params.mas_aibroker_watsonxai_url)
-      - name: MAS_AIBROKER_WATSONXAI_APIKEY
-        value: $(params.mas_aibroker_watsonxai_apikey)
       - name: MAS_AIBROKER_WATSONXAI_PROJECT_ID
         value: $(params.mas_aibroker_watsonxai_project_id)
-      - name: MAS_AIBROKER_STORAGE_HOST
-        value: $(params.mas_aibroker_storage_host)
       - name: MAS_AIBROKER_STORAGE_PORT
         value: $(params.mas_aibroker_storage_port)
       - name: MAS_AIBROKER_STORAGE_REGION
         value: $(params.mas_aibroker_storage_region)
       - name: MAS_AIBROKER_STORAGE_PROVIDER
         value: $(params.mas_aibroker_storage_provider)
-      - name: MAS_AIBROKER_STORAGE_ACCESSKEY
-        value: $(params.mas_aibroker_storage_accesskey)
-      - name: MAS_AIBROKER_STORAGE_SECRETKEY
-        value: $(params.mas_aibroker_storage_secretkey)
       - name: MAS_AIBROKER_STORAGE_PIPELINES_BUCKET
         value: $(params.mas_aibroker_storage_pipelines_bucket)
       - name: MAS_AIBROKER_STORAGE_SSL
@@ -186,10 +152,6 @@ spec:
         value: $(params.mas_aibroker_s3_bucket_prefix)
       - name: RSL_URL
         value: $(params.rsl_url)
-      - name: RSL_ORG_ID
-        value: $(params.rsl_org_id)
-      - name: RSL_TOKEN
-        value: $(params.rsl_token)
       - name: TENANT_ENTITLEMENT_TYPE
         value: $(params.tenant_entitlement_type)
       - name: TENANT_ENTITLEMENT_START_DATE

From f4a0a2445092ae1698cc412a528cd082fa22ab94 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 14:38:15 +0530
Subject: [PATCH 135/258] replaced route_type with is_external_route

---
 image/cli/mascli/functions/gitops_aibroker             | 10 +++++-----
 .../cluster/instance/ibm-aibroker.yaml.j2              |  1 +
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 |  6 +++---
 tekton/src/tasks/gitops/gitops-aibroker.yml.j2         |  6 +++---
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 627cda613b7..8c9452afd79 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -68,7 +68,7 @@ sls_dro_jdbc
       --mas-icr-cpopen ${TEXT_RESET}MAS_ICR_CPOPEN${TEXT_RESET}
       --cluster-domain ${TEXT_RESET}CLUSTER_DOMAIN${TEXT_RESET}
       --in-saas-env ${TEXT_RESET}IN_SAAS_ENV${TEXT_RESET}
-      --route_type ${TEXT_RESET}ROUTE_TYPE${TEXT_RESET}  # Optional, e.g., "route" or "ingress"
+      --is-external-route ${TEXT_RESET}IS_EXTERNAL_ROUTE${TEXT_RESET}  # A flag indicating to enable external route (default value is: false)
 
 Target Cluster (Optional):
       --cluster-url ${COLOR_YELLOW}CLUSTER_URL${TEXT_RESET}       Set to target a remote Kubernetes cluster (defaults to 'https://kubernetes.default.svc')
@@ -99,7 +99,7 @@ function gitops_aibroker_noninteractive() {
   #adding default values 
   export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${AIBROKER_INSTANCE_ID}-aibroker"}
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
-  export ROUTE_TYPE=${ROUTE_TYPE:-""}  # Default to "", can be set to "ingress" if needed
+  export IS_EXTERNAL_ROUTE=${IS_EXTERNAL_ROUTE:-"false"}  # Default to "false", can be set to "true" if needed  
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
   #dro
@@ -162,8 +162,8 @@ function gitops_aibroker_noninteractive() {
       --in-saas-env)
           export IN_SAAS_ENV=$1 && shift
         ;;
-      --route-type)
-          export ROUTE_TYPE=$1 && shift
+      --is-external-route)
+          export IS_EXTERNAL_ROUTE=$1 && shift
         ;;
       --mas-icr-cp)
         export MAS_ICR_CP=$1 && shift
@@ -392,7 +392,7 @@ function gitops_aibroker() {
   echo_reset_dim "MAS ICR CPOpen ......................... ${COLOR_MAGENTA}${MAS_ICR_CPOPEN}"
   echo_reset_dim "Cluster Domain ......................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
   echo_reset_dim "In SaaS Environment .................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
-  echo_reset_dim "Route Type ............................ ${COLOR_MAGENTA}${ROUTE_TYPE}"
+  echo_reset_dim "Is External Route ...................... ${COLOR_MAGENTA}${IS_EXTERNAL_ROUTE}"
 
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
index e91b607045e..a65a5473bea 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
@@ -75,3 +75,4 @@ ibm_aibroker:
 
   cluster_domain: "{{ CLUSTER_DOMAIN }}"
   in_saas_env: "{{ IN_SAAS_ENV }}"
+  is_external_route: "{{ IS_EXTERNAL_ROUTE }}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index 4f9351c6192..c4452793631 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -109,7 +109,7 @@ spec:
       type: string
     - name: in_saas_env
       type: string
-    - name: route_type
+    - name: is_external_route
       type: string
     # MINIO-specific
     - name: minio_namespace
@@ -396,8 +396,8 @@ spec:
           value: $(params.cluster_domain)
         - name: in_saas_env
           value: $(params.in_saas_env)
-        - name: route_type
-          value: $(params.route_type)
+        - name: is_external_route
+          value: $(params.is_external_route)
         - name: environment_type
           value: $(params.environment_type)
         - name: mas_aibroker_s3_endpoint_url
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 85fea761d59..1d03a4bb9f9 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -106,7 +106,7 @@ spec:
       type: string
     - name: in_saas_env
       type: string
-    - name: route_type
+    - name: is_external_route
       type: string
     - name: environment_type
       type: string
@@ -220,8 +220,8 @@ spec:
         value: $(params.cluster_domain)
       - name: IN_SAAS_ENV
         value: $(params.in_saas_env)
-      - name: ROUTE_TYPE
-        value: $(params.route_type)
+      - name: IS_EXTERNAL_ROUTE
+        value: $(params.is_external_route)
       - name: ENVIRONMENT_TYPE
         value: $(params.environment_type)
       - name: MAS_AIBROKER_S3_ENDPOINT_URL

From 5c7fa231617e9eb4752c3c32673c870c1960e183 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 15:40:41 +0530
Subject: [PATCH 136/258] removed rsl_org_id and rsl_token

---
 .secrets.baseline                                         | 2 +-
 .../pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2    | 8 --------
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 452b26aa3f6..0f1dc063f85 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-15T08:52:20Z",
+  "generated_at": "2025-07-15T09:09:54Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
index e7fa7f08e93..3661a6ea406 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
@@ -72,10 +72,6 @@ spec:
       type: string
     - name: rsl_url
       type: string
-    - name: rsl_org_id
-      type: string
-    - name: rsl_token
-      type: string
     - name: tenant_entitlement_type
       type: string
     - name: tenant_entitlement_start_date
@@ -161,10 +157,6 @@ spec:
           value: $(params.mas_aibroker_s3_bucket_prefix)
         - name: rsl_url
           value: $(params.rsl_url)
-        - name: rsl_org_id
-          value: $(params.rsl_org_id)
-        - name: rsl_token
-          value: $(params.rsl_token)
         - name: tenant_entitlement_type
           value: $(params.tenant_entitlement_type)
         - name: tenant_entitlement_start_date

From 88d484c5596a51e93f56635b997fc9a029b6d254 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 16:55:17 +0530
Subject: [PATCH 137/258] Update gitops-aibroker-tenant.yml.j2

removed drocfg_ca and drocfg_registration_key
---
 tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
index 9bd3263f96c..57522e859af 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
@@ -45,13 +45,8 @@ spec:
       type: string
     - name: drocfg_url
       type: string
-    - name: drocfg_ca
-      type: string
-    - name: drocfg_registration_key
-      type: string
     - name: slscfg_url
       type: string
-
     - name: mas_aibroker_sls_subscription_id
       type: string
     - name: mas_aibroker_watsonxai_url

From 8e3b609c8c9f70e7075be672c8fe1c5d767e9195 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 17:54:22 +0530
Subject: [PATCH 138/258] Update gitops_aibroker_tenant

---
 image/cli/mascli/functions/gitops_aibroker_tenant | 1 -
 1 file changed, 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 97a3c68373d..6ec9b175a31 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -385,7 +385,6 @@ function gitops_aibroker_tenant() {
 
   # -- Watsonx
   echo_reset_dim "Watsonx.ai URL ............................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_URL}"
-  # echo_reset_dim "Watsonx.ai API key ........................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_APIKEY}"
   echo_reset_dim "Watsonx.ai project ID ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_PROJECT_ID}"
 
   # -- STORAGE

From 6b21ff360b41ba77571b5ccf42b6acb6b6b5e3b1 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 18:57:28 +0530
Subject: [PATCH 139/258] added MAS_INSTANCE_ID for aibroker base file

---
 image/cli/mascli/functions/gitops_aibroker  | 3 ++-
 tekton/src/tasks/gitops/gitops-minio.yml.j2 | 4 ----
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 8c9452afd79..793fb0d671a 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -345,7 +345,8 @@ function gitops_aibroker() {
   reset_colors
 
   # echo all the variables ofgitops+envs
-  # echo_reset_dim "AIBROKER Instance ID ....................... ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+  MAS_INSTANCE_ID="$AIBROKER_INSTANCE_ID"
+  echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
   echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
   echo_reset_dim "AI Broker Namespace ................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "MAS AI Broker WatsonX Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONX_SECRET}"
diff --git a/tekton/src/tasks/gitops/gitops-minio.yml.j2 b/tekton/src/tasks/gitops/gitops-minio.yml.j2
index 9be4da5dc40..6e0366883b5 100644
--- a/tekton/src/tasks/gitops/gitops-minio.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-minio.yml.j2
@@ -28,7 +28,6 @@ spec:
       type: string
     - name: github_host
       type: string
-      
     - name: minio_namespace
       type: string
       default: minio
@@ -55,8 +54,6 @@ spec:
         value: $(params.account)
       - name: AIBROKER_INSTANCE_ID
         value: $(params.aibroker_instance_id)
-      #- name: CLUSTER_ID
-      #  value: $(params.cluster_id)
       - name: CLUSTER_URL
         value: $(params.cluster_url)
       - name: SECRET_PATH
@@ -71,7 +68,6 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-
       - name: MINIO_NAMESPACE
         value: $(params.minio_namespace)
       - name: MINIO_INSTANCE_NAME

From 6ae44f3931147c439333207280d2e519a58c99d4 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 18:59:12 +0530
Subject: [PATCH 140/258] Update gitops-mas-aibroker.yml.j2

skipped minio
---
 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index c4452793631..cbaf9129d53 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -231,10 +231,10 @@ spec:
         - name: aibroker_instance_id
           value: $(params.aibroker_instance_id)
 
-      # when:
-      #  - input: "$(params.mas_aibroker_storage_provider)"
-      #    operator: in
-      #    values: ["minio"]
+      when:
+        - input: "$(params.mas_aibroker_storage_provider)"
+          operator: in
+          values: ["minio"]
 
     # 2.gitops-odh
     # -------------------------------------------------------------------------

From 2a1d1fa64ab525c0381f28411e93a6c0db51cc02 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 19:55:54 +0530
Subject: [PATCH 141/258] Update gitops_aibroker

exported
---
 image/cli/mascli/functions/gitops_aibroker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 793fb0d671a..7add2bd1b48 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -345,7 +345,7 @@ function gitops_aibroker() {
   reset_colors
 
   # echo all the variables ofgitops+envs
-  MAS_INSTANCE_ID="$AIBROKER_INSTANCE_ID"
+  export MAS_INSTANCE_ID="$AIBROKER_INSTANCE_ID"
   echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
   echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
   echo_reset_dim "AI Broker Namespace ................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"

From d2679f992b2a06cc0b66ac45567f343ec0ad660f Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 21:55:59 +0530
Subject: [PATCH 142/258] cherry-pick 41852e992c conflict

---
 .secrets.baseline                             |  2 +-
 image/cli/mascli/functions/gitops_aibroker    | 36 ++++++-------------
 image/cli/mascli/functions/gitops_minio       |  1 -
 .../gitops/gitops-mas-aibroker.yml.j2         |  4 ---
 4 files changed, 12 insertions(+), 31 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 0f1dc063f85..8ecc7bfbaf7 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-15T09:09:54Z",
+  "generated_at": "2025-07-15T16:24:59Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 7add2bd1b48..325f7fd06da 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -14,7 +14,7 @@ When no options are specified on the command line, interactive-mode will be enab
 Basic Configuration:
   -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                  Account name that the cluster belongs to
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                  Cluster ID
-  -i, --Instace-id ${COLOR_YELLOW}INSTANCE_ID${TEXT_RESET}                                                 Instance ID
+  -i, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                              AI Broker instance ID  
 
 Secrets Manager:
       --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
@@ -22,7 +22,7 @@ Secrets Manager:
 
 ibm aibroker(required):
       --aibroker-namespace ${TEXT_RESET}AIBROKER_NAMESPACE${TEXT_RESET}
-      --aibroker-instance-id ${TEXT_RESET}MAS_INSTACE_ID${TEXT_RESET}
+      --aibroker-instance-id ${TEXT_RESET}AIBROKER_INSTANCE_ID${TEXT_RESET}
       --primary-storage-class ${TEXT_RESET}PRIMARY_STORAGE_CLASS${TEXT_RESET}
 
 storage provider:
@@ -100,9 +100,8 @@ function gitops_aibroker_noninteractive() {
   export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${AIBROKER_INSTANCE_ID}-aibroker"}
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
   export IS_EXTERNAL_ROUTE=${IS_EXTERNAL_ROUTE:-"false"}  # Default to "false", can be set to "true" if needed  
-  export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
-  export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
-  #dro
+  export MAS_ICR_CP=${MAS_ICR_CP:-"cp.icr.io/cp"}
+  export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"icr.io/cpopen"}
   # -- SLS Defaults
   export REGION_ID=${REGION_ID:-${SM_AWS_REGION}} 
   export MAS_APP_ID=${MAS_APP_ID:-"aibroker"}
@@ -272,16 +271,16 @@ function gitops_aibroker_noninteractive() {
 
 # add validation below like above  for those variable which have the value needed for further execution
 # -- AIBroker
-  # [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_aibroker_help "AIBROKER_INSTANCE_ID is not set. Please provide the AIBROKER instance ID using --aibroker-instance-id."
   [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
   [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_aibroker_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
-  #[[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
   [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster-domain."
   [[ -z "$ARTIFACTORY_USERNAME" ]] && gitops_aibroker_help "ARTIFACTORY_USERNAME is not set. Please provide the artifactory username using --artifactory-username"
   [[ -z "$MAS_APP_CHANNEL" ]] && gitops_aibroker_help "MAS_APP_CHANNEL is not set. Please provide the mas app channel using --mas-app-channel"
-  # -- DRO
-  #[[ -z "$DROCFG_URL" ]] && gitops_aibroker_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg-url."
-
+  [[ -z "$MAS_CATALOG_SOURCE" ]] && gitops_aibroker_help "MAS_CATALOG_SOURCE is not set. Please provide the mas catalog source using --mas-catalog-source"
+  [[ -z "$MAS_ICR_CP" ]] && gitops_aibroker_help "MAS_ICR_CP is not set. Please provide the MAS ICR CP using --mas-icr-cp"
+  [[ -z "$MAS_ICR_CPOPEN" ]] && gitops_aibroker_help "MAS_ICR_CPOPEN is not set. Please provide the MAS ICR CPOPEN using --mas-icr-cpopopen"
+  [[ -z "$IN_SAAS_ENV" ]] && gitops_aibroker_help "IN_SAAS_ENV is not set. Please specify if this is in SaaS environment using --in-saas-env."
+  [[ -z "$IS_EXTERNAL_ROUTE" ]] && gitops_aibroker_help "IS_EXTERNAL_ROUTE is not set. Please specify if this is an external route using --is-external-route."
   [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
 
 
@@ -305,8 +304,7 @@ function gitops_aibroker() {
   rm -rf $GITOPS_WORKING_DIR
   mkdir -p ${GITOPS_WORKING_DIR}
   GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
-  # TEMP_DIR=$GITOPS_CLUSTER_DIR/tmp-aibroker
-  # mkdir -p ${TEMP_DIR}
+
   echo
   reset_colors
   echo_h2 "Review Settings"
@@ -344,7 +342,7 @@ function gitops_aibroker() {
   fi
   reset_colors
 
-  # echo all the variables ofgitops+envs
+  # echo all the variables of gitops+envs
   export MAS_INSTANCE_ID="$AIBROKER_INSTANCE_ID"
   echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
   echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
@@ -380,7 +378,6 @@ function gitops_aibroker() {
   echo_reset_dim "DRO Config Registration Key ............ ${COLOR_MAGENTA}${DROCFG_REGISTRATION_KEY}"
   echo_reset_dim "DRO Config URL ......................... ${COLOR_MAGENTA}${DROCFG_URL}"
   echo_reset_dim "JDBC Config Username ................... ${COLOR_MAGENTA}${JDBCCFG_USERNAME}"
-  # echo_reset_dim "JDBC Config Password ................... ${COLOR_MAGENTA}${JDBCCFG_PASSWORD}"
   echo_reset_dim "JDBC Config URL ........................ ${COLOR_MAGENTA}${JDBCCFG_URL}"
   echo_reset_dim "JDBC SSL Enabled ....................... ${COLOR_MAGENTA}${JDBCCFG_SSLENABLED}"
   echo_reset_dim "JDBC Config CA ......................... ${COLOR_MAGENTA}${JDBCCFG_CA}"
@@ -400,7 +397,6 @@ function gitops_aibroker() {
   # update those varialbe which are necessory to be updated into aws , 
   SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
 
-
   export SECRET_KEY_IBM_ENTITLEMENT=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
 
   #storage
@@ -442,16 +438,6 @@ function gitops_aibroker() {
 
   export MAS_ENTITLEMENT_KEY=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
   export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
-  # check if those are already present 
-  
-  # and update them 
-
-  # finally get values into tempalte 
-  # push them on github repo , 
-
-  # final output 
-  # updated var in sm 
-  # and git repo 
 
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_ca_tenant"
diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index 70ba4a11203..ffd5eaf062e 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -24,7 +24,6 @@ minio Provider Selection / Version:
       --minio_namespace ${COLOR_YELLOW}MINIO_NAMESPACE${TEXT_RESET}                                      The minio namespace to install
       --minio_instance_name ${COLOR_YELLOW}MINIO_INSTANCE_NAME${TEXT_RESET}                              The minio instance name
       --minio_root_user ${COLOR_YELLOW}MINIO_ROOT_USER${TEXT_RESET}                                      The minio user name
-      # --minio_root_password ${COLOR_YELLOW}MINIO_ROOT_PASSWORD${TEXT_RESET}                            The minio user password
       --minio_storage_class ${COLOR_YELLOW}MINIO_STORAGE_CLASS${TEXT_RESET}                              The minio storage class
       --minio_storage_size ${COLOR_YELLOW}MINIO_STORAGE_SIZE${TEXT_RESET}                                The minio storage size
       --minio_image ${COLOR_YELLOW}MINIO_IMAGE${TEXT_RESET}                                              The minio image name
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index cbaf9129d53..de9ee677028 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -118,8 +118,6 @@ spec:
       type: string
     - name: minio_root_user
       type: string
-    - name: minio_root_password
-      type: string
     - name: minio_storage_class
       type: string
     - name: minio_storage_size
@@ -220,8 +218,6 @@ spec:
           value: $(params.minio_instance_name)
         - name: minio_root_user
           value: $(params.minio_root_user)
-        - name: minio_root_password
-          value: $(params.minio_root_password)
         - name: minio_storage_class
           value: $(params.minio_storage_class)
         - name: minio_storage_size

From 3441b3790ab6cc07daf2207184199e8027372037 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 22:57:37 +0530
Subject: [PATCH 143/258] cherry-pick 9aa7dd2c69 conflict

---
 .secrets.baseline                             |  2 +-
 image/cli/mascli/functions/gitops_aibroker    | 44 +---------
 image/cli/mascli/functions/gitops_kmodel      | 12 ---
 .../gitops/gitops-mas-aibroker.yml.j2         | 80 -------------------
 .../src/tasks/gitops/gitops-aibroker.yml.j2   | 71 ----------------
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2  |  8 --
 6 files changed, 2 insertions(+), 215 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 8ecc7bfbaf7..0d7ef21ed41 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-15T16:24:59Z",
+  "generated_at": "2025-07-15T17:27:11Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 325f7fd06da..3fe27b2ef40 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -28,8 +28,6 @@ ibm aibroker(required):
 storage provider:
       --mas-aibroker-storage-provider ${TEXT_RESET}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}
       --mas-aibroker-minio-secret ${TEXT_RESET}MAS_AIBROKER_MINIO_SECRET${TEXT_RESET}
-      --mas-aibroker-storage-accesskey ${TEXT_RESET}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}
-      --mas-aibroker-storage-secretkey ${TEXT_RESET}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}
       --mas-aibroker-storage-host ${TEXT_RESET}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}
       --mas-aibroker-storage-port ${TEXT_RESET}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}
       --mas-aibroker-storage-ssl ${TEXT_RESET}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}
@@ -39,29 +37,10 @@ storage provider:
       --mas-aibroker-storage-templates-bucket ${TEXT_RESET}MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}
 
 mariadb storage
-      --mas-aibroker-db-host ${TEXT_RESET}MAS_AIBROKER_DB_HOST${TEXT_RESET}
       --mas-aibroker-mariadb-secret ${TEXT_RESET}MAS_AIBROKER_MARIADB_SECRET${TEXT_RESET}
-      --mas-aibroker-db-port ${TEXT_RESET}MAS_AIBROKER_DB_PORT${TEXT_RESET}
-      --mas-aibroker-db-user ${TEXT_RESET}MAS_AIBROKER_DB_USER${TEXT_RESET}
-      --mas-aibroker-db-database ${TEXT_RESET}MAS_AIBROKER_DB_DATABASE${TEXT_RESET}
-      --mas-aibroker-db-secret-name ${TEXT_RESET}MAS_AIBROKER_DB_SECRET_NAME${TEXT_RESET}
-      --mas-aibroker-db-secret-value ${TEXT_RESET}MAS_AIBROKER_DB_SECRET_VALUE${TEXT_RESET}
 
 sls_dro_jdbc
-      --slscfg-registration-key ${TEXT_RESET}SLSCFG_REGISTRATION_KEY${TEXT_RESET}
-      --drocfg-ca ${TEXT_RESET}DROCFG_CA${TEXT_RESET}
-      --drocfg-tenant ${TEXT_RESET}DROCFG_TENANT${TEXT_RESET}
-      --drocfg-registration-key ${TEXT_RESET}DROCFG_REGISTRATION_KEY${TEXT_RESET}
-      --drocfg-url ${TEXT_RESET}DROCFG_URL${TEXT_RESET}
-      --jdbccfg-username ${TEXT_RESET}JDBCCFG_USERNAME${TEXT_RESET}
-      # --jdbccfg-password ${TEXT_RESET}JDBCCFG_PASSWORD${TEXT_RESET}
-      --jdbccfg-url ${TEXT_RESET}JDBCCFG_URL${TEXT_RESET}
-      --jdbccfg-sslenabled ${TEXT_RESET}JDBCCFG_SSLENABLED${TEXT_RESET}
-      --jdbccfg-ca ${TEXT_RESET}JDBCCFG_CA${TEXT_RESET}
-
-      --mas-entitlement-key ${TEXT_RESET}MAS_ENTITLEMENT_KEY${TEXT_RESET}
       --artifactory-username ${TEXT_RESET}ARTIFACTORY_USERNAME${TEXT_RESET}
-      --artifactory-token ${TEXT_RESET}ARTIFACTORY_TOKEN${TEXT_RESET}
       --mas-app-channel ${TEXT_RESET}MAS_APP_CHANNEL${TEXT_RESET}
       --mas-catalog-source ${TEXT_RESET}MAS_CATALOG_SOURCE${TEXT_RESET}
       --mas-icr-cp ${TEXT_RESET}MAS_ICR_CP${TEXT_RESET}
@@ -352,8 +331,6 @@ function gitops_aibroker() {
   # Storage variables
   echo_reset_dim "MAS AI Broker Storage Provider ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
   echo_reset_dim "MAS AI Broker MinIO Secret ............ ${COLOR_MAGENTA}${MAS_AIBROKER_MINIO_SECRET}"
-  echo_reset_dim "MAS AI Broker Storage Access Key ...... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
-  echo_reset_dim "MAS AI Broker Storage Secret Key ...... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
   echo_reset_dim "MAS AI Broker Storage Host ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_HOST}"
   echo_reset_dim "MAS AI Broker Storage Port ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PORT}"
   echo_reset_dim "MAS AI Broker Storage SSL ............. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
@@ -361,29 +338,10 @@ function gitops_aibroker() {
   echo_reset_dim "MAS AI Broker Pipelines Bucket ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
   echo_reset_dim "MAS AI Broker Tenants Bucket .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
   echo_reset_dim "MAS AI Broker Templates Bucket ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
-  echo_reset_dim "MAS AI Broker DB Host ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_HOST}"
   echo_reset_dim "MAS AI Broker MariaDB Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_MARIADB_SECRET}"
-  echo_reset_dim "MAS AI Broker DB Port ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_PORT}"
-  echo_reset_dim "MAS AI Broker DB User ................. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_USER}"
-  echo_reset_dim "MAS AI Broker DB Database ............. ${COLOR_MAGENTA}${MAS_AIBROKER_DB_DATABASE}"
-  echo_reset_dim "MAS AI Broker DB Secret Name .......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_NAME}"
-  echo_reset_dim "MAS AI Broker DB Secret Value ......... ${COLOR_MAGENTA}${MAS_AIBROKER_DB_SECRET_VALUE}"
   
   echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
-
-
-  echo_reset_dim "SLS Config Registration Key ............ ${COLOR_MAGENTA}${SLSCFG_REGISTRATION_KEY}"
-  echo_reset_dim "DRO Config CA .......................... ${COLOR_MAGENTA}${DROCFG_CA}"
-  echo_reset_dim "DRO Config Tenant ...................... ${COLOR_MAGENTA}${DROCFG_TENANT}"
-  echo_reset_dim "DRO Config Registration Key ............ ${COLOR_MAGENTA}${DROCFG_REGISTRATION_KEY}"
-  echo_reset_dim "DRO Config URL ......................... ${COLOR_MAGENTA}${DROCFG_URL}"
-  echo_reset_dim "JDBC Config Username ................... ${COLOR_MAGENTA}${JDBCCFG_USERNAME}"
-  echo_reset_dim "JDBC Config URL ........................ ${COLOR_MAGENTA}${JDBCCFG_URL}"
-  echo_reset_dim "JDBC SSL Enabled ....................... ${COLOR_MAGENTA}${JDBCCFG_SSLENABLED}"
-  echo_reset_dim "JDBC Config CA ......................... ${COLOR_MAGENTA}${JDBCCFG_CA}"
-  echo_reset_dim "MAS Entitlement Key .................... ${COLOR_MAGENTA}${MAS_ENTITLEMENT_KEY}"
   echo_reset_dim "Artifactory Username ................... ${COLOR_MAGENTA}${ARTIFACTORY_USERNAME}"
-  echo_reset_dim "Artifactory Token ...................... ${COLOR_MAGENTA}${ARTIFACTORY_TOKEN}"
   echo_reset_dim "MAS App Channel ........................ ${COLOR_MAGENTA}${MAS_APP_CHANNEL}"
   echo_reset_dim "MAS Catalog Source ..................... ${COLOR_MAGENTA}${MAS_CATALOG_SOURCE}"
   echo_reset_dim "MAS ICR CP ............................. ${COLOR_MAGENTA}${MAS_ICR_CP}"
@@ -447,7 +405,7 @@ function gitops_aibroker() {
   if [[ "${MAS_AIBROKER_STORAGE_PROVIDER}" == "minio" ]]; then
   sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_port"
   fi
-
+  sm_verify_secret_exists ${SECRETS_PREFIX}jdbc "jdbccfg_username,jdbccfg_password,jdbccfg_url,jdbccfg_sslenabled,jdbccfg_ca"
   sm_verify_secret_exists ${SECRETS_PREFIX}mariadb "sm_mariadb_host,sm_mariadb_port,sm_mariadb_user,sm_mariadb_database,sm_mariadb_secret_name,sm_mariadb_secret_value"
 
   
diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 3a4a281827b..f21755336cc 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -34,8 +34,6 @@ Kkmodel Configuration:
       --mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                                   Whether STORAGE uses SSL (true/false)
       --mas_aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                                 Hostname or service name of the STORAGE backend
       --mas_aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                                 Port number STORAGE is exposed on
-      # --mas_aibroker-storage-accesskey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_ACCESSKEY${TEXT_RESET}                       Access key to authenticate with STORAGE
-      # --mas_aibroker-storage-secretkey ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SECRETKEY${TEXT_RESET}                       Secret key for authenticating with STORAGE
       --mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                             Storage region used in STORAGE (if applicable)
       --ssh-secret-name ${COLOR_YELLOW}SSH_SECRET_NAME${TEXT_RESET}                                                     SSH secret for securely provide SSH credentials
       --mas_aibroker_tenant_name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                                   Aibroker Tenant name
@@ -151,14 +149,6 @@ function gitops_kmodel_noninteractive() {
         export MAS_AIBROKER_STORAGE_SSL=$1 && shift
         ;;
 
-      # --mas-aibroker-storage-accesskey)
-      #   export MAS_AIBROKER_STORAGE_ACCESSKEY=$1 && shift
-      #   ;;
-
-      # --mas-aibroker-storage-secretkey)
-      #   export MAS_AIBROKER_STORAGE_SECRETKEY=$1 && shift
-      #   ;;
-
       --mas-aibroker-storage-host)
         export MAS_AIBROKER_STORAGE_HOST=$1 && shift
         ;;
@@ -371,8 +361,6 @@ function gitops_kmodel() {
   echo_reset_dim "AI Broker Namespace ............................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "MAS AI Broker Storage Provider .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
   echo_reset_dim "MAS AI Broker Storage SSL ......................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
-  # echo_reset_dim "MAS AI Broker Storage Access Key .................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_ACCESSKEY}"
-  # echo_reset_dim "MAS AI Broker Storage Secret Key .................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRETKEY}"
   echo_reset_dim "MAS AI Broker Storage Templates Bucket ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
   echo_reset_dim "MAS AI Broker Storage Tenants Bucket .............. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
   echo_reset_dim "MAS AI Broker Storage Pipelines Bucket ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index de9ee677028..cbc8b55e331 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -39,10 +39,6 @@ spec:
       type: string
     - name: mas_aibroker_minio_secret
       type: string
-    - name: mas_aibroker_storage_accesskey
-      type: string
-    - name: mas_aibroker_storage_secretkey
-      type: string
     - name: mas_aibroker_storage_host
       type: string
     - name: mas_aibroker_storage_port
@@ -57,46 +53,12 @@ spec:
       type: string
     - name: mas_aibroker_storage_templates_bucket
       type: string
-    - name: mas_aibroker_db_host
-      type: string
     - name: mas_aibroker_mariadb_secret
       type: string
-    - name: mas_aibroker_db_port
-      type: string
-    - name: mas_aibroker_db_user
-      type: string
-    - name: mas_aibroker_db_database
-      type: string
-    - name: mas_aibroker_db_secret_name
-      type: string
-    - name: mas_aibroker_db_secret_value
-      type: string
     - name: primary_storage_class
       type: string
-    - name: slscfg_registration_key
-      type: string
-    - name: drocfg_ca
-      type: string
-    - name: drocfg_registration_key
-      type: string
-    - name: drocfg_url
-      type: string
-    - name: jdbccfg_username
-      type: string
-    # - name: jdbccfg_password
-    #   type: string
-    - name: jdbccfg_url
-      type: string
-    - name: jdbccfg_sslenabled
-      type: string
-    - name: jdbccfg_ca
-      type: string
-    - name: mas_entitlement_key
-      type: string
     - name: artifactory_username
       type: string
-    - name: artifactory_token
-      type: string
     - name: mas_app_channel
       type: string
     - name: mas_catalog_source
@@ -322,10 +284,6 @@ spec:
           value: $(params.mas_aibroker_storage_provider)
         - name: mas_aibroker_minio_secret
           value: $(params.mas_aibroker_minio_secret)
-        - name: mas_aibroker_storage_accesskey
-          value: $(params.mas_aibroker_storage_accesskey)
-        - name: mas_aibroker_storage_secretkey
-          value: $(params.mas_aibroker_storage_secretkey)
         - name: mas_aibroker_storage_host
           value: $(params.mas_aibroker_storage_host)
         - name: mas_aibroker_storage_port
@@ -340,46 +298,12 @@ spec:
           value: $(params.mas_aibroker_storage_tenants_bucket)
         - name: mas_aibroker_storage_templates_bucket
           value: $(params.mas_aibroker_storage_templates_bucket)
-        - name: mas_aibroker_db_host
-          value: $(params.mas_aibroker_db_host)
         - name: mas_aibroker_mariadb_secret
           value: $(params.mas_aibroker_mariadb_secret)
-        - name: mas_aibroker_db_port
-          value: $(params.mas_aibroker_db_port)
-        - name: mas_aibroker_db_user
-          value: $(params.mas_aibroker_db_user)
-        - name: mas_aibroker_db_database
-          value: $(params.mas_aibroker_db_database)
-        - name: mas_aibroker_db_secret_name
-          value: $(params.mas_aibroker_db_secret_name)
-        - name: mas_aibroker_db_secret_value
-          value: $(params.mas_aibroker_db_secret_value)
         - name: primary_storage_class
           value: $(params.primary_storage_class)
-        - name: slscfg_registration_key
-          value: $(params.slscfg_registration_key)
-        - name: drocfg_ca
-          value: $(params.drocfg_ca)
-        - name: drocfg_registration_key
-          value: $(params.drocfg_registration_key)
-        - name: drocfg_url
-          value: $(params.drocfg_url)
-        - name: jdbccfg_username
-          value: $(params.jdbccfg_username)
-        # - name: jdbccfg_password
-        #   value: $(params.jdbccfg_password)
-        - name: jdbccfg_url
-          value: $(params.jdbccfg_url)
-        - name: jdbccfg_sslenabled
-          value: $(params.jdbccfg_sslenabled)
-        - name: jdbccfg_ca
-          value: $(params.jdbccfg_ca)
-        - name: mas_entitlement_key
-          value: $(params.mas_entitlement_key)
         - name: artifactory_username
           value: $(params.artifactory_username)
-        - name: artifactory_token
-          value: $(params.artifactory_token)
         - name: mas_app_channel
           value: $(params.mas_app_channel)
         - name: mas_catalog_source
@@ -447,10 +371,6 @@ spec:
           value: $(params.mas_aibroker_storage_provider)
         - name: mas_aibroker_storage_ssl
           value: $(params.mas_aibroker_storage_ssl)
-        - name: mas_aibroker_storage_accesskey
-          value: $(params.mas_aibroker_storage_accesskey)
-        - name: mas_aibroker_storage_secretkey
-          value: $(params.mas_aibroker_storage_secretkey)
         - name: mas_aibroker_storage_host
           value: $(params.mas_aibroker_storage_host)
         - name: mas_aibroker_storage_port
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 1d03a4bb9f9..76104d3fa3c 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -54,46 +54,13 @@ spec:
       type: string
     - name: mas_aibroker_storage_templates_bucket
       type: string
-    - name: mas_aibroker_db_host
-      type: string
     - name: mas_aibroker_mariadb_secret
       type: string
-    - name: mas_aibroker_db_port
-      type: string
-    - name: mas_aibroker_db_user
-      type: string
-    - name: mas_aibroker_db_database
-      type: string
-    - name: mas_aibroker_db_secret_name
-      type: string
-    - name: mas_aibroker_db_secret_value
       type: string
     - name: primary_storage_class
       type: string
-    - name: slscfg_registration_key
-      type: string
-    - name: drocfg_ca
-      type: string
-    - name: drocfg_registration_key
-      type: string
-    - name: drocfg_url
-      type: string
-    - name: jdbccfg_username
-      type: string
-    # - name: jdbccfg_password
-    #   type: string
-    - name: jdbccfg_url
-      type: string
-    - name: jdbccfg_sslenabled
-      type: string
-    - name: jdbccfg_ca
-      type: string
-    - name: mas_entitlement_key
-      type: string
     - name: artifactory_username
       type: string
-    - name: artifactory_token
-      type: string
     - name: mas_app_channel
       type: string
     - name: mas_catalog_source
@@ -150,10 +117,6 @@ spec:
         value: $(params.mas_aibroker_storage_provider)
       - name: MAS_AIBROKER_MINIO_SECRET
         value: $(params.mas_aibroker_minio_secret)
-      - name: MAS_AIBROKER_STORAGE_ACCESSKEY
-        value: $(params.mas_aibroker_storage_accesskey)
-      - name: MAS_AIBROKER_STORAGE_SECRETKEY
-        value: $(params.mas_aibroker_storage_secretkey)
       - name: MAS_AIBROKER_STORAGE_HOST
         value: $(params.mas_aibroker_storage_host)
       - name: MAS_AIBROKER_STORAGE_PORT
@@ -168,46 +131,12 @@ spec:
         value: $(params.mas_aibroker_storage_tenants_bucket)
       - name: MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET
         value: $(params.mas_aibroker_storage_templates_bucket)
-      - name: MAS_AIBROKER_DB_HOST
-        value: $(params.mas_aibroker_db_host)
       - name: MAS_AIBROKER_MARIADB_SECRET
         value: $(params.mas_aibroker_mariadb_secret)
-      - name: MAS_AIBROKER_DB_PORT
-        value: $(params.mas_aibroker_db_port)
-      - name: MAS_AIBROKER_DB_USER
-        value: $(params.mas_aibroker_db_user)
-      - name: MAS_AIBROKER_DB_DATABASE
-        value: $(params.mas_aibroker_db_database)
-      - name: MAS_AIBROKER_DB_SECRET_NAME
-        value: $(params.mas_aibroker_db_secret_name)
-      - name: MAS_AIBROKER_DB_SECRET_VALUE
-        value: $(params.mas_aibroker_db_secret_value)
       - name: PRIMARY_STORAGE_CLASS
         value: $(params.primary_storage_class)
-      - name: SLSCFG_REGISTRATION_KEY
-        value: $(params.slscfg_registration_key)
-      - name: DROCFG_CA
-        value: $(params.drocfg_ca)
-      - name: DROCFG_REGISTRATION_KEY
-        value: $(params.drocfg_registration_key)
-      - name: DROCFG_URL
-        value: $(params.drocfg_url)
-      - name: JDBCCFG_USERNAME
-        value: $(params.jdbccfg_username)
-      # - name: JDBCCFG_PASSWORD
-      #  value: $(params.jdbccfg_password)
-      - name: JDBCCFG_URL
-        value: $(params.jdbccfg_url)
-      - name: JDBCCFG_SSLENABLED
-        value: $(params.jdbccfg_sslenabled)
-      - name: JDBCCFG_CA
-        value: $(params.jdbccfg_ca)
-      - name: MAS_ENTITLEMENT_KEY
-        value: $(params.mas_entitlement_key)
       - name: ARTIFACTORY_USERNAME
         value: $(params.artifactory_username)
-      - name: ARTIFACTORY_TOKEN
-        value: $(params.artifactory_token)
       - name: MAS_APP_CHANNEL
         value: $(params.mas_app_channel)
       - name: MAS_CATALOG_SOURCE
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
index 057a41a9cbf..b12a6df8af6 100644
--- a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -39,10 +39,6 @@ spec:
       type: string
     - name: mas_aibroker_storage_ssl
       type: string
-    #- name: mas_aibroker_storage_accesskey
-    #  type: string
-    # - name: mas_aibroker_storage_secretkey
-    #   type: string
     - name: mas_aibroker_storage_host
       type: string
     - name: mas_aibroker_storage_port
@@ -120,10 +116,6 @@ spec:
         value: $(params.mas_aibroker_storage_provider)
       - name: MAS_AIBROKER_STORAGE_SSL
         value: $(params.mas_aibroker_storage_ssl)
-      # - name: MAS_AIBROKER_STORAGE_ACCESSKEY
-      #   value: $(params.mas_aibroker_storage_accesskey)
-      # - name: MAS_AIBROKER_STORAGE_SECRETKEY
-      #   value: $(params.mas_aibroker_storage_secretkey)
       - name: MAS_AIBROKER_STORAGE_HOST
         value: $(params.mas_aibroker_storage_host)
       - name: MAS_AIBROKER_STORAGE_PORT

From f0c66d4db63b03c5719ca9cd02b43131f2740542 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 23:20:53 +0530
Subject: [PATCH 144/258] Update gitops-aibroker.yml.j2

---
 tekton/src/tasks/gitops/gitops-aibroker.yml.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 76104d3fa3c..6bea483c3fa 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -56,7 +56,6 @@ spec:
       type: string
     - name: mas_aibroker_mariadb_secret
       type: string
-      type: string
     - name: primary_storage_class
       type: string
     - name: artifactory_username

From 49216a962f862085839f63f9c9f217b35559d1b4 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 15 Jul 2025 23:54:33 +0530
Subject: [PATCH 145/258] Update gitops-aibroker.yml.j2

---
 tekton/src/tasks/gitops/gitops-aibroker.yml.j2 | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 6bea483c3fa..037d031b651 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -36,10 +36,6 @@ spec:
       type: string
     - name: mas_aibroker_minio_secret
       type: string
-    - name: mas_aibroker_storage_accesskey
-      type: string
-    - name: mas_aibroker_storage_secretkey
-      type: string
     - name: mas_aibroker_storage_host
       type: string
     - name: mas_aibroker_storage_port

From ed20e231333016dd06a71f90b745a205ef4152df Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 16 Jul 2025 11:21:55 +0530
Subject: [PATCH 146/258] Update ibm-aibroker-tenant.yaml.j2

---
 .../appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 2c329dfb5d2..1a615f59083 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -8,7 +8,7 @@ ibm_aibroker_tenant:
   mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
   aibroker_instance_id: "{{ AIBROKER_INSTANCE_ID }}"
   tenantNamespace: "{{ TENANT_NAMESPACE }}"
-  # cluster_domain: "{{ CLUSTER_DOMAIN }}"
+  cluster_domain: "{{ CLUSTER_DOMAIN }}"
   in_saas_env: "{{ IN_SAAS_ENV }}"
   ibm_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IBM_ENTITLEMENT }}>"
 

From 2f3cced8a15ce9543ae6734c3b1bbf0a14d18379 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 16 Jul 2025 14:01:43 +0530
Subject: [PATCH 147/258] cherry-pick 9358f3ce4e conflict

---
 .secrets.baseline                               |  2 +-
 image/cli/mascli/functions/gitops_minio         | 17 +++++++++--------
 .../cluster/instance/ibm-minio.yaml.j2          |  2 ++
 .../pipelines/gitops/gitops-mas-aibroker.yml.j2 | 17 ++++++-----------
 tekton/src/tasks/gitops/gitops-minio.yml.j2     |  2 ++
 5 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 0d7ef21ed41..b3eb5c3dc3a 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-15T17:27:11Z",
+  "generated_at": "2025-07-16T08:31:18Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index ffd5eaf062e..f88e15298de 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -32,7 +32,7 @@ minio Provider Selection / Version:
       --minio_host=${COLOR_YELLOW}MINIO_HOST${TEXT_RESET}                                                The hostname or service URL where MinIO is reachable
       --minio_port=${COLOR_YELLOW}MINIO_PORT${TEXT_RESET}                                                The port number on which MinIO is exposed
       --aibroker_instance_id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                            The AI Broker instance ID
-      # --mas-instance-id ${COLOR_YELLOW}MAS_INSTANCE_ID${TEXT_RESET}                                    The Maximo AI Broker instance ID, used for identifying the specific instance in the GitOps repository
+      --mas-aibroker-storage-provider ${TEXT_RESET}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}            The storage provider for AI Broker (e.g., minio, aws)  
       
 Automatic GitHub Push (Optional):
   -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
@@ -63,7 +63,7 @@ function gitops_minio_noninteractive() {
   export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
   export MINIO_PORT=${MINIO_PORT:-"9000"}
   export MINIO_HOST=${MINIO_HOST:-"minio-service.minio.svc.cluster.local"}
-  # export AIBROKER_INSTANCE_ID=${AIBROKER_INSTANCE_ID:-"aibroker-inst-1"}
+  export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}
   
   while [[ $# -gt 0 ]]
   do
@@ -119,9 +119,9 @@ function gitops_minio_noninteractive() {
       --minio_port)
           export MINIO_PORT=$1 && shift
           ;;
-      # --mas-instance-id)
-      #   export MAS_INSTANCE_ID=$1 && shift
-      #   ;;
+      --mas-aibroker-storage-provider)
+          export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
+        ;;
       --aibroker_instance_id)
           export AIBROKER_INSTANCE_ID=$1 && shift
           ;;
@@ -240,9 +240,10 @@ function gitops_minio() {
   echo_reset_dim "MinIO Instance Name (minio_instance_name)  ............ ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
   echo_reset_dim "MinIO Storage Class (minio_storage_class)  ............ ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
   echo_reset_dim "MinIO Storage Size (minio_storage_size)  .............. ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
-  echo_reset_dim "MinIO Image (minio_image)  ...........................  ${COLOR_MAGENTA}${MINIO_IMAGE}"
-  echo_reset_dim "AiBroker (AIBROKER_INSTANCE_ID)  .....................  ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-  
+  echo_reset_dim "MinIO Image (minio_image)  ............................ ${COLOR_MAGENTA}${MINIO_IMAGE}"
+  echo_reset_dim "AiBroker (AIBROKER_INSTANCE_ID)  ...................... ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+  # Storage variables
+  echo_reset_dim "MAS AI Broker Storage Provider ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
   reset_colors
 
   # Set up secrets
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
index c78b3395682..c6e65e41215 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
@@ -1,6 +1,7 @@
 merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
 
 ibm_minio:
+{% if MAS_AIBROKER_STORAGE_PROVIDER is defined and MAS_AIBROKER_STORAGE_PROVIDER == 'minio' %}
   minio_namespace: "{{ MINIO_NAMESPACE }}"
   minio_instance_name: "{{ MINIO_INSTANCE_NAME }}"
   minio_root_user: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_USER }}>"
@@ -8,3 +9,4 @@ ibm_minio:
   minio_storage_class: "{{ MINIO_STORAGE_CLASS }}"
   minio_storage_size: "{{ MINIO_STORAGE_SIZE }}"
   minio_image: "{{ MINIO_IMAGE }}"
+{% endif %}
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index cbc8b55e331..0cf0a58176f 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -126,22 +126,15 @@ spec:
       type: string
     - name: tenantNamespace
       type: string 
-
-    
     - name: environment_type
       type: string
-
     - name: mas_aibroker_s3_endpoint_url
       type: string
-
     - name: mas_aibroker_s3_region
       type: string
-
     - name: mas_aibroker_s3_bucket_prefix
       type: string
 
-    
-
   workspaces:
     - name: configs
 
@@ -188,11 +181,13 @@ spec:
           value: $(params.minio_image)
         - name: aibroker_instance_id
           value: $(params.aibroker_instance_id)
+        - name: mas_aibroker_storage_provider
+          value: $(params.mas_aibroker_storage_provider)
 
-      when:
-        - input: "$(params.mas_aibroker_storage_provider)"
-          operator: in
-          values: ["minio"]
+      #when:
+      #  - input: "$(params.mas_aibroker_storage_provider)"
+      #    operator: in
+      #    values: ["minio"]
 
     # 2.gitops-odh
     # -------------------------------------------------------------------------
diff --git a/tekton/src/tasks/gitops/gitops-minio.yml.j2 b/tekton/src/tasks/gitops/gitops-minio.yml.j2
index 6e0366883b5..d56f5fb76cb 100644
--- a/tekton/src/tasks/gitops/gitops-minio.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-minio.yml.j2
@@ -45,6 +45,8 @@ spec:
     - name: minio_image
       type: string
       default: quay.io/minio/minio:latest
+    - name: mas_aibroker_storage_provider
+      type: string
   stepTemplate:
     name: gitops-minio
     env:

From 3f52ad5e17ad161173ea9738ec51df85c9d28501 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 16 Jul 2025 15:48:11 +0530
Subject: [PATCH 148/258] cherry-pick 8311d53138 conflict

---
 .secrets.baseline                       |  2 +-
 image/cli/mascli/functions/gitops_minio | 32 +++++++++++++++----------
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index b3eb5c3dc3a..01b97316d54 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-16T08:31:18Z",
+  "generated_at": "2025-07-16T10:17:24Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
index f88e15298de..2b133ee9168 100644
--- a/image/cli/mascli/functions/gitops_minio
+++ b/image/cli/mascli/functions/gitops_minio
@@ -176,7 +176,6 @@ function gitops_minio_noninteractive() {
   fi
 
   [[ -z "$MINIO_STORAGE_CLASS" ]] && gitops_minio_help "MINIO_STORAGE_CLASS is not set. Please specify the Kubernetes storage class using --minio_storage_class."
-  # [[ -z "$MAS_INSTANCE_ID" ]] && gitops_minio_help "MAS_INSTANCE_ID is not set. Please specify the Maximo AI Broker instance ID using --mas-instance-id."
   [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
 }
 
@@ -249,8 +248,6 @@ function gitops_minio() {
   # Set up secrets
   # ---------------------------------------------------------------------------
   CURRENT_DIR=$PWD
-  # TEMP_DIR=$GITOPS_CLUSTER_DIR/aibroker01
-  # mkdir -p ${TEMP_DIR}
 
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
@@ -271,7 +268,12 @@ function gitops_minio() {
     if [ -z "$MINIO_ROOT_PASSWORD" ]; then
 
       export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
-      echo_reset_dim "MINIO_ROOT_USER ............................. ${COLOR_MAGENTA}$MINIO_ROOT_USER"
+       # Extract and export sm_storage_accesskey
+      TEMP_STORAGE_USER=$(jq -r .sm_storage_user $MINIO_SECRET_FILE)
+      if [[ -n ${TEMP_STORAGE_USER} && ${TEMP_STORAGE_USER} != "null" ]]; then
+        export MINIO_ROOT_USER=${TEMP_STORAGE_USER}
+        echo_reset_dim "MINIO_ROOT_USER .............................. ${COLOR_MAGENTA}${MINIO_ROOT_USER} is available in the secret, using that value"
+      fi
 
       export MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
       # Extract and export sm_storage_accesskey
@@ -313,13 +315,20 @@ function gitops_minio() {
       fi
 
       echo_reset_dim "MINIO_ROOT_PASSWORD ............................. ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip>"
-      TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
-      #SREMAT : remove those buckets name if no longer needed
-      MINIO_BUCKET_FIELDS="\"sm_storage_bucket_templates\": \"km-templates\", \
-      \"sm_storage_bucket_tenants\": \"km-tenants\", \
-      \"sm_storage_bucket_pipelines\": \"km-pipelineset\", \
-      \"sm_storage_bucket_default\": \"miniobucket1\""
-      sm_update_secret $SECRET_NAME_STORAGE_AUTH "{ \"sm_storage_user\": \"$MINIO_ROOT_USER\", \"sm_storage_password\": \"$MINIO_ROOT_PASSWORD\", \"sm_storage_accesskey\": \"$MINIO_ROOT_USER\", \"sm_storage_secretkey\": \"$MINIO_ROOT_PASSWORD\", \"sm_storage_port\": \"$MINIO_PORT\", \"sm_storage_host\": \"$MINIO_HOST\", $MINIO_BUCKET_FIELDS }" "${TAGS}"
+      
+      # Conditionally update minio related secrets for minio
+      if [[ "${MAS_AIBROKER_STORAGE_PROVIDER}" == "minio" ]]; then
+
+        TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
+        #SREMAT : remove those buckets name if no longer needed
+        MINIO_BUCKET_FIELDS="\"sm_storage_bucket_templates\": \"km-templates\", \
+        \"sm_storage_bucket_tenants\": \"km-tenants\", \
+        \"sm_storage_bucket_pipelines\": \"km-pipelineset\", \
+        \"sm_storage_bucket_default\": \"miniobucket1\""
+        sm_update_secret $SECRET_NAME_STORAGE_AUTH "{ \"sm_storage_user\": \"$MINIO_ROOT_USER\", \"sm_storage_password\": \"$MINIO_ROOT_PASSWORD\", \"sm_storage_accesskey\": \"$MINIO_ROOT_USER\", \"sm_storage_secretkey\": \"$MINIO_ROOT_PASSWORD\", \"sm_storage_port\": \"$MINIO_PORT\", \"sm_storage_host\": \"$MINIO_HOST\", $MINIO_BUCKET_FIELDS }" "${TAGS}"
+      
+      fi
+
     fi
     
     echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
@@ -334,7 +343,6 @@ function gitops_minio() {
     echo_reset_dim "minio_port ............................ ${COLOR_MAGENTA}${MINIO_PORT}"
     echo_reset_dim "minio_host ............................ ${COLOR_MAGENTA}${MINIO_HOST}"
     echo_reset_dim "aibroker_instance_id .................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-    # echo_reset_dim "mas_instance_id ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
     if [ -z $GIT_SSH ]; then
       export GIT_SSH=false
     fi

From 17704dbfeb3629febeb7bac790589e8428e15b68 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 17 Jul 2025 17:59:08 +0530
Subject: [PATCH 149/258] cherry-pick 2175815c01 conflict

---
 .secrets.baseline                                               | 2 +-
 .../appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 | 1 -
 .../gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2   | 1 -
 3 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 01b97316d54..e6967a16a57 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-16T10:17:24Z",
+  "generated_at": "2025-07-17T12:28:07Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 1a615f59083..47de21d1e5d 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -3,7 +3,6 @@ merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}/{{ TENA
 ibm_aibroker_tenant:
   # aibroker
   tenant_id: "{{ TENANT_ID }}"
-  mas_aibroker_tenant_name: "{{ MAS_AIBROKER_TENANT_NAME }}"
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
   mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
   aibroker_instance_id: "{{ AIBROKER_INSTANCE_ID }}"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index 21981aea056..314125a2df6 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -27,7 +27,6 @@ ibm_kmodel:
   
   docker_server: "{{ DOCKER_SERVER }}"
 
-  tenantNamespace: "{{ TENANT_NAMESPACE }}"
   mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
 
   primary_storage_class: "{{ PRIMARY_STORAGE_CLASS }}"

From df8f1078fe25d30c977b8b3611768c3f718e9644 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 17 Jul 2025 18:33:16 +0530
Subject: [PATCH 150/258] Update gitops_aibroker_tenant

removed validation for MAS_AIBROKER_TENANT_NAME
---
 image/cli/mascli/functions/gitops_aibroker_tenant | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 6ec9b175a31..80b224f27af 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -289,7 +289,7 @@ function gitops_aibroker_tenant_noninteractive() {
   [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
   [[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_tenant_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
   [[ -z "$TENANT_ID" ]] && gitops_aibroker_tenant_help "TENANT_ID is not set. Please provide the tenant ID using --tenant-id."
-  [[ -z "$MAS_AIBROKER_TENANT_NAME" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_TENANT_NAME is not set. Please provide the AI Broker tenant name using --mas-aibroker-tenant-name."
+  # [[ -z "$MAS_AIBROKER_TENANT_NAME" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_TENANT_NAME is not set. Please provide the AI Broker tenant name using --mas-aibroker-tenant-name."
   [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_tenant_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster-domain."
   
   # -- DRO

From 77a9ca96c9388ba5e67c05a85ca8794594d7f4ff Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 18 Jul 2025 11:23:45 +0530
Subject: [PATCH 151/258] removed minio

---
 image/cli/mascli/functions/gitops_aibroker    |  18 +-
 .../mascli/functions/gitops_aibroker_tenant   |   8 +-
 image/cli/mascli/functions/gitops_kmodel      |   4 -
 image/cli/mascli/functions/gitops_minio       | 386 ------------------
 image/cli/mascli/mas                          |  11 +-
 .../instance/ibm-aibroker-tenant.yaml.j2      |   2 +-
 .../cluster/instance/ibm-aibroker.yaml.j2     |   2 +-
 .../cluster/instance/ibm-minio.yaml.j2        |  12 -
 .../gitops/gitops-mas-aibroker.yml.j2         |  71 +---
 .../src/tasks/gitops/gitops-aibroker.yml.j2   |   6 +-
 tekton/src/tasks/gitops/gitops-minio.yml.j2   | 116 ------
 11 files changed, 19 insertions(+), 617 deletions(-)
 delete mode 100644 image/cli/mascli/functions/gitops_minio
 delete mode 100644 image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
 delete mode 100644 tekton/src/tasks/gitops/gitops-minio.yml.j2

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 3fe27b2ef40..78039aaca0f 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -27,7 +27,7 @@ ibm aibroker(required):
 
 storage provider:
       --mas-aibroker-storage-provider ${TEXT_RESET}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}
-      --mas-aibroker-minio-secret ${TEXT_RESET}MAS_AIBROKER_MINIO_SECRET${TEXT_RESET}
+      --mas-aibroker-storage-secret ${TEXT_RESET}MAS_AIBROKER_STORAGE_SECRET${TEXT_RESET}
       --mas-aibroker-storage-host ${TEXT_RESET}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}
       --mas-aibroker-storage-port ${TEXT_RESET}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}
       --mas-aibroker-storage-ssl ${TEXT_RESET}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}
@@ -86,10 +86,10 @@ function gitops_aibroker_noninteractive() {
   export MAS_APP_ID=${MAS_APP_ID:-"aibroker"}
   export MAS_AIBROKER_WATSONX_SECRET=${MAS_AIBROKER_WATSONX_SECRET:-"${MAS_APP_ID}-watsonxcfg"}
   export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}
-  #Minio Defaults
+  #Storage Defaults
   export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
   export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
-  export MAS_AIBROKER_MINIO_SECRET=${MAS_AIBROKER_MINIO_SECRET:-"${MAS_APP_ID}-miniocfg"}
+  export MAS_AIBROKER_STORAGE_SECRET=${MAS_AIBROKER_STORAGE_SECRET:-"${MAS_APP_ID}-miniocfg"}
   export MAS_CATALOG_SOURCE=${MAS_CATALOG_SOURCE:-"ibm-operator-catalog"}
   #-- mariadb defaults
   export MAS_AIBROKER_MARIADB_SECRET=${MAS_AIBROKER_MARIADB_SECRET:-"${MAS_APP_ID}-mariadbcfge"}
@@ -166,8 +166,8 @@ function gitops_aibroker_noninteractive() {
       --mas-aibroker-storage-ssl)
         export MAS_AIBROKER_STORAGE_SSL=$1 && shift
         ;;
-      --mas-aibroker-minio-secret)
-          export MAS_AIBROKER_MINIO_SECRET=$1 && shift
+      --mas-aibroker-storage-secret)
+          export MAS_AIBROKER_STORAGE_SECRET=$1 && shift
         ;;
       --mas-catalog-source)
           export MAS_CATALOG_SOURCE=$1 && shift
@@ -250,7 +250,7 @@ function gitops_aibroker_noninteractive() {
 
 # add validation below like above  for those variable which have the value needed for further execution
 # -- AIBroker
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_aibroker_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
   [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_aibroker_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
   [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster-domain."
   [[ -z "$ARTIFACTORY_USERNAME" ]] && gitops_aibroker_help "ARTIFACTORY_USERNAME is not set. Please provide the artifactory username using --artifactory-username"
@@ -330,7 +330,7 @@ function gitops_aibroker() {
   echo_reset_dim "Pull Secret Name ...................... ${COLOR_MAGENTA}${PULL_SECRET_NAME}"
   # Storage variables
   echo_reset_dim "MAS AI Broker Storage Provider ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
-  echo_reset_dim "MAS AI Broker MinIO Secret ............ ${COLOR_MAGENTA}${MAS_AIBROKER_MINIO_SECRET}"
+  echo_reset_dim "MAS AI Broker Storage Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRET}"
   echo_reset_dim "MAS AI Broker Storage Host ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_HOST}"
   echo_reset_dim "MAS AI Broker Storage Port ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PORT}"
   echo_reset_dim "MAS AI Broker Storage SSL ............. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
@@ -401,10 +401,6 @@ function gitops_aibroker() {
   sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_ca_tenant"
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
-  # Conditionally include sm_storage_port for minio
-  if [[ "${MAS_AIBROKER_STORAGE_PROVIDER}" == "minio" ]]; then
-  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_port"
-  fi
   sm_verify_secret_exists ${SECRETS_PREFIX}jdbc "jdbccfg_username,jdbccfg_password,jdbccfg_url,jdbccfg_sslenabled,jdbccfg_ca"
   sm_verify_secret_exists ${SECRETS_PREFIX}mariadb "sm_mariadb_host,sm_mariadb_port,sm_mariadb_user,sm_mariadb_database,sm_mariadb_secret_name,sm_mariadb_secret_value"
 
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 80b224f27af..8f351808c66 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -286,7 +286,7 @@ function gitops_aibroker_tenant_noninteractive() {
   fi
 
   # add validation below like above  for those variable which have the value needed for further execution
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
   [[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_tenant_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
   [[ -z "$TENANT_ID" ]] && gitops_aibroker_tenant_help "TENANT_ID is not set. Please provide the tenant ID using --tenant-id."
   # [[ -z "$MAS_AIBROKER_TENANT_NAME" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_TENANT_NAME is not set. Please provide the AI Broker tenant name using --mas-aibroker-tenant-name."
@@ -429,11 +429,9 @@ function gitops_aibroker_tenant() {
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_tenant"
  
   sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey"
-  # Conditionally include sm_storage_port for minio
-  if [[ "${MAS_AIBROKER_STORAGE_PROVIDER}" == "minio" ]]; then
-  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_port"
-  fi
+
   sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token"
+  
   sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id"
   
   # finally push them into the git repo
diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index f21755336cc..bc90d4a04ed 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -408,10 +408,6 @@ function gitops_kmodel() {
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64"
 
   sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
-  # Conditionally include sm_storage_port for minio
-  if [[ "${MAS_AIBROKER_STORAGE_PROVIDER}" == "minio" ]]; then
-  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_port"
-  fi
 
     # finally push them into the git repo
     # ---------------------------------------------------------------------------
diff --git a/image/cli/mascli/functions/gitops_minio b/image/cli/mascli/functions/gitops_minio
deleted file mode 100644
index 2b133ee9168..00000000000
--- a/image/cli/mascli/functions/gitops_minio
+++ /dev/null
@@ -1,386 +0,0 @@
-#!/usr/bin/env bash
-
-function gitops_minio_help() {
-  [[ -n "$1" ]] && echo_warning "$1"
-  reset_colors
-  cat << EOM
-
-
-Usage:
-  mas gitops-minio [options]
-Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
-When no options are specified on the command line, interactive-mode will be enabled by default.
-
-GitOps Configuration:
-  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}         Directory for GitOps repository
-  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}          Account name that the cluster belongs to
-  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}          Cluster ID
-
-Secrets Manager:
-      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                            Secrets Manager path
-      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                          Secrets Manager key seperator string
-
-minio Provider Selection / Version:
-      --minio_namespace ${COLOR_YELLOW}MINIO_NAMESPACE${TEXT_RESET}                                      The minio namespace to install
-      --minio_instance_name ${COLOR_YELLOW}MINIO_INSTANCE_NAME${TEXT_RESET}                              The minio instance name
-      --minio_root_user ${COLOR_YELLOW}MINIO_ROOT_USER${TEXT_RESET}                                      The minio user name
-      --minio_storage_class ${COLOR_YELLOW}MINIO_STORAGE_CLASS${TEXT_RESET}                              The minio storage class
-      --minio_storage_size ${COLOR_YELLOW}MINIO_STORAGE_SIZE${TEXT_RESET}                                The minio storage size
-      --minio_image ${COLOR_YELLOW}MINIO_IMAGE${TEXT_RESET}                                              The minio image name
-      --minio_access_key=${COLOR_YELLOW}MINIO_ACCESS_KEY${TEXT_RESET}                                    The access key for MinIO, used as the username
-      --minio_secret_key=${COLOR_YELLOW}MINIO_SECRET_KEY${TEXT_RESET}                                    The secret key for MinIO, used as the password
-      --minio_host=${COLOR_YELLOW}MINIO_HOST${TEXT_RESET}                                                The hostname or service URL where MinIO is reachable
-      --minio_port=${COLOR_YELLOW}MINIO_PORT${TEXT_RESET}                                                The port number on which MinIO is exposed
-      --aibroker_instance_id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                            The AI Broker instance ID
-      --mas-aibroker-storage-provider ${TEXT_RESET}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}            The storage provider for AI Broker (e.g., minio, aws)  
-      
-Automatic GitHub Push (Optional):
-  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
-  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
-  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}          Github org for your GitOps repository
-  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
-  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}             Git ssh key path
-  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
-  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
-
-Other Commands:
-      -h, --help                                                                                           Show this help message
-EOM
-  [[ -n "$1" ]] && exit 1 || exit 0
-}
-
-
-function gitops_minio_noninteractive() {
-  GITOPS_WORKING_DIR=$PWD/working-dir  
-  SECRETS_KEY_SEPERATOR="/"
-  GIT_COMMIT_MSG="gitops-minio commit"
-  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
-
-  #adding default values 
-  export MINIO_NAMESPACE=${MINIO_NAMESPACE:-"minio"}
-  export MINIO_INSTANCE_NAME=${MINIO_INSTANCE_NAME:-"minio"}
-  export MINIO_STORAGE_SIZE=${MINIO_STORAGE_SIZE:-"40Gi"}
-  export MINIO_IMAGE=${MINIO_IMAGE:-"quay.io/minio/minio:latest"}
-  export MINIO_PORT=${MINIO_PORT:-"9000"}
-  export MINIO_HOST=${MINIO_HOST:-"minio-service.minio.svc.cluster.local"}
-  export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}
-  
-  while [[ $# -gt 0 ]]
-  do
-    key="$1"
-    shift
-    case $key in
-      # GitOps Configuration
-      -d|--dir)
-        export GITOPS_WORKING_DIR=$1 && shift
-        ;;
-      -a|--account-id)
-        export ACCOUNT_ID=$1 && shift
-        ;;
-      -c|--cluster-id)
-        export CLUSTER_ID=$1 && shift
-        ;;
-
-      # AWS Secrets Manager Configuration
-      --sm-aws-secret-region)
-        export SM_AWS_REGION=$1
-        export REGION_ID=$1
-        shift
-        ;;
-      --sm-aws-access-key)
-        export SM_AWS_ACCESS_KEY_ID=$1 && shift
-        ;;
-      --sm-aws-secret-key)
-        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
-        ;;
-      --secrets-path)
-        export SECRETS_PATH=$1 && shift
-        ;;
-
-      # minio Provider Selection
-      --minio_namespace)
-        export MINIO_NAMESPACE=$1 && shift
-        ;;
-      --minio_instance_name)
-        export MINIO_INSTANCE_NAME=$1 && shift
-        ;;
-      --minio_storage_class)
-        export MINIO_STORAGE_CLASS=$1 && shift
-        ;;
-      --minio_storage_size)
-        export MINIO_STORAGE_SIZE=$1 && shift
-        ;;
-      --minio_image)
-        export MINIO_IMAGE=$1 && shift
-        ;;
-      --minio_host)
-          export MINIO_HOST=$1 && shift
-          ;;
-      --minio_port)
-          export MINIO_PORT=$1 && shift
-          ;;
-      --mas-aibroker-storage-provider)
-          export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
-        ;;
-      --aibroker_instance_id)
-          export AIBROKER_INSTANCE_ID=$1 && shift
-          ;;
-
-      # Automatic GitHub Push
-      -P|--github-push)
-        export GITHUB_PUSH=true
-        ;;
-      -H|--github-host)
-        export GITHUB_HOST=$1 && shift
-        ;;
-      -O|--github-org)
-        export GITHUB_ORG=$1 && shift
-        ;;
-      -R|--github-repo)
-        export GITHUB_REPO=$1 && shift
-        ;;
-      -S|--github-ssh)
-        export GIT_SSH=$1 && shift
-        ;;
-      -B|--git-branch)
-        export GIT_BRANCH=$1 && shift
-        ;;
-      -M|--git-commit-msg)
-        export GIT_COMMIT_MSG=$1 && shift
-        ;;
-
-      # Other Commands
-      -h|--help)
-        gitops_minio_help
-        ;;
-      *)
-        # unknown option
-        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
-        gitops_minio_help  "Usage Error: Unsupported option \"${key}\" "
-        exit 1
-        ;;
-      esac
-  done
-
-
-  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_minio_help "GITOPS_WORKING_DIR is not set"
-  [[ -z "$ACCOUNT_ID" ]] && gitops_minio_help "ACCOUNT_ID is not set"
-  [[ -z "$CLUSTER_ID" ]] && gitops_minio_help "CLUSTER_ID is not set"
-  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_minio_help "REGION_ID or SM_AWS_REGION is not set"
-
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    [[ -z "$GITHUB_HOST" ]] && gitops_minio_help "GITHUB_HOST is not set"
-    [[ -z "$GITHUB_ORG" ]] && gitops_minio_help "GITHUB_ORG is not set"
-    [[ -z "$GITHUB_REPO" ]] && gitops_minio_help "GITHUB_REPO is not set"
-    [[ -z "$GIT_BRANCH" ]] && gitops_minio_help "GIT_BRANCH is not set"
-  fi
-
-  [[ -z "$MINIO_STORAGE_CLASS" ]] && gitops_minio_help "MINIO_STORAGE_CLASS is not set. Please specify the Kubernetes storage class using --minio_storage_class."
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_minio_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
-}
-
-function gitops_minio() {
-  # Take the first parameter off (it will be create-gitops)
-  shift
-  if [[ $# -gt 0 ]]; then
-    gitops_minio_noninteractive "$@"
-  else
-    echo "Not supported yet"
-    exit 1
-    gitops_minio_interactive
-  fi
-
-  # catch errors
-  set -o pipefail
-  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
-
-  mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}
-
-  echo
-  reset_colors
-  echo_h2 "Review Settings"
-
-  echo "${TEXT_DIM}"
-  echo_h2 "Target" "    "
-  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
-  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
-  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
-  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  echo_h2 "AWS Secrets Manager" "    "
-  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
-  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
-  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
-  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled"
-    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-    echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}"
-    echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}"
-    echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}"
-    echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}"
-  else
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled"
-    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-  fi
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  echo_h2 "minio" "    "
-  echo_reset_dim "MinIO Namespace (minio_namespace)  .................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
-  echo_reset_dim "MinIO Instance Name (minio_instance_name)  ............ ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
-  echo_reset_dim "MinIO Storage Class (minio_storage_class)  ............ ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
-  echo_reset_dim "MinIO Storage Size (minio_storage_size)  .............. ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
-  echo_reset_dim "MinIO Image (minio_image)  ............................ ${COLOR_MAGENTA}${MINIO_IMAGE}"
-  echo_reset_dim "AiBroker (AIBROKER_INSTANCE_ID)  ...................... ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-  # Storage variables
-  echo_reset_dim "MAS AI Broker Storage Provider ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
-  reset_colors
-
-  # Set up secrets
-  # ---------------------------------------------------------------------------
-  CURRENT_DIR=$PWD
-
-  AVP_TYPE=aws  # Support for IBM will be added later
-  sm_login
-
-  if [ ! -z "$MINIO_NAMESPACE" ]; then
-
-    #minio provider role specific env variables
-
-    export SECRET_NAME_STORAGE_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage
-    echo_reset_dim "SECRET_NAME_STORAGE_AUTH ................ ${COLOR_MAGENTA}$SECRET_NAME_STORAGE_AUTH"
-    export SECRET_KEY_STORAGE_USER=${SECRET_NAME_STORAGE_AUTH}#sm_storage_user
-    export SECRET_KEY_STORAGE_PASSWORD=${SECRET_NAME_STORAGE_AUTH}#sm_storage_password
-    
-    # Create a secret in SM containing the username/password for this specific minio instance.
-    export MINIO_SECRET_FILE=$GITOPS_WORKING_DIR/minio-secret.json
-    sm_get_secret_file ${SECRET_NAME_STORAGE_AUTH} $MINIO_SECRET_FILE
-    
-    if [ -z "$MINIO_ROOT_PASSWORD" ]; then
-
-      export MINIO_ROOT_USER=${MINIO_ROOT_USER:-"minio"}
-       # Extract and export sm_storage_accesskey
-      TEMP_STORAGE_USER=$(jq -r .sm_storage_user $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_STORAGE_USER} && ${TEMP_STORAGE_USER} != "null" ]]; then
-        export MINIO_ROOT_USER=${TEMP_STORAGE_USER}
-        echo_reset_dim "MINIO_ROOT_USER .............................. ${COLOR_MAGENTA}${MINIO_ROOT_USER} is available in the secret, using that value"
-      fi
-
-      export MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
-      # Extract and export sm_storage_accesskey
-      TEMP_STORAGE_ACCESSKEY=$(jq -r .sm_storage_accesskey $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_STORAGE_ACCESSKEY} && ${TEMP_STORAGE_ACCESSKEY} != "null" ]]; then
-        export MINIO_ACCESS_KEY=${TEMP_STORAGE_ACCESSKEY}
-        echo_reset_dim "MINIO_ACCESS_KEY .............................. ${COLOR_MAGENTA}${MINIO_ACCESS_KEY:0:8}<snip> is available in the secret, using that value"
-      fi
-      
-      export MINIO_PORT=${MINIO_PORT:-"9000"}
-      # Extract and export sm_storage_port
-      TEMP_STORAGE_PORT=$(jq -r .sm_storage_port $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_STORAGE_PORT} && ${TEMP_STORAGE_PORT} != "null" ]]; then
-        export MINIO_PORT=${TEMP_STORAGE_PORT}
-        echo_reset_dim "MINIO_PORT .................................... ${COLOR_MAGENTA}${MINIO_PORT} is available in the secret, using that value"
-      fi
-      
-      export MINIO_HOST=${MINIO_HOST:-"minio-service.minio.svc.cluster.local"}
-      # Extract and export sm_storage_host
-      TEMP_STORAGE_HOST=$(jq -r .sm_storage_host $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_STORAGE_HOST} && ${TEMP_STORAGE_HOST} != "null" ]]; then
-        export MINIO_HOST=${TEMP_STORAGE_HOST}
-        echo_reset_dim "MINIO_HOST .................................... ${COLOR_MAGENTA}${MINIO_HOST} is available in the secret, using that value"
-      fi
-
-      export MINIO_ROOT_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20`
-      TEMP_STORAGE_PASSWORD=$(jq -r .sm_storage_password $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_STORAGE_PASSWORD} && ${TEMP_STORAGE_PASSWORD} != "null" ]]; then
-        export MINIO_ROOT_PASSWORD=${TEMP_STORAGE_PASSWORD}
-        echo_reset_dim "MINIO_ROOT_PASSWORD ........................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip> is available in the secret, using that value"
-      fi
-
-      export MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
-      # Extract and export sm_storage_secretkey
-      TEMP_STORAGE_SECRETKEY=$(jq -r .sm_storage_secretkey $MINIO_SECRET_FILE)
-      if [[ -n ${TEMP_STORAGE_SECRETKEY} && ${TEMP_STORAGE_SECRETKEY} != "null" ]]; then
-        export MINIO_SECRET_KEY=${TEMP_STORAGE_SECRETKEY}
-        echo_reset_dim "MINIO_SECRET_KEY .............................. ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:8}<snip> is available in the secret, using that value"
-      fi
-
-      echo_reset_dim "MINIO_ROOT_PASSWORD ............................. ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:8}<snip>"
-      
-      # Conditionally update minio related secrets for minio
-      if [[ "${MAS_AIBROKER_STORAGE_PROVIDER}" == "minio" ]]; then
-
-        TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_minio\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
-        #SREMAT : remove those buckets name if no longer needed
-        MINIO_BUCKET_FIELDS="\"sm_storage_bucket_templates\": \"km-templates\", \
-        \"sm_storage_bucket_tenants\": \"km-tenants\", \
-        \"sm_storage_bucket_pipelines\": \"km-pipelineset\", \
-        \"sm_storage_bucket_default\": \"miniobucket1\""
-        sm_update_secret $SECRET_NAME_STORAGE_AUTH "{ \"sm_storage_user\": \"$MINIO_ROOT_USER\", \"sm_storage_password\": \"$MINIO_ROOT_PASSWORD\", \"sm_storage_accesskey\": \"$MINIO_ROOT_USER\", \"sm_storage_secretkey\": \"$MINIO_ROOT_PASSWORD\", \"sm_storage_port\": \"$MINIO_PORT\", \"sm_storage_host\": \"$MINIO_HOST\", $MINIO_BUCKET_FIELDS }" "${TAGS}"
-      
-      fi
-
-    fi
-    
-    echo_reset_dim "minio_namespace ....................... ${COLOR_MAGENTA}${MINIO_NAMESPACE}"
-    echo_reset_dim "minio_instance_name ................... ${COLOR_MAGENTA}${MINIO_INSTANCE_NAME}"
-    echo_reset_dim "minio_storage_class ................... ${COLOR_MAGENTA}${MINIO_STORAGE_CLASS}"
-    echo_reset_dim "minio_storage_size .................... ${COLOR_MAGENTA}${MINIO_STORAGE_SIZE}"
-    echo_reset_dim "minio_image ........................... ${COLOR_MAGENTA}${MINIO_IMAGE}"
-    echo_reset_dim "minio_root_user ....................... ${COLOR_MAGENTA}${MINIO_ROOT_USER}"
-    echo_reset_dim "minio_root_password ................... ${COLOR_MAGENTA}${MINIO_ROOT_PASSWORD:0:4}<snip>"
-    echo_reset_dim "minio_access_key ...................... ${COLOR_MAGENTA}${MINIO_ACCESS_KEY}"
-    echo_reset_dim "minio_secret_key ...................... ${COLOR_MAGENTA}${MINIO_SECRET_KEY:0:4}<snip>"
-    echo_reset_dim "minio_port ............................ ${COLOR_MAGENTA}${MINIO_PORT}"
-    echo_reset_dim "minio_host ............................ ${COLOR_MAGENTA}${MINIO_HOST}"
-    echo_reset_dim "aibroker_instance_id .................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-    if [ -z $GIT_SSH ]; then
-      export GIT_SSH=false
-    fi
-
-    # Clone github target repo
-    # ---------------------------------------------------------------------------
-    if [ "$GITHUB_PUSH" == "true" ]; then
-      echo
-      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
-    fi
-    
-    # Create cluster directory to clone the repo into
-    # ---------------------------------------------------------------------------
-    GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
-    mkdir -p ${GITOPS_CLUSTER_DIR}
-
-    # Generate ArgoApps
-    # ---------------------------------------------------------------------------
-    echo
-    echo_h2 "Generating minio operator Applications"
-    echo "- minio operator"
-
-    echo "Generating minio file ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml"
-    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-minio.yaml
-
-    # Commit and push to github target repo
-    # ---------------------------------------------------------------------------
-    if [ "$GITHUB_PUSH" == "true" ]; then
-      echo
-      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
-      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
-    fi
-
-    rm -rf $MINIO_SECRET_FILE
-    rm -rf $GITOPS_WORKING_DIR
-
-  fi
-  exit 0
-}
\ No newline at end of file
diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index 1b06da4e378..efb5dc4d0f0 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -98,7 +98,6 @@ mkdir -p $CONFIG_DIR
 . $CLI_DIR/functions/gitops_deprovision_db2u_database
 . $CLI_DIR/functions/gitops_nvidia_gpu
 . $CLI_DIR/functions/gitops_deprovision_db2u
-. $CLI_DIR/functions/gitops_minio
 . $CLI_DIR/functions/gitops_odh
 . $CLI_DIR/functions/gitops_aiservice
 . $CLI_DIR/functions/gitops_aiservice_tenant
@@ -845,14 +844,6 @@ case $1 in
     gitops
     ;;
 
-  gitops-minio)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite Minio Manager (v${VERSION})${TEXT_RESET}"
-    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
-    echo
-    reset_colors
-    gitops_minio "$@"
-    ;;
-
   gitops-kmodel)
     echo "${TEXT_UNDERLINE}IBM Maximo Application Suite kmodel Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
@@ -862,7 +853,7 @@ case $1 in
     ;;
 
   gitops-aibroker)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite Minio Manager (v${VERSION})${TEXT_RESET}"
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
     reset_colors
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
index 47de21d1e5d..b7ece1f502d 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
@@ -37,7 +37,7 @@ ibm_aibroker_tenant:
   mas_aibroker_watsonxai_project_id: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_WATSONXAI_PROJECT_ID }}>"
   mas_aibroker_watsonxai_apikey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_WATSONXAI_APIKEY }}>"
 
-  # minio
+  # storage
   mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_HOST }}>"
   mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_PORT }}>"
   mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
index a65a5473bea..20aedbc6e62 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
@@ -9,7 +9,7 @@ ibm_aibroker:
   mas_aibroker_storage_provider: "{{ MAS_AIBROKER_STORAGE_PROVIDER }}"
   mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
   mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
-  mas_aibroker_minio_secret: "{{ MAS_AIBROKER_MINIO_SECRET }}"
+  mas_aibroker_storage_secret: "{{ MAS_AIBROKER_STORAGE_SECRET }}"
 
   mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_ACCESSKEY }}>"
   mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_SECRETKEY }}>"
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
deleted file mode 100644
index c6e65e41215..00000000000
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-minio.yaml.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
-
-ibm_minio:
-{% if MAS_AIBROKER_STORAGE_PROVIDER is defined and MAS_AIBROKER_STORAGE_PROVIDER == 'minio' %}
-  minio_namespace: "{{ MINIO_NAMESPACE }}"
-  minio_instance_name: "{{ MINIO_INSTANCE_NAME }}"
-  minio_root_user: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_USER }}>"
-  minio_root_password: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_PASSWORD }}>"
-  minio_storage_class: "{{ MINIO_STORAGE_CLASS }}"
-  minio_storage_size: "{{ MINIO_STORAGE_SIZE }}"
-  minio_image: "{{ MINIO_IMAGE }}"
-{% endif %}
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
index 0cf0a58176f..c84f67d2327 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
@@ -37,7 +37,7 @@ spec:
       type: string
     - name: mas_aibroker_storage_provider
       type: string
-    - name: mas_aibroker_minio_secret
+    - name: mas_aibroker_storage_secret
       type: string
     - name: mas_aibroker_storage_host
       type: string
@@ -73,19 +73,6 @@ spec:
       type: string
     - name: is_external_route
       type: string
-    # MINIO-specific
-    - name: minio_namespace
-      type: string
-    - name: minio_instance_name
-      type: string
-    - name: minio_root_user
-      type: string
-    - name: minio_storage_class
-      type: string
-    - name: minio_storage_size
-      type: string
-    - name: minio_image
-      type: string
 
     # ODH-specific
     - name: odh_channel
@@ -139,64 +126,12 @@ spec:
     - name: configs
 
   tasks:
-    # 1.gitops-minio  
-    - name: gitops-minio
-      taskRef:
-        name: gitops-minio
-      workspaces:
-        - name: configs
-          workspace: configs
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: cluster_id
-          value: $(params.cluster_id)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: minio_namespace
-          value: $(params.minio_namespace)
-        - name: minio_instance_name
-          value: $(params.minio_instance_name)
-        - name: minio_root_user
-          value: $(params.minio_root_user)
-        - name: minio_storage_class
-          value: $(params.minio_storage_class)
-        - name: minio_storage_size
-          value: $(params.minio_storage_size)
-        - name: minio_image
-          value: $(params.minio_image)
-        - name: aibroker_instance_id
-          value: $(params.aibroker_instance_id)
-        - name: mas_aibroker_storage_provider
-          value: $(params.mas_aibroker_storage_provider)
-
-      #when:
-      #  - input: "$(params.mas_aibroker_storage_provider)"
-      #    operator: in
-      #    values: ["minio"]
 
     # 2.gitops-odh
     # -------------------------------------------------------------------------
-
     - name: gitops-odh
       taskRef:
         name: gitops-odh
-      runAfter:
-        - gitops-minio
       workspaces:
         - name: configs
           workspace: configs
@@ -277,8 +212,8 @@ spec:
           value: $(params.pull_secret_name)
         - name: mas_aibroker_storage_provider
           value: $(params.mas_aibroker_storage_provider)
-        - name: mas_aibroker_minio_secret
-          value: $(params.mas_aibroker_minio_secret)
+        - name: mas_aibroker_storage_secret
+          value: $(params.mas_aibroker_storage_secret)
         - name: mas_aibroker_storage_host
           value: $(params.mas_aibroker_storage_host)
         - name: mas_aibroker_storage_port
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
index 037d031b651..a0f6af9af47 100644
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
@@ -34,7 +34,7 @@ spec:
       type: string
     - name: mas_aibroker_storage_provider
       type: string
-    - name: mas_aibroker_minio_secret
+    - name: mas_aibroker_storage_secret
       type: string
     - name: mas_aibroker_storage_host
       type: string
@@ -110,8 +110,8 @@ spec:
         value: $(params.pull_secret_name)
       - name: MAS_AIBROKER_STORAGE_PROVIDER
         value: $(params.mas_aibroker_storage_provider)
-      - name: MAS_AIBROKER_MINIO_SECRET
-        value: $(params.mas_aibroker_minio_secret)
+      - name: MAS_AIBROKER_STORAGE_SECRET
+        value: $(params.mas_aibroker_storage_secret)
       - name: MAS_AIBROKER_STORAGE_HOST
         value: $(params.mas_aibroker_storage_host)
       - name: MAS_AIBROKER_STORAGE_PORT
diff --git a/tekton/src/tasks/gitops/gitops-minio.yml.j2 b/tekton/src/tasks/gitops/gitops-minio.yml.j2
deleted file mode 100644
index d56f5fb76cb..00000000000
--- a/tekton/src/tasks/gitops/gitops-minio.yml.j2
+++ /dev/null
@@ -1,116 +0,0 @@
----
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  name: gitops-minio
-spec:
-  params: 
-    - name: cluster_name
-      type: string
-    - name: account
-      type: string
-    - name: aibroker_instance_id
-      type: string
-    - name: cluster_id
-      type: string
-    - name: cluster_url
-      type: string
-      default: ""
-    - name: secrets_path
-      type: string
-    - name: avp_aws_secret_region
-      type: string
-    - name: git_branch
-      type: string
-    - name: github_org
-      type: string
-    - name: github_repo
-      type: string
-    - name: github_host
-      type: string
-    - name: minio_namespace
-      type: string
-      default: minio
-    - name: minio_instance_name
-      type: string
-      default: minio
-    - name: minio_root_user
-      type: string
-    - name: minio_storage_class
-      type: string
-      default: nfs-client
-    - name: minio_storage_size
-      type: string
-      default: 40Gi
-    - name: minio_image
-      type: string
-      default: quay.io/minio/minio:latest
-    - name: mas_aibroker_storage_provider
-      type: string
-  stepTemplate:
-    name: gitops-minio
-    env:
-      - name: CLUSTER_NAME
-        value: $(params.cluster_name)
-      - name: ACCOUNT
-        value: $(params.account)
-      - name: AIBROKER_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
-      - name: CLUSTER_URL
-        value: $(params.cluster_url)
-      - name: SECRET_PATH
-        value: $(params.secrets_path)
-      - name: SM_AWS_REGION
-        value: $(params.avp_aws_secret_region)
-      - name: GIT_BRANCH
-        value: $(params.git_branch)
-      - name: GITHUB_ORG
-        value: $(params.github_org)
-      - name: GITHUB_HOST
-        value: $(params.github_host)
-      - name: GITHUB_REPO
-        value: $(params.github_repo)
-      - name: MINIO_NAMESPACE
-        value: $(params.minio_namespace)
-      - name: MINIO_INSTANCE_NAME
-        value: $(params.minio_instance_name)
-      - name: MINIO_ROOT_USER
-        value: $(params.minio_root_user)
-      - name: MINIO_STORAGE_CLASS
-        value: $(params.minio_storage_class)
-      - name: MINIO_STORAGE_SIZE
-        value: $(params.minio_storage_size)
-      - name: MINIO_IMAGE
-        value: $(params.minio_image)
-    envFrom:
-      - configMapRef:
-          name: environment-properties
-          optional: true
-      - secretRef:
-          name: secure-properties
-  steps:
-    - args:
-      - |-
-        git config --global user.name "MAS Automation"
-        git config --global user.email "you@example.com"
-        git config --global user.password $GITHUB_PAT
-
-        mkdir -p /tmp/init-minio
-        mas gitops-minio -a $ACCOUNT -c $CLUSTER_NAME \
-        --secrets-path $SECRET_PATH \
-        --dir /tmp/init-minio \
-        --github-push \
-        --github-host $GITHUB_HOST \
-        --github-org  $GITHUB_ORG \
-        --github-repo $GITHUB_REPO \
-        --git-branch $GIT_BRANCH
-
-        exit $?
-      command:
-        - /bin/sh
-        - -c
-      name: gitops-minio
-      imagePullPolicy: IfNotPresent
-      image: quay.io/ibmmas/cli:latest
-  workspaces:
-    - name: configs

From da0295bb4f8a241c944731c638e67239fd767865 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 18 Jul 2025 11:25:53 +0530
Subject: [PATCH 152/258] cherry-pick 90aa73d9f2 conflict

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index e6967a16a57..5ea68deaec4 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-17T12:28:07Z",
+  "generated_at": "2025-07-18T05:55:22Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From 45ea6b772bb0528f0594a69637acd944aa5092a6 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 21 Jul 2025 18:32:06 +0530
Subject: [PATCH 153/258] replaced dro to droai

---
 .secrets.baseline                                 | 2 +-
 image/cli/mascli/functions/gitops_aibroker        | 8 ++++----
 image/cli/mascli/functions/gitops_aibroker_tenant | 6 +++---
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 5ea68deaec4..9c46129bfe0 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-18T05:55:22Z",
+  "generated_at": "2025-07-18T10:18:32Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 78039aaca0f..7cb19e398ca 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -383,10 +383,10 @@ function gitops_aibroker() {
   #sls
   export SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
   #dro
-  export DROCFG_CA=${SECRETS_PREFIX}dro#drocfg_ca
-  export DROCFG_TENANT=${SECRETS_PREFIX}dro#drocfg_ca_tenant
-  export DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}dro#drocfg_registration_key
-  export DROCFG_URL=${SECRETS_PREFIX}dro#drocfg_url
+  export DROCFG_CA=${SECRETS_PREFIX}droai#drocfg_ca
+  export DROCFG_TENANT=${SECRETS_PREFIX}droai#drocfg_ca_tenant
+  export DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}droai#drocfg_registration_key
+  export DROCFG_URL=${SECRETS_PREFIX}droai#drocfg_url
   #jdbc
   export JDBCCFG_USERNAME=${SECRETS_PREFIX}jdbc#jdbccfg_username
   export JDBCCFG_PASSWORD=${SECRETS_PREFIX}jdbc#jdbccfg_password
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 8f351808c66..162d1cfae81 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -399,8 +399,8 @@ function gitops_aibroker_tenant() {
   export SECRET_KEY_IBM_ENTITLEMENT=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
   # dro
   export SECRET_KEY_ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
-  export SECRET_KEY_DROCFG_CA=${SECRETS_PREFIX}dro#drocfg_ca_tenant
-  export SECRET_KEY_DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}dro#drocfg_registration_key
+  export SECRET_KEY_DROCFG_CA=${SECRETS_PREFIX}droai#drocfg_ca_tenant
+  export SECRET_KEY_DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}droai#drocfg_registration_key
 
   # sls
   export SECRET_KEY_SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
@@ -431,7 +431,7 @@ function gitops_aibroker_tenant() {
   sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey"
 
   sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token"
-  
+
   sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id"
   
   # finally push them into the git repo

From b845dda535c0e5fd871f33133d5e4f285c0a1760 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 22 Jul 2025 10:58:07 +0530
Subject: [PATCH 154/258] Update .secrets.baseline

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 9c46129bfe0..7396c370c32 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-18T10:18:32Z",
+  "generated_at": "2025-07-22T05:14:11Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From 8bd857cf4bd45ad9624ec1783cc6ee5bd75429b8 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 22 Jul 2025 12:27:35 +0530
Subject: [PATCH 155/258] replaced dro with droai

---
 image/cli/mascli/functions/gitops_aibroker        | 2 +-
 image/cli/mascli/functions/gitops_aibroker_tenant | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
index 7cb19e398ca..7d3183271a8 100644
--- a/image/cli/mascli/functions/gitops_aibroker
+++ b/image/cli/mascli/functions/gitops_aibroker
@@ -398,7 +398,7 @@ function gitops_aibroker() {
   export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
 
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
-  sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_ca_tenant"
+  sm_verify_secret_exists ${SECRETS_PREFIX}droai "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_ca_tenant"
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
   sm_verify_secret_exists ${SECRETS_PREFIX}jdbc "jdbccfg_username,jdbccfg_password,jdbccfg_url,jdbccfg_sslenabled,jdbccfg_ca"
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
index 162d1cfae81..bda0b4c6c1c 100644
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_aibroker_tenant
@@ -424,7 +424,7 @@ function gitops_aibroker_tenant() {
 
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
  
-  sm_verify_secret_exists ${SECRETS_PREFIX}dro "drocfg_ca,drocfg_registration_key"
+  sm_verify_secret_exists ${SECRETS_PREFIX}droai "drocfg_ca,drocfg_registration_key"
 
   sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_tenant"
  

From b15c550322ad38ac5d419d48d95485c63d5a6d1f Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <drashti.malviya1207@gmail.com>
Date: Wed, 23 Jul 2025 19:17:32 +0530
Subject: [PATCH 156/258] cherry-pick 5e509f0df3 conflict

---
 .secrets.baseline                             |  20 +-
 .../functions/gitops_deprovision_aibroker     | 257 +++++++++++++++++
 .../gitops_deprovision_aibroker_tenant        | 268 ++++++++++++++++++
 .../functions/gitops_deprovision_kmodel       | 253 +++++++++++++++++
 .../mascli/functions/gitops_deprovision_odh   | 118 ++------
 image/cli/mascli/mas                          |  37 ++-
 .../deprovision-mas-aibroker-tenant.yml.j2    |  69 +++++
 .../gitops/deprovision-mas-aibroker.yml.j2    |  65 +++++
 tekton/src/tasks/aiservice/minio.yml.j2       |   2 +-
 .../gitops-deprovision-aibroker-tenant.yml.j2 |  89 ++++++
 .../gitops/gitops-deprovision-aibroker.yml.j2 |  85 ++++++
 .../gitops/gitops-deprovision-kmodel.yml.j2   |  90 ++++++
 .../gitops/gitops-deprovision-odh.yml.j2      |  11 +-
 13 files changed, 1253 insertions(+), 111 deletions(-)
 create mode 100644 image/cli/mascli/functions/gitops_deprovision_aibroker
 create mode 100644 image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
 create mode 100644 image/cli/mascli/functions/gitops_deprovision_kmodel
 create mode 100644 tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
 create mode 100644 tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
 create mode 100644 tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
 create mode 100644 tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
 create mode 100644 tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2

diff --git a/.secrets.baseline b/.secrets.baseline
index 7396c370c32..7113dfced1a 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-22T05:14:11Z",
+  "generated_at": "2025-07-23T13:43:58Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -313,22 +313,22 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/functions/gitops_deprovision_aiservice": [
+    "image/cli/mascli/functions/gitops_deprovision_aibroker": [
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 180,
+        "line_number": 169,
         "type": "Secret Keyword",
         "verified_result": null
       }
     ],
-    "image/cli/mascli/functions/gitops_deprovision_aiservice_tenant": [
+    "image/cli/mascli/functions/gitops_deprovision_aibroker_tenant": [
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 182,
+        "line_number": 176,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -358,6 +358,16 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/functions/gitops_deprovision_kmodel": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 173,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/functions/gitops_deprovision_mongo": [
       {
         "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
diff --git a/image/cli/mascli/functions/gitops_deprovision_aibroker b/image/cli/mascli/functions/gitops_deprovision_aibroker
new file mode 100644
index 00000000000..eeb24bcd216
--- /dev/null
+++ b/image/cli/mascli/functions/gitops_deprovision_aibroker
@@ -0,0 +1,257 @@
+#!/usr/bin/env bash
+
+function gitops_deprovision_aibroker_help() {
+  [[ -n "$1" ]] && echo_warning "$1"
+  reset_colors
+  cat << EOM
+Usage:
+  mas gitops-aibroker-deprovision [options]
+Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
+When no options are specified on the command line, interactive-mode will be enabled by default.
+
+Basic Configuration:
+  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                  Directory for GitOps repository
+  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                   Account name that the cluster belongs to
+  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                   Cluster ID
+
+Secrets Manager:
+      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
+      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}  
+
+
+ibm_aibroker(required):
+  -i, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                              AI Broker instance ID  
+
+
+Automatic GitHub Push (Optional):
+  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}                                                  Enable automatic push to GitHub
+  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}                                                  GitHub Hostname for your GitOps repository
+  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}                                                    Github org for your GitOps repository
+  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}                                                  Github repo for your GitOps repository
+  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}                                                       Git ssh key path
+  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}                                                    Git branch to commit to of your GitOps repository
+  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}                                            Git commit message to use when committing to of your GitOps repository
+
+Other Commands:
+  -h, --help                                      Show this help message
+EOM
+  [[ -n "$1" ]] && exit 1 || exit 0
+}
+
+function gitops_deprovision_aibroker_noninteractive() {
+  GITOPS_WORKING_DIR=$PWD/working-dir
+  SECRETS_KEY_SEPERATOR="/"
+  GIT_COMMIT_MSG="gitops-aibroker-deprovision commit"
+
+  # adding default values 
+  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
+
+  while [[ $# -gt 0 ]]
+  do
+    key="$1"
+    shift
+    case $key in
+      # GitOps Configuration
+      -d|--dir)
+        export GITOPS_WORKING_DIR=$1 && shift
+        ;;
+      -a|--account-id)
+        export ACCOUNT_ID=$1 && shift
+        ;;
+      -c|--cluster-id)
+        export CLUSTER_ID=$1 && shift
+        ;;
+      --aibroker-instance-id)
+        export AIBROKER_INSTANCE_ID=$1 && shift
+        ;;
+      # AWS Secrets Manager Configuration
+      --sm-aws-secret-region)
+        export SM_AWS_REGION=$1
+        export REGION_ID=$1
+        shift
+        ;;
+      --sm-aws-access-key)
+        export SM_AWS_ACCESS_KEY_ID=$1 && shift
+        ;;
+      --sm-aws-secret-key)
+        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
+        ;;
+      --secrets-path)
+        export SECRETS_PATH=$1 && shift
+        ;;
+      # Automatic GitHub Push
+      -P|--github-push)
+        export GITHUB_PUSH=true
+        ;;
+      -H|--github-host)
+        export GITHUB_HOST=$1 && shift
+        ;;
+      -O|--github-org)
+        export GITHUB_ORG=$1 && shift
+        ;;
+      -R|--github-repo)
+        export GITHUB_REPO=$1 && shift
+        ;;
+      -B|--git-branch)
+        export GIT_BRANCH=$1 && shift
+        ;;
+      -M|--git-commit-msg)
+        export GIT_COMMIT_MSG=$1 && shift
+        ;;
+
+      # Other Commands
+      -h|--help)
+        gitops_deprovision_aibroker_help
+        ;;
+      *)
+        # unknown option
+        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
+        gitops_deprovision_aibroker_help  "Usage Error: Unsupported option \"${key}\" "
+        exit 1
+        ;;
+      esac
+  done
+
+  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_deprovision_aibroker_help "GITOPS_WORKING_DIR is not set"
+  [[ -z "$ACCOUNT_ID" ]] && gitops_deprovision_aibroker_help "ACCOUNT_ID is not set"
+  [[ -z "$CLUSTER_ID" ]] && gitops_deprovision_aibroker_help "CLUSTER_ID is not set"
+  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_deprovision_aibroker_help "REGION_ID or SM_AWS_REGION is not set"
+
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    [[ -z "$GITHUB_HOST" ]] && gitops_deprovision_aibroker_help "GITHUB_HOST is not set"
+    [[ -z "$GITHUB_ORG" ]] && gitops_deprovision_aibroker_help "GITHUB_ORG is not set"
+    [[ -z "$GITHUB_REPO" ]] && gitops_deprovision_aibroker_help "GITHUB_REPO is not set"
+    [[ -z "$GIT_BRANCH" ]] && gitops_deprovision_aibroker_help "GIT_BRANCH is not set"
+  fi
+
+  # add validation below like above  for those variable which have the value needed for further execution
+  # -- AIBroker
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_deprovision_aibroker_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
+
+ }
+
+function gitops_deprovision_aibroker() {
+  # Take the first parameter off (it will be create-gitops)
+  shift
+  if [[ $# -gt 0 ]]; then
+    gitops_deprovision_aibroker_noninteractive "$@"
+  else
+    echo "Not supported yet"
+    exit 1
+    gitops_deprovision_aibroker_interactive
+  fi
+
+  # catch errors
+  set -o pipefail
+  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
+
+  # rm -rf $GITOPS_WORKING_DIR
+  mkdir -p ${GITOPS_WORKING_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
+
+
+  echo
+  reset_colors
+  echo_h2 "Review Settings"
+
+  echo "${TEXT_DIM}"
+  echo_h2 "Target" "    "
+  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
+  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
+  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "AWS Secrets Manager" "    "
+  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
+  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
+  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
+  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ............................. ${COLOR_GREEN}Enabled"
+    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+    echo_reset_dim "Host ....................................... ${COLOR_MAGENTA}${GITHUB_HOST}"
+    echo_reset_dim "Organization ............................... ${COLOR_MAGENTA}${GITHUB_ORG}"
+    echo_reset_dim "Repository ................................. ${COLOR_MAGENTA}${GITHUB_REPO}"
+    echo_reset_dim "Branch ..................................... ${COLOR_MAGENTA}${GIT_BRANCH}"
+  else
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ............................. ${COLOR_RED}Disabled"
+    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+  fi
+  reset_colors
+
+  # echo all the variables of gitops envs
+
+  # -- AIBroker
+  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+  
+ echo -e "login aws"
+
+ AVP_TYPE=aws  # Support for IBM will be added later
+  sm_login
+
+  SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
+
+  export SECRET_IBM_ENTITLEMENT_AUTH=${SECRETS_PREFIX}ibm_entitlement
+  export SECRET_STORAGE_AUTH=${SECRETS_PREFIX}storage
+  export SECRET_MARIADB_AUTH=${SECRETS_PREFIX}mariadb
+  export SECRET_DRO_AUTH=${SECRETS_PREFIX}dro
+  export SECRET_SLS_AUTH=${SECRETS_PREFIX}sls
+  export SECRET_JDBC_AUTH=${SECRETS_PREFIX}jdbc
+
+#   #deleting secrets from aws
+#    echo -e "Deleting ibm_entitlement secrets $SECRET_IBM_ENTITLEMENT_AUTH"
+#    sm_delete_secret $SECRET_IBM_ENTITLEMENT_AUTH
+
+#    echo -e "Deleting storage secrets $SECRET_STORAGE_AUTH"
+#    sm_delete_secret $SECRET_STORAGE_AUTH
+
+#    echo -e "Deleting watsonx secrets $SECRET_MARIADB_AUTH"
+#    sm_delete_secret $SECRET_MARIADB_AUTH
+
+#    echo -e "Deleting dro secrets $SECRET_DRO_AUTH"
+#    sm_delete_secret $SECRET_DRO_AUTH
+
+#    echo -e "Deleting jdbc secrets $SECRET_JDBC_AUTH"
+#    sm_delete_secret $SECRET_JDBC_AUTH
+
+#    echo -e "Deleting sls secrets $SECRET_SLS_AUTH"
+#    sm_delete_secret $SECRET_SLS_AUTH
+  
+
+  # finally push them into the git repo
+
+    if [ -z $GIT_SSH ]; then
+      export GIT_SSH=false
+    fi
+
+    #Clone github target repo
+    #---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+     echo
+      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+    fi
+
+
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Deleting application configuration files"
+    echo "- Deleting aibroker "
+
+   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
+      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
+    fi
+
+}
diff --git a/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant b/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
new file mode 100644
index 00000000000..50ad4b6c676
--- /dev/null
+++ b/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
@@ -0,0 +1,268 @@
+#!/usr/bin/env bash
+
+function gitops_deprovision_aibroker_tenant_help() {
+  [[ -n "$1" ]] && echo_warning "$1"
+  reset_colors
+  cat << EOM
+Usage:
+  mas gitops-aibroker-tenant-deprovision [options]
+Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
+When no options are specified on the command line, interactive-mode will be enabled by default.
+
+Basic Configuration:
+  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                  Directory for GitOps repository
+  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                   Account name that the cluster belongs to
+  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                   Cluster ID
+
+
+Secrets Manager:
+      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
+      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}  
+
+
+ibm_aibroker_tenant(required):
+      --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                               The AIBROKER instance ID used by AI Broker
+      --tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                     The tenant ID for the AI Broker instance
+
+
+Automatic GitHub Push (Optional):
+  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}                                                  Enable automatic push to GitHub
+  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}                                                  GitHub Hostname for your GitOps repository
+  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}                                                    Github org for your GitOps repository
+  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}                                                  Github repo for your GitOps repository
+  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}                                                       Git ssh key path
+  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}                                                    Git branch to commit to of your GitOps repository
+  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}                                            Git commit message to use when committing to of your GitOps repository
+
+Other Commands:
+  -h, --help                                      Show this help message
+EOM
+  [[ -n "$1" ]] && exit 1 || exit 0
+}
+
+function gitops_deprovision_aibroker_tenant_noninteractive() {
+  GITOPS_WORKING_DIR=$PWD/working-dir
+  SECRETS_KEY_SEPERATOR="/"
+  GIT_COMMIT_MSG="gitops-aibroker-tenant-deprovision commit"
+
+  # adding default values 
+  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
+
+  while [[ $# -gt 0 ]]
+  do
+    key="$1"
+    shift
+    case $key in
+      # GitOps Configuration
+      -d|--dir)
+        export GITOPS_WORKING_DIR=$1 && shift
+        ;;
+      -a|--account-id)
+        export ACCOUNT_ID=$1 && shift
+        ;;
+      -c|--cluster-id)
+        export CLUSTER_ID=$1 && shift
+        ;;
+      --aibroker-instance-id)
+        export AIBROKER_INSTANCE_ID=$1 && shift
+        ;;
+      # AWS Secrets Manager Configuration
+      --sm-aws-secret-region)
+        export SM_AWS_REGION=$1
+        export REGION_ID=$1
+        shift
+        ;;
+      --sm-aws-access-key)
+        export SM_AWS_ACCESS_KEY_ID=$1 && shift
+        ;;
+      --sm-aws-secret-key)
+        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
+        ;;
+      --secrets-path)
+        export SECRETS_PATH=$1 && shift
+        ;;  
+      --tenant-id)
+        export TENANT_ID=$1 && shift
+        ;;
+
+      # Automatic GitHub Push
+      -P|--github-push)
+        export GITHUB_PUSH=true
+        ;;
+      -H|--github-host)
+        export GITHUB_HOST=$1 && shift
+        ;;
+      -O|--github-org)
+        export GITHUB_ORG=$1 && shift
+        ;;
+      -R|--github-repo)
+        export GITHUB_REPO=$1 && shift
+        ;;
+      -B|--git-branch)
+        export GIT_BRANCH=$1 && shift
+        ;;
+      -M|--git-commit-msg)
+        export GIT_COMMIT_MSG=$1 && shift
+        ;;
+
+      # Other Commands
+      -h|--help)
+        gitops_deprovision_aibroker_tenant_help
+        ;;
+      *)
+        # unknown option
+        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
+        gitops_deprovision_aibroker_tenant_help  "Usage Error: Unsupported option \"${key}\" "
+        exit 1
+        ;;
+      esac
+  done
+
+  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_deprovision_aibroker_tenant_help "GITOPS_WORKING_DIR is not set"
+  [[ -z "$ACCOUNT_ID" ]] && gitops_deprovision_aibroker_tenant_help "ACCOUNT_ID is not set"
+  [[ -z "$CLUSTER_ID" ]] && gitops_deprovision_aibroker_tenant_help "CLUSTER_ID is not set"
+  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_deprovision_aibroker_tenant_help "REGION_ID or SM_AWS_REGION is not set"
+
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    [[ -z "$GITHUB_HOST" ]] && gitops_deprovision_aibroker_tenant_help "GITHUB_HOST is not set"
+    [[ -z "$GITHUB_ORG" ]] && gitops_deprovision_aibroker_tenant_help "GITHUB_ORG is not set"
+    [[ -z "$GITHUB_REPO" ]] && gitops_deprovision_aibroker_tenant_help "GITHUB_REPO is not set"
+    [[ -z "$GIT_BRANCH" ]] && gitops_deprovision_aibroker_tenant_help "GIT_BRANCH is not set"
+  fi
+
+  # add validation below like above  for those variable which have the value needed for further execution
+  # -- AIBroker
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_deprovision_aibroker_tenant_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
+  [[ -z "$TENANT_ID" ]] && gitops_deprovision_aibroker_tenant_help "TENANT_ID is not set. Please provide the tenant ID using --tenant-id."
+
+ }
+
+function gitops_deprovision_aibroker_tenant() {
+  # Take the first parameter off (it will be create-gitops)
+  shift
+  if [[ $# -gt 0 ]]; then
+    gitops_deprovision_aibroker_tenant_noninteractive "$@"
+  else
+    echo "Not supported yet"
+    exit 1
+    gitops_deprovision_aibroker_tenant_interactive
+  fi
+
+  # catch errors
+  set -o pipefail
+  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
+
+  # rm -rf $GITOPS_WORKING_DIR
+  mkdir -p ${GITOPS_WORKING_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}/${TENANT_ID}
+
+
+  echo
+  reset_colors
+  echo_h2 "Review Settings"
+
+  echo "${TEXT_DIM}"
+  echo_h2 "Target" "    "
+  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
+  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
+  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "AWS Secrets Manager" "    "
+  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
+  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
+  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
+  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ............................. ${COLOR_GREEN}Enabled"
+    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+    echo_reset_dim "Host ....................................... ${COLOR_MAGENTA}${GITHUB_HOST}"
+    echo_reset_dim "Organization ............................... ${COLOR_MAGENTA}${GITHUB_ORG}"
+    echo_reset_dim "Repository ................................. ${COLOR_MAGENTA}${GITHUB_REPO}"
+    echo_reset_dim "Branch ..................................... ${COLOR_MAGENTA}${GIT_BRANCH}"
+  else
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ............................. ${COLOR_RED}Disabled"
+    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+  fi
+  reset_colors
+
+  # echo all the variables of gitops envs
+
+  # -- AIBroker
+  
+  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+   
+  echo_reset_dim "tenant ID .................................... ${COLOR_MAGENTA}${TENANT_ID}"
+  
+  echo -e "login aws"
+
+ AVP_TYPE=aws  # Support for IBM will be added later
+  sm_login
+
+  SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
+
+  export SECRET_IBM_ENTITLEMENT_AUTH=${SECRETS_PREFIX}ibm_entitlement
+  export SECRET_DRO_AUTH=${SECRETS_PREFIX}dro
+  export SECRET_SLS_AUTH=${SECRETS_PREFIX}sls
+  export SECRET_WATSONX_AUTH=${SECRETS_PREFIX}watsonx
+  export SECRET_RSL_AUTH=${SECRETS_PREFIX}rsl
+  export SECRET_STORAGE_AUTH=${SECRETS_PREFIX}storage
+
+
+  #deleting secrets from aws
+  #  echo -e "Deleting ibm_entitlement secrets $SECRET_IBM_ENTITLEMENT_AUTH"
+  #  sm_delete_secret $SECRET_IBM_ENTITLEMENT_AUTH
+
+  #  echo -e "Deleting dro secrets $SECRET_DRO_AUTH"
+  #  sm_delete_secret $SECRET_DRO_AUTH
+
+  #  echo -e "Deleting sls secrets $SECRET_SLS_AUTH"
+  #  sm_delete_secret $SECRET_SLS_AUTH
+
+  #  echo -e "Deleting watsonx secrets $SECRET_WATSONX_AUTH"
+  #  sm_delete_secret $SECRET_WATSONX_AUTH
+
+  #  echo -e "Deleting rsl secrets $SECRET_RSL_AUTH"
+  #  sm_delete_secret $SECRET_RSL_AUTH
+
+  #  echo -e "Deleting storage secrets $SECRET_STORAGE_AUTH"
+  #  sm_delete_secret $SECRET_STORAGE_AUTH
+
+
+  # finally push them into the git repo
+
+    if [ -z $GIT_SSH ]; then
+      export GIT_SSH=false
+    fi
+
+    #Clone github target repo
+    #---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+     echo
+      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+    fi
+
+
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Deleting application configuration files"
+    echo "- Deleting aibroker tenant"
+
+   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant.yaml
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
+      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
+    fi
+
+}
diff --git a/image/cli/mascli/functions/gitops_deprovision_kmodel b/image/cli/mascli/functions/gitops_deprovision_kmodel
new file mode 100644
index 00000000000..e380eb51be3
--- /dev/null
+++ b/image/cli/mascli/functions/gitops_deprovision_kmodel
@@ -0,0 +1,253 @@
+#!/usr/bin/env bash
+
+function gitops_deprovision_kmodel_help() {
+  [[ -n "$1" ]] && echo_warning "$1"
+  reset_colors
+  cat << EOM
+
+
+Usage:
+  mas gitops-kmodel-deprovision [options]
+Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
+When no options are specified on the command line, interactive-mode will be enabled by default.
+
+GitOps Configuration:
+  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                 Directory for GitOps repository
+  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                  Account name that the cluster belongs to
+  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                  Cluster ID
+
+Secrets Manager:
+      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
+      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
+
+ibm_kmodel(required):
+  -i, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                              AI Broker instance ID  
+
+Automatic GitHub Push (Optional):
+  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
+  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
+  -O, --github-org  ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}         Github org for your GitOps repository
+  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
+  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
+  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
+  -S , --github-ssh  ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}           Git ssh key path
+
+Other Commands:
+  -h, --help                                      Show this help message
+EOM
+  [[ -n "$1" ]] && exit 1 || exit 0
+}
+
+
+function gitops_deprovision_kmodel_noninteractive() {
+  GITOPS_WORKING_DIR=$PWD/working-dir  
+  SECRETS_KEY_SEPERATOR="/"
+  GIT_COMMIT_MSG="gitops-kmodel-deprovision commit"
+  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
+
+  while [[ $# -gt 0 ]]
+  do
+    key="$1"
+    shift
+    case $key in
+      # GitOps Configuration
+      -d|--dir)
+        export GITOPS_WORKING_DIR=$1 && shift
+        ;;
+      -a|--account-id)
+        export ACCOUNT_ID=$1 && shift
+        ;;
+      -c|--cluster-id)
+        export CLUSTER_ID=$1 && shift
+        ;;
+
+      # AWS Secrets Manager Configuration
+      --sm-aws-secret-region)
+        export SM_AWS_REGION=$1
+        export REGION_ID=$1
+        shift
+        ;;
+      --sm-aws-access-key)
+        export SM_AWS_ACCESS_KEY_ID=$1 && shift
+        ;;
+      --sm-aws-secret-key)
+        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
+        ;;
+      --secrets-path)
+        export SECRETS_PATH=$1 && shift
+        ;;
+
+      # kmodel - all input params default + sm
+      --aibroker-instance-id)
+        export AIBROKER_INSTANCE_ID=$1 && shift
+        ;;
+
+      # Automatic GitHub Push
+      -P|--github-push)
+        export GITHUB_PUSH=true
+        ;;
+      -H|--github-host)
+        export GITHUB_HOST=$1 && shift
+        ;;
+      -O|--github-org)
+        export GITHUB_ORG=$1 && shift
+        ;;
+      -R|--github-repo)
+        export GITHUB_REPO=$1 && shift
+        ;;
+      -S|--github-ssh)
+        export GIT_SSH=$1 && shift
+        ;;
+      -B|--git-branch)
+        export GIT_BRANCH=$1 && shift
+        ;;
+      -M|--git-commit-msg)
+        export GIT_COMMIT_MSG=$1 && shift
+        ;;
+
+      # Other Commands
+      -h|--help)
+        gitops_deprovision_kmodel_help
+        ;;
+      *)
+        # unknown option
+        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
+        gitops_deprovision_kmodel_help  "Usage Error: Unsupported option \"${key}\" "
+        exit 1
+        ;;
+      esac
+  done
+
+
+  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_deprovision_kmodel_help "GITOPS_WORKING_DIR is not set"
+  [[ -z "$ACCOUNT_ID" ]] && gitops_deprovision_kmodel_help "ACCOUNT_ID is not set"
+  [[ -z "$CLUSTER_ID" ]] && gitops_deprovision_kmodel_help "CLUSTER_ID is not set"
+  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_deprovision_kmodel_help "REGION_ID or SM_AWS_REGION is not set"
+
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    [[ -z "$GITHUB_HOST" ]] && gitops_deprovision_kmodel_help "GITHUB_HOST is not set"
+    [[ -z "$GITHUB_ORG" ]] && gitops_deprovision_kmodel_help "GITHUB_ORG is not set"
+    [[ -z "$GITHUB_REPO" ]] && gitops_deprovision_kmodel_help "GITHUB_REPO is not set"
+    [[ -z "$GIT_BRANCH" ]] && gitops_deprovision_kmodel_help "GIT_BRANCH is not set"
+  fi
+
+  # add validation for those variable which have the value needed for further execution
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_deprovision_kmodel_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
+}
+
+function gitops_deprovision_kmodel() {
+  # Take the first parameter off (it will be create-gitops)
+  shift
+  if [[ $# -gt 0 ]]; then
+    gitops_deprovision_kmodel_noninteractive "$@"
+  else
+    echo "Not supported yet"
+    exit 1
+    gitops_deprovision_kmodel_interactive
+  fi
+
+  # catch errors
+  set -o pipefail
+  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
+
+  # Prepare directories
+  mkdir -p ${GITOPS_WORKING_DIR}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
+  
+  echo
+  reset_colors
+  echo_h2 "Review Settings"
+
+  echo "${TEXT_DIM}"
+  echo_h2 "Target" "    "
+  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
+  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
+  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
+  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h2 "AWS Secrets Manager" "    "
+  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
+  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
+  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
+  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  if [[ "$GITHUB_PUSH" == "true" ]]; then
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+    echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}"
+    echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}"
+    echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}"
+    echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}"
+  else
+    echo_h2 "GitOps Target" "    "
+    echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled"
+    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
+  fi
+  reset_colors
+
+  # echo all the variables of gitops envs
+  
+  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+  
+
+  echo "${TEXT_DIM}"
+  echo_h2 "Deleting kmodel"
+
+   echo -e "login aws"
+
+  AVP_TYPE=aws  # Support for IBM will be added later
+  sm_login
+
+
+  reset_colors
+
+  AVP_TYPE=aws  # Support for IBM will be added later
+  sm_login
+  
+  SECRET_NAME_AUTH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement"
+  SECRET_NAME_STORAGE_AUTH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage"
+
+  #deleting secreats from aws
+  # echo -e "Deleting ibm entitlement secrets $SECRET_NAME_AUTH"
+  #  sm_delete_secret $SECRET_NAME_AUTH
+
+  # echo -e "Deleting storage secrets $SECRET_NAME_STORAGE_AUTH"
+  #  sm_delete_secret $SECRET_NAME_STORAGE_AUTH
+
+
+    if [ -z $GIT_SSH ]; then
+      export GIT_SSH=false
+    fi
+
+    # Clone github target repo
+    # ---------------------------------------------------------------------------
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
+    fi
+
+
+    # Generate ArgoApps
+    # ---------------------------------------------------------------------------
+    echo
+    echo_h2 "Deleting application configuration files"
+    echo "- Deleting kmodel operator"
+
+   
+    echo "- Delete kmodel"
+    rm -rf ${GITOPS_CLUSTER_DIR}/ibm-kmodel.yaml
+    if [ "$GITHUB_PUSH" == "true" ]; then
+      echo
+      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
+      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
+      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
+    fi
+
+   
+}
diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index 0f7f27b598d..297493e022c 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -1,5 +1,3 @@
-#!/usr/bin/env bash
-
 function gitops_deprovision_odh_help() {
   [[ -n "$1" ]] && echo_warning "$1"
   reset_colors
@@ -15,21 +13,14 @@ GitOps Configuration:
   -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}         Directory for GitOps repository
   -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}          Account name that the cluster belongs to
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}          Cluster ID
-
-  -i, --aiservice-instance-id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET}                             AI Service instance ID  
-      --sm-aws-secret-region ${TEXT_RESET}SM_AWS_REGION${TEXT_RESET}                                         AWS Region
-      --sm-aws-access-key ${TEXT_RESET}SM_AWS_ACCESS_KEY${TEXT_RESET}                                        AWS Access key ID
-      --sm-aws-secret-key ${TEXT_RESET}SM_AWS_SECRET_ACCESS_KEY${TEXT_RESET}                                 AWS Secreat Access key ID
+  -i, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                    AI Broker instance ID  
 
 
 Secrets Manager:
       --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
       --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
 
-Target Cluster (Optional):
-      --cluster-url ${COLOR_YELLOW}CLUSTER_URL${TEXT_RESET}       Set to target a remote Kubernetes cluster (defaults to 'https://kubernetes.default.svc')
-
-     
+      
 Automatic GitHub Push (Optional):
   -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
   -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
@@ -50,8 +41,8 @@ function gitops_deprovision_odh_noninteractive() {
   SECRETS_KEY_SEPERATOR="/"
   GIT_COMMIT_MSG="gitops-deprovision-odh commit"
   export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
-  export CLUSTER_URL=${CLUSTER_URL:-"https://kubernetes.default.svc"}
 
+  
   while [[ $# -gt 0 ]]
   do
     key="$1"
@@ -68,13 +59,6 @@ function gitops_deprovision_odh_noninteractive() {
         export CLUSTER_ID=$1 && shift
         ;;
 
-      # Target Cluster (Optional)
-      --cluster-url)
-        export CLUSTER_URL=$1 && shift
-        ;;
-      --secrets-key-seperator)
-        export SECRETS_KEY_SEPERATOR=$1 && shift
-        ;;
       # AWS Secrets Manager Configuration
       --sm-aws-secret-region)
         export SM_AWS_REGION=$1
@@ -90,8 +74,8 @@ function gitops_deprovision_odh_noninteractive() {
       --secrets-path)
         export SECRETS_PATH=$1 && shift
         ;;
-      --aiservice-instance-id)
-        export AISERVICE_INSTANCE_ID=$1 && shift
+      --aibroker-instance-id)
+        export AIBROKER_INSTANCE_ID=$1 && shift
         ;;
       # Automatic GitHub Push
       -P|--github-push)
@@ -134,8 +118,6 @@ function gitops_deprovision_odh_noninteractive() {
   [[ -z "$ACCOUNT_ID" ]] && gitops_deprovision_odh_help "ACCOUNT_ID is not set"
   [[ -z "$CLUSTER_ID" ]] && gitops_deprovision_odh_help "CLUSTER_ID is not set"
   [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_deprovision_odh_help "REGION_ID or SM_AWS_REGION is not set"
-  [[ -z "$CLUSTER_URL" ]] && gitops_deprovision_odh_help "CLUSTER_URL is not set"
-
 
   if [[ "$GITHUB_PUSH" == "true" ]]; then
     [[ -z "$GITHUB_HOST" ]] && gitops_deprovision_odh_help "GITHUB_HOST is not set"
@@ -144,7 +126,7 @@ function gitops_deprovision_odh_noninteractive() {
     [[ -z "$GIT_BRANCH" ]] && gitops_deprovision_odh_help "GIT_BRANCH is not set"
   fi
 
-  [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_deprovision_odh_help "AISERVICE_INSTANCE_ID is not set. Please specify the AI Service instance ID using --aiservice_instance_id."
+  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_deprovision_odh_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
 }
 
 function gitops_deprovision_odh() {
@@ -163,7 +145,7 @@ function gitops_deprovision_odh() {
   trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
 
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AISERVICE_INSTANCE_ID}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
 
 
 
@@ -172,12 +154,10 @@ function gitops_deprovision_odh() {
   echo_h2 "Review Settings"
 
   echo "${TEXT_DIM}"
-  echo_h2 "Target" 
+  echo_h2 "Target" "    "
   echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
   echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
   echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
-  echo_reset_dim "Cluster URL .................... ${COLOR_MAGENTA}${CLUSTER_URL}"
-
   echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
   reset_colors
 
@@ -206,43 +186,39 @@ function gitops_deprovision_odh() {
   reset_colors
 
   # echo all the variables of gitops envs
-  echo_reset_dim "AI Service Instance ID ................. ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}" 
+  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+  
 
   #secrets path in aws 
 
-  export SECRET_NAME_STORAGE_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}s3
+  export SECRET_NAME_STORAGE_AUTH=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage
+  export SECRET_NAME_MARIADB_AUTH1=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb
   export SECRET_KEY_IMAGE_PULL_SECRET_B64=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement
 
-
+  
   echo -e "login aws"
 
   AVP_TYPE=aws
   sm_login
 
+ echo "${TEXT_DIM}"
+  echo_h2 "Deleting odh related secrets"
 
-  export OCP_SECRET_NAME=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ocp_login
-  export OAUTH_ADMIN_USERNAME=$(sm_get_secret_value "$OCP_SECRET_NAME" "OAUTH_ADMIN_USERNAME")
-  export OAUTH_ADMIN_PWD=$(sm_get_secret_value "$OCP_SECRET_NAME" "OAUTH_ADMIN_PWD")
-  export OCP_DISABLE_TLS_VERIFY=$(sm_get_secret_value "$OCP_SECRET_NAME" "OCP_DISABLE_TLS_VERIFY")
-  echo "TLS verification is : $OCP_DISABLE_TLS_VERIFY"
-
+  #deleting secreats from aws
+  #  echo -e "Deleting secreat $SECRET_NAME_STORAGE_AUTH"
+  #  sm_delete_secret $SECRET_NAME_STORAGE_AUTH
+  #  echo -e "Deleting mariadb secreat $SECRET_NAME_MARIADB_AUTH1"
+  #  sm_delete_secret $SECRET_NAME_MARIADB_AUTH1
+  #  echo -e "Deleting image pull secreat $SECRET_KEY_IMAGE_PULL_SECRET_B64"
+  #  sm_delete_secret $SECRET_KEY_IMAGE_PULL_SECRET_B64
 
-   echo "${TEXT_DIM}"
-   echo_h2 "Deleting odh related secrets"
 
-  deleting secreats from aws
-   echo -e "Deleting secreat $SECRET_NAME_STORAGE_AUTH"
-   sm_delete_secret $SECRET_NAME_STORAGE_AUTH
-   echo -e "Deleting image pull secreat $SECRET_KEY_IMAGE_PULL_SECRET_B64"
-   sm_delete_secret $SECRET_KEY_IMAGE_PULL_SECRET_B64
-
-  
    if [ -z $GIT_SSH ]; then
     export GIT_SSH="false"
   fi
 
- #Clone github target repo
- # ---------------------------------------------------------------------------
+  #Clone github target repo
+  # ---------------------------------------------------------------------------
   if [ "$GITHUB_PUSH" == "true" ]; then
    echo
    echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
@@ -269,50 +245,8 @@ function gitops_deprovision_odh() {
     echo
     echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
     save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
-    cd /tmp || { echo "Failed to cd to /tmp"; exit 1; }
     remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
-
-    echo "Sleeping for 15 minutes to allow ArgoCD to sync and apply changes..."
-    sleep 900
-  fi
-
-
-  echo "PWD before login: $(pwd)"
-  oc login $CLUSTER_URL -u $OAUTH_ADMIN_USERNAME -p $OAUTH_ADMIN_PWD --insecure-skip-tls-verify=$OCP_DISABLE_TLS_VERIFY
-
-  echo "Successfully logged in to OpenShift."
-
-  namespace="openshift-operators"
-  subs_to_check=("authorino-operator" "servicemeshoperator")
-
-  echo "Checking for Subscriptions in namespace '$namespace'..."
-
-  subscriptions_exist=false
-
-  # Initial check
-  for sub in "${subs_to_check[@]}"; do
-    if oc get subscription "$sub" -n "$namespace" &>/dev/null; then
-      echo "Subscription '$sub' is still present."
-      subscriptions_exist=true
-    else
-      echo "Subscription '$sub' is not present."
-    fi
-  done
-
-  # If any subscription is present, wait 5 minutes
-  if [ "$subscriptions_exist" = true ]; then
-    echo "subscription is present. Waiting 5 minutes before proceeding..."
-    sleep 300  # 5 minutes
-  fi
-
-
-  if [ "$subscriptions_exist" = false ]; then
-    echo "All subscriptions deleted. Proceeding to delete CSVs..."
-    oc delete $(oc get csv -n "$namespace" -o name | grep -E 'authorino-operator|servicemeshoperator') -n "$namespace" --wait=true --timeout=5m 2>/dev/null
-    echo "CSV cleanup completed."
-  else
-    echo "Subscriptions still present after waiting. Skipping CSV deletion."
   fi
 
-    
-  }
+   
+}
\ No newline at end of file
diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index efb5dc4d0f0..bda874df3d3 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -98,6 +98,7 @@ mkdir -p $CONFIG_DIR
 . $CLI_DIR/functions/gitops_deprovision_db2u_database
 . $CLI_DIR/functions/gitops_nvidia_gpu
 . $CLI_DIR/functions/gitops_deprovision_db2u
+. $CLI_DIR/functions/gitops_deprovision_odh
 . $CLI_DIR/functions/gitops_odh
 . $CLI_DIR/functions/gitops_aiservice
 . $CLI_DIR/functions/gitops_aiservice_tenant
@@ -679,21 +680,37 @@ case $1 in
     reset_colors
     gitops_deprovision_odh "$@"
     ;;
+    
+  gitops-kmodel)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite kmodel Manager (v${VERSION})${TEXT_RESET}"
+    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
+    echo
+    reset_colors
+    gitops_kmodel "$@"
+    ;;
+
+  gitops-deprovision-kmodel)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite kmodel deprovision Manager (v${VERSION})${TEXT_RESET}"
+    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
+    echo
+    reset_colors
+    gitops_deprovision_kmodel "$@"
+    ;;
 
-  gitops-aiservice)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite AIService Manager (v${VERSION})${TEXT_RESET}"
+  gitops-aibroker)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
     reset_colors
-    gitops_aiservice "$@"
+    gitops_aibroker "$@"
     ;;
 
-  gitops-aiservice-tenant)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite AIService Tenant Manager (v${VERSION})${TEXT_RESET}"
+  gitops-aibroker-tenant)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker tenant Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
     reset_colors
-    gitops_aiservice_tenant "$@"
+    gitops_aibroker_tenant "$@"
     ;;
 
   gitops-iac)
@@ -766,15 +783,15 @@ case $1 in
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
     reset_colors
-    gitops_deprovision_aiservice_tenant "$@"
+    gitops_deprovision_aibroker_tenant "$@"
     ;;
 
-   gitops-deprovision-aiservice)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite AIService deprovision Manager (v${VERSION})${TEXT_RESET}"
+   gitops-deprovision-aibroker)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker tenant deprovision Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
     reset_colors
-    gitops_deprovision_aiservice "$@"
+    gitops_deprovision_aibroker "$@"
     ;;
 
   gitops-mas-provisioner)
diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
new file mode 100644
index 00000000000..acadc61eb98
--- /dev/null
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
@@ -0,0 +1,69 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: gitops-deprovision-mas-aibroker-tenant
+spec:
+  params:
+    - name: cluster_name
+      type: string
+    - name: cluster_id
+      type: string
+    - name: account
+      type: string
+    - name: aibroker_instance_id
+      type: string
+    - name: tenant_id
+      type: string
+    - name: cluster_url
+      type: string
+      default: ""
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+
+  tasks:
+    - name:  gitops-deprovision-mas-aibroker-tenant
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: cluster_id
+          value: $(params.cluster_id)
+        - name: cluster_url
+          value: $(params.cluster_url)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: git_branch
+          value: $(params.git_branch)
+        - name: github_org
+          value: $(params.github_org)
+        - name: github_repo
+          value: $(params.github_repo)
+        - name: github_host
+          value: $(params.github_host)
+        - name: aibroker_instance_id
+          value: $(params.aibroker_instance_id)
+        - name: tenant_id
+          value: $(params.tenant_id)
+          
+      taskRef:
+        kind: Task
+        name: gitops-deprovision-aibroker-tenant
+      workspaces:
+        - name: configs
+          workspace: configs
+
+      
+   
\ No newline at end of file
diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
new file mode 100644
index 00000000000..2cd1f9e4f05
--- /dev/null
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
@@ -0,0 +1,65 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: gitops-deprovision-mas-aibroker
+spec:
+  params:
+    - name: cluster_name
+      type: string
+    - name: cluster_id
+      type: string
+    - name: account
+      type: string
+    - name: aibroker_instance_id
+      type: string
+    - name: cluster_url
+      type: string
+      default: ""
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+
+  tasks:
+    - name:  gitops-deprovision-mas-aibroker
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: cluster_id
+          value: $(params.cluster_id)
+        - name: cluster_url
+          value: $(params.cluster_url)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: git_branch
+          value: $(params.git_branch)
+        - name: github_org
+          value: $(params.github_org)
+        - name: github_repo
+          value: $(params.github_repo)
+        - name: github_host
+          value: $(params.github_host)
+        - name: aibroker_instance_id
+          value: $(params.aibroker_instance_id)
+          
+      taskRef:
+        kind: Task
+        name: gitops-deprovision-aibroker
+      workspaces:
+        - name: configs
+          workspace: configs
+
+      
+   
\ No newline at end of file
diff --git a/tekton/src/tasks/aiservice/minio.yml.j2 b/tekton/src/tasks/aiservice/minio.yml.j2
index 8a4e6301932..83ca9962f10 100644
--- a/tekton/src/tasks/aiservice/minio.yml.j2
+++ b/tekton/src/tasks/aiservice/minio.yml.j2
@@ -70,4 +70,4 @@ spec:
         - /opt/app-root/src/run-role.sh
         - minio
       image: quay.io/ibmmas/cli:latest
-      imagePullPolicy: $(params.image_pull_policy)
+      imagePullPolicy: $(params.image_pull_policy)
\ No newline at end of file
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
new file mode 100644
index 00000000000..30a7e210968
--- /dev/null
+++ b/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
@@ -0,0 +1,89 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: gitops-deprovision-aibroker-tenant
+spec:
+  params: 
+    - name: cluster_name
+      type: string
+    - name: account
+      type: string
+    - name: cluster_url
+      type: string
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+    - name: aibroker_instance_id
+      type: string
+    - name: tenant_id
+      type: string
+      
+  stepTemplate:
+    name: gitops-deprovision-aibroker-tenant
+    env:
+      - name: CLUSTER_NAME
+        value: $(params.cluster_name)
+      - name: ACCOUNT
+        value: $(params.account)
+      - name: CLUSTER_URL
+        value: $(params.cluster_url)
+      - name: SECRET_PATH
+        value: $(params.secrets_path)
+      - name: SM_AWS_REGION
+        value: $(params.avp_aws_secret_region)
+      - name: GIT_BRANCH
+        value: $(params.git_branch)
+      - name: GITHUB_ORG
+        value: $(params.github_org)
+      - name: GITHUB_HOST
+        value: $(params.github_host)
+      - name: GITHUB_REPO
+        value: $(params.github_repo)
+      - name: aibroker_instance_id
+        value: $(params.aibroker_instance_id)
+      - name: TENANT_ID
+        value: $(params.tenant_id)
+    envFrom:
+      - configMapRef:
+          name: environment-properties
+          optional: true
+      - secretRef:
+          name: secure-properties
+  steps:
+    - args:
+      - |-
+        git config --global user.name "MAS Automation"
+        git config --global user.email "you@example.com"
+        git config --global user.password $GITHUB_PAT
+
+        mkdir -p /tmp/init-aibroker-tenant
+        
+        mas gitops-deprovision-aibroker-tenant -a $ACCOUNT -c $CLUSTER_NAME \
+        --secrets-path $SECRET_PATH \
+        --dir /tmp/init-aibroker-tenant \
+        --github-push \
+        --github-host "$GITHUB_HOST" \
+        --github-org "$GITHUB_ORG" \
+        --github-repo "$GITHUB_REPO" \
+        --git-branch "$GIT_BRANCH" \
+
+
+        exit $?
+      command:
+        - /bin/sh
+        - -c
+      name: gitops-deprovision-aibroker-tenant
+      imagePullPolicy: IfNotPresent
+      image: quay.io/ibmmas/cli:13.27.0-pre.gitops-aibroker-cli
+  workspaces:
+    - name: configs
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
new file mode 100644
index 00000000000..a4798d28b02
--- /dev/null
+++ b/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
@@ -0,0 +1,85 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: gitops-deprovision-aibroker
+spec:
+  params: 
+    - name: cluster_name
+      type: string
+    - name: account
+      type: string
+    - name: cluster_url
+      type: string
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+    - name: aibroker_instance_id
+      type: string
+      
+  stepTemplate:
+    name: gitops-deprovision-aibroker
+    env:
+      - name: CLUSTER_NAME
+        value: $(params.cluster_name)
+      - name: ACCOUNT
+        value: $(params.account)
+      - name: CLUSTER_URL
+        value: $(params.cluster_url)
+      - name: SECRET_PATH
+        value: $(params.secrets_path)
+      - name: SM_AWS_REGION
+        value: $(params.avp_aws_secret_region)
+      - name: GIT_BRANCH
+        value: $(params.git_branch)
+      - name: GITHUB_ORG
+        value: $(params.github_org)
+      - name: GITHUB_HOST
+        value: $(params.github_host)
+      - name: GITHUB_REPO
+        value: $(params.github_repo)
+      - name: aibroker_instance_id
+        value: $(params.aibroker_instance_id)
+    envFrom:
+      - configMapRef:
+          name: environment-properties
+          optional: true
+      - secretRef:
+          name: secure-properties
+  steps:
+    - args:
+      - |-
+        git config --global user.name "MAS Automation"
+        git config --global user.email "you@example.com"
+        git config --global user.password $GITHUB_PAT
+
+        mkdir -p /tmp/init-aibroker
+        
+        mas gitops-deprovision-aibroker -a $ACCOUNT -c $CLUSTER_NAME \
+        --secrets-path $SECRET_PATH \
+        --dir /tmp/init-aibroker \
+        --github-push \
+        --github-host "$GITHUB_HOST" \
+        --github-org "$GITHUB_ORG" \
+        --github-repo "$GITHUB_REPO" \
+        --git-branch "$GIT_BRANCH" \
+
+
+        exit $?
+      command:
+        - /bin/sh
+        - -c
+      name: gitops-deprovision-aibroker
+      imagePullPolicy: IfNotPresent
+      image: quay.io/ibmmas/cli:13.27.0-pre.gitops-aibroker-cli
+  workspaces:
+    - name: configs
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
new file mode 100644
index 00000000000..43004d1cb9c
--- /dev/null
+++ b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
@@ -0,0 +1,90 @@
+
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: gitops-deprovision-kmodel
+spec:
+  params:
+    - name: cluster_name
+      type: string
+    - name: account
+      type: string
+    - name: cluster_id
+      type: string
+    - name: cluster_url
+      type: string
+      default: ""
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: git_branch
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string
+    - name: github_host
+      type: string
+    - name: aibroker_instance_id
+      type: string
+
+  stepTemplate:
+    name: gitops-deprovision-kmodel
+    env:
+      - name: CLUSTER_NAME
+        value: $(params.cluster_name)
+      - name: ACCOUNT
+        value: $(params.account)
+      #- name: CLUSTER_ID
+      #  value: $(params.cluster_id)
+      - name: CLUSTER_URL
+        value: $(params.cluster_url)
+      - name: SECRET_PATH
+        value: $(params.secrets_path)
+      - name: SM_AWS_REGION
+        value: $(params.avp_aws_secret_region)
+      - name: GIT_BRANCH
+        value: $(params.git_branch)
+      - name: GITHUB_ORG
+        value: $(params.github_org)
+      - name: GITHUB_HOST
+        value: $(params.github_host)
+      - name: GITHUB_REPO
+        value: $(params.github_repo)
+       - name: aibroker_instance_id
+        value: $(params.aibroker_instance_id)
+        
+
+    envFrom:
+      - configMapRef:
+          name: environment-properties
+          optional: true
+      - secretRef:
+          name: secure-properties
+  steps:
+    - args:
+      - |-
+        git config --global user.name "MAS Automation"
+        git config --global user.email "you@example.com"
+        git config --global user.password $GITHUB_PAT
+        
+        mkdir -p /tmp/deprovision-kmodel
+        mas gitops-deprovision-kmodel -a $ACCOUNT -c $CLUSTER_NAME \
+        --dir /tmp/deprovision-kmodel \
+        --secrets-path $SECRET_PATH \
+        --github-push \
+        --github-host $GITHUB_HOST \
+        --github-org $GITHUB_ORG \
+        --github-repo $GITHUB_REPO \
+        --git-branch $GIT_BRANCH \
+
+        exit $?
+      command:
+        - /bin/sh
+        - -c
+      name: gitops-deprovision-kmodel
+      imagePullPolicy: IfNotPresent
+      image: quay.io/ibmmas/cli:latest
+  workspaces:
+    - name: configs
\ No newline at end of file
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
index 0105c149202..8d688e378d4 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
@@ -26,8 +26,9 @@ spec:
       type: string
     - name: github_host
       type: string
-    - name: aiservice_instance_id
+    - name: aibroker_instance_id
       type: string
+
   stepTemplate:
     name: gitops-deprovision-odh
     env:
@@ -35,6 +36,8 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
+      #- name: CLUSTER_ID
+      #  value: $(params.cluster_id)
       - name: CLUSTER_URL
         value: $(params.cluster_url)
       - name: SECRET_PATH
@@ -49,8 +52,10 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-      - name: AISERVICE_INSTANCE_ID
-        value: $(params.aiservice_instance_id)
+      - name: aibroker_instance_id
+        value: $(params.aibroker_instance_id)
+        
+
     envFrom:
       - configMapRef:
           name: environment-properties

From c03e3a52d0fe0d1f98b2bccc25a7c505451b6958 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Thu, 24 Jul 2025 16:17:16 +0530
Subject: [PATCH 157/258] change secreat path from dro to droai

---
 image/cli/mascli/functions/gitops_deprovision_aibroker        | 2 +-
 image/cli/mascli/functions/gitops_deprovision_aibroker_tenant | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_deprovision_aibroker b/image/cli/mascli/functions/gitops_deprovision_aibroker
index eeb24bcd216..5bdf3ab93b6 100644
--- a/image/cli/mascli/functions/gitops_deprovision_aibroker
+++ b/image/cli/mascli/functions/gitops_deprovision_aibroker
@@ -201,7 +201,7 @@ function gitops_deprovision_aibroker() {
   export SECRET_IBM_ENTITLEMENT_AUTH=${SECRETS_PREFIX}ibm_entitlement
   export SECRET_STORAGE_AUTH=${SECRETS_PREFIX}storage
   export SECRET_MARIADB_AUTH=${SECRETS_PREFIX}mariadb
-  export SECRET_DRO_AUTH=${SECRETS_PREFIX}dro
+  export SECRET_DRO_AUTH=${SECRETS_PREFIX}droai
   export SECRET_SLS_AUTH=${SECRETS_PREFIX}sls
   export SECRET_JDBC_AUTH=${SECRETS_PREFIX}jdbc
 
diff --git a/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant b/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
index 50ad4b6c676..5d051e3e644 100644
--- a/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
@@ -209,7 +209,7 @@ function gitops_deprovision_aibroker_tenant() {
   SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
 
   export SECRET_IBM_ENTITLEMENT_AUTH=${SECRETS_PREFIX}ibm_entitlement
-  export SECRET_DRO_AUTH=${SECRETS_PREFIX}dro
+  export SECRET_DRO_AUTH=${SECRETS_PREFIX}droai
   export SECRET_SLS_AUTH=${SECRETS_PREFIX}sls
   export SECRET_WATSONX_AUTH=${SECRETS_PREFIX}watsonx
   export SECRET_RSL_AUTH=${SECRETS_PREFIX}rsl

From dec7fe8acc1031de119d2fc43d143ed19796a9c0 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 24 Jul 2025 18:04:49 +0530
Subject: [PATCH 158/258] name updated

---
 .secrets.baseline                                  |  2 +-
 .../gitops/deprovision-mas-aibroker-tenant.yml.j2  | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 7113dfced1a..123a4b730e6 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-23T13:43:58Z",
+  "generated_at": "2025-07-24T12:33:49Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
index acadc61eb98..185ae50f6f3 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
@@ -31,7 +31,13 @@ spec:
       type: string
 
   tasks:
-    - name:  gitops-deprovision-mas-aibroker-tenant
+    - name: gitops-deprovision-aibroker-tenant
+      taskRef:
+        kind: Task
+        name: gitops-deprovision-aibroker-tenant
+      workspaces:
+        - name: configs
+          workspace: configs
       params:
         - name: cluster_name
           value: $(params.cluster_name)
@@ -58,12 +64,6 @@ spec:
         - name: tenant_id
           value: $(params.tenant_id)
           
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-aibroker-tenant
-      workspaces:
-        - name: configs
-          workspace: configs
 
       
    
\ No newline at end of file

From 436b9ffa6f8c87333e2ce04754ae71a080b74b13 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 24 Jul 2025 19:41:03 +0530
Subject: [PATCH 159/258] corrected name

---
 .../src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2  | 2 +-
 tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2      | 2 +-
 tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2        | 2 +-
 tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2           | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
index 30a7e210968..af19acfd113 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
@@ -49,7 +49,7 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-      - name: aibroker_instance_id
+      - name: AIBROKER_INSTANCE_ID
         value: $(params.aibroker_instance_id)
       - name: TENANT_ID
         value: $(params.tenant_id)
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
index a4798d28b02..0dc8d4bb1d0 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
@@ -47,7 +47,7 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-      - name: aibroker_instance_id
+      - name: AIBROKER_INSTANCE_ID
         value: $(params.aibroker_instance_id)
     envFrom:
       - configMapRef:
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
index 43004d1cb9c..bf0d37e45ea 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
@@ -52,7 +52,7 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-       - name: aibroker_instance_id
+      - name: AIBROKER_INSTANCE_ID
         value: $(params.aibroker_instance_id)
         
 
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
index 8d688e378d4..6b8c30c4475 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
@@ -52,7 +52,7 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-      - name: aibroker_instance_id
+      - name: AIBROKER_INSTANCE_ID
         value: $(params.aibroker_instance_id)
         
 

From 3461e11429eba8145465246d209c7f0247e22530 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 24 Jul 2025 21:13:58 +0530
Subject: [PATCH 160/258] Update deprovision-mas-aibroker-tenant.yml.j2

---
 .../src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
index 185ae50f6f3..12e813d00c8 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
@@ -31,7 +31,7 @@ spec:
       type: string
 
   tasks:
-    - name: gitops-deprovision-aibroker-tenant
+    - name: run-gitops-deprovision-aibroker-tenant
       taskRef:
         kind: Task
         name: gitops-deprovision-aibroker-tenant

From a27eb57c67aa7320e3ac14a480eb07317f69d08c Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Thu, 24 Jul 2025 21:20:34 +0530
Subject: [PATCH 161/258] Update deprovision-mas-aibroker-tenant.yml.j2

---
 .../pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
index 12e813d00c8..3083cbde5a7 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
@@ -29,11 +29,11 @@ spec:
       type: string
     - name: github_host
       type: string
-
+  workspaces:
+    - name: configs
   tasks:
     - name: run-gitops-deprovision-aibroker-tenant
       taskRef:
-        kind: Task
         name: gitops-deprovision-aibroker-tenant
       workspaces:
         - name: configs

From 1e5b31fecbcd488c43358d0796eec0fc75b19c4c Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Fri, 25 Jul 2025 12:06:17 +0530
Subject: [PATCH 162/258] add odh,kmodel tasks

---
 .../deprovision-mas-aibroker-tenant.yml.j2    |  1 +
 .../gitops/deprovision-mas-aibroker.yml.j2    | 82 +++++++++++++++++--
 2 files changed, 78 insertions(+), 5 deletions(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
index 3083cbde5a7..b446d64a067 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
@@ -34,6 +34,7 @@ spec:
   tasks:
     - name: run-gitops-deprovision-aibroker-tenant
       taskRef:
+        kind: Task
         name: gitops-deprovision-aibroker-tenant
       workspaces:
         - name: configs
diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
index 2cd1f9e4f05..016e8970560 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
@@ -27,9 +27,18 @@ spec:
       type: string
     - name: github_host
       type: string
-
-  tasks:
-    - name:  gitops-deprovision-mas-aibroker
+  workspaces:
+    - name: configs
+   tasks:
+   # 1.gitops-odh
+    # -------------------------------------------------------------------------
+    - name: run-gitops-deprovision-odh
+      taskRef:
+        kind: Task
+        name: gitops-deprovision-odh
+      workspaces:
+        - name: configs
+          workspace: configs
       params:
         - name: cluster_name
           value: $(params.cluster_name)
@@ -53,13 +62,76 @@ spec:
           value: $(params.github_host)
         - name: aibroker_instance_id
           value: $(params.aibroker_instance_id)
-          
-      taskRef:
+   #3. gitops-deprovision-aibroker
+    # -------------------------------------------------------------------------------------------------------
+    - name: run-gitops-deprovision-aibroker
+      runAfter:
+        - gitops-deprovision-odh
+     taskRef:
         kind: Task
         name: gitops-deprovision-aibroker
       workspaces:
         - name: configs
           workspace: configs
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: cluster_id
+          value: $(params.cluster_id)
+        - name: cluster_url
+          value: $(params.cluster_url)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: git_branch
+          value: $(params.git_branch)
+        - name: github_org
+          value: $(params.github_org)
+        - name: github_repo
+          value: $(params.github_repo)
+        - name: github_host
+          value: $(params.github_host)
+        - name: aibroker_instance_id
+          value: $(params.aibroker_instance_id)
+   # 2.gitops-kmodel
+    # -------------------------------------------------------------------------
+    - name: run-gitops-deprovision-kmodel
+      runAfter:
+        - gitops-deprovision-aibroker
+      workspaces:
+      taskRef:
+        kind: Task
+        name: gitops-deprovision-kmodel
+      workspaces:
+        - name: configs
+          workspace: configs
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: cluster_id
+          value: $(params.cluster_id)
+        - name: cluster_url
+          value: $(params.cluster_url)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: git_branch
+          value: $(params.git_branch)
+        - name: github_org
+          value: $(params.github_org)
+        - name: github_repo
+          value: $(params.github_repo)
+        - name: github_host
+          value: $(params.github_host)
+        - name: aibroker_instance_id
+          value: $(params.aibroker_instance_id)
+   
 
       
    
\ No newline at end of file

From 98f1b851608d71ec0e32dd7317b0336745fa7fbd Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Fri, 25 Jul 2025 13:01:46 +0530
Subject: [PATCH 163/258] add code for rm tenant-base file

---
 image/cli/mascli/functions/gitops_deprovision_aibroker_tenant | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant b/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
index 5d051e3e644..b5628b2963f 100644
--- a/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
@@ -256,7 +256,8 @@ function gitops_deprovision_aibroker_tenant() {
     echo
     echo_h2 "Deleting application configuration files"
     echo "- Deleting aibroker tenant"
-
+   
+   rm -rf ${GITOPS_CLUSTER_DIR}ibm-aibroker-tenant-base.yaml.j2
    rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant.yaml
     if [ "$GITHUB_PUSH" == "true" ]; then
       echo

From 8ddf85ba55f75d58e77272921af7308df7ce8c01 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Fri, 25 Jul 2025 14:21:27 +0530
Subject: [PATCH 164/258] correct file_name

---
 image/cli/mascli/functions/gitops_deprovision_aibroker_tenant | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant b/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
index b5628b2963f..da4fdfeffd0 100644
--- a/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
+++ b/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
@@ -257,7 +257,7 @@ function gitops_deprovision_aibroker_tenant() {
     echo_h2 "Deleting application configuration files"
     echo "- Deleting aibroker tenant"
    
-   rm -rf ${GITOPS_CLUSTER_DIR}ibm-aibroker-tenant-base.yaml.j2
+   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant-base.yaml
    rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant.yaml
     if [ "$GITHUB_PUSH" == "true" ]; then
       echo

From 91ab04e3f0ce5e695d152e1c722d82c4b8dd7852 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Fri, 25 Jul 2025 15:01:41 +0530
Subject: [PATCH 165/258] add code rm aibroker base file

---
 image/cli/mascli/functions/gitops_deprovision_aibroker | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_deprovision_aibroker b/image/cli/mascli/functions/gitops_deprovision_aibroker
index 5bdf3ab93b6..a45e5afa341 100644
--- a/image/cli/mascli/functions/gitops_deprovision_aibroker
+++ b/image/cli/mascli/functions/gitops_deprovision_aibroker
@@ -245,7 +245,8 @@ function gitops_deprovision_aibroker() {
     echo
     echo_h2 "Deleting application configuration files"
     echo "- Deleting aibroker "
-
+   
+   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker-instance-base.yaml
    rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml
     if [ "$GITHUB_PUSH" == "true" ]; then
       echo

From 22d4348b26f00987556fdd92854fa2e98c44cea8 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Fri, 25 Jul 2025 19:05:26 +0530
Subject: [PATCH 166/258] indentation correction

---
 .../gitops/deprovision-mas-aibroker.yml.j2          | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
index 016e8970560..6b5f5d493f5 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
@@ -29,8 +29,9 @@ spec:
       type: string
   workspaces:
     - name: configs
-   tasks:
-   # 1.gitops-odh
+
+  tasks:
+   # 1.gitops-deprovision-odh
     # -------------------------------------------------------------------------
     - name: run-gitops-deprovision-odh
       taskRef:
@@ -62,12 +63,13 @@ spec:
           value: $(params.github_host)
         - name: aibroker_instance_id
           value: $(params.aibroker_instance_id)
-   #3. gitops-deprovision-aibroker
+
+   #2. gitops-deprovision-aibroker
     # -------------------------------------------------------------------------------------------------------
     - name: run-gitops-deprovision-aibroker
       runAfter:
         - gitops-deprovision-odh
-     taskRef:
+      taskRef:
         kind: Task
         name: gitops-deprovision-aibroker
       workspaces:
@@ -96,7 +98,8 @@ spec:
           value: $(params.github_host)
         - name: aibroker_instance_id
           value: $(params.aibroker_instance_id)
-   # 2.gitops-kmodel
+
+   # 3.gitops-kmodel
     # -------------------------------------------------------------------------
     - name: run-gitops-deprovision-kmodel
       runAfter:

From 259f272fe18e0d732942813181afacb57b06bbca Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 28 Jul 2025 10:19:49 +0530
Subject: [PATCH 167/258] remove unwanted keys

---
 tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2 | 2 +-
 tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2    | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
index 6b5f5d493f5..7edb0f07c73 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
@@ -99,7 +99,7 @@ spec:
         - name: aibroker_instance_id
           value: $(params.aibroker_instance_id)
 
-   # 3.gitops-kmodel
+   # 3.gitops-deprovision-kmodel
     # -------------------------------------------------------------------------
     - name: run-gitops-deprovision-kmodel
       runAfter:
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
index bf0d37e45ea..936d5f03975 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
@@ -36,8 +36,6 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
-      #- name: CLUSTER_ID
-      #  value: $(params.cluster_id)
       - name: CLUSTER_URL
         value: $(params.cluster_url)
       - name: SECRET_PATH

From 57397ac9e8acd855bdaf8f10fa687abd871d401d Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 28 Jul 2025 14:44:51 +0530
Subject: [PATCH 168/258] update secreat baseline

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 123a4b730e6..3e9709f67dc 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-24T12:33:49Z",
+  "generated_at": "2025-07-28T09:11:28Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From c6917dcf65b33a8bda9c3ea7102e6594e6f3103b Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 28 Jul 2025 17:07:49 +0530
Subject: [PATCH 169/258] remove extra workspace

---
 tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
index 7edb0f07c73..49bbe853d23 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
@@ -104,7 +104,6 @@ spec:
     - name: run-gitops-deprovision-kmodel
       runAfter:
         - gitops-deprovision-aibroker
-      workspaces:
       taskRef:
         kind: Task
         name: gitops-deprovision-kmodel

From b223ed533a97513dc781c4500e77865db18f8c02 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 28 Jul 2025 17:32:59 +0530
Subject: [PATCH 170/258] update baseline

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 3e9709f67dc..e360e8e9b19 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-28T09:11:28Z",
+  "generated_at": "2025-07-28T12:02:30Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From f76e86f0c43bfc2057a599fca73636616777445a Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Tue, 29 Jul 2025 18:42:57 +0530
Subject: [PATCH 171/258] update version details

---
 .secrets.baseline                                            | 2 +-
 tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2  | 4 ++--
 .../tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2   | 2 +-
 tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2   | 2 +-
 tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2        | 5 -----
 5 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index e360e8e9b19..27f083d6ee9 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-28T12:02:30Z",
+  "generated_at": "2025-07-29T13:05:42Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
index 49bbe853d23..38b2f2ce0b1 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
@@ -68,7 +68,7 @@ spec:
     # -------------------------------------------------------------------------------------------------------
     - name: run-gitops-deprovision-aibroker
       runAfter:
-        - gitops-deprovision-odh
+        - run-gitops-deprovision-odh
       taskRef:
         kind: Task
         name: gitops-deprovision-aibroker
@@ -103,7 +103,7 @@ spec:
     # -------------------------------------------------------------------------
     - name: run-gitops-deprovision-kmodel
       runAfter:
-        - gitops-deprovision-aibroker
+        - run-gitops-deprovision-aibroker
       taskRef:
         kind: Task
         name: gitops-deprovision-kmodel
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
index af19acfd113..4311f86df50 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
@@ -84,6 +84,6 @@ spec:
         - -c
       name: gitops-deprovision-aibroker-tenant
       imagePullPolicy: IfNotPresent
-      image: quay.io/ibmmas/cli:13.27.0-pre.gitops-aibroker-cli
+      image: quay.io/ibmmas/cli:latest
   workspaces:
     - name: configs
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
index 0dc8d4bb1d0..efecd0dd154 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
@@ -80,6 +80,6 @@ spec:
         - -c
       name: gitops-deprovision-aibroker
       imagePullPolicy: IfNotPresent
-      image: quay.io/ibmmas/cli:13.27.0-pre.gitops-aibroker-cli
+      image: quay.io/ibmmas/cli:latest
   workspaces:
     - name: configs
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
index 6b8c30c4475..a8cf7b03801 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
@@ -28,7 +28,6 @@ spec:
       type: string
     - name: aibroker_instance_id
       type: string
-
   stepTemplate:
     name: gitops-deprovision-odh
     env:
@@ -36,8 +35,6 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
-      #- name: CLUSTER_ID
-      #  value: $(params.cluster_id)
       - name: CLUSTER_URL
         value: $(params.cluster_url)
       - name: SECRET_PATH
@@ -54,8 +51,6 @@ spec:
         value: $(params.github_repo)
       - name: AIBROKER_INSTANCE_ID
         value: $(params.aibroker_instance_id)
-        
-
     envFrom:
       - configMapRef:
           name: environment-properties

From b6fbbcb67dd9d7113fbc84f31f298a2f5d1bd593 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 4 Aug 2025 18:56:03 +0530
Subject: [PATCH 172/258] revert change that are not relevant

---
 tekton/src/tasks/aiservice/minio.yml.j2                        | 3 ++-
 tekton/src/tasks/gitops/gitops-deprovision-cp4d-service.yml.j2 | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/tekton/src/tasks/aiservice/minio.yml.j2 b/tekton/src/tasks/aiservice/minio.yml.j2
index 83ca9962f10..1a33dcc0954 100644
--- a/tekton/src/tasks/aiservice/minio.yml.j2
+++ b/tekton/src/tasks/aiservice/minio.yml.j2
@@ -70,4 +70,5 @@ spec:
         - /opt/app-root/src/run-role.sh
         - minio
       image: quay.io/ibmmas/cli:latest
-      imagePullPolicy: $(params.image_pull_policy)
\ No newline at end of file
+      imagePullPolicy: $(params.image_pull_policy)
+      
\ No newline at end of file
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-cp4d-service.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-cp4d-service.yml.j2
index d3ed67fc6f1..09ed21f4f7f 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-cp4d-service.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-cp4d-service.yml.j2
@@ -99,4 +99,5 @@ spec:
       imagePullPolicy: IfNotPresent
       image: quay.io/ibmmas/cli:latest
   workspaces:
-    - name: configs
\ No newline at end of file
+    - name: configs
+    
\ No newline at end of file

From b0f19309e273b21c4a662a087fbd9af728d4361c Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 4 Aug 2025 21:48:16 +0530
Subject: [PATCH 173/258] cherry-pick de56fa02ac conflict

---
 .secrets.baseline                                |  4 ++--
 .../cli/mascli/functions/gitops_deprovision_odh  |  2 ++
 .../gitops/deprovision-mas-aibroker.yml.j2       | 16 +++++++---------
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 27f083d6ee9..ab43fa2862f 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-07-29T13:05:42Z",
+  "generated_at": "2025-08-04T16:05:25Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -363,7 +363,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": true,
         "is_verified": false,
-        "line_number": 173,
+        "line_number": 174,
         "type": "Secret Keyword",
         "verified_result": null
       }
diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index 297493e022c..521424173c1 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -1,3 +1,5 @@
+#!/usr/bin/env bash
+
 function gitops_deprovision_odh_help() {
   [[ -n "$1" ]] && echo_warning "$1"
   reset_colors
diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
index 38b2f2ce0b1..95c2d992102 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
@@ -31,12 +31,12 @@ spec:
     - name: configs
 
   tasks:
-   # 1.gitops-deprovision-odh
+  # 1.gitops-deprovision-kmodel
     # -------------------------------------------------------------------------
-    - name: run-gitops-deprovision-odh
+    - name: run-gitops-deprovision-kmodel
       taskRef:
         kind: Task
-        name: gitops-deprovision-odh
+        name: gitops-deprovision-kmodel
       workspaces:
         - name: configs
           workspace: configs
@@ -68,7 +68,7 @@ spec:
     # -------------------------------------------------------------------------------------------------------
     - name: run-gitops-deprovision-aibroker
       runAfter:
-        - run-gitops-deprovision-odh
+        - run-gitops-deprovision-kmodel
       taskRef:
         kind: Task
         name: gitops-deprovision-aibroker
@@ -99,14 +99,14 @@ spec:
         - name: aibroker_instance_id
           value: $(params.aibroker_instance_id)
 
-   # 3.gitops-deprovision-kmodel
+  #3.gitops-deprovision-odh
     # -------------------------------------------------------------------------
-    - name: run-gitops-deprovision-kmodel
+    - name: run-gitops-deprovision-odh
       runAfter:
         - run-gitops-deprovision-aibroker
       taskRef:
         kind: Task
-        name: gitops-deprovision-kmodel
+        name: gitops-deprovision-odh
       workspaces:
         - name: configs
           workspace: configs
@@ -133,7 +133,5 @@ spec:
           value: $(params.github_host)
         - name: aibroker_instance_id
           value: $(params.aibroker_instance_id)
-   
 
-      
    
\ No newline at end of file

From 23f0af887576caa21a1aeab9bd67f642d535ecb9 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Mon, 4 Aug 2025 22:04:12 +0530
Subject: [PATCH 174/258] cherry-pick a6141540c0 conflict

---
 .secrets.baseline | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index ab43fa2862f..578c5814070 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-08-04T16:05:25Z",
+  "generated_at": "2025-08-04T16:32:21Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -363,7 +363,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": true,
         "is_verified": false,
-        "line_number": 174,
+        "line_number": 173,
         "type": "Secret Keyword",
         "verified_result": null
       }

From 4d9eaf3c01d32e6fb399358eacdcec7ec948a7b6 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Tue, 5 Aug 2025 18:15:52 +0530
Subject: [PATCH 175/258] cherry-pick a9b6444559 conflict

---
 image/cli/mascli/functions/gitops_deprovision_odh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index 521424173c1..1d184688b94 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -227,6 +227,10 @@ function gitops_deprovision_odh() {
    clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
   fi
 
+  echo_reset_dim "Deleting  authorino operaotr ............. ${COLOR_MAGENTA}"
+  oc delete $(oc get csv -n openshift-operators -o name | grep authorino) -n openshift-operators 2>/dev/null; \
+  oc delete $(oc get crd -o name | grep authorino) 2>/dev/null; \
+  oc delete deployment $(oc get deployment -n openshift-operators -o name | grep authorino) -n openshift-operators 2>/dev/null
 
   echo "Deleting: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml"
   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml

From e1fab785b95dab7e5181d043f027d4f1932d26e5 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <Drashti.Malviya@ibm.com>
Date: Tue, 5 Aug 2025 18:22:15 +0530
Subject: [PATCH 176/258] secreat update

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 578c5814070..fe80b0e4d6e 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-08-04T16:32:21Z",
+  "generated_at": "2025-08-05T12:51:11Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From 8062248407f597fcc8ccf00ecf64ff0f7f081581 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <drashti.malviya1207@gmail.com>
Date: Thu, 7 Aug 2025 19:07:45 +0530
Subject: [PATCH 177/258] Update gitops_deprovision_odh

---
 image/cli/mascli/functions/gitops_deprovision_odh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index 1d184688b94..edfe5195904 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -228,9 +228,9 @@ function gitops_deprovision_odh() {
   fi
 
   echo_reset_dim "Deleting  authorino operaotr ............. ${COLOR_MAGENTA}"
-  oc delete $(oc get csv -n openshift-operators -o name | grep authorino) -n openshift-operators 2>/dev/null; \
-  oc delete $(oc get crd -o name | grep authorino) 2>/dev/null; \
-  oc delete deployment $(oc get deployment -n openshift-operators -o name | grep authorino) -n openshift-operators 2>/dev/null
+  oc delete $(oc get csv -n openshift-operators -o name | grep authorino) -n openshift-operators --wait=true --timeout=5m 2>/dev/null
+  #oc delete $(oc get crd -o name | grep authorino) 2>/dev/null; \
+  #oc delete deployment $(oc get deployment -n openshift-operators -o name | grep authorino) -n openshift-operators 2>/dev/null
 
   echo "Deleting: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml"
   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
@@ -255,4 +255,4 @@ function gitops_deprovision_odh() {
   fi
 
    
-}
\ No newline at end of file
+}

From 7c2711b9bf67413da66404dacedc5fe38f60bd75 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <drashti.malviya1207@gmail.com>
Date: Thu, 7 Aug 2025 19:19:15 +0530
Subject: [PATCH 178/258] cherry-pick 739f0af364 conflict

---
 image/cli/mascli/functions/gitops_deprovision_odh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index edfe5195904..5b4acd3f1d7 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -227,6 +227,11 @@ function gitops_deprovision_odh() {
    clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
   fi
 
+  echo "Deleting: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml"
+  rm -rf ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
+  
+oc login --token=$OCP_LOGIN_TOKEN --server=$OCP_LOGIN_URL --insecure-skip-tls-verify=$OCP_DISABLE_TLS_VERIFY &>> $LOGFILE
+
   echo_reset_dim "Deleting  authorino operaotr ............. ${COLOR_MAGENTA}"
   oc delete $(oc get csv -n openshift-operators -o name | grep authorino) -n openshift-operators --wait=true --timeout=5m 2>/dev/null
   #oc delete $(oc get crd -o name | grep authorino) 2>/dev/null; \

From a5226cd7d65dc8907d8f7728dbd58689f3cdaf39 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <drashti.malviya@ibm.com>
Date: Thu, 7 Aug 2025 20:13:35 +0530
Subject: [PATCH 179/258] Update gitops_deprovision_odh

use connect function
---
 image/cli/mascli/functions/gitops_deprovision_odh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index 5b4acd3f1d7..401d351b4f8 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -230,8 +230,9 @@ function gitops_deprovision_odh() {
   echo "Deleting: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml"
   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
   
-oc login --token=$OCP_LOGIN_TOKEN --server=$OCP_LOGIN_URL --insecure-skip-tls-verify=$OCP_DISABLE_TLS_VERIFY &>> $LOGFILE
-
+  echo "connecting to openshift............. ${COLOR_MAGENTA}"
+  connect
+  
   echo_reset_dim "Deleting  authorino operaotr ............. ${COLOR_MAGENTA}"
   oc delete $(oc get csv -n openshift-operators -o name | grep authorino) -n openshift-operators --wait=true --timeout=5m 2>/dev/null
   #oc delete $(oc get crd -o name | grep authorino) 2>/dev/null; \

From 3140e4108cb8c564b51b52739b44eee998ab7b91 Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <drashti.malviya@ibm.com>
Date: Fri, 8 Aug 2025 11:05:03 +0530
Subject: [PATCH 180/258] update odh

---
 image/cli/mascli/functions/gitops_deprovision_odh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index 401d351b4f8..9f917102237 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -231,6 +231,8 @@ function gitops_deprovision_odh() {
   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
   
   echo "connecting to openshift............. ${COLOR_MAGENTA}"
+  
+  load_config
   connect
   
   echo_reset_dim "Deleting  authorino operaotr ............. ${COLOR_MAGENTA}"

From f43a7727aff0b14034da41b3bd3bac21248990fa Mon Sep 17 00:00:00 2001
From: Drashti-Malviya <drashti.malviya@ibm.com>
Date: Fri, 8 Aug 2025 13:19:37 +0530
Subject: [PATCH 181/258] remove oc delete cmd

---
 image/cli/mascli/functions/gitops_deprovision_odh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index 9f917102237..05a0bc4f562 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -232,11 +232,11 @@ function gitops_deprovision_odh() {
   
   echo "connecting to openshift............. ${COLOR_MAGENTA}"
   
-  load_config
-  connect
+  #load_config
+  #connect
   
-  echo_reset_dim "Deleting  authorino operaotr ............. ${COLOR_MAGENTA}"
-  oc delete $(oc get csv -n openshift-operators -o name | grep authorino) -n openshift-operators --wait=true --timeout=5m 2>/dev/null
+  #echo_reset_dim "Deleting  authorino operaotr ............. ${COLOR_MAGENTA}"
+  #oc delete $(oc get csv -n openshift-operators -o name | grep authorino) -n openshift-operators --wait=true --timeout=5m 2>/dev/null
   #oc delete $(oc get crd -o name | grep authorino) 2>/dev/null; \
   #oc delete deployment $(oc get deployment -n openshift-operators -o name | grep authorino) -n openshift-operators 2>/dev/null
 

From 855fa24bf92547c236b5f849e792f6756b3c9639 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 11 Aug 2025 19:22:40 +0530
Subject: [PATCH 182/258] cherry-pick b132f4693b conflict

---
 .../cli/mascli/functions/internal/save_config |  1 +
 tekton/src/params/install-appchannels.yml.j2  |  4 +
 .../gitops-mas-fvt-preparer-pipeline.yml.j2   | 16 +++-
 tekton/src/pipelines/mas-fvt-launcher.yml.j2  | 80 ++++++++++++++++++-
 .../taskdefs/apps/aiservice-app.yml.j2        | 31 +++++++
 .../taskdefs/apps/aiservice-workspace.yml.j2  | 26 ++++++
 .../taskdefs/gitops/apps/aiservice-app.yml.j2 | 51 ++++++++++++
 .../gitops/apps/aiservice-workspace.yml.j2    | 48 +++++++++++
 .../gitops/gitops-mas-fvt-preparer.yml.j2     |  9 ++-
 .../tasks/gitops/gitops-mas-initiator.yml.j2  |  2 +-
 10 files changed, 264 insertions(+), 4 deletions(-)
 create mode 100644 tekton/src/pipelines/taskdefs/apps/aiservice-app.yml.j2
 create mode 100644 tekton/src/pipelines/taskdefs/apps/aiservice-workspace.yml.j2
 create mode 100644 tekton/src/pipelines/taskdefs/gitops/apps/aiservice-app.yml.j2
 create mode 100644 tekton/src/pipelines/taskdefs/gitops/apps/aiservice-workspace.yml.j2

diff --git a/image/cli/mascli/functions/internal/save_config b/image/cli/mascli/functions/internal/save_config
index d7a85931e52..52f24722d52 100644
--- a/image/cli/mascli/functions/internal/save_config
+++ b/image/cli/mascli/functions/internal/save_config
@@ -87,6 +87,7 @@ export MAS_APP_CHANNEL_OPTIMIZER=$MAS_APP_CHANNEL_OPTIMIZER
 export MAS_APP_PLAN_OPTIMIZER=$MAS_APP_PLAN_OPTIMIZER
 export MAS_APP_CHANNEL_ASSIST=$MAS_APP_CHANNEL_ASSIST
 export MAS_APP_CHANNEL_VISUALINSPECTION=$MAS_APP_CHANNEL_VISUALINSPECTION
+export MAS_APP_CHANNEL_AISERVICE=$MAS_APP_CHANNEL_AISERVICE
 
 # SLS
 export SLS_LICENSE_FILE_LOCAL=$SLS_LICENSE_FILE_LOCAL
diff --git a/tekton/src/params/install-appchannels.yml.j2 b/tekton/src/params/install-appchannels.yml.j2
index 2b4c3111327..f024d7a36b1 100644
--- a/tekton/src/params/install-appchannels.yml.j2
+++ b/tekton/src/params/install-appchannels.yml.j2
@@ -38,3 +38,7 @@
   type: string
   description: Subscription channel for Facilities application operator
   default: ""
+- name: mas_app_channel_aiservice
+  type: string
+  description: Subscription channel for AI Service application operator
+  default: ""
\ No newline at end of file
diff --git a/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2
index 1936553b3bb..88c5c68febe 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2
@@ -67,6 +67,8 @@ spec:
       type: string
     - name: fvt_version_facilities
       type: string
+    - name: fvt_version_aiservice
+      type: string
 
     - name: fvt_blacklist_core
       type: string
@@ -134,7 +136,10 @@ spec:
     - name: launchfvt_facilities
       type: string
       default: "true"
-
+    - name: launchfvt_aiservice
+      type: string
+      default: "true"
+      description: "Set this to any value other than 'true' to disable lauch of the AI Service FVT Pipeline after app-cfg-aiservice completes"
     - name: mas_app_channel_iot
       type: string
       default: ""
@@ -159,6 +164,9 @@ spec:
     - name: mas_app_channel_facilities
       type: string
       default: ""
+    - name: mas_app_channel_aiservice
+      type: string
+      default: ""
 
     - name: ldap_url
       type: string
@@ -240,6 +248,8 @@ spec:
           value: $(params.fvt_version_sls)
         - name: fvt_version_facilities
           value: $(params.fvt_version_facilities)
+        - name: fvt_version_aiservice
+          value: $(params.fvt_version_aiservice)
 
         - name: fvt_blacklist_core
           value: $(params.fvt_blacklist_core)
@@ -287,6 +297,8 @@ spec:
           value: $(params.launchfvt_manage_is)
         - name: launchfvt_facilities
           value: $(params.launchfvt_facilities)
+        - name: launchfvt_aiservice
+          value: $(params.launchfvt_aiservice)
 
         - name: mas_app_channel_iot
           value: $(params.mas_app_channel_iot)
@@ -304,6 +316,8 @@ spec:
           value: $(params.mas_app_channel_predict)
         - name: mas_app_channel_facilities
           value: $(params.mas_app_channel_facilities)
+        - name: mas_app_channel_aiservice
+          value: $(params.mas_app_channel_aiservice)
 
         - name: ldap_url
           value: $(params.ldap_url)
diff --git a/tekton/src/pipelines/mas-fvt-launcher.yml.j2 b/tekton/src/pipelines/mas-fvt-launcher.yml.j2
index 88f64d227cf..04c45b29a71 100644
--- a/tekton/src/pipelines/mas-fvt-launcher.yml.j2
+++ b/tekton/src/pipelines/mas-fvt-launcher.yml.j2
@@ -103,11 +103,15 @@ spec:
       type: string
       default: "false"
       description: "Set this to 'true' to enable launch of the Visual Inspection FVT pipeline after app-cfg-visualinspection completes"
+    - name: launchfvt_aiservice
+      type: string
+      default: "false"
+      description: "Set this to 'true' to enable launch of the AI Service FVT pipeline after app-cfg-aiservice completes"
     - name: launchivt_manage
       type: string
       default: "false"
       description: "Set this to 'true' to enable launch of the IVT pipeline at the end of applications FVT"
-
+    - 
     # Finalize
     # -------------------------------------------------------------------------
     - name: finalize
@@ -945,6 +949,80 @@ spec:
           values: ["true", "True"]
       runAfter:
         - launchfvt-visualinspection
+    
+    # 10. Application FVT - AI Service
+    # ------------------------------------------------------------------------- 
+    - name: waitfor-aiservice
+      timeout: "0"
+      taskRef:
+        kind: Task
+        name: mas-devops-wait-for-configmap
+      params:
+        - name: image_pull_policy
+          value: $(params.image_pull_policy)
+        - name: namespace
+          value: $(context.taskRun.namespace)
+        - name: configmap_name
+          value: approval-app-cfg-aiservice
+        - name: configmap_target_value
+          value: pending
+        # Escape route
+        - name: escape_configmap_name
+          value: sync-install
+        # 25 retries at 5 minute intervals = 2 hours
+        - name: delay
+          value: "300"
+        - name: max_retries
+          value: "25"
+        - name: ignore_failure
+          value: "False"
+      when:
+        - input: $(params.launchfvt_aiservice)
+          operator: in
+          values: ["true", "True"]
+        - input: $(params.sync_with_install)
+          operator: in
+          values: ["true", "True"]
+      runAfter:
+        - approval-suite-verify
+        - approval-manage 
+        
+    - name: launchfvt-aiservice
+      timeout: "0"
+      params:
+        - name: image_pull_policy
+          value: $(params.image_pull_policy)
+        - name: pipelinerun_name
+          value: "$(params.mas_instance_id)-fvt-aiservice"
+      taskRef:  
+        kind: Task
+        name: aiservice-launchfvt
+      when:
+        - input: $(params.launchfvt_aiservice)
+          operator: in
+          values: ["true", "True"]
+      runAfter:
+        - waitfor-aiservice
+        
+    - name: approval-aiservice
+      timeout: "0"
+      taskRef:
+        kind: Task
+        name: mas-devops-update-configmap
+      params:
+        - name: image_pull_policy
+          value: $(params.image_pull_policy)
+        - name: configmap_name
+          value: approval-app-cfg-aiservice
+        - name: configmap_value 
+          value: approved
+      when:
+        - input: $(params.sync_with_install)
+          operator: in
+          values: ["true", "True"]    
+      runAfter:
+        - launchfvt-aiservice
+
 
 
     # 11. Application FVT - Facilities
diff --git a/tekton/src/pipelines/taskdefs/apps/aiservice-app.yml.j2 b/tekton/src/pipelines/taskdefs/apps/aiservice-app.yml.j2
new file mode 100644
index 00000000000..c3f13f63700
--- /dev/null
+++ b/tekton/src/pipelines/taskdefs/apps/aiservice-app.yml.j2
@@ -0,0 +1,31 @@
+- name: app-install-aiservice
+  timeout: "0"
+  params:
+    {{ lookup('template', pipeline_src_dir ~ '/taskdefs/common/cli-params.yml.j2') | indent(4) }}
+    - name: devops_suite_name
+      value: app-aiservice-install
+
+    - name: artifactory_username
+      value: $(params.artifactory_username)
+    - name: artifactory_token
+      value: $(params.artifactory_token)
+
+    - name: mas_instance_id
+      value: $(params.mas_instance_id)
+    - name: mas_app_id
+      value: aiservice
+    - name: mas_app_channel
+      value: "$(params.mas_app_channel_aiservice)"
+    - name: ibm_entitlement_key
+      value: $(params.ibm_entitlement_key)
+    - name: custom_labels
+      value: $(params.custom_labels)
+
+  taskRef:
+    name: mas-devops-suite-app-install
+    kind: Task
+  # Only install aiservice if a channel has been chosen
+  when:
+    - input: "$(params.mas_app_channel_aiservice)"
+      operator: notin
+      values: [""]
\ No newline at end of file
diff --git a/tekton/src/pipelines/taskdefs/apps/aiservice-workspace.yml.j2 b/tekton/src/pipelines/taskdefs/apps/aiservice-workspace.yml.j2
new file mode 100644
index 00000000000..92aba435959
--- /dev/null
+++ b/tekton/src/pipelines/taskdefs/apps/aiservice-workspace.yml.j2
@@ -0,0 +1,26 @@
+- name: app-cfg-aiservice
+  timeout: "0"
+  params:
+    {{ lookup('template', pipeline_src_dir ~ '/taskdefs/common/cli-params.yml.j2') | indent(4) }}
+    - name: devops_suite_name
+      value: app-aiservice-cfg
+
+    - name: mas_instance_id
+      value: $(params.mas_instance_id)
+    - name: mas_app_id
+      value: aiservice
+    - name: mas_workspace_id
+      value: "$(params.mas_workspace_id)"
+    - name: custom_labels
+      value: $(params.custom_labels)
+  taskRef:
+    name: mas-devops-suite-app-config
+    kind: Task
+  # Only configure a workspace for aiservice if a channel has been chosen
+  when:
+    - input: "$(params.mas_app_channel_aiservice)"
+      operator: notin
+      values: [""]
+  workspaces:
+    - name: configs
+      workspace: shared-configs
\ No newline at end of file
diff --git a/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-app.yml.j2 b/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-app.yml.j2
new file mode 100644
index 00000000000..4ec06a2a3d3
--- /dev/null
+++ b/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-app.yml.j2
@@ -0,0 +1,51 @@
+- name: app-install-aiservice
+  params:
+    {{ lookup('template', pipeline_src_dir ~ '/taskdefs/common/cli-params.yml.j2') | indent(4) }}
+  
+    {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(4) }}
+
+    {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(4) }}
+
+    {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(4) }}
+
+    - name: devops_suite_name
+      value: app-aiservice-install
+    - name: mas_manual_cert_mgmt
+      value: $(params.mas_manual_cert_mgmt)
+    - name: mas_instance_id
+      value: $(params.mas_instance_id)
+    - name: mas_app_id
+      value: aiservice
+    - name: mas_app_channel
+      value: $(params.mas_app_channel_aiservice)
+    - name: mas_app_install_plan
+      value: $(params.mas_app_install_plan_aiservice)
+    - name: custom_labels
+      value: $(params.custom_labels)
+    - name: mas_app_spec_yaml
+      value: $(params.mas_app_spec_yaml_aiservice)
+    - name: mas_app_catalog_source
+      value: $(params.mas_app_catalog_source_aiservice)
+    - name: mas_app_api_version
+      value: $(params.mas_app_api_version_aiservice)
+    - name: mas_app_kind
+      value: $(params.mas_app_kind_aiservice)
+    - name: default_file_storage_class
+      value: $(params.default_file_storage_class)
+    - name: mas_edition
+      value: $(params.mas_edition)
+    - name: mas_manual_certs_yaml
+      value: $(params.mas_manual_certs_yaml)
+  taskRef:
+    name: gitops-suite-app-install
+    kind: Task
+  # Only install aiservice if a channel has been chosen
+  when:
+    - input: "$(params.mas_app_channel_aiservice)"
+      operator: notin
+      values: [""]
+  workspaces:
+    - name: configs
+      workspace: configs
+    - name: shared-gitops-configs
+      workspace: shared-gitops-configs
diff --git a/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-workspace.yml.j2 b/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-workspace.yml.j2
new file mode 100644
index 00000000000..1f9859e55ca
--- /dev/null
+++ b/tekton/src/pipelines/taskdefs/gitops/apps/aiservice-workspace.yml.j2
@@ -0,0 +1,48 @@
+- name: app-cfg-aiservice
+  params:
+    {{ lookup('template', pipeline_src_dir ~ '/taskdefs/common/cli-params.yml.j2') | indent(4) }}
+  
+    {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(4) }}
+
+    {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(4) }}
+
+    {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(4) }}
+
+    - name: devops_suite_name
+      value: app-aiservice-cfg
+    - name: mas_instance_id
+      value: $(params.mas_instance_id)
+    - name: mas_app_id
+      value: aiservice
+    - name: mas_workspace_id
+      value: $(params.mas_workspace_id)
+    - name: custom_labels
+      value: $(params.custom_labels)
+    - name: mas_appws_spec_yaml
+      value: $(params.mas_appws_spec_yaml_aiservice)
+    - name: mas_appws_api_version
+      value: $(params.mas_appws_api_version_aiservice)
+    - name: mas_appws_kind
+      value: $(params.mas_appws_kind_aiservice)
+    - name: mas_app_kind
+      value: $(params.mas_app_kind_aiservice)
+    - name: ingress
+      value: $(params.ingress)
+    - name: run_sanity_test
+      value: $(params.run_sanity_test)
+  taskRef:
+    name: gitops-suite-app-config
+    kind: Task
+  # Only configure a workspace for aiservice if a channel has been chosen
+  when:
+    - input: "$(params.mas_app_channel_aiservice)"
+      operator: notin
+      values: [""]
+    - input: "$(params.aiservice_workspace_action)"
+      operator: in
+      values: ["activate"]
+  workspaces:
+    - name: configs
+      workspace: configs
+    - name: shared-gitops-configs
+      workspace: shared-gitops-configs
\ No newline at end of file
diff --git a/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
index ead29fdf80b..3e1b0f7cb30 100644
--- a/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
@@ -53,7 +53,8 @@ spec:
       type: string
     - name: fvt_version_facilities
       type: string
-
+    - name: fvt_version_aiservice
+      type: string
     - name: fvt_blacklist_core
       type: string
     - name: fvt_whitelist_core
@@ -139,6 +140,10 @@ spec:
     - name: launchfvt_facilities
       type: string
       default: "true"
+    - name: launchfvt_aiservice
+      type: string
+      default: "true"
+      description: "Set this to any value other than 'true' to disable lauch of the AI Service FVT Pipeline after app-cfg-aiservice completes"
 
     - name: mas_app_channel_facilities
       type: string
@@ -259,6 +264,8 @@ spec:
         value: $(params.fvt_version_sls)
       - name: FVT_VERSION_FACILITIES
         value: $(params.fvt_version_facilities)
+      - name: FVT_VERSION_AISERVICE
+        value: $(params.fvt_version_aiservice)
       - name: FVT_BLACKLIST_CORE
         value: $(params.fvt_blacklist_core)
       - name: FVT_WHITELIST_CORE
diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index 0a0f3fc5c69..6960b156a00 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -411,7 +411,7 @@ spec:
           yq -i '.cluster.dns.provider = env(DNS_PROVIDER_CONTROL_IDEN)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
           echo "gitops-mas-initiator: .cluster.dns.provider set to $DNS_PROVIDER_CONTROL_IDEN in gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
         fi
-
+# need to add aiservice related code
         #customizationList customizationArchive credentials
         if [ -f "gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml" ]; then
 

From 016a594f874c0e1a9a94fbbb0b819aa1fb1e3df2 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Wed, 13 Aug 2025 11:42:11 +0530
Subject: [PATCH 183/258] cherry-pick 5268f50494 conflict

---
 .../gitops/gitops-mas-initiator.yml.j2        |  5 +++++
 .../tasks/gitops/gitops-mas-initiator.yml.j2  | 20 ++++++++++++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
index 42c4edc924c..72f3b12bf28 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
@@ -61,6 +61,9 @@ spec:
       default: ""
     - name: mas_instance_id
       type: string
+    - name: aibroker_instance_id
+      type: string
+      default: ""
     - name: mas_app_channel_assist
       type: string
       default: ""
@@ -190,6 +193,8 @@ spec:
           value: $(params.mas_operationalmode)
         - name: mas_instance_id
           value: $(params.mas_instance_id)
+        - name: aibroker_instance_id
+          value: $(params.aibroker_instance_id)
         - name: mas_app_channel_assist
           value: $(params.mas_app_channel_assist)
         - name: mas_app_channel_iot
diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index 6960b156a00..4903db34fa7 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -36,6 +36,9 @@ spec:
       type: string
     - name: mas_instance_id
       type: string
+    - name: aibroker_instance_id
+      type: string
+      default: ""
     - name: mas_app_channel_assist
       type: string
     - name: mas_app_install_plan_assist
@@ -149,6 +152,8 @@ spec:
         value: $(params.mas_operationalmode)
       - name: MAS_INSTANCE_ID
         value: $(params.mas_instance_id)
+      - name: AIBROKER_INSTANCE_ID
+        value: $(params.aibroker_instance_id)
       - name: MAS_APP_CHANNEL_ASSIST
         value: $(params.mas_app_channel_assist)
       - name: MAS_APP_INSTALL_PLAN_ASSIST
@@ -337,6 +342,19 @@ spec:
 
         # Process any .j2 files
         process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID"
+        
+        # If AIBROKER_INSTANCE_ID is set, copy the AIBROKER_INSTANCE_ID specific files
+        if [ -n "$AIBROKER_INSTANCE_ID" ]; then
+          # 1. Ensure target AIBroker instance folder exists
+          mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID
+          # 2. Log what is being copied
+          echo "copying $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID/* to $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID"
+          # 3. Copy recursively from source to target
+          if [ -d "$SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID" ]; then
+              cp -r $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID/
+          else
+            echo "Warning: Source AIBroker directory not found."
+          fi
 
         # ICN folder will be created later after extracting ICN and SAAS_SUB_ID
        
@@ -411,7 +429,7 @@ spec:
           yq -i '.cluster.dns.provider = env(DNS_PROVIDER_CONTROL_IDEN)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
           echo "gitops-mas-initiator: .cluster.dns.provider set to $DNS_PROVIDER_CONTROL_IDEN in gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
         fi
-# need to add aiservice related code
+
         #customizationList customizationArchive credentials
         if [ -f "gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml" ]; then
 

From 4d3436d57964e0ff6086c94de81557eb5b44d15b Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 18 Aug 2025 10:50:39 +0530
Subject: [PATCH 184/258] fvt related code change added

---
 tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 | 5 +++++
 tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2     | 9 ++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
index 72f3b12bf28..8a8f4d605df 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
@@ -85,6 +85,9 @@ spec:
     - name: mas_app_channel_visualinspection
       type: string
       default: ""
+    - name: mas_app_channel_aiservice
+      type: string
+      default: ""
     - name: mas_app_channel_facilities
       type: string
       default: ""
@@ -209,6 +212,8 @@ spec:
           value: $(params.mas_app_channel_predict)
         - name: mas_app_channel_visualinspection
           value: $(params.mas_app_channel_visualinspection)
+        - name: mas_app_channel_aiservice
+          value: $(params.mas_app_channel_aiservice)
         - name: mas_app_channel_facilities
           value: $(params.mas_app_channel_facilities)
         - name: github_pat
diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index 4903db34fa7..5036c6ec9aa 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -76,6 +76,9 @@ spec:
       default: "Automatic"
     - name: mas_app_channel_visualinspection
       type: string
+    - name: mas_app_channel_aiservice
+      type: string
+      default: ""
     - name: mas_app_install_plan_visualinspection
       type: string
       default: "Automatic"
@@ -184,6 +187,8 @@ spec:
         value: $(params.mas_app_install_plan_predict)
       - name: MAS_APP_CHANNEL_VISUALINSPECTION
         value: $(params.mas_app_channel_visualinspection)
+      - name: MAS_APP_CHANNEL_AISERVICE
+        value: $(params.mas_app_channel_aiservice)
       - name: MAS_APP_INSTALL_PLAN_VISUALINSPECTION
         value: $(params.mas_app_install_plan_visualinspection)
       - name: GITHUB_PAT
@@ -496,7 +501,9 @@ spec:
         if [ -n $MAS_APP_CHANNEL_VISUALINSPECTION ]; then
           yq -i '(. | select(has("visualinspection")) |  .visualinspection.app_channel) = env(MAS_APP_CHANNEL_VISUALINSPECTION)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
         fi
-
+        if [ -n $MAS_APP_CHANNEL_AISERVICE ]; then
+          yq -i '(. | select(has("aiservice")) |  .aiservice.app_channel) = env(MAS_APP_CHANNEL_AISERVICE)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID/mas-apps-params.yaml
+        fi
         # Update the cli_version and ansible_fvt ansible version if mas_fvt_params exists
         if [ -f gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml ]; then
           yq -i '.fvt.cli_version = env(CLI_VERSION)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml

From 2adbb306236898d4a24c0846932c853ab66c2cbd Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Mon, 18 Aug 2025 15:28:59 +0530
Subject: [PATCH 185/258] Update gitops-mas-fvt-preparer.yml.j2

---
 tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2 | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
index 3e1b0f7cb30..093d7a5c6a9 100644
--- a/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
@@ -169,6 +169,9 @@ spec:
     - name: mas_app_channel_predict
       type: string
       default: ""
+    - name: mas_app_channel_aiservice
+      type: string
+      default: ""
 
     - name: ldap_url
       type: string
@@ -304,6 +307,8 @@ spec:
         value: $(params.launchfvt_manage_is)
       - name: LAUNCHFVT_FACILITIES
         value: $(params.launchfvt_facilities)
+      - name: LAUNCHFVT_AISERVICE
+        value: $(params.launchfvt_aiservice)
       - name: MAS_APP_CHANNEL_FACILITIES
         value: $(params.mas_app_channel_facilities)
       - name: MAS_APP_CHANNEL_IOT
@@ -320,7 +325,8 @@ spec:
         value: $(params.mas_app_channel_optimizer)
       - name: MAS_APP_CHANNEL_PREDICT
         value: $(params.mas_app_channel_predict)
-
+      - name: MAS_APP_CHANNEL_AISERVICE
+        value: $(params.mas_app_channel_aiservice)
       - name: LDAP_URL
         value: $(params.ldap_url)
       - name: LDAP_BASE_DN

From 1b47cbfe97b80c0cf083274daf468e45ff98b621 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Fri, 22 Aug 2025 17:56:01 +0530
Subject: [PATCH 186/258] aiservice_instance_id parameter added

---
 .../gitops/gitops-mas-fvt-preparer-pipeline.yml.j2    |  4 ++++
 .../src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2   | 11 ++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2
index 88c5c68febe..d4b7a5d6560 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-fvt-preparer-pipeline.yml.j2
@@ -24,6 +24,8 @@ spec:
       type: string
     - name: mas_instance_id
       type: string
+    - name: aiservice_instance_id
+      type: string
     - name: pipeline_storage_class
       type: string
     - name: avp_aws_secret_region
@@ -204,6 +206,8 @@ spec:
           value: $(params.launcher_id)
         - name: mas_instance_id
           value: $(params.mas_instance_id)
+        - name: aiservice_instance_id
+          value: $(params.aiservice_instance_id)
         - name: pipeline_storage_class
           value: $(params.pipeline_storage_class)
         - name: aws_region
diff --git a/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
index 093d7a5c6a9..f18ff078549 100644
--- a/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
@@ -89,6 +89,9 @@ spec:
     - name: mas_instance_id
       type: string
       default: ""
+    - name: aiservice_instance_id
+      type: string
+      default: ""
     - name: mas_workspace_id
       type: string
       default: ""
@@ -219,6 +222,8 @@ spec:
         value: $(params.mas_instance_id)
       - name: FVT_ENVIRONMENT
         value: $(params.mas_instance_id)
+      - name: AISERVICE_INSTANCE_ID
+        value: $(params.aiservice_instance_id)
       - name: PIPELINE_STORAGE_CLASS
         value: $(params.pipeline_storage_class)
       - name: AWS_REGION
@@ -625,7 +630,11 @@ spec:
             check_argo_app_healthy "${MASAPP_APP}" 120
             check_argo_app_healthy "${MAS_WORKSPACE_ID}.${MASAPP_APP}" 120
           fi
-
+          if [[ "$LAUNCHFVT_AISERVICE" == "true" ]]; then
+            MASAPP_APP="aiservice.${CLUSTER_NAME}.${AISERVICE_INSTANCE_ID}"
+            check_argo_app_healthy "${MASAPP_APP}" 140
+            check_argo_app_healthy "${MAS_WORKSPACE_ID}.${MASAPP_APP}" 140
+          fi
         fi
 
         # If use_sendgrid: true, disable the subuser so we do not accidentally send out real emails when running tests against the instance

From c6883aea1c53fc131d07d3fbf11bd8e94e0afc98 Mon Sep 17 00:00:00 2001
From: Hardik-Prajapati <hardik.prajapati@ibm.com>
Date: Tue, 26 Aug 2025 17:09:18 +0530
Subject: [PATCH 187/258] cherry-pick 0d7116dca9 conflict

---
 tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
index f18ff078549..f815fdda781 100644
--- a/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-fvt-preparer.yml.j2
@@ -630,6 +630,8 @@ spec:
             check_argo_app_healthy "${MASAPP_APP}" 120
             check_argo_app_healthy "${MAS_WORKSPACE_ID}.${MASAPP_APP}" 120
           fi
+        fi
+        if [[ "$LAUNCHER_ID" == "aiservice" ]]; then
           if [[ "$LAUNCHFVT_AISERVICE" == "true" ]]; then
             MASAPP_APP="aiservice.${CLUSTER_NAME}.${AISERVICE_INSTANCE_ID}"
             check_argo_app_healthy "${MASAPP_APP}" 140

From 8dbd9ac200fe13980e78a86c22aed3a87e9c2953 Mon Sep 17 00:00:00 2001
From: Darshan Pandya <darshan.pandya@ibm.com>
Date: Fri, 12 Sep 2025 12:42:23 +0530
Subject: [PATCH 188/258] Created pipelines to provision & deprovision AI
 Service Dependencies for FVT

---
 .../gitops/deprovision-aiservice-deps.jml.j2  | 122 +++++++++++
 .../gitops/gitops-aiservice-deps.yml.j2       | 189 ++++++++++++++++++
 2 files changed, 311 insertions(+)
 create mode 100644 tekton/src/pipelines/gitops/deprovision-aiservice-deps.jml.j2
 create mode 100644 tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2

diff --git a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.jml.j2 b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.jml.j2
new file mode 100644
index 00000000000..25631ea218e
--- /dev/null
+++ b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.jml.j2
@@ -0,0 +1,122 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+{% if wait_for_deprovision == true %}
+  name: gitops-deprovision-aiservice-deps-after-deprovision
+{% else %}
+  name: gitops-deprovision-aiservice-deps
+{% endif %}
+spec:
+  description: Deprovision docDb, kafka and COS
+  workspaces:
+    - name: configs
+  params:
+{% if wait_for_deprovision == true %}
+      # Name of the PipelineRun to wait for
+    - name: pipelinerun_name
+      type: string
+    - name: ignore_failure
+      type: string
+      default: "False"
+      description: Set to 'True' or 'False' (case-sensitive) to configure whether this pipeline continue if the pipeline we are waiting for has failed.
+{% endif %}
+    - name: cluster_name
+      type: string
+    - name: ocp_version
+      type: string
+    - name: avp_type
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: avp_aws_secret_key
+      type: string
+    - name: avp_aws_access_key
+      type: string
+
+    # 1. Gitops git Parameters
+    # -------------------------------------------------------------------------
+    {{ lookup('template', params_src_dir ~ '/gitops-git.yml.j2') | indent(4) }}
+
+    - name: github_url
+      type: string
+    - name: rosa_token
+      type: string
+    - name: account
+      type: string
+    - name: secrets_path
+      type: string
+    - name: ibmcloud_resourcegroup
+      type: string
+      description: Name of an existing Resource Group in IBM Cloud account
+      default: "Default"
+    - name: ibmcloud_apikey
+      type: string
+      default: ""
+    - name: mas_instance_id
+      type: string
+
+  tasks:
+{% if wait_for_deprovision == true %}
+    # 0. Wait for the deprovsion mas pipeline to complete
+    # -------------------------------------------------------------------------
+    - name: wait-for-deprovision
+      timeout: "0"
+      taskRef:
+        kind: Task
+        name: mas-devops-wait-for-tekton
+      params:
+        - name: type
+          value: pipelinerun
+        - name: name
+          value: $(params.pipelinerun_name)
+        - name: delay
+          value: 120  # seconds between checking the status of the pipelinerun
+        - name: max_retries
+          value: 120  # attempts before giving up
+        - name: ignore_failure
+          value: $(params.ignore_failure)  # fails and exit once the first failure is detected
+{% endif %}
+
+    # Deprovision DB2 Database
+    # -------------------------------------------------------------------------
+    - name: gitops-deprovision-db2u-database
+{% if wait_for_deprovision == true %}
+      runAfter:
+        - wait-for-deprovision
+{% endif %}
+      params:
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
+
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}        
+      - name: CLUSTER_NAME
+        value: $(params.cluster_name)
+      - name: ACCOUNT
+        value: $(params.account)
+      - name: REGION
+        value: $(params.region)
+      - name: SECRET_PATH
+        value: $(params.secrets_path)
+      - name: MAS_INSTANCE_ID
+        value: $(params.mas_instance_id)
+      - name: MAS_APP_ID
+        value: $(params.mas_app_id)
+      - name: GIT_BRANCH
+        value: $(params.git_branch)
+      - name: GITHUB_ORG
+        value: $(params.github_org)
+      - name: GITHUB_HOST
+        value: $(params.github_host)
+      - name: GITHUB_REPO
+        value: $(params.github_repo)
+      - name: SM_AWS_REGION
+        value: $(params.avp_aws_secret_region)
+      - name: IS_REPLICA_TASK
+        value: $(params.is_replica_task)      
+    workspaces:
+    - name: configs
+        workspace: configs
+
+      taskRef:
+        kind: Task
+        name: gitops-deprovision-db2u-database
diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
new file mode 100644
index 00000000000..772b6388ed6
--- /dev/null
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -0,0 +1,189 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+{% if wait_for_provision == true %}
+  name: gitops-aiservice-deps-after-provision
+{% else %}
+  name: gitops-aiservice-deps
+{% endif %}
+spec:
+  description: MAS Cluster off-cluster dependencies
+  workspaces:
+    - name: configs
+  params:
+{% if wait_for_provision == true %}
+      # Name of the PipelineRun to wait for
+    - name: pipelinerun_name
+      type: string
+    - name: ignore_failure
+      type: string
+      default: "False"
+      description: Set to 'True' or 'False' (case-sensitive) to configure whether this pipeline continue if the pipeline we are waiting for has failed.
+{% endif %}
+    - name: cluster_name
+      type: string
+    - name: account
+      type: string
+    - name: aiservice_instance_id
+      type: string
+    - name: secrets_path
+      type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: avp_aws_secret_key
+      type: string
+    - name: avp_aws_access_key
+      type: string
+    - name: github_pat
+      type: string
+
+    - name: vpc_ipv4_cidr
+      type: string
+    - name: mongo_provider
+      type: string
+      default: aws
+    - name: aws_docdb_instance_number
+      type: string
+      default: 3
+    - name: aws_docdb_engine_version
+      type: string
+      default: 4.0.0
+    - name: mongodb_action
+      type: string
+
+    - name: efs_action
+      type: string
+      description: efs action to be performed (provision or deprovision)
+      default: ""
+
+  tasks:
+{% if wait_for_provision == true %}
+    # 0. Wait for the provsion pipeline to complete
+    # -------------------------------------------------------------------------
+    - name: wait-for-provision
+      timeout: "0"
+      taskRef:
+        kind: Task
+        name: mas-devops-wait-for-tekton
+      params:
+        - name: type
+          value: pipelinerun
+        - name: name
+          value: $(params.pipelinerun_name)
+        - name: delay
+          value: 120  # seconds between checking the status of the pipelinerun
+        - name: max_retries
+          value: 120  # attempts before giving up
+        - name: ignore_failure
+          value: $(params.ignore_failure)  # fails and exit once the first failure is detected
+{% endif %}
+
+    #1 Install AWS Elastic File Service (EFS)
+    - name: gitops-efs
+{% if wait_for_provision == true %}
+      runAfter:
+        - wait-for-provision
+{% endif %}
+      params:
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: aibroker_instance_id
+          value: $(params.mas_instance_id)
+        - name: cloud_provider
+          value: $(params.cloud_provider)
+        - name: avp_aws_secret_key
+          value: $(params.avp_aws_secret_key)
+        - name: avp_aws_access_key
+          value: $(params.avp_aws_access_key)
+        - name: efs_action
+          value: $(params.efs_action)
+      workspaces:
+        - name: configs
+          workspace: configs
+      taskRef:
+        kind: Task
+        name: gitops-efs
+      when:
+        - input: "$(params.efs_action)"
+          operator: notin
+          values: [""]
+        - input: "$(params.efs_action)"
+          operator: in
+          values: ["provision"]
+
+
+
+
+    - name: gitops-provision-mongo
+      runAfter:
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: avp_aws_secret_key
+          value: $(params.avp_aws_secret_key)
+        - name: avp_aws_access_key
+          value: $(params.avp_aws_access_key)
+        - name: vpc_ipv4_cidr
+          value: $(params.vpc_ipv4_cidr)
+        - name: mongo_provider
+          value: $(params.mongo_provider)
+        - name: aws_docdb_instance_number
+          value: $(params.aws_docdb_instance_number)
+        - name: aws_docdb_engine_version
+          value: $(params.aws_docdb_engine_version)
+      taskRef:
+        kind: Task
+        name: gitops-mongo
+      workspaces:
+        - name: configs
+          workspace: configs
+      when:
+        - input: "$(params.mongodb_action)"
+          operator: notin
+          values: [""]
+
+
+    # Install DB2 database
+    - name: gitops-provision-db2u
+      runAfter:
+        - gitops-provision-efs
+      params:
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
+
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}        
+      - name: CLUSTER_NAME
+        value: $(params.cluster_name)
+      - name: ACCOUNT
+        value: $(params.account)
+      - name: REGION
+        value: $(params.region)
+      - name: SECRET_PATH
+        value: $(params.secrets_path)
+      - name: MAS_INSTANCE_ID
+        value: $(params.aibroker_instance_id)
+      - name: MAS_APP_ID
+        value: $(params.mas_app_id)
+      - name: GIT_BRANCH
+        value: $(params.git_branch)
+      - name: GITHUB_ORG
+        value: $(params.github_org)
+      - name: GITHUB_HOST
+        value: $(params.github_host)
+      - name: GITHUB_REPO
+        value: $(params.github_repo)
+      - name: SM_AWS_REGION
+        value: $(params.avp_aws_secret_region)
+    workspaces:
+    - name: configs
+        workspace: configs
+      taskRef:
+        kind: Task
+        name: gitops-db2u

From 6a3452e5ea3724f1ad2658714c72138e9e85de24 Mon Sep 17 00:00:00 2001
From: Darshan Pandya <darshan.pandya@ibm.com>
Date: Mon, 22 Sep 2025 01:12:51 +0530
Subject: [PATCH 189/258] Updated AI Service deps provision & deprovision
 pipelines

---
 tekton/generate-tekton-pipelines.yml          |   2 +
 .../gitops/deprovision-aiservice-deps.jml.j2  | 183 ++++++++++---
 .../gitops/gitops-aiservice-deps.yml.j2       | 240 ++++++++++++++++--
 3 files changed, 367 insertions(+), 58 deletions(-)

diff --git a/tekton/generate-tekton-pipelines.yml b/tekton/generate-tekton-pipelines.yml
index be5aa9d6adb..4e3a85cf5db 100644
--- a/tekton/generate-tekton-pipelines.yml
+++ b/tekton/generate-tekton-pipelines.yml
@@ -98,6 +98,7 @@
       with_items:
         - deprovision-cluster
         - deprovision-mas-deps
+        - deprovision-aiservice-deps
         - deprovision-mas-instance
         - deprovision-mas-cluster
         - provision-bootstrap-cluster
@@ -106,6 +107,7 @@
         - gitops-mas-apps
         - gitops-mas-cluster
         - gitops-mas-deps
+        - gitops-aiservice-deps
         - gitops-mas-initiator
         - gitops-suite-license-service
         - deprovision-suite-license-service
diff --git a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.jml.j2 b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.jml.j2
index 25631ea218e..1a11b6d1add 100644
--- a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.jml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.jml.j2
@@ -56,6 +56,20 @@ spec:
     - name: mas_instance_id
       type: string
 
+    - name: jdbc_type_aiservice
+      type: string
+    - name: jdbc_instance_name_aiservice
+      type: string
+    - name: jdbc_connection_url_aiservice
+      type: string
+      default: ""
+    - name: jdbc_certificate_file_aiservice
+      type: string
+      default: ""
+    - name: jdbc_route_aiservice
+      type: string
+      default: ""
+
   tasks:
 {% if wait_for_deprovision == true %}
     # 0. Wait for the deprovsion mas pipeline to complete
@@ -78,45 +92,154 @@ spec:
           value: $(params.ignore_failure)  # fails and exit once the first failure is detected
 {% endif %}
 
-    # Deprovision DB2 Database
+    # Deprovision EFS
     # -------------------------------------------------------------------------
-    - name: gitops-deprovision-db2u-database
+    - name: gitops-deprovision-efs
 {% if wait_for_deprovision == true %}
       runAfter:
         - wait-for-deprovision
 {% endif %}
       params:
         {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+        - name: cloud_provider
+          value: $(params.cloud_provider)
+        - name: avp_aws_secret_key
+          value: $(params.avp_aws_secret_key)
+        - name: avp_aws_access_key
+          value: $(params.avp_aws_access_key)
+        - name: efs_action
+          value: $(params.efs_action)
+      workspaces:
+        - name: configs
+          workspace: configs
+      taskRef:
+        kind: Task
+        name: gitops-deprovision-efs
 
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}        
-      - name: CLUSTER_NAME
-        value: $(params.cluster_name)
-      - name: ACCOUNT
-        value: $(params.account)
-      - name: REGION
-        value: $(params.region)
-      - name: SECRET_PATH
-        value: $(params.secrets_path)
-      - name: MAS_INSTANCE_ID
-        value: $(params.mas_instance_id)
-      - name: MAS_APP_ID
-        value: $(params.mas_app_id)
-      - name: GIT_BRANCH
-        value: $(params.git_branch)
-      - name: GITHUB_ORG
-        value: $(params.github_org)
-      - name: GITHUB_HOST
-        value: $(params.github_host)
-      - name: GITHUB_REPO
-        value: $(params.github_repo)
-      - name: SM_AWS_REGION
-        value: $(params.avp_aws_secret_region)
-      - name: IS_REPLICA_TASK
-        value: $(params.is_replica_task)      
-    workspaces:
-    - name: configs
-        workspace: configs
+    # Deprovision Mongo
+    # -------------------------------------------------------------------------
+    - name: gitops-deprovision-mongo
+      runAfter:
+        - gitops-deprovision-efs
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: avp_aws_secret_key
+          value: $(params.avp_aws_secret_key)
+        - name: avp_aws_access_key
+          value: $(params.avp_aws_access_key)
+        - name: vpc_ipv4_cidr
+          value: $(params.vpc_ipv4_cidr)
+        - name: mongo_provider
+          value: $(params.mongo_provider)
+        - name: aws_docdb_instance_number
+          value: $(params.aws_docdb_instance_number)
+      taskRef:
+        kind: Task
+        name: gitops-deprovision-mongo
+      workspaces:
+        - name: configs
+          workspace: configs
+      when:
+        - input: "$(params.mongodb_action)"
+          operator: notin
+          values: [""]
+
+    # Deprovision DB2 Database
+    # -------------------------------------------------------------------------
+    - name: gitops-delete-jdbc-config-aiservice
+      runAfter:
+        - gitops-deprovision-mongo
+      params:
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
+
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+        - name: mas_app_id
+          value: aiservice
+        - name: mas_config_scope
+          value: system
+        - name: mas_workspace_id
+          value: $(params.mas_workspace_id)
+        - name: jdbc_type
+          value: $(params.jdbc_type_aiservice)
+        - name: jdbc_instance_name
+          value: $(params.jdbc_instance_name_aiservice)
+        - name: jdbc_connection_url
+          value: $(params.jdbc_connection_url_aiservice)
+        - name: jdbc_certificate_file
+          value: $(params.jdbc_certificate_file_aiservice)
+        - name: jdbc_route
+          value: $(params.jdbc_route_aiservice)
+      workspaces:
+        - name: configs
+          workspace: configs
+      taskRef:
+        kind: Task
+        name: gitops-delete-jdbc-config
+      when:
+        - input: "$(params.mas_app_channel_aiservice)"
+          operator: in
+          values: [""]
+        - input: "$(params.mas_edition)"
+          operator: in
+          values: [ "standard", "premium"]
+
+    - name: gitops-deprovision-db2u-database-aiservice
+      runAfter:
+        - gitops-delete-jdbc-config-aiservice
+      params:
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
+
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+        - name: mas_app_id
+          value: aiservice
 
       taskRef:
         kind: Task
         name: gitops-deprovision-db2u-database
+      workspaces:
+        - name: configs
+          workspace: configs
+      when:
+        - input: "$(params.mas_app_channel_aiservice)"
+          operator: in
+          values: [""]
+        - input: "$(params.mas_edition)"
+          operator: in
+          values: ["standard", "premium"]
+
+    # Deprovision DB2U Operator
+    # -------------------------------------------------------------------------
+    - name: gitops-deprovision-db2u
+      runAfter:
+        - gitops-deprovision-db2u-database
+      params:
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
+
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+
+      taskRef:
+        kind: Task
+        name: gitops-deprovision-db2u
+      workspaces:
+        - name: configs
+          workspace: configs
\ No newline at end of file
diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 772b6388ed6..36da239ef38 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -11,6 +11,7 @@ spec:
   description: MAS Cluster off-cluster dependencies
   workspaces:
     - name: configs
+    - name: shared-gitops-configs
   params:
 {% if wait_for_provision == true %}
       # Name of the PipelineRun to wait for
@@ -57,6 +58,23 @@ spec:
       description: efs action to be performed (provision or deprovision)
       default: ""
 
+    - name: jdbc_type_aiservice
+      type: string
+    - name: jdbc_instance_name_aiservice
+      type: string
+    - name: jdbc_connection_url_aiservice
+      type: string
+      default: ""
+    - name: jdbc_certificate_file_aiservice
+      type: string
+      default: ""
+    - name: jdbc_route_aiservice
+      type: string
+      default: ""
+    - name: mas_app_channel_aiservice
+      type: string
+      default: ""
+
   tasks:
 {% if wait_for_provision == true %}
     # 0. Wait for the provsion pipeline to complete
@@ -89,8 +107,8 @@ spec:
         {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
         - name: cluster_name
           value: $(params.cluster_name)
-        - name: aibroker_instance_id
-          value: $(params.mas_instance_id)
+        - name: aiservice_instance_id
+          value: $(params.aiservice_instance_id)
         - name: cloud_provider
           value: $(params.cloud_provider)
         - name: avp_aws_secret_key
@@ -113,9 +131,6 @@ spec:
           operator: in
           values: ["provision"]
 
-
-
-
     - name: gitops-provision-mongo
       runAfter:
       params:
@@ -150,7 +165,6 @@ spec:
           operator: notin
           values: [""]
 
-
     # Install DB2 database
     - name: gitops-provision-db2u
       runAfter:
@@ -159,31 +173,201 @@ spec:
         {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
 
         {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}        
-      - name: CLUSTER_NAME
-        value: $(params.cluster_name)
-      - name: ACCOUNT
-        value: $(params.account)
-      - name: REGION
-        value: $(params.region)
-      - name: SECRET_PATH
-        value: $(params.secrets_path)
-      - name: MAS_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
-      - name: MAS_APP_ID
-        value: $(params.mas_app_id)
-      - name: GIT_BRANCH
-        value: $(params.git_branch)
-      - name: GITHUB_ORG
-        value: $(params.github_org)
-      - name: GITHUB_HOST
-        value: $(params.github_host)
-      - name: GITHUB_REPO
-        value: $(params.github_repo)
-      - name: SM_AWS_REGION
-        value: $(params.avp_aws_secret_region)
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: cluster_url
+          value: $(params.cluster_url)
+        - name: account
+          value: $(params.account)
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+        - name: git_branch
+          value: $(params.git_branch)
+        - name: github_org
+          value: $(params.github_org)
+        - name: github_repo
+          value: $(params.github_repo)
+        - name: github_host
+          value: $(params.github_host)
+        - name: git_commit_msg
+          value: $(params.git_commit_msg)
+        - name: secrets_path
+          value: $(params.secrets_path)
+        - name: db2_channel
+          value: $(params.db2_channel)
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: db2_subscription_install_plan
+          value: $(params.db2_subscription_install_plan)
     workspaces:
     - name: configs
         workspace: configs
       taskRef:
         kind: Task
         name: gitops-db2u
+
+    # DB2 for AI Service
+    - name: gitops-db2u-database-aiservice
+      runAfter:
+        - gitops-provision-db2u
+      params:
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
+
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
+        
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
+
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+        - name: mas_app_id
+          value: aiservice
+
+        - name: db2_meta_storage_class
+          value: $(params.db2_meta_storage_class_aiservice)
+        - name: db2_temp_storage_class
+          value: $(params.db2_temp_storage_class_aiservice)
+        - name: db2_logs_storage_class
+          value: $(params.db2_logs_storage_class_aiservice)
+        - name: db2_audit_logs_storage_class
+          value: $(params.db2_audit_logs_storage_class_aiservice)
+        - name: db2_data_storage_class
+          value: $(params.db2_data_storage_class_aiservice)
+        - name: db2_backup_storage_class
+          value: $(params.db2_backup_storage_class_aiservice)
+        - name: db2_archivelogs_storage_class
+          value: $(params.db2_archivelogs_storage_class_aiservice)
+
+        - name: db2_meta_storage_size
+          value: $(params.db2_meta_storage_size_aiservice)
+        - name: db2_temp_storage_size
+          value: $(params.db2_temp_storage_size_aiservice)
+        - name: db2_logs_storage_size
+          value: $(params.db2_logs_storage_size_aiservice)
+        - name: db2_audit_logs_storage_size
+          value: $(params.db2_audit_logs_storage_size_aiservice)
+        - name: db2_data_storage_size
+          value: $(params.db2_data_storage_size_aiservice)
+        - name: db2_backup_storage_size
+          value: $(params.db2_backup_storage_size_aiservice)
+        - name: db2_archivelogs_storage_size
+          value: $(params.db2_archivelogs_storage_size_aiservice)
+
+        - name: db2_version
+          value: $(params.db2_version_aiservice)
+        - name: db2_tls_version
+          value: $(params.db2_tls_version_aiservice)
+        - name: db2_instance_registry_yaml
+          value: $(params.db2_instance_registry_yaml_aiservice)
+        - name: db2_instance_dbm_config_yaml
+          value: $(params.db2_instance_dbm_config_yaml_aiservice)
+        - name: db2_database_db_config_yaml
+          value: $(params.db2_database_db_config_yaml_aiservice)
+        - name: db2_addons_audit_config_yaml
+          value: $(params.db2_addons_audit_config_yaml_aiservice)
+        - name: db2_table_org
+          value: $(params.db2_table_org_aiservice)
+        - name: db2_mln_count
+          value: $(params.db2_mln_count_aiservice)
+        - name: db2_num_pods
+          value: $(params.db2_num_pods_aiservice)
+        - name: db2_meta_storage_accessmode
+          value: $(params.db2_meta_storage_accessmode_aiservice)
+        - name: db2_data_storage_accessmode
+          value: $(params.db2_data_storage_accessmode_aiservice)
+        - name: db2_backup_storage_accessmode
+          value: $(params.db2_backup_storage_accessmode_aiservice)
+        - name: db2_logs_storage_accessmode
+          value: $(params.db2_logs_storage_accessmode_aiservice)
+        - name: db2_audit_logs_storage_accessmode
+          value: $(params.db2_audit_logs_storage_accessmode_aiservice)
+        - name: db2_temp_storage_accessmode
+          value: $(params.db2_temp_storage_accessmode_aiservice)
+        - name: db2_archivelogs_storage_accessmode
+          value: $(params.db2_archivelogs_storage_accessmode_aiservice)
+        - name: db2_cpu_requests
+          value: $(params.db2_cpu_requests_aiservice)
+        - name: db2_cpu_limits
+          value: $(params.db2_cpu_limits_aiservice)
+        - name: db2_memory_requests
+          value: $(params.db2_memory_requests_aiservice)
+        - name: db2_memory_limits
+          value: $(params.db2_memory_limits_aiservice)
+        - name: db2_affinity_key
+          value: $(params.db2_affinity_key_aiservice)
+        - name: db2_affinity_value
+          value: $(params.db2_affinity_value_aiservice)
+        - name: db2_tolerate_key
+          value: $(params.db2_tolerate_key_aiservice)
+        - name: db2_tolerate_value
+          value: $(params.db2_tolerate_value_aiservice)
+        - name: db2_tolerate_effect
+          value: $(params.db2_tolerate_effect_aiservice)
+        - name: jdbc_route
+          value: $(params.jdbc_route_aiservice)
+        - name: db2_timezone
+          value: $(params.db2_timezone_aiservice)
+        - name: db2_backup_notify_slack_url
+          value: $(params.db2_backup_notify_slack_url_aiservice)
+        - name: auto_backup
+          value: $(params.auto_backup_aiservice)
+        - name: allow_list
+          value: $(params.allow_list)
+
+      workspaces:
+        - name: configs
+          workspace: configs
+        - name: shared-gitops-configs
+          workspace: shared-gitops-configs
+      taskRef:
+        kind: Task
+        name: gitops-db2u-database
+      when:
+        - input: "$(params.db2_action_aiservice)"
+          operator: notin
+          values: [""]
+        - input: "$(params.jdbc_type_aiservice)"
+          operator: in
+          values: ["incluster-db2"]
+        - input: "$(params.mas_app_channel_aiservice)"
+          operator: notin
+          values: [""]
+
+    - name: gitops-jdbc-config-aiservice
+      runAfter:
+        - gitops-db2u-database-aiservice
+      params:
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
+
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
+        
+        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
+
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
+        - name: mas_app_id
+          value: aiservice
+        - name: mas_config_scope
+          value: system
+        - name: jdbc_type
+          value: $(params.jdbc_type_aiservice)
+        - name: jdbc_instance_name
+          value: $(params.jdbc_instance_name_aiservice)
+        - name: jdbc_connection_url
+          value: $(params.jdbc_connection_url_aiservice)
+        - name: jdbc_certificate_file
+          value: $(params.jdbc_certificate_file_aiservice)
+      workspaces:
+        - name: configs
+          workspace: configs
+        - name: shared-gitops-configs
+          workspace: shared-gitops-configs
+      taskRef:
+        kind: Task
+        name: gitops-jdbc-config
+      when:
+        - input: "$(params.jdbc_type_aiservice)"
+          operator: notin
+          values: [""]
+        - input: "$(params.mas_app_channel_aiservice)"
+          operator: notin
+          values: [""]

From a54311144f9e63b16f26ed6e3f6cd926c909f1bb Mon Sep 17 00:00:00 2001
From: Darshan Pandya <darshan.pandya@ibm.com>
Date: Sat, 27 Sep 2025 00:37:33 +0530
Subject: [PATCH 190/258] Corrected filename

---
 ...on-aiservice-deps.jml.j2 => deprovision-aiservice-deps.yml.j2} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename tekton/src/pipelines/gitops/{deprovision-aiservice-deps.jml.j2 => deprovision-aiservice-deps.yml.j2} (100%)

diff --git a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.jml.j2 b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
similarity index 100%
rename from tekton/src/pipelines/gitops/deprovision-aiservice-deps.jml.j2
rename to tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2

From 187a80328852a2a622e4cd207ed0af457fafe5a7 Mon Sep 17 00:00:00 2001
From: Darshan Pandya <darshan.pandya@ibm.com>
Date: Mon, 29 Sep 2025 23:52:20 +0530
Subject: [PATCH 191/258] updated pipeline config

---
 tekton/generate-tekton-pipelines.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tekton/generate-tekton-pipelines.yml b/tekton/generate-tekton-pipelines.yml
index 4e3a85cf5db..141b8096274 100644
--- a/tekton/generate-tekton-pipelines.yml
+++ b/tekton/generate-tekton-pipelines.yml
@@ -130,7 +130,9 @@
         - provision-bootstrap-cluster
         - deprovision-cluster
         - deprovision-mas-deps
+        - deprovision-aiservice-deps
       when: pipeline_name == ''
+        
 
     # 5. Generate Gitops Pipelines with waits
     # -------------------------------------------------------------------------
@@ -143,4 +145,8 @@
       with_items:
         - gitops-mas-deps
         - gitops-mas-initiator
+        - gitops-aiservice-deps
       when: pipeline_name == ''
+        
+
+        

From 98d05fd6c54f174179344124cbdc6bbbb595dae6 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 1 Oct 2025 11:17:17 -0400
Subject: [PATCH 192/258] Fixed white spacing for gitops-provision-db2u

---
 .../pipelines/gitops/gitops-aiservice-deps.yml.j2    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 36da239ef38..3b8d43cf01e 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -199,12 +199,12 @@ spec:
           value: $(params.avp_aws_secret_region)
         - name: db2_subscription_install_plan
           value: $(params.db2_subscription_install_plan)
-    workspaces:
-    - name: configs
-        workspace: configs
-      taskRef:
-        kind: Task
-        name: gitops-db2u
+      workspaces:
+      - name: configs
+          workspace: configs
+        taskRef:
+          kind: Task
+          name: gitops-db2u
 
     # DB2 for AI Service
     - name: gitops-db2u-database-aiservice

From f38ce1233c8f5fceeb4833ac3ad4dae599a42a54 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 1 Oct 2025 12:05:44 -0400
Subject: [PATCH 193/258] Fixed workspace whitespace

---
 tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 3b8d43cf01e..122446fc1ab 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -201,7 +201,7 @@ spec:
           value: $(params.db2_subscription_install_plan)
       workspaces:
       - name: configs
-          workspace: configs
+        workspace: configs
         taskRef:
           kind: Task
           name: gitops-db2u

From 7521e60de04ac5a78019f8530971335dc088661f Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 1 Oct 2025 13:51:39 -0400
Subject: [PATCH 194/258] Fixed aiservice naming for tasks

---
 tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
index 1a11b6d1add..9fffa986322 100644
--- a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
@@ -226,9 +226,9 @@ spec:
 
     # Deprovision DB2U Operator
     # -------------------------------------------------------------------------
-    - name: gitops-deprovision-db2u
+    - name: gitops-deprovision-db2u-aiservice
       runAfter:
-        - gitops-deprovision-db2u-database
+        - gitops-deprovision-db2u-database-aiservice
       params:
         {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
         {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}

From 65e38cc8ebd01b32bb110c0a7effbe498cc4696b Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 1 Oct 2025 14:31:37 -0400
Subject: [PATCH 195/258] Added whiteline at the end of file

---
 tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
index 9fffa986322..e1a721cd80e 100644
--- a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
@@ -242,4 +242,4 @@ spec:
         name: gitops-deprovision-db2u
       workspaces:
         - name: configs
-          workspace: configs
\ No newline at end of file
+          workspace: configs

From 2b7ff8af26f3af6f16962b2d2ec549f344b80a97 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 1 Oct 2025 15:34:00 -0400
Subject: [PATCH 196/258] Added Necessary parameters

---
 .../gitops/deprovision-aiservice-deps.yml.j2  | 38 ++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
index e1a721cd80e..6b716ec5a5d 100644
--- a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
@@ -55,7 +55,9 @@ spec:
       default: ""
     - name: mas_instance_id
       type: string
-
+    - name: aws_docdb_instance_number
+      type: string
+      default: 3
     - name: jdbc_type_aiservice
       type: string
     - name: jdbc_instance_name_aiservice
@@ -70,6 +72,40 @@ spec:
       type: string
       default: ""
 
+    # Setting Parameters
+    # -----------------------------------------------------------------------------
+    - name: cloud_provider
+      type: string
+      default: aws
+    - name: efs_action
+      type: string
+      description: efs action to be performed (provision or deprovision)
+      default: ""
+    - name: cluster_url
+      type: string
+      default: ""
+    - name: mas_app_channel_aiservice
+      type: string
+      description: Subscription channel for AI Service application operator
+      default: ""
+    - name: mas_edition
+      type: string
+      default: ""
+    - name: mas_workspace_id
+      type: string
+      default: ""
+    - name: mongo_provider
+      type: string
+      default: aws
+    - name: mongodb_action
+      type: string
+      description: Optional. Used to uninstall MongoDB
+      default: ""
+    - name: region
+      type: string
+    - name: vpc_ipv4_cidr
+      type: string
+
   tasks:
 {% if wait_for_deprovision == true %}
     # 0. Wait for the deprovsion mas pipeline to complete

From 30da566111013861e6406bc0ffcd2df6655bcbbf Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Thu, 2 Oct 2025 11:26:37 -0400
Subject: [PATCH 197/258] Added parameters to gitops-aiservice-deps

---
 .../gitops/gitops-aiservice-deps.yml.j2       | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 122446fc1ab..3dc4b267390 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -74,6 +74,28 @@ spec:
     - name: mas_app_channel_aiservice
       type: string
       default: ""
+    ### Added on Parameters
+    - name: allow_list
+      type: string
+    - name: auto_backup_aiservice
+      type: string
+    - name: cloud_provider
+      type: string
+      default: aws
+    - name: cluster_url
+      type: string
+      default: ""
+    - name: db2_action_aiservice
+      type: string
+      description: Set to 'install' to set up a Db2 instance for AI Service
+      default: "none"
+
+    # DB2 Parameters
+    {{ lookup('template', params_src_dir ~ '/install-db2.yml.j2') | indent(4) }}
+
+    # Gitops Parameters
+    {{ lookup('template', params_src_dir ~ '/gitops-git.yml.j2') | indent(4) }}
+
 
   tasks:
 {% if wait_for_provision == true %}
@@ -168,7 +190,7 @@ spec:
     # Install DB2 database
     - name: gitops-provision-db2u
       runAfter:
-        - gitops-provision-efs
+        - gitops-provision-mongo
       params:
         {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
 

From de76ef15cc79d68101d174b61ad9160a01683e9b Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Thu, 2 Oct 2025 13:38:14 -0400
Subject: [PATCH 198/258] Added more db2 parameters

---
 .../gitops/gitops-aiservice-deps.yml.j2       | 81 +++++++++++++++++++
 1 file changed, 81 insertions(+)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 3dc4b267390..4cbc5a999f9 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -93,6 +93,87 @@ spec:
     # DB2 Parameters
     {{ lookup('template', params_src_dir ~ '/install-db2.yml.j2') | indent(4) }}
 
+    - name: db2_meta_storage_class
+      type: string
+    - name: db2_temp_storage_class
+      type: string
+    - name: db2_logs_storage_class
+      type: string
+    - name: db2_audit_logs_storage_class
+      type: string
+    - name: db2_archivelogs_storage_class
+      type: string
+    - name: db2_data_storage_class
+      type: string
+    - name: db2_backup_storage_class
+      type: string
+    - name: db2_meta_storage_size
+      type: string
+    - name: db2_temp_storage_size
+      type: string
+    - name: db2_logs_storage_size
+      type: string
+    - name: db2_audit_logs_storage_size
+      type: string
+    - name: db2_archivelogs_storage_size
+      type: string
+    - name: db2_data_storage_size
+      type: string
+    - name: db2_backup_storage_size
+      type: string
+    - name: db2_version
+      type: string
+    - name: db2_instance_registry_yaml
+      type: string
+    - name: db2_instance_dbm_config_yaml
+      type: string
+    - name: db2_addons_audit_config_yaml
+      type: string
+    - name: db2_database_db_config_yaml
+      type: string
+    - name: db2_table_org
+      type: string
+    - name: db2_mln_count
+      type: string
+    - name: db2_num_pods
+      type: string
+    - name: db2_meta_storage_accessmode
+      type: string
+    - name: db2_data_storage_accessmode
+      type: string
+    - name: db2_backup_storage_accessmode
+      type: string
+    - name: db2_logs_storage_accessmode
+      type: string
+    - name: db2_audit_logs_storage_accessmode
+      type: string
+    - name: db2_temp_storage_accessmode
+      type: string
+    - name: db2_archivelogs_storage_accessmode
+      type: string
+    - name: db2_cpu_requests
+      type: string
+    - name: db2_cpu_limits
+      type: string
+    - name: db2_memory_requests
+      type: string
+    - name: db2_memory_limits
+      type: string
+    - name: db2_affinity_key
+      type: string
+    - name: db2_affinity_value
+      type: string
+    - name: db2_tolerate_key
+      type: string
+    - name: db2_tolerate_value
+      type: string
+    - name: db2_tolerate_effect
+      type: string
+    - name: db2_timezone
+      type: string
+    - name: db2_tls_version
+      type: string
+
     # Gitops Parameters
     {{ lookup('template', params_src_dir ~ '/gitops-git.yml.j2') | indent(4) }}
 

From 6f90186513dc13a3e8bc48168cd33b9146908b5b Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Thu, 2 Oct 2025 14:34:54 -0400
Subject: [PATCH 199/258] Added db2 for aiservice gitops

---
 .../gitops/gitops-aiservice-deps.yml.j2       | 93 ++++++++++++++++++-
 1 file changed, 88 insertions(+), 5 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 4cbc5a999f9..74af132bf9f 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -91,8 +91,6 @@ spec:
       default: "none"
 
     # DB2 Parameters
-    {{ lookup('template', params_src_dir ~ '/install-db2.yml.j2') | indent(4) }}
-
     - name: db2_meta_storage_class
       type: string
     - name: db2_temp_storage_class
@@ -173,9 +171,94 @@ spec:
       type: string
     - name: db2_tls_version
       type: string
-
-    # Gitops Parameters
-    {{ lookup('template', params_src_dir ~ '/gitops-git.yml.j2') | indent(4) }}
+    - name: db2_addons_audit_config_yaml_aiservice
+      type: string
+    - name: db2_affinity_key_aiservice
+      type: string
+    - name: db2_affinity_value_aiservice
+      type: string
+    - name: db2_archivelogs_storage_accessmode_aiservice
+      type: string
+    - name: db2_archivelogs_storage_class_aiservice
+      type: string
+    - name: db2_archivelogs_storage_size_aiservice
+      type: string
+    - name: db2_audit_logs_storage_accessmode_aiservice
+      type: string
+    - name: db2_audit_logs_storage_class_aiservice
+      type: string
+    - name: db2_audit_logs_storage_size_aiservice
+      type: string
+    - name: db2_backup_notify_slack_url_aiservice
+      type: string
+    - name: db2_backup_storage_accessmode_aiservice
+      type: string
+    - name: db2_backup_storage_class_aiservice
+      type: string
+    - name: db2_backup_storage_size_aiservice
+      type: string
+    - name: db2_cpu_limits_aiservice
+      type: string
+    - name: db2_cpu_requests_aiservice
+      type: string
+    - name: db2_data_storage_accessmode_aiservice
+      type: string
+    - name: db2_data_storage_class_aiservice
+      type: string
+    - name: db2_data_storage_size_aiservice
+      type: string
+    - name: db2_database_db_config_yaml_aiservice
+      type: string
+    - name: db2_instance_dbm_config_yaml_aiservice
+      type: string
+    - name: db2_instance_registry_yaml_aiservice
+      type: string
+    - name: db2_logs_storage_accessmode_aiservice
+      type: string
+    - name: db2_logs_storage_class_aiservice
+      type: string
+    - name: db2_logs_storage_size_aiservice
+      type: string
+    - name: db2_memory_limits_aiservice
+      type: string
+    - name: db2_memory_requests_aiservice
+      type: string
+    - name: db2_meta_storage_accessmode_aiservice
+      type: string
+    - name: db2_meta_storage_class_aiservice
+      type: string
+    - name: db2_meta_storage_size_aiservice
+      type: string
+    - name: db2_mln_count_aiservice
+      type: string
+    - name: db2_num_pods_aiservice
+      type: string
+    - name: db2_subscription_install_plan
+      type: string
+    - name: db2_table_org_aiservice
+      type: string
+    - name: db2_temp_storage_accessmode_aiservice
+      type: string
+    - name: db2_temp_storage_class_aiservice
+      type: string
+    - name: db2_temp_storage_size_aiservice 
+      type: string
+    - name: db2_timezone_aiservice
+      type: string
+    - name: db2_tls_version_aiservice
+      type: string
+    - name: db2_tls_version_aiservice
+      type: string
+    - name: db2_tolerate_key_aiservice
+      type: string
+    - name: db2_tolerate_value_aiservice
+      type: string
+    - name: db2_version_aiservice
+      type: string
+    - name: mas_instance_id
+      type: string
+    - name: region
+      type: string
 
 
   tasks:

From af4bd12c428485e84cfbf623d04673f297debebb Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Thu, 2 Oct 2025 15:31:54 -0400
Subject: [PATCH 200/258] Removed duplicate params

---
 .../gitops/gitops-aiservice-deps.yml.j2       | 37 +++++++++----------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 74af132bf9f..1dfcf023a84 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -74,7 +74,7 @@ spec:
     - name: mas_app_channel_aiservice
       type: string
       default: ""
-    ### Added on Parameters
+    ################# Added on Parameters
     - name: allow_list
       type: string
     - name: auto_backup_aiservice
@@ -90,7 +90,19 @@ spec:
       description: Set to 'install' to set up a Db2 instance for AI Service
       default: "none"
 
-    # DB2 Parameters
+    ################# Gitops Parameters
+    - name: git_branch
+      type: string
+    - name: git_commit_msg
+      type: string
+    - name: github_host
+      type: string
+    - name: github_org
+      type: string
+    - name: github_repo
+      type: string  
+
+    ################# DB2 Parameters
     - name: db2_meta_storage_class
       type: string
     - name: db2_temp_storage_class
@@ -247,8 +259,6 @@ spec:
       type: string
     - name: db2_tls_version_aiservice
       type: string
-    - name: db2_tls_version_aiservice
-      type: string
     - name: db2_tolerate_key_aiservice
       type: string
     - name: db2_tolerate_value_aiservice
@@ -259,7 +269,10 @@ spec:
       type: string
     - name: region
       type: string
-
+    - name: db2_channel
+      type: string
+    - name: db2_tolerate_effect_aiservice
+      type: string
 
   tasks:
 {% if wait_for_provision == true %}
@@ -367,22 +380,8 @@ spec:
           value: $(params.account)
         - name: mas_instance_id
           value: $(params.mas_instance_id)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: git_commit_msg
-          value: $(params.git_commit_msg)
-        - name: secrets_path
-          value: $(params.secrets_path)
         - name: db2_channel
           value: $(params.db2_channel)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
         - name: db2_subscription_install_plan
           value: $(params.db2_subscription_install_plan)
       workspaces:

From 8659e96426c92393aa28c177a096980c9337de37 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Fri, 3 Oct 2025 10:03:13 -0400
Subject: [PATCH 201/258] Fixed taskref indentation

---
 tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 1dfcf023a84..4c57bbf339c 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -387,9 +387,9 @@ spec:
       workspaces:
       - name: configs
         workspace: configs
-        taskRef:
-          kind: Task
-          name: gitops-db2u
+      taskRef:
+        kind: Task
+        name: gitops-db2u
 
     # DB2 for AI Service
     - name: gitops-db2u-database-aiservice

From b736d9b8dcb8e26d1872ff12e6e4c271324ee94d Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Mon, 10 Nov 2025 11:26:09 -0500
Subject: [PATCH 202/258] Removed jdbc, db2u and db2u-database from
 aiservice-deps pipeline

---
 .../gitops/deprovision-aiservice-deps.yml.j2  | 89 -------------------
 1 file changed, 89 deletions(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
index 6b716ec5a5d..c6b1185457f 100644
--- a/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-aiservice-deps.yml.j2
@@ -190,92 +190,3 @@ spec:
         - input: "$(params.mongodb_action)"
           operator: notin
           values: [""]
-
-    # Deprovision DB2 Database
-    # -------------------------------------------------------------------------
-    - name: gitops-delete-jdbc-config-aiservice
-      runAfter:
-        - gitops-deprovision-mongo
-      params:
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
-
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-        - name: mas_app_id
-          value: aiservice
-        - name: mas_config_scope
-          value: system
-        - name: mas_workspace_id
-          value: $(params.mas_workspace_id)
-        - name: jdbc_type
-          value: $(params.jdbc_type_aiservice)
-        - name: jdbc_instance_name
-          value: $(params.jdbc_instance_name_aiservice)
-        - name: jdbc_connection_url
-          value: $(params.jdbc_connection_url_aiservice)
-        - name: jdbc_certificate_file
-          value: $(params.jdbc_certificate_file_aiservice)
-        - name: jdbc_route
-          value: $(params.jdbc_route_aiservice)
-      workspaces:
-        - name: configs
-          workspace: configs
-      taskRef:
-        kind: Task
-        name: gitops-delete-jdbc-config
-      when:
-        - input: "$(params.mas_app_channel_aiservice)"
-          operator: in
-          values: [""]
-        - input: "$(params.mas_edition)"
-          operator: in
-          values: [ "standard", "premium"]
-
-    - name: gitops-deprovision-db2u-database-aiservice
-      runAfter:
-        - gitops-delete-jdbc-config-aiservice
-      params:
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
-
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-        - name: mas_app_id
-          value: aiservice
-
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-db2u-database
-      workspaces:
-        - name: configs
-          workspace: configs
-      when:
-        - input: "$(params.mas_app_channel_aiservice)"
-          operator: in
-          values: [""]
-        - input: "$(params.mas_edition)"
-          operator: in
-          values: ["standard", "premium"]
-
-    # Deprovision DB2U Operator
-    # -------------------------------------------------------------------------
-    - name: gitops-deprovision-db2u-aiservice
-      runAfter:
-        - gitops-deprovision-db2u-database-aiservice
-      params:
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
-
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-db2u
-      workspaces:
-        - name: configs
-          workspace: configs

From 53469ef8593e4a8451562d43d419071728999baa Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Mon, 10 Nov 2025 13:06:01 -0500
Subject: [PATCH 203/258] Updated .secrets.baseline

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index fe80b0e4d6e..50801399560 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-08-05T12:51:11Z",
+  "generated_at": "2025-11-10T18:05:34Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

From a4fa5def6f1a029445b650a8154835fe15c69827 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Tue, 11 Nov 2025 10:06:07 -0500
Subject: [PATCH 204/258] Removed on cluster dependencies from
 gitops-aiservice-deps.yml.j2

---
 .../gitops/gitops-aiservice-deps.yml.j2       | 282 ------------------
 1 file changed, 282 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 4c57bbf339c..69db9ba51a0 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -26,8 +26,6 @@ spec:
       type: string
     - name: account
       type: string
-    - name: aiservice_instance_id
-      type: string
     - name: secrets_path
       type: string
     - name: avp_aws_secret_region
@@ -75,10 +73,6 @@ spec:
       type: string
       default: ""
     ################# Added on Parameters
-    - name: allow_list
-      type: string
-    - name: auto_backup_aiservice
-      type: string
     - name: cloud_provider
       type: string
       default: aws
@@ -90,190 +84,6 @@ spec:
       description: Set to 'install' to set up a Db2 instance for AI Service
       default: "none"
 
-    ################# Gitops Parameters
-    - name: git_branch
-      type: string
-    - name: git_commit_msg
-      type: string
-    - name: github_host
-      type: string
-    - name: github_org
-      type: string
-    - name: github_repo
-      type: string  
-
-    ################# DB2 Parameters
-    - name: db2_meta_storage_class
-      type: string
-    - name: db2_temp_storage_class
-      type: string
-    - name: db2_logs_storage_class
-      type: string
-    - name: db2_audit_logs_storage_class
-      type: string
-    - name: db2_archivelogs_storage_class
-      type: string
-    - name: db2_data_storage_class
-      type: string
-    - name: db2_backup_storage_class
-      type: string
-    - name: db2_meta_storage_size
-      type: string
-    - name: db2_temp_storage_size
-      type: string
-    - name: db2_logs_storage_size
-      type: string
-    - name: db2_audit_logs_storage_size
-      type: string
-    - name: db2_archivelogs_storage_size
-      type: string
-    - name: db2_data_storage_size
-      type: string
-    - name: db2_backup_storage_size
-      type: string
-    - name: db2_version
-      type: string
-    - name: db2_instance_registry_yaml
-      type: string
-    - name: db2_instance_dbm_config_yaml
-      type: string
-    - name: db2_addons_audit_config_yaml
-      type: string
-    - name: db2_database_db_config_yaml
-      type: string
-    - name: db2_table_org
-      type: string
-    - name: db2_mln_count
-      type: string
-    - name: db2_num_pods
-      type: string
-    - name: db2_meta_storage_accessmode
-      type: string
-    - name: db2_data_storage_accessmode
-      type: string
-    - name: db2_backup_storage_accessmode
-      type: string
-    - name: db2_logs_storage_accessmode
-      type: string
-    - name: db2_audit_logs_storage_accessmode
-      type: string
-    - name: db2_temp_storage_accessmode
-      type: string
-    - name: db2_archivelogs_storage_accessmode
-      type: string
-    - name: db2_cpu_requests
-      type: string
-    - name: db2_cpu_limits
-      type: string
-    - name: db2_memory_requests
-      type: string
-    - name: db2_memory_limits
-      type: string
-    - name: db2_affinity_key
-      type: string
-    - name: db2_affinity_value
-      type: string
-    - name: db2_tolerate_key
-      type: string
-    - name: db2_tolerate_value
-      type: string
-    - name: db2_tolerate_effect
-      type: string
-    - name: db2_timezone
-      type: string
-    - name: db2_tls_version
-      type: string
-    - name: db2_addons_audit_config_yaml_aiservice
-      type: string
-    - name: db2_affinity_key_aiservice
-      type: string
-    - name: db2_affinity_value_aiservice
-      type: string
-    - name: db2_archivelogs_storage_accessmode_aiservice
-      type: string
-    - name: db2_archivelogs_storage_class_aiservice
-      type: string
-    - name: db2_archivelogs_storage_size_aiservice
-      type: string
-    - name: db2_audit_logs_storage_accessmode_aiservice
-      type: string
-    - name: db2_audit_logs_storage_class_aiservice
-      type: string
-    - name: db2_audit_logs_storage_size_aiservice
-      type: string
-    - name: db2_backup_notify_slack_url_aiservice
-      type: string
-    - name: db2_backup_storage_accessmode_aiservice
-      type: string
-    - name: db2_backup_storage_class_aiservice
-      type: string
-    - name: db2_backup_storage_size_aiservice
-      type: string
-    - name: db2_cpu_limits_aiservice
-      type: string
-    - name: db2_cpu_requests_aiservice
-      type: string
-    - name: db2_data_storage_accessmode_aiservice
-      type: string
-    - name: db2_data_storage_class_aiservice
-      type: string
-    - name: db2_data_storage_size_aiservice
-      type: string
-    - name: db2_database_db_config_yaml_aiservice
-      type: string
-    - name: db2_instance_dbm_config_yaml_aiservice
-      type: string
-    - name: db2_instance_registry_yaml_aiservice
-      type: string
-    - name: db2_logs_storage_accessmode_aiservice
-      type: string
-    - name: db2_logs_storage_class_aiservice
-      type: string
-    - name: db2_logs_storage_size_aiservice
-      type: string
-    - name: db2_memory_limits_aiservice
-      type: string
-    - name: db2_memory_requests_aiservice
-      type: string
-    - name: db2_meta_storage_accessmode_aiservice
-      type: string
-    - name: db2_meta_storage_class_aiservice
-      type: string
-    - name: db2_meta_storage_size_aiservice
-      type: string
-    - name: db2_mln_count_aiservice
-      type: string
-    - name: db2_num_pods_aiservice
-      type: string
-    - name: db2_subscription_install_plan
-      type: string
-    - name: db2_table_org_aiservice
-      type: string
-    - name: db2_temp_storage_accessmode_aiservice
-      type: string
-    - name: db2_temp_storage_class_aiservice
-      type: string
-    - name: db2_temp_storage_size_aiservice 
-      type: string
-    - name: db2_timezone_aiservice
-      type: string
-    - name: db2_tls_version_aiservice
-      type: string
-    - name: db2_tolerate_key_aiservice
-      type: string
-    - name: db2_tolerate_value_aiservice
-      type: string
-    - name: db2_version_aiservice
-      type: string
-    - name: mas_instance_id
-      type: string
-    - name: region
-      type: string
-    - name: db2_channel
-      type: string
-    - name: db2_tolerate_effect_aiservice
-      type: string
-
   tasks:
 {% if wait_for_provision == true %}
     # 0. Wait for the provsion pipeline to complete
@@ -306,8 +116,6 @@ spec:
         {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
         - name: cluster_name
           value: $(params.cluster_name)
-        - name: aiservice_instance_id
-          value: $(params.aiservice_instance_id)
         - name: cloud_provider
           value: $(params.cloud_provider)
         - name: avp_aws_secret_key
@@ -382,8 +190,6 @@ spec:
           value: $(params.mas_instance_id)
         - name: db2_channel
           value: $(params.db2_channel)
-        - name: db2_subscription_install_plan
-          value: $(params.db2_subscription_install_plan)
       workspaces:
       - name: configs
         workspace: configs
@@ -407,96 +213,8 @@ spec:
         - name: mas_app_id
           value: aiservice
 
-        - name: db2_meta_storage_class
-          value: $(params.db2_meta_storage_class_aiservice)
-        - name: db2_temp_storage_class
-          value: $(params.db2_temp_storage_class_aiservice)
-        - name: db2_logs_storage_class
-          value: $(params.db2_logs_storage_class_aiservice)
-        - name: db2_audit_logs_storage_class
-          value: $(params.db2_audit_logs_storage_class_aiservice)
-        - name: db2_data_storage_class
-          value: $(params.db2_data_storage_class_aiservice)
-        - name: db2_backup_storage_class
-          value: $(params.db2_backup_storage_class_aiservice)
-        - name: db2_archivelogs_storage_class
-          value: $(params.db2_archivelogs_storage_class_aiservice)
-
-        - name: db2_meta_storage_size
-          value: $(params.db2_meta_storage_size_aiservice)
-        - name: db2_temp_storage_size
-          value: $(params.db2_temp_storage_size_aiservice)
-        - name: db2_logs_storage_size
-          value: $(params.db2_logs_storage_size_aiservice)
-        - name: db2_audit_logs_storage_size
-          value: $(params.db2_audit_logs_storage_size_aiservice)
-        - name: db2_data_storage_size
-          value: $(params.db2_data_storage_size_aiservice)
-        - name: db2_backup_storage_size
-          value: $(params.db2_backup_storage_size_aiservice)
-        - name: db2_archivelogs_storage_size
-          value: $(params.db2_archivelogs_storage_size_aiservice)
-
-        - name: db2_version
-          value: $(params.db2_version_aiservice)
-        - name: db2_tls_version
-          value: $(params.db2_tls_version_aiservice)
-        - name: db2_instance_registry_yaml
-          value: $(params.db2_instance_registry_yaml_aiservice)
-        - name: db2_instance_dbm_config_yaml
-          value: $(params.db2_instance_dbm_config_yaml_aiservice)
-        - name: db2_database_db_config_yaml
-          value: $(params.db2_database_db_config_yaml_aiservice)
-        - name: db2_addons_audit_config_yaml
-          value: $(params.db2_addons_audit_config_yaml_aiservice)
-        - name: db2_table_org
-          value: $(params.db2_table_org_aiservice)
-        - name: db2_mln_count
-          value: $(params.db2_mln_count_aiservice)
-        - name: db2_num_pods
-          value: $(params.db2_num_pods_aiservice)
-        - name: db2_meta_storage_accessmode
-          value: $(params.db2_meta_storage_accessmode_aiservice)
-        - name: db2_data_storage_accessmode
-          value: $(params.db2_data_storage_accessmode_aiservice)
-        - name: db2_backup_storage_accessmode
-          value: $(params.db2_backup_storage_accessmode_aiservice)
-        - name: db2_logs_storage_accessmode
-          value: $(params.db2_logs_storage_accessmode_aiservice)
-        - name: db2_audit_logs_storage_accessmode
-          value: $(params.db2_audit_logs_storage_accessmode_aiservice)
-        - name: db2_temp_storage_accessmode
-          value: $(params.db2_temp_storage_accessmode_aiservice)
-        - name: db2_archivelogs_storage_accessmode
-          value: $(params.db2_archivelogs_storage_accessmode_aiservice)
-        - name: db2_cpu_requests
-          value: $(params.db2_cpu_requests_aiservice)
-        - name: db2_cpu_limits
-          value: $(params.db2_cpu_limits_aiservice)
-        - name: db2_memory_requests
-          value: $(params.db2_memory_requests_aiservice)
-        - name: db2_memory_limits
-          value: $(params.db2_memory_limits_aiservice)
-        - name: db2_affinity_key
-          value: $(params.db2_affinity_key_aiservice)
-        - name: db2_affinity_value
-          value: $(params.db2_affinity_value_aiservice)
-        - name: db2_tolerate_key
-          value: $(params.db2_tolerate_key_aiservice)
-        - name: db2_tolerate_value
-          value: $(params.db2_tolerate_value_aiservice)
-        - name: db2_tolerate_effect
-          value: $(params.db2_tolerate_effect_aiservice)
         - name: jdbc_route
           value: $(params.jdbc_route_aiservice)
-        - name: db2_timezone
-          value: $(params.db2_timezone_aiservice)
-        - name: db2_backup_notify_slack_url
-          value: $(params.db2_backup_notify_slack_url_aiservice)
-        - name: auto_backup
-          value: $(params.auto_backup_aiservice)
-        - name: allow_list
-          value: $(params.allow_list)
 
       workspaces:
         - name: configs

From dde01631eaaee7ebca95c5a9d72b3114617c8395 Mon Sep 17 00:00:00 2001
From: Darshan Pandya <darshan.pandya@ibm.com>
Date: Wed, 12 Nov 2025 14:08:27 +0530
Subject: [PATCH 205/258] removed jdbc & db2u tasks from gitops-aiservice-deps
 pipeline

---
 .../gitops/gitops-aiservice-deps.yml.j2       | 121 +-----------------
 1 file changed, 1 insertion(+), 120 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 69db9ba51a0..1dedc9d0d91 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -56,19 +56,6 @@ spec:
       description: efs action to be performed (provision or deprovision)
       default: ""
 
-    - name: jdbc_type_aiservice
-      type: string
-    - name: jdbc_instance_name_aiservice
-      type: string
-    - name: jdbc_connection_url_aiservice
-      type: string
-      default: ""
-    - name: jdbc_certificate_file_aiservice
-      type: string
-      default: ""
-    - name: jdbc_route_aiservice
-      type: string
-      default: ""
     - name: mas_app_channel_aiservice
       type: string
       default: ""
@@ -79,10 +66,6 @@ spec:
     - name: cluster_url
       type: string
       default: ""
-    - name: db2_action_aiservice
-      type: string
-      description: Set to 'install' to set up a Db2 instance for AI Service
-      default: "none"
 
   tasks:
 {% if wait_for_provision == true %}
@@ -140,6 +123,7 @@ spec:
 
     - name: gitops-provision-mongo
       runAfter:
+        - gitops-efs
       params:
         - name: cluster_name
           value: $(params.cluster_name)
@@ -171,106 +155,3 @@ spec:
         - input: "$(params.mongodb_action)"
           operator: notin
           values: [""]
-
-    # Install DB2 database
-    - name: gitops-provision-db2u
-      runAfter:
-        - gitops-provision-mongo
-      params:
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
-
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}        
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: account
-          value: $(params.account)
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-        - name: db2_channel
-          value: $(params.db2_channel)
-      workspaces:
-      - name: configs
-        workspace: configs
-      taskRef:
-        kind: Task
-        name: gitops-db2u
-
-    # DB2 for AI Service
-    - name: gitops-db2u-database-aiservice
-      runAfter:
-        - gitops-provision-db2u
-      params:
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
-
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
-        
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
-
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-        - name: mas_app_id
-          value: aiservice
-
-        - name: jdbc_route
-          value: $(params.jdbc_route_aiservice)
-
-      workspaces:
-        - name: configs
-          workspace: configs
-        - name: shared-gitops-configs
-          workspace: shared-gitops-configs
-      taskRef:
-        kind: Task
-        name: gitops-db2u-database
-      when:
-        - input: "$(params.db2_action_aiservice)"
-          operator: notin
-          values: [""]
-        - input: "$(params.jdbc_type_aiservice)"
-          operator: in
-          values: ["incluster-db2"]
-        - input: "$(params.mas_app_channel_aiservice)"
-          operator: notin
-          values: [""]
-
-    - name: gitops-jdbc-config-aiservice
-      runAfter:
-        - gitops-db2u-database-aiservice
-      params:
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
-
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
-        
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
-
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-        - name: mas_app_id
-          value: aiservice
-        - name: mas_config_scope
-          value: system
-        - name: jdbc_type
-          value: $(params.jdbc_type_aiservice)
-        - name: jdbc_instance_name
-          value: $(params.jdbc_instance_name_aiservice)
-        - name: jdbc_connection_url
-          value: $(params.jdbc_connection_url_aiservice)
-        - name: jdbc_certificate_file
-          value: $(params.jdbc_certificate_file_aiservice)
-      workspaces:
-        - name: configs
-          workspace: configs
-        - name: shared-gitops-configs
-          workspace: shared-gitops-configs
-      taskRef:
-        kind: Task
-        name: gitops-jdbc-config
-      when:
-        - input: "$(params.jdbc_type_aiservice)"
-          operator: notin
-          values: [""]
-        - input: "$(params.mas_app_channel_aiservice)"
-          operator: notin
-          values: [""]

From ef0fc9cf5e55a466f95141e7b31037a94bd309ef Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 12 Nov 2025 10:01:38 -0500
Subject: [PATCH 206/258] Removed unused workspace from gitops-aiservice-deps

---
 tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 1dedc9d0d91..9fa7407dcbe 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -11,7 +11,6 @@ spec:
   description: MAS Cluster off-cluster dependencies
   workspaces:
     - name: configs
-    - name: shared-gitops-configs
   params:
 {% if wait_for_provision == true %}
       # Name of the PipelineRun to wait for

From 30a4ecd9db021de89871c81781114037161a46bc Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 12 Nov 2025 12:21:25 -0500
Subject: [PATCH 207/258] Added mas_instance_id to. gitops-efs

---
 tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 9fa7407dcbe..0e90ef8acb7 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -65,6 +65,8 @@ spec:
     - name: cluster_url
       type: string
       default: ""
+    - name: mas_instance_id
+      type: string
 
   tasks:
 {% if wait_for_provision == true %}
@@ -106,6 +108,8 @@ spec:
           value: $(params.avp_aws_access_key)
         - name: efs_action
           value: $(params.efs_action)
+        - name: mas_instance_id
+          value: $(params.mas_instance_id)
       workspaces:
         - name: configs
           workspace: configs

From ed218c210dd320d9dc45a5dc750f4c79dd518c77 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 7 Jan 2026 11:11:09 -0500
Subject: [PATCH 208/258] [patch] Added EOF character to
 gitops-deprovision-kmodel

---
 tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
index 936d5f03975..6d1bd871a4d 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
@@ -85,4 +85,5 @@ spec:
       imagePullPolicy: IfNotPresent
       image: quay.io/ibmmas/cli:latest
   workspaces:
-    - name: configs
\ No newline at end of file
+    - name: configs
+    
\ No newline at end of file

From 028f12e0d2c80a15025dc43420acb6b44a45e226 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 7 Jan 2026 12:14:11 -0500
Subject: [PATCH 209/258] cherry-pick fcd5d181f1 conflict

---
 .secrets.baseline | 132 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 130 insertions(+), 2 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 50801399560..455837c4d73 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2025-11-10T18:05:34Z",
+  "generated_at": "2026-01-07T17:11:22Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -107,6 +107,16 @@
         "verified_result": null
       }
     ],
+    "docs/commands/setup-registry.md": [
+      {
+        "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 31,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "docs/guides/image-mirroring.md": [
       {
         "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
@@ -263,6 +273,66 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/functions/gitops_aiservice": [
+      {
+        "hashed_secret": "6ffb91fd9c01e69b8e9093d84439c8b88dd8fe35",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 75,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "0ded7396e06414c0d5fb316e08aec58ca4394378",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 91,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "db40a6131d9b574bb057875df98fb03f9874d5b4",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 92,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "6fbaa59234a602571baf17a51592b436b33f8491",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 93,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "bd1b0b7f343605538b1da78056db3a7bddf3f807",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 96,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 313,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_aiservice_tenant": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 338,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/functions/gitops_bootstrap": [
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
@@ -333,6 +403,26 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/functions/gitops_deprovision_aiservice": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 180,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_deprovision_aiservice_tenant": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 182,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/functions/gitops_deprovision_cos": [
       {
         "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
@@ -711,6 +801,44 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant-base.yaml.j2": [
+      {
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 21,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2": [
+      {
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 37,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice.yaml.j2": [
+      {
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 38,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 42,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2": [
       {
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
@@ -932,7 +1060,7 @@
       }
     ]
   },
-  "version": "0.13.1+ibm.64.dss",
+  "version": "0.13.1+ibm.62.dss",
   "word_list": {
     "file": null,
     "hash": null

From 3663b89a2e83a417de44fec5f7b5529634635763 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 7 Jan 2026 12:31:55 -0500
Subject: [PATCH 210/258] cherry-pick bb95038ced conflict

---
 .secrets.baseline | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 455837c4d73..22ba44c5d89 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-01-07T17:11:22Z",
+  "generated_at": "2026-01-07T17:29:26Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -773,7 +773,7 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2": [
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2": [
       {
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,

From 361887fd4982da06f7aea7139d48edbe6fa8a964 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Tue, 20 Jan 2026 10:27:52 -0500
Subject: [PATCH 211/258] cherry-pick 300486a86c conflict

---
 .../tasks/gitops/gitops-mas-initiator.yml.j2  | 56 +++++++++----------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index 5036c6ec9aa..d94a3de98d1 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -401,44 +401,44 @@ spec:
         export MASDOMAIN=$MAS_INSTANCE_ID.apps.$DOMAIN
         export APPSDOMAIN=apps.$DOMAIN
 
-        yq -i '.mas_instance.domain = env(MASDOMAIN)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+        yq -i '.mas_instance.domain = env(MASDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
 
         # Update the ocp server url & ingress domain url in the cluster-params.yaml.
-        yq -i '.cluster.url = env(OCP_SERVER)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
-        yq -i '.cluster.domain = env(APPSDOMAIN)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+        yq -i '.cluster.url = env(OCP_SERVER)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+        yq -i '.cluster.domain = env(APPSDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
 
         # Update the provisioner_domain in cluster-params.yaml.
-        yq -i '(. | select(has("mas_provisioner")) |  .mas_provisioner.provisioner_domain) = env(APPSDOMAIN)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+        yq -i '(. | select(has("mas_provisioner")) |  .mas_provisioner.provisioner_domain) = env(APPSDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
 
         # Update the channel in the mas-instance-params.yaml. 
-        yq -i '.mas_instance.channel = env(MAS_CHANNEL)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+        yq -i '.mas_instance.channel = env(MAS_CHANNEL)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
 
         # Update the operationalmode in the mas-instance-params.yaml.
-        yq -i '.mas_instance.annotations."mas.ibm.com/operationalMode" = env(MAS_OPERATIONALMODE)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+        yq -i '.mas_instance.annotations."mas.ibm.com/operationalMode" = env(MAS_OPERATIONALMODE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
 
         # Remove dns node when DNS_PROVIDER_CONTROL_IDEN is not set
         if [ "${DNS_PROVIDER_CONTROL_IDEN}" == "" ]; then
-          yq -i 'del(.dns)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
-          yq -i 'del(.cluster.dns)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
-          echo "gitops-mas-initiator: removed .dns / .cluster.dns node from gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml & gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
+          yq -i 'del(.dns)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+          yq -i 'del(.cluster.dns)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+          echo "gitops-mas-initiator: removed .dns / .cluster.dns node from $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml & gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
         fi
 
         # Deploy fvtsaas with CIS as DNS provider and Manual_certs=True on Mon, Tue, Wed, Thu, Fri
         # Deploy fvtsaas with CIS as DNS provider and Manual_certs=False on Sun
 
-        yq -i '.mas_instance.manual_cert_mgmt = env(MANUAL_CERTS_CONTROL_FLAG)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+        yq -i '.mas_instance.manual_cert_mgmt = env(MANUAL_CERTS_CONTROL_FLAG)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
         echo "gitops-mas-initiator: .mas_instance.manual_cert_mgmt set to $MANUAL_CERTS_CONTROL_FLAG"
 
 
         if [[ "${DNS_PROVIDER_CONTROL_IDEN}" == "cis" ]]; then
-          yq -i '.cluster.dns.provider = env(DNS_PROVIDER_CONTROL_IDEN)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
-          echo "gitops-mas-initiator: .cluster.dns.provider set to $DNS_PROVIDER_CONTROL_IDEN in gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
+          yq -i '.cluster.dns.provider = env(DNS_PROVIDER_CONTROL_IDEN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+          echo "gitops-mas-initiator: .cluster.dns.provider set to $DNS_PROVIDER_CONTROL_IDEN in $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
         fi
 
         #customizationList customizationArchive credentials
-        if [ -f "gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml" ]; then
+        if [ -f "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml" ]; then
 
-          MAS_APPWS_SPEC_YAML=gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml
+          MAS_APPWS_SPEC_YAML=$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml
           secret_names=$(yq eval '.mas_appws_spec.settings.customizationList | to_entries | .[].value.customizationArchiveCredentials.secretName' ${MAS_APPWS_SPEC_YAML})
           for customization_archive_secret_name in ${secret_names[@]}; do
 
@@ -471,43 +471,43 @@ spec:
         fi
         # Update the app channels in the mas-apps-params.yaml.
         if [ -n $MAS_APP_CHANNEL_ASSIST ]; then
-          yq -i '(. | select(has("assist")) |  .assist.app_channel) = env(MAS_APP_CHANNEL_ASSIST)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          yq -i '(. | select(has("assist")) |  .assist.app_channel) = env(MAS_APP_CHANNEL_ASSIST)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
           # Assist not supported in v8 due to no CP4D WD support
           if [[ "$MAS_APP_CHANNEL_ASSIST" =~ ^8\. ]]; then
-            yq -i 'del(.assist)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+            yq -i 'del(.assist)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
             echo "gitops-mas-initiator: removed .assist node"
-            yq -i '.launchfvt.assist = false' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
+            yq -i '.launchfvt.assist = false' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
             echo "gitops-mas-initiator: set .launchfvt.assist to false"
           fi
         fi
         if [ -n $MAS_APP_CHANNEL_FACILITIES ]; then
-          yq -i '(. | select(has("facilities")) |  .facilities.app_channel) = env(MAS_APP_CHANNEL_FACILITIES)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          yq -i '(. | select(has("facilities")) |  .facilities.app_channel) = env(MAS_APP_CHANNEL_FACILITIES)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
         fi
         if [ -n $MAS_APP_CHANNEL_IOT ]; then
-          yq -i '(. | select(has("iot")) |  .iot.app_channel) = env(MAS_APP_CHANNEL_IOT)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          yq -i '(. | select(has("iot")) |  .iot.app_channel) = env(MAS_APP_CHANNEL_IOT)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
         fi
         if [ -n $MAS_APP_CHANNEL_MANAGE ]; then
-          yq -i '(. | select(has("manage")) |  .manage.app_channel) = env(MAS_APP_CHANNEL_MANAGE)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          yq -i '(. | select(has("manage")) |  .manage.app_channel) = env(MAS_APP_CHANNEL_MANAGE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
         fi
         if [ -n $MAS_APP_CHANNEL_MONITOR ]; then
-          yq -i '(. | select(has("monitor")) |  .monitor.app_channel) = env(MAS_APP_CHANNEL_MONITOR)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          yq -i '(. | select(has("monitor")) |  .monitor.app_channel) = env(MAS_APP_CHANNEL_MONITOR)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
         fi
         if [ -n $MAS_APP_CHANNEL_OPTIMIZER ]; then
-          yq -i '(. | select(has("optimizer")) |  .optimizer.app_channel) = env(MAS_APP_CHANNEL_OPTIMIZER)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          yq -i '(. | select(has("optimizer")) |  .optimizer.app_channel) = env(MAS_APP_CHANNEL_OPTIMIZER)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
         fi
         if [ -n $MAS_APP_CHANNEL_PREDICT ]; then
-          yq -i '(. | select(has("predict")) |  .predict.app_channel) = env(MAS_APP_CHANNEL_PREDICT)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          yq -i '(. | select(has("predict")) |  .predict.app_channel) = env(MAS_APP_CHANNEL_PREDICT)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
         fi
         if [ -n $MAS_APP_CHANNEL_VISUALINSPECTION ]; then
-          yq -i '(. | select(has("visualinspection")) |  .visualinspection.app_channel) = env(MAS_APP_CHANNEL_VISUALINSPECTION)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          yq -i '(. | select(has("visualinspection")) |  .visualinspection.app_channel) = env(MAS_APP_CHANNEL_VISUALINSPECTION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
         fi
         if [ -n $MAS_APP_CHANNEL_AISERVICE ]; then
-          yq -i '(. | select(has("aiservice")) |  .aiservice.app_channel) = env(MAS_APP_CHANNEL_AISERVICE)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID/mas-apps-params.yaml
+          yq -i '(. | select(has("aiservice")) |  .aiservice.app_channel) = env(MAS_APP_CHANNEL_AISERVICE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID/mas-apps-params.yaml
         fi
         # Update the cli_version and ansible_fvt ansible version if mas_fvt_params exists
-        if [ -f gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml ]; then
-          yq -i '.fvt.cli_version = env(CLI_VERSION)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
-          yq -i '.fvt.ansible_version = env(FVT_ANSIBLE_VERSION)' gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
+        if [ -f $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml ]; then
+          yq -i '.fvt.cli_version = env(CLI_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
+          yq -i '.fvt.ansible_version = env(FVT_ANSIBLE_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
         fi
 
         # Check if CENTRALISED_SLS is set to true

From 36ee444c0d34fbfc8bf6ca7b7615a7f6331cbe7b Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Thu, 22 Jan 2026 13:37:37 -0500
Subject: [PATCH 212/258] cherry-pick fb44ae45c9 conflict

---
 .../functions/gitops_deprovision_kmodel       |  10 +-
 .../mascli/functions/gitops_deprovision_odh   |  10 +-
 image/cli/mascli/functions/gitops_kmodel      |  16 +-
 image/cli/mascli/functions/gitops_odh         | 146 ++++--------------
 .../cluster/instance/ibm-kmodel.yaml.j2       |   4 +-
 .../gitops/gitops-mas-initiator.yml.j2        |   6 +-
 .../gitops/gitops-deprovision-kmodel.yml.j2   |   6 +-
 .../gitops/gitops-deprovision-odh.yml.j2      |   6 +-
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2  |   6 +-
 .../tasks/gitops/gitops-mas-initiator.yml.j2  |  23 +--
 tekton/src/tasks/gitops/gitops-odh.yml.j2     |   6 +-
 11 files changed, 76 insertions(+), 163 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_deprovision_kmodel b/image/cli/mascli/functions/gitops_deprovision_kmodel
index e380eb51be3..49be58dadc7 100644
--- a/image/cli/mascli/functions/gitops_deprovision_kmodel
+++ b/image/cli/mascli/functions/gitops_deprovision_kmodel
@@ -21,7 +21,7 @@ Secrets Manager:
       --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
 
 ibm_kmodel(required):
-  -i, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                              AI Broker instance ID  
+  -i, --aiservice-instance-id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET}                              AI Broker instance ID  
 
 Automatic GitHub Push (Optional):
   -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
@@ -79,7 +79,7 @@ function gitops_deprovision_kmodel_noninteractive() {
 
       # kmodel - all input params default + sm
       --aibroker-instance-id)
-        export AIBROKER_INSTANCE_ID=$1 && shift
+        export AISERVICE_INSTANCE_ID=$1 && shift
         ;;
 
       # Automatic GitHub Push
@@ -132,7 +132,7 @@ function gitops_deprovision_kmodel_noninteractive() {
   fi
 
   # add validation for those variable which have the value needed for further execution
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_deprovision_kmodel_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
+  [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_deprovision_kmodel_help "AISERVICE_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --AISERVICE_INSTANCE_ID."
 }
 
 function gitops_deprovision_kmodel() {
@@ -152,7 +152,7 @@ function gitops_deprovision_kmodel() {
 
   # Prepare directories
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AISERVICE_INSTANCE_ID}
   
   echo
   reset_colors
@@ -192,7 +192,7 @@ function gitops_deprovision_kmodel() {
 
   # echo all the variables of gitops envs
   
-  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}"
   
 
   echo "${TEXT_DIM}"
diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index 05a0bc4f562..6ab7fa9f63d 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -15,7 +15,7 @@ GitOps Configuration:
   -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}         Directory for GitOps repository
   -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}          Account name that the cluster belongs to
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}          Cluster ID
-  -i, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                    AI Broker instance ID  
+  -i, --aibroker-instance-id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET}                    AI Broker instance ID  
 
 
 Secrets Manager:
@@ -77,7 +77,7 @@ function gitops_deprovision_odh_noninteractive() {
         export SECRETS_PATH=$1 && shift
         ;;
       --aibroker-instance-id)
-        export AIBROKER_INSTANCE_ID=$1 && shift
+        export AISERVICE_INSTANCE_ID=$1 && shift
         ;;
       # Automatic GitHub Push
       -P|--github-push)
@@ -128,7 +128,7 @@ function gitops_deprovision_odh_noninteractive() {
     [[ -z "$GIT_BRANCH" ]] && gitops_deprovision_odh_help "GIT_BRANCH is not set"
   fi
 
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_deprovision_odh_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
+  [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_deprovision_odh_help "AISERVICE_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --AISERVICE_INSTANCE_ID."
 }
 
 function gitops_deprovision_odh() {
@@ -147,7 +147,7 @@ function gitops_deprovision_odh() {
   trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
 
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AISERVICE_INSTANCE_ID}
 
 
 
@@ -188,7 +188,7 @@ function gitops_deprovision_odh() {
   reset_colors
 
   # echo all the variables of gitops envs
-  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}"
   
 
   #secrets path in aws 
diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index bc90d4a04ed..714f7a1e972 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -21,7 +21,7 @@ Secrets Manager:
       --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
 
 ibm_kmodel(required):
-      --aibroker_instance_id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                                           The AI Broker instance ID
+      --aiservice_instance_id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET}                                           The AI Broker instance ID
       --primary-storage-class ${COLOR_YELLOW}PRIMARY_STORAGE_CLASS${TEXT_RESET}                                         Kubernetes storage class to be used for provisioning persistent volumes
       --mas-aibroker-storage-templates-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}         Storage templates bucket for Kmodels role
       --mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}         Storage piplines bucket for Kmodels role
@@ -72,12 +72,12 @@ function gitops_kmodel_noninteractive() {
   export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
 
   #adding default values 
-  export AIBROKER_INTERNAL_TLS=${AIBROKER_INTERNAL_TLS:-"${AIBROKER_INSTANCE_ID}-internal-aibroker-tls"}
-  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${AIBROKER_INSTANCE_ID}-aibroker"}
+  export AIBROKER_INTERNAL_TLS=${AIBROKER_INTERNAL_TLS:-"${AISERVICE_INSTANCE_ID}-internal-aibroker-tls"}
+  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${AISERVICE_INSTANCE_ID}-aibroker"}
   export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}
   export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
   export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
-  export SSH_SECRET_NAME=${SSH_SECRET_NAME:-"${AIBROKER_INSTANCE_ID}-kmodel-aibroker-tls"}
+  export SSH_SECRET_NAME=${SSH_SECRET_NAME:-"${AISERVICE_INSTANCE_ID}-kmodel-aibroker-tls"}
   export MAS_AIBROKER_TENANT_NAME=${MAS_AIBROKER_TENANT_NAME:-"user"}
   export TENANT_NAMESPACE=${TENANT_NAMESPACE:-"aibroker-${MAS_AIBROKER_TENANT_NAME}"}
   export MAS_AIBROKER_PROVISION_TENANT=${MAS_AIBROKER_PROVISION_TENANT:-"provision-tenant"}
@@ -126,7 +126,7 @@ function gitops_kmodel_noninteractive() {
 
       # kmodel - all input params default + sm
       --aibroker-instance-id)
-        export AIBROKER_INSTANCE_ID=$1 && shift
+        export AISERVICE_INSTANCE_ID=$1 && shift
         ;;
 
       --aibroker-internal-tls)
@@ -289,7 +289,7 @@ function gitops_kmodel_noninteractive() {
   fi
 
   # add validation for those variable which have the value needed for further execution
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_kmodel_help "AIBROKER_INSTANCE_ID is not set. Please provide the AI Broker instance ID using --aibroker-instance-id."
+  [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_kmodel_help "AISERVICE_INSTANCE_ID is not set. Please provide the AI Broker instance ID using --aibroker-instance-id."
   [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_kmodel_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
   [[ -z "$IMAGE_STORE" ]] && gitops_kmodel_help "IMAGE_STORE is not set. Please provide the image store using --image-store."
   [[ -z "$IMAGE_WATCHER" ]] && gitops_kmodel_help "IMAGE_WATCHER is not set. Please provide the image watcher using --image-watcher."
@@ -314,7 +314,7 @@ function gitops_kmodel() {
 
   # Prepare directories
   mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AISERVICE_INSTANCE_ID}
   
   echo
   reset_colors
@@ -356,7 +356,7 @@ function gitops_kmodel() {
 
   echo "${TEXT_DIM}"
   echo_h2 "kmodel" "    "
-  echo_reset_dim "AI Broker Instance Id ............................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
+  echo_reset_dim "AI Broker Instance Id ............................. ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}"
   echo_reset_dim "AI Broker Internal TLS ............................ ${COLOR_MAGENTA}${AIBROKER_INTERNAL_TLS}"
   echo_reset_dim "AI Broker Namespace ............................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
   echo_reset_dim "MAS AI Broker Storage Provider .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index bc902a6eb0a..5472956921c 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -15,12 +15,16 @@ GitOps Configuration:
   -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}            Account name that the cluster belongs to
   -r, --region-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}             Region ID
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}            Cluster ID
-  -m, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}  AI Broker Instance ID
+  -m, --aiservice-instance-id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET}  AI Service Instance ID
 
 Secrets Manager:
       --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                    Secrets Manager path
       --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}  Secrets Manager key seperator string
 
+ibm aiservice(required):
+      --aiservice-namespace ${TEXT_RESET}AISERVICE_NAMESPACE${TEXT_RESET}
+      --aiservice-instance-id ${TEXT_RESET}AISERVICE_INSTANCE_ID${TEXT_RESET}
+
 ODH Configuration:
       --odh-channel
       --odh-catalog-source
@@ -29,11 +33,11 @@ ODH Configuration:
       --pull-secret-name
       --opendatahub-name
       --opendatahub-operator-group
-      --opendatahub-installplan
+      --odh-install-plan
       --opendatahub-channel
       --opendatahub-source
       --opendatahub-source-namespace
-
+      --aiservice-odh-model-deployment-type
 Pipeline Configuration:
       --odh-pipeline-name
       --odh-pipeline-namespace
@@ -118,13 +122,7 @@ function gitops_odh_noninteractive() {
   export ODH_OPERATOR_VERSION="${ODH_OPERATOR_VERSION:-"opendatahub-operator.v2.19.0"}"
   export ODH_NAMESPACE="${ODH_NAMESPACE:-"opendatahub"}"
 
-  export AIBROKER_NAMESPACE="${AIBROKER_NAMESPACE:-"mas-${AIBROKER_INSTANCE_ID}-aibroker"}"
-
-  export ODH_PIPELINE_NAME="${ODH_PIPELINE_NAME:-"openshift-pipelines-operator"}"
-  export ODH_PIPELINE_NAMESPACE="${ODH_PIPELINE_NAMESPACE:-"openshift-operators"}"
-  export ODH_PIPELINE_OPERATOR_NAME="${ODH_PIPELINE_OPERATOR_NAME:-"openshift-pipelines-operator-rh"}"
-  export ODH_PIPELINE_SOURCE="${ODH_PIPELINE_SOURCE:-"redhat-operators"}"
-  export ODH_PIPELINE_SOURCE_NAMESPACE="${ODH_PIPELINE_SOURCE_NAMESPACE:-"openshift-marketplace"}"
+  export AISERVICE_NAMESPACE="${AISERVICE_NAMESPACE:-"${AISERVICE_INSTANCE_ID}-aiservice"}"
 
   export SERVERLESS_NAMESPACE="${SERVERLESS_NAMESPACE:-"openshift-serverless"}"
   export SERVERLESS_OPERATOR_NAME="${SERVERLESS_OPERATOR_NAME:-"serverless-operator"}"
@@ -134,17 +132,15 @@ function gitops_odh_noninteractive() {
   export OPENDATAHUB_OPERATORGROUP_NAME="${OPENDATAHUB_OPERATORGROUP_NAME:-"opendatahub-operator-group"}"
   export OPENDATAHUB_NAME="${OPENDATAHUB_NAME:-"opendatahub-operator"}"
   export OPENDATAHUB_NAMESPACE="${OPENDATAHUB_NAMESPACE:-"opendatahub"}"
-  export OPENDATAHUB_INSTALLPLAN_APPROVAL="${OPENDATAHUB_INSTALLPLAN_APPROVAL:-"Manual"}"
+  export ODH_INSTALL_PLAN="${ODH_INSTALL_PLAN:-"Automatic"}"
   export OPENDATAHUB_CHANNEL="${OPENDATAHUB_CHANNEL:-"fast"}"
   export OPENDATAHUB_SOURCE="${OPENDATAHUB_SOURCE:-"community-operators"}"
   export OPENDATAHUB_SOURCE_NAMESPACE="${OPENDATAHUB_SOURCE_NAMESPACE:-"openshift-marketplace"}"
-
-  export MAS_AIBROKER_STORAGE_PROVIDER="${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}"
-  export MAS_AIBROKER_STORAGE_SSL="${MAS_AIBROKER_STORAGE_SSL:-"true"}"
-  export MAS_AIBROKER_STORAGE_REGION="${MAS_AIBROKER_STORAGE_REGION:-"us-east-2"}"
+  export AISERVICE_STORAGE_PROVIDER="${AISERVICE_STORAGE_PROVIDER:-"aws"}"
+  export AISERVICE_STORAGE_SSL="${AISERVICE_STORAGE_SSL:-"true"}"
+  export AISERVICE_STORAGE_REGION="${AISERVICE_STORAGE_REGION:-""}"
   export PRIMARY_STORAGE_CLASS="${PRIMARY_STORAGE_CLASS:-"nfs-client"}"
-
-
+  export AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE="${AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE:-"serverless"}"
 
 
   while [[ $# -gt 0 ]]; do
@@ -153,7 +149,7 @@ function gitops_odh_noninteractive() {
       -d|--dir|--gitops-working-dir) export GITOPS_WORKING_DIR="$1"; shift ;;
       -a|--account-id) export ACCOUNT_ID="$1"; shift ;;
       -c|--cluster-id) export CLUSTER_ID="$1"; shift ;;
-      -m|--aibroker-instance-id) export AIBROKER_INSTANCE_ID="$1"; shift ;;
+      -m|--aiservice-instance-id) export AISERVICE_INSTANCE_ID="$1"; shift ;;
 
       # AWS Secrets Manager Configuration
       --sm-aws-secret-region)
@@ -220,8 +216,8 @@ function gitops_odh_noninteractive() {
       --opendatahub-operator-group)
         export OPENDATAHUB_OPERATORGROUP_NAME=$1 && shift
         ;;
-      --opendatahub-installplan)
-        export OPENDATAHUB_INSTALLPLAN_APPROVAL=$1 && shift
+      --odh-install-plan)
+        export ODH_INSTALL_PLAN=$1 && shift
         ;;
       --opendatahub-channel)
         export OPENDATAHUB_CHANNEL=$1 && shift
@@ -235,21 +231,6 @@ function gitops_odh_noninteractive() {
       --opendatahub-source-namespace)
         export OPENDATAHUB_SOURCE_NAMESPACE=$1 && shift
         ;;
-      --odh-pipeline-name)
-        export ODH_PIPELINE_NAME=$1 && shift
-        ;;
-      --odh-pipeline-namespace)
-        export ODH_PIPELINE_NAMESPACE=$1 && shift
-        ;;
-      --odh-pipeline-operator-name)
-        export ODH_PIPELINE_OPERATOR_NAME=$1 && shift
-        ;;
-      --odh-pipeline-source)
-        export ODH_PIPELINE_SOURCE=$1 && shift
-        ;;
-      --odh-pipeline-source-namespace)
-        export ODH_PIPELINE_SOURCE_NAMESPACE=$1 && shift
-        ;;
       --odh-pipeline-channel)
         export ODH_PIPELINE_CHANNEL=$1 && shift
         ;;
@@ -354,7 +335,9 @@ function gitops_odh_noninteractive() {
   [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_odh_help "Missing GITOPS_WORKING_DIR"
   [[ -z "$ACCOUNT_ID" ]] && gitops_odh_help "Missing ACCOUNT_ID"
   [[ -z "$CLUSTER_ID" ]] && gitops_odh_help "Missing CLUSTER_ID"
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_odh_help "Missing AIBROKER_INSTANCE_ID"
+  [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_odh_help "Missing AISERVICE_INSTANCE_ID"
+  [[ -z "$OPENDATAHUB_SOURCE" ]] && gitops_odh_help "Missing OPENDATAHUB_SOURCE"
+  [[ -z "$AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE" ]] && gitops_odh_help "Missing AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE"
 
   if [[ "$GITHUB_PUSH" == "true" ]]; then
     [[ -z "$GITHUB_HOST" ]] && gitops_odh_help "GITHUB_HOST is not set"
@@ -366,7 +349,6 @@ function gitops_odh_noninteractive() {
 }
 
 function gitops_odh() {
-  # Remove the subcommand (e.g., "create-gitops")
   shift
   if [[ $# -gt 0 ]]; then
     gitops_odh_noninteractive "$@"
@@ -382,7 +364,7 @@ function gitops_odh() {
   # Prepare directories
   rm -rf "$GITOPS_WORKING_DIR"
   mkdir -p "${GITOPS_WORKING_DIR}"
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
+  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AISERVICE_INSTANCE_ID}
   
 
   echo
@@ -391,8 +373,9 @@ function gitops_odh() {
   echo_h2 "Target"
   echo_reset_dim "Account ID ............................ ${COLOR_MAGENTA}${ACCOUNT_ID}"
   echo_reset_dim "Cluster ID ............................ ${COLOR_MAGENTA}${CLUSTER_ID}"
-  echo_reset_dim "AI Broker Instance ID ................ ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-
+  echo_reset_dim "AI Service Instance ID ................ ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}"
+  echo_reset_dim "OpenDataHub Source ................... ${COLOR_MAGENTA}${OPENDATAHUB_SOURCE}"
+  echo_reset_dim "AiService Model Deployment Type ...... ${COLOR_MAGENTA}${AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE}"
   echo_reset_dim "Secrets Path .......................... ${COLOR_MAGENTA}${SECRETS_PATH}"
   reset_colors
 
@@ -404,89 +387,20 @@ function gitops_odh() {
   # Set up secret key and fetch secret
   export SECRET_ACCOUNT_PATH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
   export ODH_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage"
-
-
   export SECRET_KEY_IMAGE_PULL_SECRET_B64="${SECRET_ACCOUNT_PATH}ibm_entitlement#image_pull_secret_b64"
 
-  # Storage
-  export SECRET_KEY_SM_STORAGE_ACCESSKEY="${SECRET_ACCOUNT_PATH}storage#sm_storage_accesskey"
-  export SECRET_KEY_SM_STORAGE_SECRETKEY="${SECRET_ACCOUNT_PATH}storage#sm_storage_secretkey"
-  export SECRET_KEY_SM_STORAGE_HOST="${SECRET_ACCOUNT_PATH}storage#sm_storage_host"
-  export SECRET_KEY_SM_STORAGE_PORT="${SECRET_ACCOUNT_PATH}storage#sm_storage_port"
-  export SECRET_KEY_SM_STORAGE_BUCKET_DEFAULT="${SECRET_ACCOUNT_PATH}storage#sm_storage_bucket_pipelines"
-
-  # MariaDB
-  export SECRET_KEY_SM_MARIADB_HOST="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_host"
-  export SECRET_KEY_SM_MARIADB_PORT="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_port"
-  export SECRET_KEY_SM_MARIADB_USER="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_user"
-  export SECRET_KEY_SM_MARIADB_DATABASE="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_database"
-  export SECRET_KEY_SM_MARIADB_SECRET_NAME="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_secret_name"
-  export SECRET_KEY_SM_MARIADB_SECRET_VALUE="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_secret_value"
-
-
-
-  export ODH_SECRET_FILE="$GITOPS_WORKING_DIR/odh-secret.json"
   if [ -z $GIT_SSH ]; then
     export GIT_SSH=false
   fi
 
-  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage "sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
-  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb "sm_mariadb_host,sm_mariadb_database"
-  sm_get_secret_file "$ODH_SECRET" "$ODH_SECRET_FILE"
-  #################################################################
-   export MARIA_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb"
-   export MARIA_SECRET_FILE="$GITOPS_WORKING_DIR/mariadb-secret.json"
-   sm_get_secret_file "$MARIA_SECRET" "$MARIA_SECRET_FILE"
-  ######################################################################
-   #######################Checking condition Storage_provider#######################################
-   #mas_aibroker_storage_provider
-  ######################################################################
-  # Reuse existing secret values if present
-  TEMP_STORAGE_ACCESS_KEY=$(jq -r .sm_storage_accesskey "$ODH_SECRET_FILE")
-  if [[ -n ${TEMP_STORAGE_ACCESS_KEY} ]]; then
-    export STORAGE_ACCESS_KEY="${TEMP_STORAGE_ACCESS_KEY}"
-    echo "gitops_odh : STORAGE_ACCESS_KEY=${STORAGE_ACCESS_KEY:0:3}<snip> is available in the secret, using existing value."
-  fi
-
-  TEMP_STORAGE_SECRET_KEY=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE")
-  if [[ -n ${TEMP_STORAGE_SECRET_KEY} ]]; then
-    export STORAGE_SECRET_KEY="${TEMP_STORAGE_SECRET_KEY}"
-    echo "gitops_odh : STORAGE_SECRET_KEY=${STORAGE_SECRET_KEY:0:3}<snip> is available in the secret, using existing value."
-  fi
-
-  TEMP_MARIADB_USER=$(jq -r .sm_mariadb_user "$ODH_SECRET_FILE")
-  if [[ -n ${TEMP_MARIADB_USER} ]]; then
-    export MARIADB_USER="${TEMP_MARIADB_USER}"
-    echo "gitops_odh : MARIADB_USER=${MARIADB_USER} is available in the secret, using existing value."
-  fi
-
-  TEMP_MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$ODH_SECRET_FILE")
-  if [[ -n ${TEMP_MARIADB_SECRET_VALUE} ]]; then
-    export MARIADB_SECRET_VALUE="${TEMP_MARIADB_SECRET_VALUE}"
-    echo "gitops_odh : MARIADB_SECRET_VALUE=${MARIADB_SECRET_VALUE:0:4}<snip> is available in the secret, using existing value."
-  fi
-
-
-  # Extract and export secrets
-  export STORAGE_ACCESS_KEY=$(jq -r .sm_storage_accesskey "$ODH_SECRET_FILE")
-  export STORAGE_SECRET_KEY=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE")
-  export STORAGE_HOST=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE")
-  export STORAGE_PORT=$(jq -r .sm_storage_port "$ODH_SECRET_FILE")
-  export STORAGE_BUCKET=$(jq -r .sm_storage_bucket_pipelines "$ODH_SECRET_FILE")
-
-  export MARIADB_HOST=$(jq -r .sm_mariadb_host "$MARIA_SECRET_FILE")
-  export MARIADB_PORT=$(jq -r .sm_mariadb_port "$MARIA_SECRET_FILE")
-  export MARIADB_USER=$(jq -r .sm_mariadb_user "$MARIA_SECRET_FILE")
-  export MARIADB_DATABASE=$(jq -r .sm_mariadb_database "$MARIA_SECRET_FILE")
-  export MARIADB_SECRET_NAME=$(jq -r .sm_mariadb_secret_name "$$MARIA_SECRET_FILE")
-  export MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$MARIA_SECRET_FILE")
+  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement "image_pull_secret_b64"
 
   echo_h2 "ODH Secret Summary"
+  echo_reset_dim "AI Service Namespace ................... ${COLOR_MAGENTA}${AISERVICE_NAMESPACE}"
   echo_reset_dim "STORAGE_HOST ............................. ${COLOR_MAGENTA}${STORAGE_HOST}"
   echo_reset_dim "STORAGE_BUCKET ........................... ${COLOR_MAGENTA}${STORAGE_BUCKET}"
-  echo_reset_dim "MARIADB_HOST ........................... ${COLOR_MAGENTA}${MARIADB_HOST}"
-  echo_reset_dim "MARIADB_DATABASE ....................... ${COLOR_MAGENTA}${MARIADB_DATABASE}"
-  echo_reset_dim "MAS_AIBROKER_STORAGE_SSL ................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
+
+  echo_reset_dim "AISERVICE_STORAGE_SSL ................. ${COLOR_MAGENTA}${AISERVICE_STORAGE_SSL}"
   reset_colors
 
 
@@ -506,8 +420,6 @@ function gitops_odh() {
   echo "Output: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml"
 
   jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
-
-
   TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_odh\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
 
   # GitHub push
@@ -515,10 +427,8 @@ function gitops_odh() {
     echo_h2 "Pushing changes to GitHub"
     echo "Github push" "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "Working: " "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" " Commit :" "$GIT_COMMIT_MSG"
     save_to_target_git_repo "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "$GIT_COMMIT_MSG"
-    remove_git_repo_clone "${GITOPS_WORKING_DIR}/${GITHUB_REPO}"
+    remove_git_repo_clone "$GITOPS_WORKING_DIR/$GITHUB_REPO"
   fi
 
-  rm -rf "$ODH_SECRET_FILE"
-  rm -rf "$MARIA_SECRET_FILE"
   echo_h2 "ODH GitOps completed."
 }
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index 314125a2df6..f0141b458cd 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -1,7 +1,7 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AISERVICE_INSTANCE_ID }}"
 
 ibm_kmodel:
-  aibroker_instance_id: {{ AIBROKER_INSTANCE_ID }}
+  aiservice_instance_id: {{ AISERVICE_INSTANCE_ID }}
   aibroker_internal_tls: "{{ AIBROKER_INTERNAL_TLS }}"
 
   aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
diff --git a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
index 8a8f4d605df..ddddd09684d 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
@@ -61,7 +61,7 @@ spec:
       default: ""
     - name: mas_instance_id
       type: string
-    - name: aibroker_instance_id
+    - name: aiservice_instance_id
       type: string
       default: ""
     - name: mas_app_channel_assist
@@ -196,8 +196,8 @@ spec:
           value: $(params.mas_operationalmode)
         - name: mas_instance_id
           value: $(params.mas_instance_id)
-        - name: aibroker_instance_id
-          value: $(params.aibroker_instance_id)
+        - name: aiservice_instance_id
+          value: $(params.aiservice_instance_id)
         - name: mas_app_channel_assist
           value: $(params.mas_app_channel_assist)
         - name: mas_app_channel_iot
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
index 6d1bd871a4d..d596d7b61de 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-kmodel.yml.j2
@@ -26,7 +26,7 @@ spec:
       type: string
     - name: github_host
       type: string
-    - name: aibroker_instance_id
+    - name: aiservice_instance_id
       type: string
 
   stepTemplate:
@@ -50,8 +50,8 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-      - name: AIBROKER_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
+      - name: AISERVICE_INSTANCE_ID
+        value: $(params.aiservice_instance_id)
         
 
     envFrom:
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
index a8cf7b03801..0105c149202 100644
--- a/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-deprovision-odh.yml.j2
@@ -26,7 +26,7 @@ spec:
       type: string
     - name: github_host
       type: string
-    - name: aibroker_instance_id
+    - name: aiservice_instance_id
       type: string
   stepTemplate:
     name: gitops-deprovision-odh
@@ -49,8 +49,8 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-      - name: AIBROKER_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
+      - name: AISERVICE_INSTANCE_ID
+        value: $(params.aiservice_instance_id)
     envFrom:
       - configMapRef:
           name: environment-properties
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
index b12a6df8af6..657449e2900 100644
--- a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -27,7 +27,7 @@ spec:
     - name: github_host
       type: string
 
-    - name: aibroker_instance_id
+    - name: aiservice_instance_id
       type: string
     - name: aibroker_internal_tls
       type: string
@@ -104,8 +104,8 @@ spec:
         value: $(params.github_host)
       - name: GITHUB_REPO
         value: $(params.github_repo)
-      - name: AIBROKER_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
+      - name: AISERVICE_INSTANCE_ID
+        value: $(params.aiservice_instance_id)
       - name: AIBROKER_INTERNAL_TLS
         value: $(params.aibroker_internal_tls)
       - name: AIBROKER_NAMESPACE
diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index d94a3de98d1..5b5fcfcc954 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -36,7 +36,7 @@ spec:
       type: string
     - name: mas_instance_id
       type: string
-    - name: aibroker_instance_id
+    - name: AISERVICE_INSTANCE_ID
       type: string
       default: ""
     - name: mas_app_channel_assist
@@ -155,8 +155,8 @@ spec:
         value: $(params.mas_operationalmode)
       - name: MAS_INSTANCE_ID
         value: $(params.mas_instance_id)
-      - name: AIBROKER_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
+      - name: AISERVICE_INSTANCE_ID
+        value: $(params.AISERVICE_INSTANCE_ID)
       - name: MAS_APP_CHANNEL_ASSIST
         value: $(params.mas_app_channel_assist)
       - name: MAS_APP_INSTALL_PLAN_ASSIST
@@ -348,21 +348,24 @@ spec:
         # Process any .j2 files
         process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID"
         
-        # If AIBROKER_INSTANCE_ID is set, copy the AIBROKER_INSTANCE_ID specific files
-        if [ -n "$AIBROKER_INSTANCE_ID" ]; then
+        # If AISERVICE_INSTANCE_ID is set, copy the AISERVICE_INSTANCE_ID specific files
+        if [ -n "$AISERVICE_INSTANCE_ID" ]; then
           # 1. Ensure target AIBroker instance folder exists
-          mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID
+          mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID
           # 2. Log what is being copied
-          echo "copying $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID/* to $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID"
+          echo "copying $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/* to $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID"
           # 3. Copy recursively from source to target
-          if [ -d "$SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID" ]; then
-              cp -r $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID/
+          if [ -d "$SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID" ]; then
+              cp -r $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/
           else
             echo "Warning: Source AIBroker directory not found."
           fi
 
         # ICN folder will be created later after extracting ICN and SAAS_SUB_ID
        
+          process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID"
+        fi
+        
         echo "gitops-mas-initiator:: DNS_PROVIDER_CONTROL_IDEN=${DNS_PROVIDER_CONTROL_IDEN} MANUAL_CERTS_CONTROL_FLAG=${MANUAL_CERTS_CONTROL_FLAG}"
         if [[ "${MANUAL_CERTS_CONTROL_FLAG}" == "true" ]]; then
 
@@ -502,7 +505,7 @@ spec:
           yq -i '(. | select(has("visualinspection")) |  .visualinspection.app_channel) = env(MAS_APP_CHANNEL_VISUALINSPECTION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
         fi
         if [ -n $MAS_APP_CHANNEL_AISERVICE ]; then
-          yq -i '(. | select(has("aiservice")) |  .aiservice.app_channel) = env(MAS_APP_CHANNEL_AISERVICE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AIBROKER_INSTANCE_ID/mas-apps-params.yaml
+          yq -i '(. | select(has("aiservice")) |  .aiservice.app_channel) = env(MAS_APP_CHANNEL_AISERVICE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-apps-params.yaml
         fi
         # Update the cli_version and ansible_fvt ansible version if mas_fvt_params exists
         if [ -f $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml ]; then
diff --git a/tekton/src/tasks/gitops/gitops-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-odh.yml.j2
index 5addc416a8a..d48ceeca812 100644
--- a/tekton/src/tasks/gitops/gitops-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-odh.yml.j2
@@ -9,7 +9,7 @@ spec:
       type: string
     - name: account
       type: string
-    - name: aibroker_instance_id
+    - name: aiservice_instance_id
       type: string
     - name: cluster_url
       type: string
@@ -49,8 +49,8 @@ spec:
         value: $(params.cluster_name)
       - name: ACCOUNT
         value: $(params.account)
-      - name: AIBROKER_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
+      - name: AISERVICE_INSTANCE_ID
+        value: $(params.aiservice_instance_id)
       - name: CLUSTER_URL
         value: $(params.cluster_url)
       - name: GITHUB_REPO

From 418b8533a653ae40101ff18f4b5a6644d0edab5d Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Thu, 22 Jan 2026 14:25:02 -0500
Subject: [PATCH 213/258] cherry-pick 3140801eca conflict

---
 image/cli/mascli/functions/gitops_kmodel      | 140 +++++++++---------
 image/cli/mascli/functions/gitops_odh         | 140 +++++++++++++++++-
 .../mascli/functions/mirror_aiservice_images  |  12 +-
 .../cluster/instance/ibm-kmodel.yaml.j2       |  32 ++--
 .../instance/ibm-mas-odh-install.yaml.j2      |  32 ++--
 tekton/src/tasks/gitops/gitops-kmodel.yml.j2  |  78 +++++-----
 tekton/src/tasks/gitops/gitops-odh.yml.j2     |   6 +-
 7 files changed, 285 insertions(+), 155 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_kmodel b/image/cli/mascli/functions/gitops_kmodel
index 714f7a1e972..35b57728fb3 100644
--- a/image/cli/mascli/functions/gitops_kmodel
+++ b/image/cli/mascli/functions/gitops_kmodel
@@ -21,25 +21,25 @@ Secrets Manager:
       --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}                            Secrets Manager key seperator string
 
 ibm_kmodel(required):
-      --aiservice_instance_id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET}                                           The AI Broker instance ID
+      --aiservice_instance_id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET}                                           The AI Service instance ID
       --primary-storage-class ${COLOR_YELLOW}PRIMARY_STORAGE_CLASS${TEXT_RESET}                                         Kubernetes storage class to be used for provisioning persistent volumes
-      --mas-aibroker-storage-templates-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}         Storage templates bucket for Kmodels role
-      --mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}         Storage piplines bucket for Kmodels role
-      --mas-aibroker-storage-tenants-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_TENANTS_BUCKET${TEXT_RESET}             Storage tenants bucket for Kmodels role
+      --aiservice-storage-templates-bucket ${COLOR_YELLOW}AISERVICE_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}         Storage templates bucket for Kmodels role
+      --aiservice-storage-pipelines-bucket ${COLOR_YELLOW}AISERVICE_STORAGE_PIPELINES_BUCKET${TEXT_RESET}         Storage piplines bucket for Kmodels role
+      --aiservice-storage-tenants-bucket ${COLOR_YELLOW}AISERVICE_STORAGE_TENANTS_BUCKET${TEXT_RESET}             Storage tenants bucket for Kmodels role
 
 Kkmodel Configuration:
-      --aibroker-internal-tls ${COLOR_YELLOW}AIBROKER_INTERNAL_TLS${TEXT_RESET}                                         Identifier for the internal TLS configuration 
-      --aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                               The namespace where AI Broker is deployed
-      --mas-aibroker-storage-provider ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}                         Backend storage service used by AI Broker to store models, pipelines, and tenant data
-      --mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                                   Whether STORAGE uses SSL (true/false)
-      --mas_aibroker-storage-host ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}                                 Hostname or service name of the STORAGE backend
-      --mas_aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                                 Port number STORAGE is exposed on
-      --mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                             Storage region used in STORAGE (if applicable)
+      --aiservice-internal-tls ${COLOR_YELLOW}AISERVICE_INTERNAL_TLS${TEXT_RESET}                                         Identifier for the internal TLS configuration 
+      --aiservice-namespace ${COLOR_YELLOW}AISERVICE_NAMESPACE${TEXT_RESET}                                               The namespace where AI Service is deployed
+      --aiservice-storage-provider ${COLOR_YELLOW}AISERVICE_STORAGE_PROVIDER${TEXT_RESET}                         Backend storage service used by AI Service to store models, pipelines, and tenant data
+      --aiservice-storage-ssl ${COLOR_YELLOW}AISERVICE_STORAGE_SSL${TEXT_RESET}                                   Whether STORAGE uses SSL (true/false)
+      --aiservice-storage-host ${COLOR_YELLOW}AISERVICE_STORAGE_HOST${TEXT_RESET}                                 Hostname or service name of the STORAGE backend
+      --aiservice-storage-port ${COLOR_YELLOW}AISERVICE_STORAGE_PORT${TEXT_RESET}                                 Port number STORAGE is exposed on
+      --aiservice-storage-region ${COLOR_YELLOW}AISERVICE_STORAGE_REGION${TEXT_RESET}                             Storage region used in STORAGE (if applicable)
       --ssh-secret-name ${COLOR_YELLOW}SSH_SECRET_NAME${TEXT_RESET}                                                     SSH secret for securely provide SSH credentials
-      --mas_aibroker_tenant_name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                                   Aibroker Tenant name
-      --mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                         Whether to provision the AI Broker tenant (true/false)
-      --mas-aibroker-connector-tag ${COLOR_YELLOW}MAS_AIBROKER_CONNECTOR_TAG${TEXT_RESET}                               AI Broker connector for integration or communication.
-      --mas-aibroker-saas ${COLOR_YELLOW}MAS_AIBROKER_SAAS${TEXT_RESET}                                                 AI Broker is deployed as a SaaS
+      --aiservice_tenant_name ${COLOR_YELLOW}AISERVICE_TENANT_NAME${TEXT_RESET}                                   Aiservice Tenant name
+      --aiservice-provision-tenant ${COLOR_YELLOW}AISERVICE_PROVISION_TENANT${TEXT_RESET}                         Whether to provision the AI Service tenant (true/false)
+      --aiservice-connector-tag ${COLOR_YELLOW}AISERVICE_CONNECTOR_TAG${TEXT_RESET}                               AI Service connector for integration or communication.
+      --aiservice-saas ${COLOR_YELLOW}AISERVICE_SAAS${TEXT_RESET}                                                 AI Service is deployed as a SaaS
       --model-id-unique-length ${COLOR_YELLOW}MODEL_ID_UNIQUE_LENGTH${TEXT_RESET}                                       Length of the unique identifier used for model IDs
       --model-id-prefix ${COLOR_YELLOW}MODEL_ID_PREFIX${TEXT_RESET}                                                     Model ID prefix
       --mas_icr_cp ${COLOR_YELLOW}MAS_ICR_CP${TEXT_RESET}                                                               Prefix to be used for generating model IDs
@@ -72,22 +72,22 @@ function gitops_kmodel_noninteractive() {
   export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
 
   #adding default values 
-  export AIBROKER_INTERNAL_TLS=${AIBROKER_INTERNAL_TLS:-"${AISERVICE_INSTANCE_ID}-internal-aibroker-tls"}
-  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${AISERVICE_INSTANCE_ID}-aibroker"}
-  export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}
-  export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
-  export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
-  export SSH_SECRET_NAME=${SSH_SECRET_NAME:-"${AISERVICE_INSTANCE_ID}-kmodel-aibroker-tls"}
-  export MAS_AIBROKER_TENANT_NAME=${MAS_AIBROKER_TENANT_NAME:-"user"}
-  export TENANT_NAMESPACE=${TENANT_NAMESPACE:-"aibroker-${MAS_AIBROKER_TENANT_NAME}"}
-  export MAS_AIBROKER_PROVISION_TENANT=${MAS_AIBROKER_PROVISION_TENANT:-"provision-tenant"}
-  export MAS_AIBROKER_CONNECTOR_TAG=${MAS_AIBROKER_CONNECTOR_TAG:-"1.0.2"}
-  #export MAS_AIBROKER_PIPELINE_STEPS_TAG=${MAS_AIBROKER_PIPELINE_STEPS_TAG:-"1.0.3"}
-  export MAS_AIBROKER_SAAS=${MAS_AIBROKER_SAAS:-"false"}
+  export AISERVICE_INTERNAL_TLS=${AISERVICE_INTERNAL_TLS:-"${AISERVICE_INSTANCE_ID}-internal-aiservice-tls"}
+  export AISERVICE_NAMESPACE=${AISERVICE_NAMESPACE:-"mas-${AISERVICE_INSTANCE_ID}-aiservice"}
+  export AISERVICE_STORAGE_PROVIDER=${AISERVICE_STORAGE_PROVIDER:-"aws"}
+  export AISERVICE_STORAGE_SSL=${AISERVICE_STORAGE_SSL:-"true"}
+  export AISERVICE_STORAGE_REGION=${AISERVICE_STORAGE_REGION:-""}
+  export SSH_SECRET_NAME=${SSH_SECRET_NAME:-"${AISERVICE_INSTANCE_ID}-kmodel-aiservice-tls"}
+  export AISERVICE_TENANT_NAME=${AISERVICE_TENANT_NAME:-"user"}
+  export TENANT_NAMESPACE=${TENANT_NAMESPACE:-"aiservice-${AISERVICE_TENANT_NAME}"}
+  export AISERVICE_PROVISION_TENANT=${AISERVICE_PROVISION_TENANT:-"provision-tenant"}
+  export AISERVICE_CONNECTOR_TAG=${AISERVICE_CONNECTOR_TAG:-"1.0.2"}
+  #export AISERVICE_PIPELINE_STEPS_TAG=${AISERVICE_PIPELINE_STEPS_TAG:-"1.0.3"}
+  export AISERVICE_SAAS=${AISERVICE_SAAS:-"false"}
   export MODEL_ID_UNIQUE_LENGTH=${MODEL_ID_UNIQUE_LENGTH:-"15"}
   export MODEL_ID_PREFIX=${MODEL_ID_PREFIX:-"m"}  
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
-  export DOCKER_SERVER=${DOCKER_SERVER:-"${MAS_ICR_CP}/aibroker"}
+  export DOCKER_SERVER=${DOCKER_SERVER:-"${MAS_ICR_CP}/aiservice"}
   export PULLSECRETNAME=${PULLSECRETNAME:-"ibm-entitlement"}
   
   export MAS_APP_CHANNEL=${MAS_APP_CHANNEL:-"9.1.x"}
@@ -125,52 +125,52 @@ function gitops_kmodel_noninteractive() {
         ;;
 
       # kmodel - all input params default + sm
-      --aibroker-instance-id)
+      --aiservice-instance-id)
         export AISERVICE_INSTANCE_ID=$1 && shift
         ;;
 
-      --aibroker-internal-tls)
-        export AIBROKER_INTERNAL_TLS=$1 && shift
+      --aiservice-internal-tls)
+        export AISERVICE_INTERNAL_TLS=$1 && shift
         ;;
       
-      --aibroker-namespace)
-        export AIBROKER_NAMESPACE=$1 && shift
+      --aiservice-namespace)
+        export AISERVICE_NAMESPACE=$1 && shift
         ;;
 
       --pull-secret-name)
         export PULL_SECRET_NAME=$1 && shift
         ;;
 
-      --mas-aibroker-storage-provider)
-        export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
+      --aiservice-storage-provider)
+        export AISERVICE_STORAGE_PROVIDER=$1 && shift
         ;;
 
-      --mas-aibroker-storage-ssl)
-        export MAS_AIBROKER_STORAGE_SSL=$1 && shift
+      --aiservice-storage-ssl)
+        export AISERVICE_STORAGE_SSL=$1 && shift
         ;;
 
-      --mas-aibroker-storage-host)
-        export MAS_AIBROKER_STORAGE_HOST=$1 && shift
+      --aiservice-storage-host)
+        export AISERVICE_STORAGE_HOST=$1 && shift
         ;;
 
-      --mas-aibroker-storage-port)
-        export MAS_AIBROKER_STORAGE_PORT=$1 && shift
+      --aiservice-storage-port)
+        export AISERVICE_STORAGE_PORT=$1 && shift
         ;;
 
-      --mas-aibroker-storage-region)
-        export MAS_AIBROKER_STORAGE_REGION=$1 && shift
+      --aiservice-storage-region)
+        export AISERVICE_STORAGE_REGION=$1 && shift
         ;;
 
-      --mas-aibroker-storage-templates-bucket)
-        export MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET=$1 && shift
+      --aiservice-storage-templates-bucket)
+        export AISERVICE_STORAGE_TEMPLATES_BUCKET=$1 && shift
         ;;
 
-      --mas-aibroker-storage-tenants-bucket)
-        export MAS_AIBROKER_STORAGE_TENANTS_BUCKET=$1 && shift
+      --aiservice-storage-tenants-bucket)
+        export AISERVICE_STORAGE_TENANTS_BUCKET=$1 && shift
         ;;
 
-      --mas-aibroker-storage-pipelines-bucket)
-        export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET=$1 && shift
+      --aiservice-storage-pipelines-bucket)
+        export AISERVICE_STORAGE_PIPELINES_BUCKET=$1 && shift
         ;;
 
       --ssh-secret-name)
@@ -193,8 +193,8 @@ function gitops_kmodel_noninteractive() {
         export TENANT_NAMESPACE=$1 && shift
         ;;
 
-      --mas-aibroker-provision-tenant)
-        export MAS_AIBROKER_PROVISION_TENANT=$1 && shift
+      --aiservice-provision-tenant)
+        export AISERVICE_PROVISION_TENANT=$1 && shift
         ;;
 
       --primary-storage-class)
@@ -213,16 +213,16 @@ function gitops_kmodel_noninteractive() {
         export IMAGE_CONTROLLER=$1 && shift
         ;;
 
-      # --mas-aibroker-pipeline-steps-tag)
-      #   export MAS_AIBROKER_PIPELINE_STEPS_TAG=$1 && shift
+      # --aiservice-pipeline-steps-tag)
+      #   export AISERVICE_PIPELINE_STEPS_TAG=$1 && shift
       #   ;;
 
-      --mas-aibroker-connector-tag)
-        export MAS_AIBROKER_CONNECTOR_TAG=$1 && shift
+      --aiservice-connector-tag)
+        export AISERVICE_CONNECTOR_TAG=$1 && shift
         ;;
 
-      --mas-aibroker-saas)
-        export MAS_AIBROKER_SAAS=$1 && shift
+      --aiservice-saas)
+        export AISERVICE_SAAS=$1 && shift
         ;;
 
       --model-id-unique-length)
@@ -289,7 +289,7 @@ function gitops_kmodel_noninteractive() {
   fi
 
   # add validation for those variable which have the value needed for further execution
-  [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_kmodel_help "AISERVICE_INSTANCE_ID is not set. Please provide the AI Broker instance ID using --aibroker-instance-id."
+  [[ -z "$AISERVICE_INSTANCE_ID" ]] && gitops_kmodel_help "AISERVICE_INSTANCE_ID is not set. Please provide the AI Service instance ID using --aiservice-instance-id."
   [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_kmodel_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
   [[ -z "$IMAGE_STORE" ]] && gitops_kmodel_help "IMAGE_STORE is not set. Please provide the image store using --image-store."
   [[ -z "$IMAGE_WATCHER" ]] && gitops_kmodel_help "IMAGE_WATCHER is not set. Please provide the image watcher using --image-watcher."
@@ -356,26 +356,26 @@ function gitops_kmodel() {
 
   echo "${TEXT_DIM}"
   echo_h2 "kmodel" "    "
-  echo_reset_dim "AI Broker Instance Id ............................. ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}"
-  echo_reset_dim "AI Broker Internal TLS ............................ ${COLOR_MAGENTA}${AIBROKER_INTERNAL_TLS}"
-  echo_reset_dim "AI Broker Namespace ............................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
-  echo_reset_dim "MAS AI Broker Storage Provider .................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
-  echo_reset_dim "MAS AI Broker Storage SSL ......................... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
-  echo_reset_dim "MAS AI Broker Storage Templates Bucket ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
-  echo_reset_dim "MAS AI Broker Storage Tenants Bucket .............. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
-  echo_reset_dim "MAS AI Broker Storage Pipelines Bucket ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
+  echo_reset_dim "AI Service Instance Id ............................. ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}"
+  echo_reset_dim "AI Service Internal TLS ............................ ${COLOR_MAGENTA}${AISERVICE_INTERNAL_TLS}"
+  echo_reset_dim "AI Service Namespace ............................... ${COLOR_MAGENTA}${AISERVICE_NAMESPACE}"
+  echo_reset_dim "MAS AI Service Storage Provider .................... ${COLOR_MAGENTA}${AISERVICE_STORAGE_PROVIDER}"
+  echo_reset_dim "MAS AI Service Storage SSL ......................... ${COLOR_MAGENTA}${AISERVICE_STORAGE_SSL}"
+  echo_reset_dim "MAS AI Service Storage Templates Bucket ............ ${COLOR_MAGENTA}${AISERVICE_STORAGE_TEMPLATES_BUCKET}"
+  echo_reset_dim "MAS AI Service Storage Tenants Bucket .............. ${COLOR_MAGENTA}${AISERVICE_STORAGE_TENANTS_BUCKET}"
+  echo_reset_dim "MAS AI Service Storage Pipelines Bucket ............ ${COLOR_MAGENTA}${AISERVICE_STORAGE_PIPELINES_BUCKET}"
   echo_reset_dim "SSH Secret Name ................................... ${COLOR_MAGENTA}${SSH_SECRET_NAME}"
   echo_reset_dim "MAS ICR CP Registry ............................... ${COLOR_MAGENTA}${MAS_ICR_CP}"
   echo_reset_dim "Docker Server ..................................... ${COLOR_MAGENTA}${DOCKER_SERVER}"
   echo_reset_dim "Tenant Namespace .................................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
-  echo_reset_dim "MAS AI Broker Provision Tenant .................... ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
+  echo_reset_dim "MAS AI Service Provision Tenant .................... ${COLOR_MAGENTA}${AISERVICE_PROVISION_TENANT}"
   echo_reset_dim "Primary Storage Class ............................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
   echo_reset_dim "Image Store ....................................... ${COLOR_MAGENTA}${IMAGE_STORE}"
   echo_reset_dim "Image Watcher ..................................... ${COLOR_MAGENTA}${IMAGE_WATCHER}"
   echo_reset_dim "Image Controller .................................. ${COLOR_MAGENTA}${IMAGE_CONTROLLER}"
-  #echo_reset_dim "MAS AI Broker Pipeline Steps Tag .................. ${COLOR_MAGENTA}${MAS_AIBROKER_PIPELINE_STEPS_TAG}"
-  echo_reset_dim "MAS AI Broker Connector Tag ....................... ${COLOR_MAGENTA}${MAS_AIBROKER_CONNECTOR_TAG}"
-  echo_reset_dim "MAS AI Broker SAAS ................................ ${COLOR_MAGENTA}${MAS_AIBROKER_SAAS}"
+  #echo_reset_dim "MAS AI Service Pipeline Steps Tag .................. ${COLOR_MAGENTA}${AISERVICE_PIPELINE_STEPS_TAG}"
+  echo_reset_dim "MAS AI Service Connector Tag ....................... ${COLOR_MAGENTA}${AISERVICE_CONNECTOR_TAG}"
+  echo_reset_dim "MAS AI Service SAAS ................................ ${COLOR_MAGENTA}${AISERVICE_SAAS}"
   echo_reset_dim "Model ID Unique Length ............................ ${COLOR_MAGENTA}${MODEL_ID_UNIQUE_LENGTH}"
   echo_reset_dim "Model ID Prefix ................................... ${COLOR_MAGENTA}${MODEL_ID_PREFIX}"
 
diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 5472956921c..8c1f1d2b221 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -122,7 +122,13 @@ function gitops_odh_noninteractive() {
   export ODH_OPERATOR_VERSION="${ODH_OPERATOR_VERSION:-"opendatahub-operator.v2.19.0"}"
   export ODH_NAMESPACE="${ODH_NAMESPACE:-"opendatahub"}"
 
-  export AISERVICE_NAMESPACE="${AISERVICE_NAMESPACE:-"${AISERVICE_INSTANCE_ID}-aiservice"}"
+  export AISERVICE_NAMESPACE="${AISERVICE_NAMESPACE:-"mas-${AISERVICE_INSTANCE_ID}-aiservice"}"
+
+  export ODH_PIPELINE_NAME="${ODH_PIPELINE_NAME:-"openshift-pipelines-operator"}"
+  export ODH_PIPELINE_NAMESPACE="${ODH_PIPELINE_NAMESPACE:-"openshift-operators"}"
+  export ODH_PIPELINE_OPERATOR_NAME="${ODH_PIPELINE_OPERATOR_NAME:-"openshift-pipelines-operator-rh"}"
+  export ODH_PIPELINE_SOURCE="${ODH_PIPELINE_SOURCE:-"redhat-operators"}"
+  export ODH_PIPELINE_SOURCE_NAMESPACE="${ODH_PIPELINE_SOURCE_NAMESPACE:-"openshift-marketplace"}"
 
   export SERVERLESS_NAMESPACE="${SERVERLESS_NAMESPACE:-"openshift-serverless"}"
   export SERVERLESS_OPERATOR_NAME="${SERVERLESS_OPERATOR_NAME:-"serverless-operator"}"
@@ -138,7 +144,7 @@ function gitops_odh_noninteractive() {
   export OPENDATAHUB_SOURCE_NAMESPACE="${OPENDATAHUB_SOURCE_NAMESPACE:-"openshift-marketplace"}"
   export AISERVICE_STORAGE_PROVIDER="${AISERVICE_STORAGE_PROVIDER:-"aws"}"
   export AISERVICE_STORAGE_SSL="${AISERVICE_STORAGE_SSL:-"true"}"
-  export AISERVICE_STORAGE_REGION="${AISERVICE_STORAGE_REGION:-""}"
+  export AISERVICE_STORAGE_REGION="${AISERVICE_STORAGE_REGION:-"us-west-2"}"
   export PRIMARY_STORAGE_CLASS="${PRIMARY_STORAGE_CLASS:-"nfs-client"}"
   export AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE="${AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE:-"serverless"}"
 
@@ -231,6 +237,21 @@ function gitops_odh_noninteractive() {
       --opendatahub-source-namespace)
         export OPENDATAHUB_SOURCE_NAMESPACE=$1 && shift
         ;;
+      --odh-pipeline-name)
+        export ODH_PIPELINE_NAME=$1 && shift
+        ;;
+      --odh-pipeline-namespace)
+        export ODH_PIPELINE_NAMESPACE=$1 && shift
+        ;;
+      --odh-pipeline-operator-name)
+        export ODH_PIPELINE_OPERATOR_NAME=$1 && shift
+        ;;
+      --odh-pipeline-source)
+        export ODH_PIPELINE_SOURCE=$1 && shift
+        ;;
+      --odh-pipeline-source-namespace)
+        export ODH_PIPELINE_SOURCE_NAMESPACE=$1 && shift
+        ;;
       --odh-pipeline-channel)
         export ODH_PIPELINE_CHANNEL=$1 && shift
         ;;
@@ -302,14 +323,48 @@ function gitops_odh_noninteractive() {
         export AISERVICE_STORAGE_PROVIDER=$1 && shift
         ;;
       --storage-ssl|--aiservice-storage-ssl)
+      --storage-accesskey)
+        export AISERVICE_STORAGE_ACCESSKEY=$1 && shift
+        ;;
+      --storage-secretkey)
+        export AISERVICE_STORAGE_SECRETKEY=$1 && shift
+        ;;
+      --storage-host)
+        export AISERVICE_STORAGE_HOST=$1 && shift
+        ;;
+      --storage-port)
+        export AISERVICE_STORAGE_PORT=$1 && shift
+        ;;
+      --storage-ssl)
         export AISERVICE_STORAGE_SSL=$1 && shift
         ;;
       --storage-region|--aiservice-storage-region)
         export AISERVICE_STORAGE_REGION=$1 && shift
         ;;
+      --storage-pipelines-bucket)
+        export AISERVICE_STORAGE_PIPELINES_BUCKET=$1 && shift
+        ;;
       --aiservice-odh-model-deployment-type)
         export AISERVICE_ODH_MODEL_DEPLOYMENT_TYPE=$1 && shift
         ;;
+      --db-host)
+        export AISERVICE_DB_HOST=$1 && shift
+        ;;
+      --db-port)
+        export AISERVICE_DB_PORT=$1 && shift
+        ;;
+      --db-user)
+        export AISERVICE_DB_USER=$1 && shift
+        ;;
+      --db-database)
+        export AISERVICE_DB_DATABASE=$1 && shift
+        ;;
+      --db-secret-name)
+        export AISERVICE_DB_SECRET_NAME=$1 && shift
+        ;;
+      --db-secret-value)
+        export AISERVICE_DB_SECRET_VALUE=$1 && shift
+        ;;
       --primary-storage-class)
         export PRIMARY_STORAGE_CLASS=$1 && shift
         ;;
@@ -349,6 +404,7 @@ function gitops_odh_noninteractive() {
 }
 
 function gitops_odh() {
+  # Remove the subcommand (e.g., "create-gitops")
   shift
   if [[ $# -gt 0 ]]; then
     gitops_odh_noninteractive "$@"
@@ -387,19 +443,89 @@ function gitops_odh() {
   # Set up secret key and fetch secret
   export SECRET_ACCOUNT_PATH="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
   export ODH_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage"
+
+
   export SECRET_KEY_IMAGE_PULL_SECRET_B64="${SECRET_ACCOUNT_PATH}ibm_entitlement#image_pull_secret_b64"
 
+  # Storage
+  export SECRET_KEY_SM_STORAGE_ACCESSKEY="${SECRET_ACCOUNT_PATH}storage#sm_storage_accesskey"
+  export SECRET_KEY_SM_STORAGE_SECRETKEY="${SECRET_ACCOUNT_PATH}storage#sm_storage_secretkey"
+  export SECRET_KEY_SM_STORAGE_HOST="${SECRET_ACCOUNT_PATH}storage#sm_storage_host"
+  export SECRET_KEY_SM_STORAGE_PORT="${SECRET_ACCOUNT_PATH}storage#sm_storage_port"
+  export SECRET_KEY_SM_STORAGE_BUCKET_DEFAULT="${SECRET_ACCOUNT_PATH}storage#sm_storage_bucket_pipelines"
+
+  # MariaDB
+  export SECRET_KEY_SM_MARIADB_HOST="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_host"
+  export SECRET_KEY_SM_MARIADB_PORT="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_port"
+  export SECRET_KEY_SM_MARIADB_USER="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_user"
+  export SECRET_KEY_SM_MARIADB_DATABASE="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_database"
+  export SECRET_KEY_SM_MARIADB_SECRET_NAME="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_secret_name"
+  export SECRET_KEY_SM_MARIADB_SECRET_VALUE="${SECRET_ACCOUNT_PATH}mariadb#sm_mariadb_secret_value"
+
+
+
+  export ODH_SECRET_FILE="$GITOPS_WORKING_DIR/odh-secret.json"
   if [ -z $GIT_SSH ]; then
     export GIT_SSH=false
   fi
 
-  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement "image_pull_secret_b64"
+  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}storage "sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
+  sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb "sm_mariadb_host,sm_mariadb_database"
+  sm_get_secret_file "$ODH_SECRET" "$ODH_SECRET_FILE"
+  #################################################################
+   export MARIA_SECRET="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}mariadb"
+   export MARIA_SECRET_FILE="$GITOPS_WORKING_DIR/mariadb-secret.json"
+   sm_get_secret_file "$MARIA_SECRET" "$MARIA_SECRET_FILE"
+  ######################################################################
+   #######################Checking condition Storage_provider#######################################
+   #aiservice_storage_provider
+  ######################################################################
+  # Reuse existing secret values if present
+  TEMP_STORAGE_ACCESS_KEY=$(jq -r .sm_storage_accesskey "$ODH_SECRET_FILE")
+  if [[ -n ${TEMP_STORAGE_ACCESS_KEY} ]]; then
+    export STORAGE_ACCESS_KEY="${TEMP_STORAGE_ACCESS_KEY}"
+    echo "gitops_odh : STORAGE_ACCESS_KEY=${STORAGE_ACCESS_KEY:0:3}<snip> is available in the secret, using existing value."
+  fi
+
+  TEMP_STORAGE_SECRET_KEY=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE")
+  if [[ -n ${TEMP_STORAGE_SECRET_KEY} ]]; then
+    export STORAGE_SECRET_KEY="${TEMP_STORAGE_SECRET_KEY}"
+    echo "gitops_odh : STORAGE_SECRET_KEY=${STORAGE_SECRET_KEY:0:3}<snip> is available in the secret, using existing value."
+  fi
+
+  TEMP_MARIADB_USER=$(jq -r .sm_mariadb_user "$ODH_SECRET_FILE")
+  if [[ -n ${TEMP_MARIADB_USER} ]]; then
+    export MARIADB_USER="${TEMP_MARIADB_USER}"
+    echo "gitops_odh : MARIADB_USER=${MARIADB_USER} is available in the secret, using existing value."
+  fi
+
+  TEMP_MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$ODH_SECRET_FILE")
+  if [[ -n ${TEMP_MARIADB_SECRET_VALUE} ]]; then
+    export MARIADB_SECRET_VALUE="${TEMP_MARIADB_SECRET_VALUE}"
+    echo "gitops_odh : MARIADB_SECRET_VALUE=${MARIADB_SECRET_VALUE:0:4}<snip> is available in the secret, using existing value."
+  fi
+
+
+  # Extract and export secrets
+  export STORAGE_ACCESS_KEY=$(jq -r .sm_storage_accesskey "$ODH_SECRET_FILE")
+  export STORAGE_SECRET_KEY=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE")
+  export STORAGE_HOST=$(jq -r .sm_storage_secretkey "$ODH_SECRET_FILE")
+  export STORAGE_PORT=$(jq -r .sm_storage_port "$ODH_SECRET_FILE")
+  export STORAGE_BUCKET=$(jq -r .sm_storage_bucket_pipelines "$ODH_SECRET_FILE")
+
+  export MARIADB_HOST=$(jq -r .sm_mariadb_host "$MARIA_SECRET_FILE")
+  export MARIADB_PORT=$(jq -r .sm_mariadb_port "$MARIA_SECRET_FILE")
+  export MARIADB_USER=$(jq -r .sm_mariadb_user "$MARIA_SECRET_FILE")
+  export MARIADB_DATABASE=$(jq -r .sm_mariadb_database "$MARIA_SECRET_FILE")
+  export MARIADB_SECRET_NAME=$(jq -r .sm_mariadb_secret_name "$$MARIA_SECRET_FILE")
+  export MARIADB_SECRET_VALUE=$(jq -r .sm_mariadb_secret_value "$MARIA_SECRET_FILE")
 
   echo_h2 "ODH Secret Summary"
   echo_reset_dim "AI Service Namespace ................... ${COLOR_MAGENTA}${AISERVICE_NAMESPACE}"
   echo_reset_dim "STORAGE_HOST ............................. ${COLOR_MAGENTA}${STORAGE_HOST}"
   echo_reset_dim "STORAGE_BUCKET ........................... ${COLOR_MAGENTA}${STORAGE_BUCKET}"
-
+  echo_reset_dim "MARIADB_HOST ........................... ${COLOR_MAGENTA}${MARIADB_HOST}"
+  echo_reset_dim "MARIADB_DATABASE ....................... ${COLOR_MAGENTA}${MARIADB_DATABASE}"
   echo_reset_dim "AISERVICE_STORAGE_SSL ................. ${COLOR_MAGENTA}${AISERVICE_STORAGE_SSL}"
   reset_colors
 
@@ -420,6 +546,8 @@ function gitops_odh() {
   echo "Output: ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml"
 
   jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-mas-odh-install.yaml
+
+
   TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_odh\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
 
   # GitHub push
@@ -427,8 +555,10 @@ function gitops_odh() {
     echo_h2 "Pushing changes to GitHub"
     echo "Github push" "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "Working: " "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" " Commit :" "$GIT_COMMIT_MSG"
     save_to_target_git_repo "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "$GIT_COMMIT_MSG"
-    remove_git_repo_clone "$GITOPS_WORKING_DIR/$GITHUB_REPO"
+    remove_git_repo_clone "${GITOPS_WORKING_DIR}/${GITHUB_REPO}"
   fi
 
+  rm -rf "$ODH_SECRET_FILE"
+  rm -rf "$MARIA_SECRET_FILE"
   echo_h2 "ODH GitOps completed."
 }
diff --git a/image/cli/mascli/functions/mirror_aiservice_images b/image/cli/mascli/functions/mirror_aiservice_images
index 8fb9752637e..59012cb1c45 100644
--- a/image/cli/mascli/functions/mirror_aiservice_images
+++ b/image/cli/mascli/functions/mirror_aiservice_images
@@ -7,7 +7,7 @@ function mirror_aiservice_everything() {
     MIRROR_CATALOG=true
 
     # Apps
-    MIRROR_MAS_AISERVICE=true
+    MIRROR_AISERVICE=true
 
     # Dependencies (Other)
     MIRROR_DB2U=true
@@ -20,7 +20,7 @@ function mirror_aiservice_everything() {
 
 function mirror_aiservice_to_registry_noninteractive() {
   # Main content
-  MIRROR_MAS_AISERVICE=false
+  MIRROR_AISERVICE=false
 
   # Dependencies
   MIRROR_CATALOG=false
@@ -95,7 +95,7 @@ function mirror_aiservice_to_registry_noninteractive() {
 
       # Content Selection (Applications):
       --mirror-aiservice)
-        MIRROR_MAS_AISERVICE=true
+        MIRROR_AISERVICE=true
         ;;
 
       # Content Selection (Other Dependencies)
@@ -161,7 +161,7 @@ function mirror_aiservice_to_registry_interactive() {
     mirror_aiservice_everything
   else
     prompt_for_confirm_default_yes "IBM Maximo Operator Catalog" MIRROR_CATALOG
-    prompt_for_confirm "IBM Maximo Application Suite - AI Service" MIRROR_MAS_AISERVICE
+    prompt_for_confirm "IBM Maximo Application Suite - AI Service" MIRROR_AISERVICE
 
     prompt_for_confirm_default_yes "IBM Db2" MIRROR_DB2U
     prompt_for_confirm "Minio" MIRROR_MINIO
@@ -213,7 +213,7 @@ export MIRROR_MINIO
   reset_colors
   echo_h4 "Content Selection (Core Platform)" "    "
   show_mirror_status "IBM Maximo Operator Catalog ........." $MIRROR_CATALOG
-  show_mirror_status "IBM Maximo AI Service ..............." $MIRROR_MAS_AISERVICE
+  show_mirror_status "IBM Maximo AI Service ..............." $MIRROR_AISERVICE
 
   echo
   reset_colors
@@ -227,6 +227,6 @@ export MIRROR_MINIO
 
   confirm_mirror
 
-  mirror_one_thing $MIRROR_MAS_AISERVICE        "IBM Maximo AI Service"                 "$LOG_PREFIX-aiservice.log"        mirror_add_aiservice
+  mirror_one_thing $MIRROR_AISERVICE        "IBM Maximo AI Service"                 "$LOG_PREFIX-aiservice.log"        mirror_add_aiservice
   mirror_one_thing $MIRROR_DEPS                 "Selected Dependencies"                 "$LOG_PREFIX-dependencies.log"     mirror_dependencies
 }
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
index f0141b458cd..b7bc2363d01 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-kmodel.yaml.j2
@@ -2,24 +2,24 @@ merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AISERVICE_INSTANCE_ID }}"
 
 ibm_kmodel:
   aiservice_instance_id: {{ AISERVICE_INSTANCE_ID }}
-  aibroker_internal_tls: "{{ AIBROKER_INTERNAL_TLS }}"
+  aiservice_internal_tls: "{{ AISERVICE_INTERNAL_TLS }}"
 
-  aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
+  aiservice_namespace: "{{ AISERVICE_NAMESPACE }}"
 
   pull_secret_name: "<path:{{ SECRETS_PATH }}:{{ IMAGE_PULL_SECRET_B64 }}>"
 
-  mas_aibroker_storage_provider: "{{ MAS_AIBROKER_STORAGE_PROVIDER }}"
-  mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
+  aiservice_storage_provider: "{{ AISERVICE_STORAGE_PROVIDER }}"
+  aiservice_storage_ssl: "{{ AISERVICE_STORAGE_SSL }}"
 
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_ACCESSKEY }}>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_SECRETKEY }}>"
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_HOST }}>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_PORT }}>"
-  mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
+  aiservice_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_ACCESSKEY }}>"
+  aiservice_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_SECRETKEY }}>"
+  aiservice_storage_host: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_HOST }}>"
+  aiservice_storage_port: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_PORT }}>"
+  aiservice_storage_region: "{{ AISERVICE_STORAGE_REGION }}"
 
-  mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_TEMPLATES }}>"
-  mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_TENANTS }}>"
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_PIPELINES }}>"
+  aiservice_storage_templates_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_TEMPLATES }}>"
+  aiservice_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_TENANTS }}>"
+  aiservice_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_PIPELINES }}>"
 
   ssh_secret_name: "{{ SSH_SECRET_NAME }}"
 
@@ -27,7 +27,7 @@ ibm_kmodel:
   
   docker_server: "{{ DOCKER_SERVER }}"
 
-  mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
+  aiservice_provision_tenant: "{{ AISERVICE_PROVISION_TENANT }}"
 
   primary_storage_class: "{{ PRIMARY_STORAGE_CLASS }}"
 
@@ -36,10 +36,10 @@ ibm_kmodel:
   image_watcher: "{{ IMAGE_WATCHER }}"
   image_controller: "{{ IMAGE_CONTROLLER }}"  
   
-  mas_aibroker_pipeline_steps_tag: "{{ MAS_AIBROKER_PIPELINE_STEPS_TAG }}"
-  mas_aibroker_connector_tag: "{{ MAS_AIBROKER_CONNECTOR_TAG }}"
+  aiservice_pipeline_steps_tag: "{{ AISERVICE_PIPELINE_STEPS_TAG }}"
+  aiservice_connector_tag: "{{ AISERVICE_CONNECTOR_TAG }}"
 
-  mas_aibroker_saas: "{{ MAS_AIBROKER_SAAS }}"
+  aiservice_saas: "{{ AISERVICE_SAAS }}"
   
   mas_app_channel: "{{ MAS_APP_CHANNEL }}"
   
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
index 77348f41348..2af3b011633 100644
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
+++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-odh-install.yaml.j2
@@ -1,5 +1,5 @@
 ---
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AISERVICE_INSTANCE_ID }}"
 
 ibm_odh:
   openshift_namespace: {{ OPENSHIFT_NAMESPACE }}
@@ -18,7 +18,7 @@ ibm_odh:
   odh_operator_version: {{ ODH_OPERATOR_VERSION }}
   odh_namespace: {{ ODH_NAMESPACE }}
 
-  aibroker_namespace: {{ AIBROKER_NAMESPACE }}
+  aiservice_namespace: {{ AISERVICE_NAMESPACE }}
   pull_secret_name: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IMAGE_PULL_SECRET_B64 }}>"
 
   # ODH Pipeline operator
@@ -44,21 +44,21 @@ ibm_odh:
   opendatahub__sourceNamespace: {{ OPENDATAHUB_SOURCE_NAMESPACE }}
 
   # Storage configuration
-  mas_aibroker_storage_provider: {{ MAS_AIBROKER_STORAGE_PROVIDER }}
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_ACCESSKEY }}>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_SECRETKEY }}>"
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_HOST }}>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_PORT }}>"
-  mas_aibroker_storage_ssl: {{ MAS_AIBROKER_STORAGE_SSL }}
-  mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_BUCKET_DEFAULT }}>"
+  aiservice_storage_provider: {{ AISERVICE_STORAGE_PROVIDER }}
+  aiservice_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_ACCESSKEY }}>"
+  aiservice_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_SECRETKEY }}>"
+  aiservice_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_HOST }}>"
+  aiservice_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_PORT }}>"
+  aiservice_storage_ssl: {{ AISERVICE_STORAGE_SSL }}
+  aiservice_storage_region: "{{ AISERVICE_STORAGE_REGION }}"
+  aiservice_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_STORAGE_BUCKET_DEFAULT }}>"
 
   # MariaDB configuration
-  mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_HOST }}>"
-  mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_PORT }}>"
-  mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_USER }}>"
-  mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_DATABASE }}>"
-  mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_SECRET_NAME }}>"
-  mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_SECRET_VALUE }}>"
+  aiservice_db_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_HOST }}>"
+  aiservice_db_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_PORT }}>"
+  aiservice_db_user: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_USER }}>"
+  aiservice_db_database: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_DATABASE }}>"
+  aiservice_db_secret_name: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_SECRET_NAME }}>"
+  aiservice_db_secret_value: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SM_MARIADB_SECRET_VALUE }}>"
 
   primary_storage_class: {{ PRIMARY_STORAGE_CLASS }}
diff --git a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2 b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
index 657449e2900..8ccfa138f0c 100644
--- a/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-kmodel.yml.j2
@@ -29,27 +29,27 @@ spec:
 
     - name: aiservice_instance_id
       type: string
-    - name: aibroker_internal_tls
+    - name: aiservice_internal_tls
       type: string
-    - name: aibroker_namespace
+    - name: aiservice_namespace
       type: string
     - name: pull_secret_name
       type: string
-    - name: mas_aibroker_storage_provider
+    - name: aiservice_storage_provider
       type: string
-    - name: mas_aibroker_storage_ssl
+    - name: aiservice_storage_ssl
       type: string
-    - name: mas_aibroker_storage_host
+    - name: aiservice_storage_host
       type: string
-    - name: mas_aibroker_storage_port
+    - name: aiservice_storage_port
       type: string
-    - name: mas_aibroker_storage_region
+    - name: aiservice_storage_region
       type: string
-    - name: mas_aibroker_storage_templates_bucket
+    - name: aiservice_storage_templates_bucket
       type: string
-    - name: mas_aibroker_storage_tenants_bucket
+    - name: aiservice_storage_tenants_bucket
       type: string
-    - name: mas_aibroker_storage_pipelines_bucket
+    - name: aiservice_storage_pipelines_bucket
       type: string
     - name: ssh_secret_name
       type: string
@@ -57,7 +57,7 @@ spec:
       type: string
     - name: tenantNamespace
       type: string
-    - name: mas_aibroker_provision_tenant
+    - name: aiservice_provision_tenant
       type: string
     - name: primary_storage_class
       type: string
@@ -67,9 +67,9 @@ spec:
       type: string
     - name: image_controller
       type: string
-    - name: mas_aibroker_connector_tag
+    - name: aiservice_connector_tag
       type: string
-    - name: mas_aibroker_saas
+    - name: aiservice_saas
       type: string
     - name: model_id_unique_length
       type: string
@@ -106,36 +106,36 @@ spec:
         value: $(params.github_repo)
       - name: AISERVICE_INSTANCE_ID
         value: $(params.aiservice_instance_id)
-      - name: AIBROKER_INTERNAL_TLS
-        value: $(params.aibroker_internal_tls)
-      - name: AIBROKER_NAMESPACE
-        value: $(params.aibroker_namespace)
+      - name: AISERVICE_INTERNAL_TLS
+        value: $(params.aiservice_internal_tls)
+      - name: AISERVICE_NAMESPACE
+        value: $(params.aiservice_namespace)
       - name: PULL_SECRET_NAME
         value: $(params.pull_secret_name)
-      - name: MAS_AIBROKER_STORAGE_PROVIDER
-        value: $(params.mas_aibroker_storage_provider)
-      - name: MAS_AIBROKER_STORAGE_SSL
-        value: $(params.mas_aibroker_storage_ssl)
-      - name: MAS_AIBROKER_STORAGE_HOST
-        value: $(params.mas_aibroker_storage_host)
-      - name: MAS_AIBROKER_STORAGE_PORT
-        value: $(params.mas_aibroker_storage_port)
-      - name: MAS_AIBROKER_STORAGE_REGION
-        value: $(params.mas_aibroker_storage_region)
-      - name: MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET
-        value: $(params.mas_aibroker_storage_templates_bucket)
-      - name: MAS_AIBROKER_STORAGE_TENANTS_BUCKET
-        value: $(params.mas_aibroker_storage_tenants_bucket)
-      - name: MAS_AIBROKER_STORAGE_PIPELINES_BUCKET
-        value: $(params.mas_aibroker_storage_pipelines_bucket)
+      - name: AISERVICE_STORAGE_PROVIDER
+        value: $(params.aiservice_storage_provider)
+      - name: AISERVICE_STORAGE_SSL
+        value: $(params.aiservice_storage_ssl)
+      - name: AISERVICE_STORAGE_HOST
+        value: $(params.aiservice_storage_host)
+      - name: AISERVICE_STORAGE_PORT
+        value: $(params.aiservice_storage_port)
+      - name: AISERVICE_STORAGE_REGION
+        value: $(params.aiservice_storage_region)
+      - name: AISERVICE_STORAGE_TEMPLATES_BUCKET
+        value: $(params.aiservice_storage_templates_bucket)
+      - name: AISERVICE_STORAGE_TENANTS_BUCKET
+        value: $(params.aiservice_storage_tenants_bucket)
+      - name: AISERVICE_STORAGE_PIPELINES_BUCKET
+        value: $(params.aiservice_storage_pipelines_bucket)
       - name: SSH_SECRET_NAME
         value: $(params.ssh_secret_name)
       - name: DOCKER_SERVER
         value: $(params.docker_server)
       - name: TENANT_NAMESPACE
         value: $(params.tenantNamespace)
-      - name: MAS_AIBROKER_PROVISION_TENANT
-        value: $(params.mas_aibroker_provision_tenant)
+      - name: AISERVICE_PROVISION_TENANT
+        value: $(params.aiservice_provision_tenant)
       - name: PRIMARY_STORAGE_CLASS
         value: $(params.primary_storage_class)
       - name: IMAGE_STORE
@@ -144,10 +144,10 @@ spec:
         value: $(params.image_watcher)
       - name: IMAGE_CONTROLLER
         value: $(params.image_controller)
-      - name: MAS_AIBROKER_CONNECTOR_TAG
-        value: $(params.mas_aibroker_connector_tag)
-      - name: MAS_AIBROKER_SAAS
-        value: $(params.mas_aibroker_saas)
+      - name: AISERVICE_CONNECTOR_TAG
+        value: $(params.aiservice_connector_tag)
+      - name: AISERVICE_SAAS
+        value: $(params.aiservice_saas)
       - name: MODEL_ID_UNIQUE_LENGTH
         value: $(params.model_id_unique_length)
       - name: MODEL_ID_PREFIX
diff --git a/tekton/src/tasks/gitops/gitops-odh.yml.j2 b/tekton/src/tasks/gitops/gitops-odh.yml.j2
index d48ceeca812..3d400793d9a 100644
--- a/tekton/src/tasks/gitops/gitops-odh.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-odh.yml.j2
@@ -39,7 +39,7 @@ spec:
       type: string
     - name: odh_operator_version
       type: string
-    - name: mas_aibroker_storage_ssl
+    - name: aiservice_storage_ssl
       type: string
       default: "true"
   stepTemplate:
@@ -79,8 +79,8 @@ spec:
         value: $(params.opendatahub_namespace)
       - name: ODH_OPERATOR_VERSION
         value: $(params.odh_operator_version)
-      - name: MAS_AIBROKER_STORAGE_SSL
-        value: $(params.mas_aibroker_storage_ssl)
+      - name: AISERVICE_STORAGE_SSL
+        value: $(params.aiservice_storage_ssl)
     envFrom:
       - configMapRef:
           name: environment-properties

From a233109b873b06eadfd5ca83ddbbc4e6c8386b06 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Fri, 23 Jan 2026 09:53:15 -0500
Subject: [PATCH 214/258] Added pytest trace

---
 .github/workflows/build-cli.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml
index 3c9061538d0..85027a59ceb 100644
--- a/.github/workflows/build-cli.yml
+++ b/.github/workflows/build-cli.yml
@@ -143,7 +143,7 @@ jobs:
         id: test
         run: |
           cd $GITHUB_WORKSPACE/python
-          pytest
+          pytest --trace
 
       - name: Build
         id: build

From efb71ab93feff99855a7629e3a81b74773e7e611 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Tue, 27 Jan 2026 09:49:13 -0500
Subject: [PATCH 215/258] Changed mongo pull policy to always

---
 tekton/src/tasks/gitops/gitops-mongo.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tekton/src/tasks/gitops/gitops-mongo.yml.j2 b/tekton/src/tasks/gitops/gitops-mongo.yml.j2
index 79c8551ab9e..473923915b0 100644
--- a/tekton/src/tasks/gitops/gitops-mongo.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mongo.yml.j2
@@ -99,7 +99,7 @@ spec:
         - /bin/sh
         - -c
       name: gitops-mongo
-      imagePullPolicy: IfNotPresent
+      imagePullPolicy: Always
       image: quay.io/ibmmas/cli:latest
   workspaces:
     - name: configs

From 96d6d31c4845a27875ada253074458bfec0743ba Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 28 Jan 2026 09:45:00 -0500
Subject: [PATCH 216/258] Removed default value from aiservice_instance_id

---
 tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
index ddddd09684d..509ec7c5143 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
@@ -63,7 +63,6 @@ spec:
       type: string
     - name: aiservice_instance_id
       type: string
-      default: ""
     - name: mas_app_channel_assist
       type: string
       default: ""

From 9d1c80ac18f36ad90b85262731acde7c407fbc4e Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 28 Jan 2026 12:43:58 -0500
Subject: [PATCH 217/258] Fixed variable name and added aiservice_instance_id
 into gitops mongo

---
 tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 | 2 +-
 tekton/src/tasks/gitops/gitops-mongo.yml.j2         | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index 5b5fcfcc954..45b09366452 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -36,7 +36,7 @@ spec:
       type: string
     - name: mas_instance_id
       type: string
-    - name: AISERVICE_INSTANCE_ID
+    - name: aiservice_instance_id
       type: string
       default: ""
     - name: mas_app_channel_assist
diff --git a/tekton/src/tasks/gitops/gitops-mongo.yml.j2 b/tekton/src/tasks/gitops/gitops-mongo.yml.j2
index 473923915b0..41d42d40383 100644
--- a/tekton/src/tasks/gitops/gitops-mongo.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mongo.yml.j2
@@ -28,6 +28,8 @@ spec:
     - name: aws_docdb_engine_version
       type: string
       default: 4.0.0
+    - name: aiservice_instance_id
+      type: string
   stepTemplate:
     name: gitops-mongo
     env:

From 8a888eef39cee84072734f875de9125a69f02147 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 28 Jan 2026 14:09:09 -0500
Subject: [PATCH 218/258] Fixed variable

---
 tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 | 2 +-
 tekton/src/tasks/gitops/gitops-mongo.yml.j2         | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index 45b09366452..eb5f80e0952 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -156,7 +156,7 @@ spec:
       - name: MAS_INSTANCE_ID
         value: $(params.mas_instance_id)
       - name: AISERVICE_INSTANCE_ID
-        value: $(params.AISERVICE_INSTANCE_ID)
+        value: $(params.aiservice_instance_id)
       - name: MAS_APP_CHANNEL_ASSIST
         value: $(params.mas_app_channel_assist)
       - name: MAS_APP_INSTALL_PLAN_ASSIST
diff --git a/tekton/src/tasks/gitops/gitops-mongo.yml.j2 b/tekton/src/tasks/gitops/gitops-mongo.yml.j2
index 41d42d40383..473923915b0 100644
--- a/tekton/src/tasks/gitops/gitops-mongo.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mongo.yml.j2
@@ -28,8 +28,6 @@ spec:
     - name: aws_docdb_engine_version
       type: string
       default: 4.0.0
-    - name: aiservice_instance_id
-      type: string
   stepTemplate:
     name: gitops-mongo
     env:

From ef0d5cd6d7c67ebee1b65b355fc888238c6ef690 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 11 Feb 2026 10:20:46 -0500
Subject: [PATCH 219/258] Commented out SMTP and idp tasks from mas-instance

---
 .../gitops/gitops-mas-instance.yml.j2         | 339 +++++++++---------
 1 file changed, 169 insertions(+), 170 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2
index b8e5fa58836..ac873107dbd 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2
@@ -674,179 +674,178 @@ spec:
           workspace: configs
 
 
-    # 5. MAS Suite SMTP Config
-    # -------------------------------------------------------------------------
-    - name: gitops-suite-smtp-config
-      runAfter:
-        - gitops-suite-config
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: git_commit_msg
-          value: $(params.git_commit_msg)
-        - name: github_pat
-          value: $(params.github_pat)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: smtp_host
-          value: $(params.smtp_host)
-        - name: smtp_port
-          value: $(params.smtp_port)
-        - name: smtp_security
-          value: $(params.smtp_security)
-        - name: smtp_authentication
-          value: $(params.smtp_authentication)
-        - name: smtp_default_sender_email
-          value: $(params.smtp_default_sender_email)
-        - name: smtp_default_sender_name
-          value: $(params.smtp_default_sender_name)
-        - name: smtp_default_recipient_email
-          value: $(params.smtp_default_recipient_email)
-        - name: smtp_default_should_email_passwords
-          value: $(params.smtp_default_should_email_passwords)
-        - name: smtp_disabled_templates
-          value: $(params.smtp_disabled_templates)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: mas_smtpcfg_pod_template_yaml
-          value: $(params.mas_smtpcfg_pod_template_yaml)
-        - name: smtp_config_ca_certificate_file
-          value: $(params.smtp_config_ca_certificate_file)
-      taskRef:
-        kind: Task
-        name: gitops-suite-smtp-config
-      when:
-        - input: "$(params.smtp_host)"
-          operator: notin
-          values: [""]
-        - input: "$(params.smtp_use_sendgrid)"
-          operator: notin
-          values: ["true"]
-      workspaces:
-        - name: configs
-          workspace: configs
-        - name: shared-gitops-configs
-          workspace: shared-gitops-configs
-
-    - name: gitops-suite-smtp-config-sendgrid
-      runAfter:
-        - gitops-suite-config
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: smtp_disabled_templates
-          value: $(params.smtp_disabled_templates)
-        - name: mas_smtpcfg_pod_template_yaml
-          value: $(params.mas_smtpcfg_pod_template_yaml)
-        - name: smtp_config_ca_certificate_file
-          value: $(params.smtp_config_ca_certificate_file)
+    # # 5. MAS Suite SMTP Config
+    # # -------------------------------------------------------------------------
+    # - name: gitops-suite-smtp-config
+    #   runAfter:
+    #     - gitops-suite-config
+    #   params:
+    #     - name: cluster_name
+    #       value: $(params.cluster_name)
+    #     - name: account
+    #       value: $(params.account)
+    #     - name: secrets_path
+    #       value: $(params.secrets_path)
+    #     - name: mas_instance_id
+    #       value: $(params.mas_instance_id)
+    #     - name: git_branch
+    #       value: $(params.git_branch)
+    #     - name: github_org
+    #       value: $(params.github_org)
+    #     - name: github_repo
+    #       value: $(params.github_repo)
+    #     - name: github_host
+    #       value: $(params.github_host)
+    #     - name: git_commit_msg
+    #       value: $(params.git_commit_msg)
+    #     - name: github_pat
+    #       value: $(params.github_pat)
+    #     - name: avp_aws_secret_region
+    #       value: $(params.avp_aws_secret_region)
+    #     - name: smtp_host
+    #       value: $(params.smtp_host)
+    #     - name: smtp_port
+    #       value: $(params.smtp_port)
+    #     - name: smtp_security
+    #       value: $(params.smtp_security)
+    #     - name: smtp_authentication
+    #       value: $(params.smtp_authentication)
+    #     - name: smtp_default_sender_email
+    #       value: $(params.smtp_default_sender_email)
+    #     - name: smtp_default_sender_name
+    #       value: $(params.smtp_default_sender_name)
+    #     - name: smtp_default_recipient_email
+    #       value: $(params.smtp_default_recipient_email)
+    #     - name: smtp_default_should_email_passwords
+    #       value: $(params.smtp_default_should_email_passwords)
+    #     - name: smtp_disabled_templates
+    #       value: $(params.smtp_disabled_templates)
+    #     - name: cluster_url
+    #       value: $(params.cluster_url)
+    #     - name: mas_smtpcfg_pod_template_yaml
+    #       value: $(params.mas_smtpcfg_pod_template_yaml)
+    #     - name: smtp_config_ca_certificate_file
+    #       value: $(params.smtp_config_ca_certificate_file)
+    #   taskRef:
+    #     kind: Task
+    #     name: gitops-suite-smtp-config
+    #   when:
+    #     - input: "$(params.smtp_host)"
+    #       operator: notin
+    #       values: [""]
+    #     - input: "$(params.smtp_use_sendgrid)"
+    #       operator: notin
+    #       values: ["true"]
+    #   workspaces:
+    #     - name: configs
+    #       workspace: configs
+    #     - name: shared-gitops-configs
+    #       workspace: shared-gitops-configs
+
+    # - name: gitops-suite-smtp-config-sendgrid
+    #   runAfter:
+    #     - gitops-suite-config
+    #   params:
+    #     - name: cluster_name
+    #       value: $(params.cluster_name)
+    #     - name: account
+    #       value: $(params.account)
+    #     - name: secrets_path
+    #       value: $(params.secrets_path)
+    #     - name: mas_instance_id
+    #       value: $(params.mas_instance_id)
+    #     - name: git_branch
+    #       value: $(params.git_branch)
+    #     - name: github_org
+    #       value: $(params.github_org)
+    #     - name: github_repo
+    #       value: $(params.github_repo)
+    #     - name: github_host
+    #       value: $(params.github_host)
+    #     - name: avp_aws_secret_region
+    #       value: $(params.avp_aws_secret_region)
+    #     - name: smtp_disabled_templates
+    #       value: $(params.smtp_disabled_templates)
+    #     - name: mas_smtpcfg_pod_template_yaml
+    #       value: $(params.mas_smtpcfg_pod_template_yaml)
+    #     - name: smtp_config_ca_certificate_file
+    #       value: $(params.smtp_config_ca_certificate_file)
         
-        - name: icn
-          value: $(params.sls_license_icn)
-        - name: mas_domain
-          value: $(params.mas_domain)
-        - name: cis_mas_domain
-          value: $(params.cis_mas_domain)
-        - name: cis_crn
-          value: $(params.cis_crn)
-      taskRef:
-        kind: Task
-        name: gitops-suite-smtp-config-sendgrid
-      when:
-        - input: "$(params.smtp_host)"
-          operator: in
-          values: [""]
-        - input: "$(params.smtp_use_sendgrid)"
-          operator: in
-          values: ["true"]
-      workspaces:
-        - name: configs
-          workspace: configs
-        - name: shared-gitops-configs
-          workspace: shared-gitops-configs
+    #     - name: icn
+    #       value: $(params.sls_license_icn)
+    #     - name: mas_domain
+    #       value: $(params.mas_domain)
+    #     - name: cis_mas_domain
+    #       value: $(params.cis_mas_domain)
+    #     - name: cis_crn
+    #       value: $(params.cis_crn)
+    #   taskRef:
+    #     kind: Task
+    #     name: gitops-suite-smtp-config-sendgrid
+    #   when:
+    #     - input: "$(params.smtp_host)"
+    #       operator: in
+    #       values: [""]
+    #     - input: "$(params.smtp_use_sendgrid)"
+    #       operator: in
+    #       values: ["true"]
+    #   workspaces:
+    #     - name: configs
+    #       workspace: configs
+    #     - name: shared-gitops-configs
+    #       workspace: shared-gitops-configs
 
  
-    # 6. MAS Suite IDP Config
-    # -------------------------------------------------------------------------
-    - name: gitops-suite-idp-config
-      runAfter:
-        - gitops-suite-config
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: git_commit_msg
-          value: $(params.git_commit_msg)
-        - name: github_pat
-          value: $(params.github_pat)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: ldap_url
-          value: $(params.ldap_url)
-        - name: ldap_basedn
-          value: $(params.ldap_basedn)
-        - name: ldap_userid_map
-          value: $(params.ldap_userid_map)
-        - name: ldap_certificate_file
-          value: $(params.ldap_certificate_file)
-        - name: cluster_url
-          value: $(params.cluster_url)
-      taskRef:
-        kind: Task
-        name: gitops-suite-idp-config
-      when:
-        - input: "$(params.ldap_url)"
-          operator: notin
-          values: [""]
-      workspaces:
-        - name: configs
-          workspace: configs
-        - name: shared-additional-configs
-          workspace: shared-additional-configs
-
+    # # 6. MAS Suite IDP Config
+    # # -------------------------------------------------------------------------
+    # - name: gitops-suite-idp-config
+    #   runAfter:
+    #     - gitops-suite-config
+    #   params:
+    #     - name: cluster_name
+    #       value: $(params.cluster_name)
+    #     - name: account
+    #       value: $(params.account)
+    #     - name: secrets_path
+    #       value: $(params.secrets_path)
+    #     - name: mas_instance_id
+    #       value: $(params.mas_instance_id)
+    #     - name: git_branch
+    #       value: $(params.git_branch)
+    #     - name: github_org
+    #       value: $(params.github_org)
+    #     - name: github_repo
+    #       value: $(params.github_repo)
+    #     - name: github_host
+    #       value: $(params.github_host)
+    #     - name: git_commit_msg
+    #       value: $(params.git_commit_msg)
+    #     - name: github_pat
+    #       value: $(params.github_pat)
+    #     - name: avp_aws_secret_region
+    #       value: $(params.avp_aws_secret_region)
+    #     - name: ldap_url
+    #       value: $(params.ldap_url)
+    #     - name: ldap_basedn
+    #       value: $(params.ldap_basedn)
+    #     - name: ldap_userid_map
+    #       value: $(params.ldap_userid_map)
+    #     - name: ldap_certificate_file
+    #       value: $(params.ldap_certificate_file)
+    #     - name: cluster_url
+    #       value: $(params.cluster_url)
+    #   taskRef:
+    #     kind: Task
+    #     name: gitops-suite-idp-config
+    #   when:
+    #     - input: "$(params.ldap_url)"
+    #       operator: notin
+    #       values: [""]
+    #   workspaces:
+    #     - name: configs
+    #       workspace: configs
+    #     - name: shared-additional-configs
+    #       workspace: shared-additional-configs
 
     # 6. MAS Suite App Config
     # -------------------------------------------------------------------------

From 3549627e491ff36225cead7ac77c8756a39f4243 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 11 Feb 2026 13:47:34 -0500
Subject: [PATCH 220/258] Removed deprovision SMTP and IDP

---
 .../gitops/gitops-mas-instance.yml.j2         | 220 ------------------
 1 file changed, 220 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2
index ac873107dbd..6b83df5bb84 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-instance.yml.j2
@@ -674,179 +674,6 @@ spec:
           workspace: configs
 
 
-    # # 5. MAS Suite SMTP Config
-    # # -------------------------------------------------------------------------
-    # - name: gitops-suite-smtp-config
-    #   runAfter:
-    #     - gitops-suite-config
-    #   params:
-    #     - name: cluster_name
-    #       value: $(params.cluster_name)
-    #     - name: account
-    #       value: $(params.account)
-    #     - name: secrets_path
-    #       value: $(params.secrets_path)
-    #     - name: mas_instance_id
-    #       value: $(params.mas_instance_id)
-    #     - name: git_branch
-    #       value: $(params.git_branch)
-    #     - name: github_org
-    #       value: $(params.github_org)
-    #     - name: github_repo
-    #       value: $(params.github_repo)
-    #     - name: github_host
-    #       value: $(params.github_host)
-    #     - name: git_commit_msg
-    #       value: $(params.git_commit_msg)
-    #     - name: github_pat
-    #       value: $(params.github_pat)
-    #     - name: avp_aws_secret_region
-    #       value: $(params.avp_aws_secret_region)
-    #     - name: smtp_host
-    #       value: $(params.smtp_host)
-    #     - name: smtp_port
-    #       value: $(params.smtp_port)
-    #     - name: smtp_security
-    #       value: $(params.smtp_security)
-    #     - name: smtp_authentication
-    #       value: $(params.smtp_authentication)
-    #     - name: smtp_default_sender_email
-    #       value: $(params.smtp_default_sender_email)
-    #     - name: smtp_default_sender_name
-    #       value: $(params.smtp_default_sender_name)
-    #     - name: smtp_default_recipient_email
-    #       value: $(params.smtp_default_recipient_email)
-    #     - name: smtp_default_should_email_passwords
-    #       value: $(params.smtp_default_should_email_passwords)
-    #     - name: smtp_disabled_templates
-    #       value: $(params.smtp_disabled_templates)
-    #     - name: cluster_url
-    #       value: $(params.cluster_url)
-    #     - name: mas_smtpcfg_pod_template_yaml
-    #       value: $(params.mas_smtpcfg_pod_template_yaml)
-    #     - name: smtp_config_ca_certificate_file
-    #       value: $(params.smtp_config_ca_certificate_file)
-    #   taskRef:
-    #     kind: Task
-    #     name: gitops-suite-smtp-config
-    #   when:
-    #     - input: "$(params.smtp_host)"
-    #       operator: notin
-    #       values: [""]
-    #     - input: "$(params.smtp_use_sendgrid)"
-    #       operator: notin
-    #       values: ["true"]
-    #   workspaces:
-    #     - name: configs
-    #       workspace: configs
-    #     - name: shared-gitops-configs
-    #       workspace: shared-gitops-configs
-
-    # - name: gitops-suite-smtp-config-sendgrid
-    #   runAfter:
-    #     - gitops-suite-config
-    #   params:
-    #     - name: cluster_name
-    #       value: $(params.cluster_name)
-    #     - name: account
-    #       value: $(params.account)
-    #     - name: secrets_path
-    #       value: $(params.secrets_path)
-    #     - name: mas_instance_id
-    #       value: $(params.mas_instance_id)
-    #     - name: git_branch
-    #       value: $(params.git_branch)
-    #     - name: github_org
-    #       value: $(params.github_org)
-    #     - name: github_repo
-    #       value: $(params.github_repo)
-    #     - name: github_host
-    #       value: $(params.github_host)
-    #     - name: avp_aws_secret_region
-    #       value: $(params.avp_aws_secret_region)
-    #     - name: smtp_disabled_templates
-    #       value: $(params.smtp_disabled_templates)
-    #     - name: mas_smtpcfg_pod_template_yaml
-    #       value: $(params.mas_smtpcfg_pod_template_yaml)
-    #     - name: smtp_config_ca_certificate_file
-    #       value: $(params.smtp_config_ca_certificate_file)
-        
-    #     - name: icn
-    #       value: $(params.sls_license_icn)
-    #     - name: mas_domain
-    #       value: $(params.mas_domain)
-    #     - name: cis_mas_domain
-    #       value: $(params.cis_mas_domain)
-    #     - name: cis_crn
-    #       value: $(params.cis_crn)
-    #   taskRef:
-    #     kind: Task
-    #     name: gitops-suite-smtp-config-sendgrid
-    #   when:
-    #     - input: "$(params.smtp_host)"
-    #       operator: in
-    #       values: [""]
-    #     - input: "$(params.smtp_use_sendgrid)"
-    #       operator: in
-    #       values: ["true"]
-    #   workspaces:
-    #     - name: configs
-    #       workspace: configs
-    #     - name: shared-gitops-configs
-    #       workspace: shared-gitops-configs
-
- 
-    # # 6. MAS Suite IDP Config
-    # # -------------------------------------------------------------------------
-    # - name: gitops-suite-idp-config
-    #   runAfter:
-    #     - gitops-suite-config
-    #   params:
-    #     - name: cluster_name
-    #       value: $(params.cluster_name)
-    #     - name: account
-    #       value: $(params.account)
-    #     - name: secrets_path
-    #       value: $(params.secrets_path)
-    #     - name: mas_instance_id
-    #       value: $(params.mas_instance_id)
-    #     - name: git_branch
-    #       value: $(params.git_branch)
-    #     - name: github_org
-    #       value: $(params.github_org)
-    #     - name: github_repo
-    #       value: $(params.github_repo)
-    #     - name: github_host
-    #       value: $(params.github_host)
-    #     - name: git_commit_msg
-    #       value: $(params.git_commit_msg)
-    #     - name: github_pat
-    #       value: $(params.github_pat)
-    #     - name: avp_aws_secret_region
-    #       value: $(params.avp_aws_secret_region)
-    #     - name: ldap_url
-    #       value: $(params.ldap_url)
-    #     - name: ldap_basedn
-    #       value: $(params.ldap_basedn)
-    #     - name: ldap_userid_map
-    #       value: $(params.ldap_userid_map)
-    #     - name: ldap_certificate_file
-    #       value: $(params.ldap_certificate_file)
-    #     - name: cluster_url
-    #       value: $(params.cluster_url)
-    #   taskRef:
-    #     kind: Task
-    #     name: gitops-suite-idp-config
-    #   when:
-    #     - input: "$(params.ldap_url)"
-    #       operator: notin
-    #       values: [""]
-    #   workspaces:
-    #     - name: configs
-    #       workspace: configs
-    #     - name: shared-additional-configs
-    #       workspace: shared-additional-configs
-
     # 6. MAS Suite App Config
     # -------------------------------------------------------------------------
     - name: gitops-maf-config
@@ -941,53 +768,6 @@ spec:
         - name: configs
           workspace: configs
 
-    # 2. Deprovision SMTP config
-    # -------------------------------------------------------------------------
-    - name: gitops-deprovision-suite-smtp-config
-      params:
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
-
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-suite-smtp-config
-      when:
-        - input: "$(params.smtp_host)"
-          operator: in
-          values: [""]
-        - input: "$(params.smtp_use_sendgrid)"
-          operator: notin
-          values: ["true"]
-      workspaces:
-        - name: configs
-          workspace: configs
-
-    # 3. Deprovision IDP config
-    # -------------------------------------------------------------------------
-    - name: gitops-deprovision-suite-idp-config
-      params:
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
-
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-suite-idp-config
-      when:
-        - input: "$(params.ldap_url)"
-          operator: in
-          values: [""]
-      workspaces:
-        - name: configs
-          workspace: configs
-
 
     # 3. Deprovision app config
     # -------------------------------------------------------------------------

From 87b9cd4cb3e484a1d2f71374b9fe9e49f639ffca Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 11 Feb 2026 13:52:19 -0500
Subject: [PATCH 221/258] Removed from deprovision instance file

---
 .../gitops/deprovision-mas-instance.yml.j2    | 39 -------------------
 1 file changed, 39 deletions(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2
index 84d9d4a8c01..bf7a2b779d6 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2
@@ -124,45 +124,6 @@ spec:
         - name: configs
           workspace: configs
 
-    # Deprovision SMTP config
-    # -------------------------------------------------------------------------
-    - name: gitops-deprovision-suite-smtp-config
-      runAfter:
-        - gitops-deprovision-suite-workspace
-      params:
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
-
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-suite-smtp-config
-      workspaces:
-        - name: configs
-          workspace: configs
-
-    # Deprovision IDP config
-    # -------------------------------------------------------------------------
-    - name: gitops-deprovision-suite-idp-config
-      runAfter:
-        - gitops-deprovision-suite-workspace
-      params:
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/secrets-params.yml.j2') | indent(8) }}
-        {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/git-params.yml.j2') | indent(8) }}
-
-        - name: mas_instance_id
-          value: $(params.mas_instance_id)
-
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-suite-idp-config
-      workspaces:
-        - name: configs
-          workspace: configs
 
     # Deprovision Suite config
     # -------------------------------------------------------------------------

From d3104828c8f5d756a3af7f4478e75a490b0744b5 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Wed, 11 Feb 2026 15:13:19 -0500
Subject: [PATCH 222/258] Removed kafka step need for idp and smtp

---
 tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2 | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2
index bf7a2b779d6..b566c254163 100644
--- a/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2
+++ b/tekton/src/pipelines/gitops/deprovision-mas-instance.yml.j2
@@ -182,8 +182,6 @@ spec:
     # -------------------------------------------------------------------------
     - name: gitops-delete-kafka-config
       runAfter:
-        - gitops-deprovision-suite-smtp-config
-        - gitops-deprovision-suite-idp-config
         - gitops-deprovision-suite-objectstorage-config
       params:
         {{ lookup('template', pipeline_src_dir ~ '/taskdefs/gitops/common/gitops-params.yml.j2') | indent(8) }}

From 60ad9e5a8b26e5d344c77b5e346f3d775577060b Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Mon, 16 Feb 2026 14:00:28 +0530
Subject: [PATCH 223/258] Retrigger CLI Pipeline

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 7024fca694d..274e0ed19b3 100644
--- a/README.md
+++ b/README.md
@@ -18,4 +18,5 @@ Documentation
 Want to contribute to MAS Command Line Interface?
 -------------------------------------------------------------------------------
 We welcome every Maximo Application Suite users, developers and enthusiasts to contribute to the MAS Command Line Interface while fixing code issues and implementing new automated functionalities.
+
 You can contribute to this collection by raising [a new issue](https://github.com/ibm-mas/cli/issues) with suggestions on how to make our MAS automation engine even better, or if you want to become a new code contributor, please refer to the [Contributing Guidelines](CONTRIBUTING.md) and learn more about how to get started.

From 774b51e2caf2ba17dd714a7b215e8d7b00265eba Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Tue, 24 Feb 2026 11:16:59 +0530
Subject: [PATCH 224/258] cherry-pick 7d5a370024 conflict

---
 .../gitops/gitops-mas-initiator.yml.j2        |   3 +
 .../tasks/gitops/gitops-mas-initiator.yml.j2  | 291 +++++++++++-------
 2 files changed, 178 insertions(+), 116 deletions(-)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
index 509ec7c5143..513531c2721 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
@@ -56,13 +56,16 @@ spec:
       type: string
     - name: mas_channel
       type: string
+      default: ""
     - name: mas_operationalmode
       type: string
       default: ""
     - name: mas_instance_id
       type: string
+      default: ""
     - name: aiservice_instance_id
       type: string
+      default: ""
     - name: mas_app_channel_assist
       type: string
       default: ""
diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index eb5f80e0952..0f7326f3a9a 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -32,10 +32,13 @@ spec:
       default: "gitops-initiator deploy"
     - name: mas_channel
       type: string
+      default: ""
     - name: mas_operationalmode
       type: string
+      default: ""
     - name: mas_instance_id
       type: string
+      default: ""
     - name: aiservice_instance_id
       type: string
       default: ""
@@ -249,6 +252,14 @@ spec:
           exit 1
         fi
 
+        # Validate that at least one of MAS_INSTANCE_ID or AISERVICE_INSTANCE_ID is provided
+        if [ -z "$MAS_INSTANCE_ID" ] && [ -z "$AISERVICE_INSTANCE_ID" ]; then
+          echo "Error: At least one of MAS_INSTANCE_ID or AISERVICE_INSTANCE_ID must be provided"
+          exit 1
+        fi
+
+        echo "gitops-mas-initiator: Deployment mode - MAS_INSTANCE_ID=${MAS_INSTANCE_ID}, AISERVICE_INSTANCE_ID=${AISERVICE_INSTANCE_ID}"
+
         if [ -n $IBMCLOUD_APIKEY ]; then
 
           export SECRET_NAME=${ACCOUNT}${SECRETS_KEY_SEPERATOR}${CLUSTER_NAME}${SECRETS_KEY_SEPERATOR}cis
@@ -341,12 +352,16 @@ spec:
         echo "copy $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/order-status/* to $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/order-status"
         cp -r $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/order-status/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/order-status
 
-        mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID
-        echo "copying $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/* to $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID"
-        cp -r $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/
+        # Copy MAS instance files if MAS_INSTANCE_ID is provided
+        if [ -n "$MAS_INSTANCE_ID" ]; then
+          echo "gitops-mas-initiator: Processing MAS instance: $MAS_INSTANCE_ID"
+          mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID
+          echo "copying $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/* to $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID"
+          cp -r $SOURCE_LOCAL_DIR/$SOURCE_GITHUB_REPO/$SOURCE_PATH/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/
 
-        # Process any .j2 files
-        process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID"
+          # Process any .j2 files
+          process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID"
+        fi
         
         # If AISERVICE_INSTANCE_ID is set, copy the AISERVICE_INSTANCE_ID specific files
         if [ -n "$AISERVICE_INSTANCE_ID" ]; then
@@ -366,151 +381,195 @@ spec:
           process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID"
         fi
         
-        echo "gitops-mas-initiator:: DNS_PROVIDER_CONTROL_IDEN=${DNS_PROVIDER_CONTROL_IDEN} MANUAL_CERTS_CONTROL_FLAG=${MANUAL_CERTS_CONTROL_FLAG}"
-        if [[ "${MANUAL_CERTS_CONTROL_FLAG}" == "true" ]]; then
+        cd $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO
 
-          mkdir -p $TARGET_LOCAL_DIR/manual-certs
-          cd $TARGET_LOCAL_DIR/manual-certs
+        # MAS-specific configurations (only if MAS_INSTANCE_ID is provided)
+        if [ -n "$MAS_INSTANCE_ID" ]; then
+          echo "gitops-mas-initiator: Configuring MAS-specific settings for $MAS_INSTANCE_ID"
+          echo "gitops-mas-initiator:: DNS_PROVIDER_CONTROL_IDEN=${DNS_PROVIDER_CONTROL_IDEN} MANUAL_CERTS_CONTROL_FLAG=${MANUAL_CERTS_CONTROL_FLAG}"
+          
+          if [[ "${MANUAL_CERTS_CONTROL_FLAG}" == "true" ]]; then
 
-          git clone https://git:$GITHUB_PAT@$GITHUB_HOST/$SOURCE_GITHUB_ORG/devops-configs.git -b master || exit
+            mkdir -p $TARGET_LOCAL_DIR/manual-certs
+            cd $TARGET_LOCAL_DIR/manual-certs
 
-          mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs
+            git clone https://git:$GITHUB_PAT@$GITHUB_HOST/$SOURCE_GITHUB_ORG/devops-configs.git -b master || exit
 
-          # Copy manual certs of mas_instance 
-          cp -r $TARGET_LOCAL_DIR/manual-certs/devops-configs/certs/$MAS_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs
+            mkdir -p $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs
 
-          # Invoke create-aggregate-manual-certs.sh to generate combined_manual_certs.yaml
+            # Copy manual certs of mas_instance
+            cp -r $TARGET_LOCAL_DIR/manual-certs/devops-configs/certs/$MAS_INSTANCE_ID/* $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs
 
-          chmod +x $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/create-aggregate-manual-certs.sh
+            # Invoke create-aggregate-manual-certs.sh to generate combined_manual_certs.yaml
 
-          $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/create-aggregate-manual-certs.sh  $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs
+            chmod +x $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/create-aggregate-manual-certs.sh
 
-          # Remove manual-certs folder
-          rm -rf $TARGET_LOCAL_DIR/manual-certs
+            $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/create-aggregate-manual-certs.sh  $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/manual-certs
 
-        fi
+            # Remove manual-certs folder
+            rm -rf $TARGET_LOCAL_DIR/manual-certs
+
+            cd $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO
+          fi
 
-        cd $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO
 
-        if [[ "${MANUAL_CERTS_CONTROL_FLAG}" != "true" ]]; then
-          yq -i 'del(.dns.manual_certs)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
-          echo "gitops-mas-initiator: removed .dns.manual_certs node"
+        if [[ "${DNS_PROVIDER_CONTROL_IDEN}" == "cis" ]]; then
+          yq -i '.cluster.dns.provider = env(DNS_PROVIDER_CONTROL_IDEN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+          echo "gitops-mas-initiator: .cluster.dns.provider set to $DNS_PROVIDER_CONTROL_IDEN in $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
         fi
+          if [[ "${MANUAL_CERTS_CONTROL_FLAG}" != "true" ]]; then
+            yq -i 'del(.dns.manual_certs)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+            echo "gitops-mas-initiator: removed .dns.manual_certs node"
+          fi
 
-        # Update the domain name in the mas-instance-params.yaml.
-        export ROSA_CONFIG=/workspace/configs/tmp-rosa/rosa-$(params.cluster_name)-details.yaml
-        export OCP_SERVER=$(cat $ROSA_CONFIG | yq '.data.api_url')
-        export DOMAIN=$(echo -n $OCP_SERVER | sed -n -e 's/^.*api.//p' | cut -d: -f1)
-        export MASDOMAIN=$MAS_INSTANCE_ID.apps.$DOMAIN
-        export APPSDOMAIN=apps.$DOMAIN
+          # Update the domain name in the mas-instance-params.yaml.
+          export ROSA_CONFIG=/workspace/configs/tmp-rosa/rosa-$(params.cluster_name)-details.yaml
+          export OCP_SERVER=$(cat $ROSA_CONFIG | yq '.data.api_url')
+          export DOMAIN=$(echo -n $OCP_SERVER | sed -n -e 's/^.*api.//p' | cut -d: -f1)
+          export MASDOMAIN=$MAS_INSTANCE_ID.apps.$DOMAIN
+          export APPSDOMAIN=apps.$DOMAIN
 
-        yq -i '.mas_instance.domain = env(MASDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+          yq -i '.mas_instance.domain = env(MASDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
 
-        # Update the ocp server url & ingress domain url in the cluster-params.yaml.
-        yq -i '.cluster.url = env(OCP_SERVER)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
-        yq -i '.cluster.domain = env(APPSDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+          # Update the channel in the mas-instance-params.yaml.
+          if [ -n "$MAS_CHANNEL" ]; then
+            yq -i '.mas_instance.channel = env(MAS_CHANNEL)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+          fi
 
-        # Update the provisioner_domain in cluster-params.yaml.
-        yq -i '(. | select(has("mas_provisioner")) |  .mas_provisioner.provisioner_domain) = env(APPSDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+          # Update the operationalmode in the mas-instance-params.yaml.
+          if [ -n "$MAS_OPERATIONALMODE" ]; then
+            yq -i '.mas_instance.annotations."mas.ibm.com/operationalMode" = env(MAS_OPERATIONALMODE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+          fi
+        fi
 
-        # Update the channel in the mas-instance-params.yaml. 
-        yq -i '.mas_instance.channel = env(MAS_CHANNEL)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+        # Update cluster-level configurations (common for both MAS and AIService)
+        export ROSA_CONFIG=/workspace/configs/tmp-rosa/rosa-$(params.cluster_name)-details.yaml
+        if [ -f "$ROSA_CONFIG" ]; then
+          export OCP_SERVER=$(cat $ROSA_CONFIG | yq '.data.api_url')
+          export DOMAIN=$(echo -n $OCP_SERVER | sed -n -e 's/^.*api.//p' | cut -d: -f1)
+          export APPSDOMAIN=apps.$DOMAIN
 
-        # Update the operationalmode in the mas-instance-params.yaml.
-        yq -i '.mas_instance.annotations."mas.ibm.com/operationalMode" = env(MAS_OPERATIONALMODE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+          # Update the ocp server url & ingress domain url in the cluster-params.yaml.
+          yq -i '.cluster.url = env(OCP_SERVER)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+          yq -i '.cluster.domain = env(APPSDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
 
-        # Remove dns node when DNS_PROVIDER_CONTROL_IDEN is not set
-        if [ "${DNS_PROVIDER_CONTROL_IDEN}" == "" ]; then
-          yq -i 'del(.dns)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
-          yq -i 'del(.cluster.dns)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
-          echo "gitops-mas-initiator: removed .dns / .cluster.dns node from $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml & gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
+          # Update the provisioner_domain in cluster-params.yaml.
+          yq -i '(. | select(has("mas_provisioner")) |  .mas_provisioner.provisioner_domain) = env(APPSDOMAIN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
         fi
 
-        # Deploy fvtsaas with CIS as DNS provider and Manual_certs=True on Mon, Tue, Wed, Thu, Fri
-        # Deploy fvtsaas with CIS as DNS provider and Manual_certs=False on Sun
+        # Additional MAS-specific configurations (only if MAS_INSTANCE_ID is provided)
+        if [ -n "$MAS_INSTANCE_ID" ]; then
+          # Remove dns node when DNS_PROVIDER_CONTROL_IDEN is not set
+          if [ "${DNS_PROVIDER_CONTROL_IDEN}" == "" ]; then
+            yq -i 'del(.dns)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+            yq -i 'del(.cluster.dns)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+            echo "gitops-mas-initiator: removed .dns / .cluster.dns node from $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml & gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
+          fi
 
-        yq -i '.mas_instance.manual_cert_mgmt = env(MANUAL_CERTS_CONTROL_FLAG)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
-        echo "gitops-mas-initiator: .mas_instance.manual_cert_mgmt set to $MANUAL_CERTS_CONTROL_FLAG"
+          # Deploy fvtsaas with CIS as DNS provider and Manual_certs=True on Mon, Tue, Wed, Thu, Fri
+          # Deploy fvtsaas with CIS as DNS provider and Manual_certs=False on Sun
 
+          yq -i '.mas_instance.manual_cert_mgmt = env(MANUAL_CERTS_CONTROL_FLAG)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml
+          echo "gitops-mas-initiator: .mas_instance.manual_cert_mgmt set to $MANUAL_CERTS_CONTROL_FLAG"
 
-        if [[ "${DNS_PROVIDER_CONTROL_IDEN}" == "cis" ]]; then
-          yq -i '.cluster.dns.provider = env(DNS_PROVIDER_CONTROL_IDEN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
-          echo "gitops-mas-initiator: .cluster.dns.provider set to $DNS_PROVIDER_CONTROL_IDEN in $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
-        fi
+          if [[ "${DNS_PROVIDER_CONTROL_IDEN}" == "cis" ]]; then
+            yq -i '.cluster.dns.provider = env(DNS_PROVIDER_CONTROL_IDEN)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml
+            echo "gitops-mas-initiator: .cluster.dns.provider set to $DNS_PROVIDER_CONTROL_IDEN in $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/cluster-params.yaml"
+          fi
 
-        #customizationList customizationArchive credentials
-        if [ -f "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml" ]; then
+          #customizationList customizationArchive credentials
+          if [ -f "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml" ]; then
 
-          MAS_APPWS_SPEC_YAML=$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml
-          secret_names=$(yq eval '.mas_appws_spec.settings.customizationList | to_entries | .[].value.customizationArchiveCredentials.secretName' ${MAS_APPWS_SPEC_YAML})
-          for customization_archive_secret_name in ${secret_names[@]}; do
+            MAS_APPWS_SPEC_YAML=$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/appws_spec_manage.yaml
+            secret_names=$(yq eval '.mas_appws_spec.settings.customizationList | to_entries | .[].value.customizationArchiveCredentials.secretName' ${MAS_APPWS_SPEC_YAML})
+            for customization_archive_secret_name in ${secret_names[@]}; do
 
-            export CUSTOMIZATION_ARCHIVE_SECRET=${ACCOUNT}${SECRETS_KEY_SEPERATOR}${CLUSTER_NAME}${SECRETS_KEY_SEPERATOR}$MAS_INSTANCE_ID${SECRETS_KEY_SEPERATOR}
-            export CUSTOMIZATION_ARCHIVE_SECRET_NAME=${CUSTOMIZATION_ARCHIVE_SECRET}${customization_archive_secret_name}
-            echo "gitops-mas-initiator: creating AWS SM with name :: ${CUSTOMIZATION_ARCHIVE_SECRET_NAME}"
+              export CUSTOMIZATION_ARCHIVE_SECRET=${ACCOUNT}${SECRETS_KEY_SEPERATOR}${CLUSTER_NAME}${SECRETS_KEY_SEPERATOR}$MAS_INSTANCE_ID${SECRETS_KEY_SEPERATOR}
+              export CUSTOMIZATION_ARCHIVE_SECRET_NAME=${CUSTOMIZATION_ARCHIVE_SECRET}${customization_archive_secret_name}
+              echo "gitops-mas-initiator: creating AWS SM with name :: ${CUSTOMIZATION_ARCHIVE_SECRET_NAME}"
 
-            if [[ -n "${ARTIFACTORY_USERNAME}" && -n "${ARTIFACTORY_TOKEN}" ]]; then
-              export SECRET_VALUE="{\"username\":\"${ARTIFACTORY_USERNAME}\",\"password\":\"${ARTIFACTORY_TOKEN}\"}"
+              if [[ -n "${ARTIFACTORY_USERNAME}" && -n "${ARTIFACTORY_TOKEN}" ]]; then
+                export SECRET_VALUE="{\"username\":\"${ARTIFACTORY_USERNAME}\",\"password\":\"${ARTIFACTORY_TOKEN}\"}"
 
-              aws configure set aws_access_key_id ${SM_AWS_ACCESS_KEY_ID}
-              aws configure set aws_secret_access_key ${SM_AWS_SECRET_ACCESS_KEY}
-              aws configure set default.region $SM_AWS_REGION
-              export AWS_REGION=$SM_AWS_REGION
-              aws configure list
-              set +e +o pipefail
-              aws secretsmanager delete-secret --force-delete-without-recovery --secret-id ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --output json 2> /dev/null
-              aws secretsmanager describe-secret --secret-id ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --output json 2> /dev/null
-              aws secretsmanager create-secret --name ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --secret-string "${SECRET_VALUE}" || exit 1
+                aws configure set aws_access_key_id ${SM_AWS_ACCESS_KEY_ID}
+                aws configure set aws_secret_access_key ${SM_AWS_SECRET_ACCESS_KEY}
+                aws configure set default.region $SM_AWS_REGION
+                export AWS_REGION=$SM_AWS_REGION
+                aws configure list
+                set +e +o pipefail
+                aws secretsmanager delete-secret --force-delete-without-recovery --secret-id ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --output json 2> /dev/null
+                aws secretsmanager describe-secret --secret-id ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --output json 2> /dev/null
+                aws secretsmanager create-secret --name ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} --region $SM_AWS_REGION --secret-string "${SECRET_VALUE}" || exit 1
 
-              echo "created AWS secret secret ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} with value ${SECRET_VALUE:0:6}<snip> in region $SM_AWS_REGION"
-              set -e -o pipefail
-            else
-              echo "gitops-mas-initiator: ARTIFACTORY_USERNAME and/or ARTIFACTORY_TOKEN not set, exit with error"
-              exit 1
-            fi
+                echo "created AWS secret secret ${CUSTOMIZATION_ARCHIVE_SECRET_NAME} with value ${SECRET_VALUE:0:6}<snip> in region $SM_AWS_REGION"
+                set -e -o pipefail
+              else
+                echo "gitops-mas-initiator: ARTIFACTORY_USERNAME and/or ARTIFACTORY_TOKEN not set, exit with error"
+                exit 1
+              fi
 
-          done
+            done
 
-        fi
-        # Update the app channels in the mas-apps-params.yaml.
-        if [ -n $MAS_APP_CHANNEL_ASSIST ]; then
-          yq -i '(. | select(has("assist")) |  .assist.app_channel) = env(MAS_APP_CHANNEL_ASSIST)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
-          # Assist not supported in v8 due to no CP4D WD support
-          if [[ "$MAS_APP_CHANNEL_ASSIST" =~ ^8\. ]]; then
-            yq -i 'del(.assist)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
-            echo "gitops-mas-initiator: removed .assist node"
-            yq -i '.launchfvt.assist = false' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
-            echo "gitops-mas-initiator: set .launchfvt.assist to false"
+          fi
+          # Update the app channels in the mas-apps-params.yaml.
+          if [ -n $MAS_APP_CHANNEL_ASSIST ]; then
+            yq -i '(. | select(has("assist")) |  .assist.app_channel) = env(MAS_APP_CHANNEL_ASSIST)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+            # Assist not supported in v8 due to no CP4D WD support
+            if [[ "$MAS_APP_CHANNEL_ASSIST" =~ ^8\. ]]; then
+              yq -i 'del(.assist)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+              echo "gitops-mas-initiator: removed .assist node"
+              yq -i '.launchfvt.assist = false' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
+              echo "gitops-mas-initiator: set .launchfvt.assist to false"
+            fi
+          fi
+          fi
+          if [ -n $MAS_APP_CHANNEL_FACILITIES ]; then
+            yq -i '(. | select(has("facilities")) |  .facilities.app_channel) = env(MAS_APP_CHANNEL_FACILITIES)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          fi
+          if [ -n $MAS_APP_CHANNEL_IOT ]; then
+            yq -i '(. | select(has("iot")) |  .iot.app_channel) = env(MAS_APP_CHANNEL_IOT)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          fi
+          if [ -n $MAS_APP_CHANNEL_MANAGE ]; then
+            yq -i '(. | select(has("manage")) |  .manage.app_channel) = env(MAS_APP_CHANNEL_MANAGE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          fi
+          if [ -n $MAS_APP_CHANNEL_MONITOR ]; then
+            yq -i '(. | select(has("monitor")) |  .monitor.app_channel) = env(MAS_APP_CHANNEL_MONITOR)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          fi
+          if [ -n $MAS_APP_CHANNEL_OPTIMIZER ]; then
+            yq -i '(. | select(has("optimizer")) |  .optimizer.app_channel) = env(MAS_APP_CHANNEL_OPTIMIZER)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          fi
+          if [ -n $MAS_APP_CHANNEL_PREDICT ]; then
+            yq -i '(. | select(has("predict")) |  .predict.app_channel) = env(MAS_APP_CHANNEL_PREDICT)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          fi
+          if [ -n $MAS_APP_CHANNEL_VISUALINSPECTION ]; then
+            yq -i '(. | select(has("visualinspection")) |  .visualinspection.app_channel) = env(MAS_APP_CHANNEL_VISUALINSPECTION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
+          fi
+          # Update the cli_version and ansible_fvt ansible version if mas_fvt_params exists
+          if [ -f $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml ]; then
+            yq -i '.fvt.cli_version = env(CLI_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
+            yq -i '.fvt.ansible_version = env(FVT_ANSIBLE_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
           fi
         fi
-        if [ -n $MAS_APP_CHANNEL_FACILITIES ]; then
-          yq -i '(. | select(has("facilities")) |  .facilities.app_channel) = env(MAS_APP_CHANNEL_FACILITIES)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
-        fi
-        if [ -n $MAS_APP_CHANNEL_IOT ]; then
-          yq -i '(. | select(has("iot")) |  .iot.app_channel) = env(MAS_APP_CHANNEL_IOT)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
-        fi
-        if [ -n $MAS_APP_CHANNEL_MANAGE ]; then
-          yq -i '(. | select(has("manage")) |  .manage.app_channel) = env(MAS_APP_CHANNEL_MANAGE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
-        fi
-        if [ -n $MAS_APP_CHANNEL_MONITOR ]; then
-          yq -i '(. | select(has("monitor")) |  .monitor.app_channel) = env(MAS_APP_CHANNEL_MONITOR)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
-        fi
-        if [ -n $MAS_APP_CHANNEL_OPTIMIZER ]; then
-          yq -i '(. | select(has("optimizer")) |  .optimizer.app_channel) = env(MAS_APP_CHANNEL_OPTIMIZER)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
-        fi
-        if [ -n $MAS_APP_CHANNEL_PREDICT ]; then
-          yq -i '(. | select(has("predict")) |  .predict.app_channel) = env(MAS_APP_CHANNEL_PREDICT)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
-        fi
-        if [ -n $MAS_APP_CHANNEL_VISUALINSPECTION ]; then
-          yq -i '(. | select(has("visualinspection")) |  .visualinspection.app_channel) = env(MAS_APP_CHANNEL_VISUALINSPECTION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
-        fi
-        if [ -n $MAS_APP_CHANNEL_AISERVICE ]; then
-          yq -i '(. | select(has("aiservice")) |  .aiservice.app_channel) = env(MAS_APP_CHANNEL_AISERVICE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-apps-params.yaml
-        fi
-        # Update the cli_version and ansible_fvt ansible version if mas_fvt_params exists
-        if [ -f $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml ]; then
-          yq -i '.fvt.cli_version = env(CLI_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
-          yq -i '.fvt.ansible_version = env(FVT_ANSIBLE_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
+
+        # AIService-specific configurations (only if AISERVICE_INSTANCE_ID is provided)
+        if [ -n "$AISERVICE_INSTANCE_ID" ]; then
+          echo "gitops-mas-initiator: Configuring AIService-specific settings for $AISERVICE_INSTANCE_ID"
+          
+          # Update AIService app channel if provided
+          if [ -n "$MAS_APP_CHANNEL_AISERVICE" ] && [ -f "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-apps-params.yaml" ]; then
+            yq -i '(. | select(has("aiservice")) |  .aiservice.app_channel) = env(MAS_APP_CHANNEL_AISERVICE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-apps-params.yaml
+            echo "gitops-mas-initiator: Updated AIService channel to $MAS_APP_CHANNEL_AISERVICE"
+          fi
+
+          # Update the cli_version and ansible_fvt version if mas_fvt_params exists for AIService
+          if [ -f "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-fvt-params.yaml" ]; then
+            if [ -n "$CLI_VERSION" ]; then
+              yq -i '.fvt.cli_version = env(CLI_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-fvt-params.yaml
+            fi
+            if [ -n "$FVT_ANSIBLE_VERSION" ]; then
+              yq -i '.fvt.ansible_version = env(FVT_ANSIBLE_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/mas-fvt-params.yaml
+            fi
+          fi
         fi
 
         # Check if CENTRALISED_SLS is set to true

From 87ce41f2d58ad66b69d3dfac293dd27c7633c911 Mon Sep 17 00:00:00 2001
From: Max Robakiewicz <Max.Robakiewicz@ibm.com>
Date: Tue, 24 Feb 2026 13:07:18 -0500
Subject: [PATCH 225/258] Removed extra fi statement and added echo statements
 for debug

---
 tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index 0f7326f3a9a..beab1e44038 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -513,6 +513,7 @@ spec:
           fi
           # Update the app channels in the mas-apps-params.yaml.
           if [ -n $MAS_APP_CHANNEL_ASSIST ]; then
+            echo "MAS_APP_CHANNEL_ASSIST found"
             yq -i '(. | select(has("assist")) |  .assist.app_channel) = env(MAS_APP_CHANNEL_ASSIST)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
             # Assist not supported in v8 due to no CP4D WD support
             if [[ "$MAS_APP_CHANNEL_ASSIST" =~ ^8\. ]]; then
@@ -522,30 +523,38 @@ spec:
               echo "gitops-mas-initiator: set .launchfvt.assist to false"
             fi
           fi
-          fi
+
           if [ -n $MAS_APP_CHANNEL_FACILITIES ]; then
+            echo "MAS_APP_CHANNEL_FACILITIES found"
             yq -i '(. | select(has("facilities")) |  .facilities.app_channel) = env(MAS_APP_CHANNEL_FACILITIES)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
           fi
           if [ -n $MAS_APP_CHANNEL_IOT ]; then
+            echo "MAS_APP_CHANNEL_IOT found"
             yq -i '(. | select(has("iot")) |  .iot.app_channel) = env(MAS_APP_CHANNEL_IOT)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
           fi
           if [ -n $MAS_APP_CHANNEL_MANAGE ]; then
+            echo "MAS_APP_CHANNEL_MANAGE found"
             yq -i '(. | select(has("manage")) |  .manage.app_channel) = env(MAS_APP_CHANNEL_MANAGE)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
           fi
           if [ -n $MAS_APP_CHANNEL_MONITOR ]; then
+            echo "MAS_APP_CHANNEL_MONITOR found"
             yq -i '(. | select(has("monitor")) |  .monitor.app_channel) = env(MAS_APP_CHANNEL_MONITOR)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
           fi
           if [ -n $MAS_APP_CHANNEL_OPTIMIZER ]; then
+            echo "MAS_APP_CHANNEL_OPTIMIZER found"
             yq -i '(. | select(has("optimizer")) |  .optimizer.app_channel) = env(MAS_APP_CHANNEL_OPTIMIZER)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
           fi
           if [ -n $MAS_APP_CHANNEL_PREDICT ]; then
+            echo "MAS_APP_CHANNEL_PREDICT found"
             yq -i '(. | select(has("predict")) |  .predict.app_channel) = env(MAS_APP_CHANNEL_PREDICT)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
           fi
           if [ -n $MAS_APP_CHANNEL_VISUALINSPECTION ]; then
+            echo "MAS_APP_CHANNEL_VISUALINSPECTION found"
             yq -i '(. | select(has("visualinspection")) |  .visualinspection.app_channel) = env(MAS_APP_CHANNEL_VISUALINSPECTION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-apps-params.yaml
           fi
           # Update the cli_version and ansible_fvt ansible version if mas_fvt_params exists
           if [ -f $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml ]; then
+            echo "MAS_INSTANCE_ID mas-fvt-params.yaml found"
             yq -i '.fvt.cli_version = env(CLI_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
             yq -i '.fvt.ansible_version = env(FVT_ANSIBLE_VERSION)' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-fvt-params.yaml
           fi

From a3d36ca9a00008027a8c5a06632ef26b7eef33ad Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Mon, 11 May 2026 12:43:07 +0530
Subject: [PATCH 226/258] [minor] Add IS_GITOPS_FVT_ENV support for tenant SLS
 secret automation

---
 image/cli/mascli/functions/gitops_aiservice_tenant | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aiservice_tenant b/image/cli/mascli/functions/gitops_aiservice_tenant
index 093b889d9f8..092be7de14e 100644
--- a/image/cli/mascli/functions/gitops_aiservice_tenant
+++ b/image/cli/mascli/functions/gitops_aiservice_tenant
@@ -38,6 +38,7 @@ AiService :
 --aiservice-tenant-install-plan-approval ${TEXT_RESET}AISERVICE_TENANT_INSTALL_PLAN_APPROVAL${TEXT_RESET}                                                          
 --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
 --in-saas-env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
+--is-gitops-fvt-env ${COLOR_YELLOW}IS_GITOPS_FVT_ENV${TEXT_RESET}                                           Whether this is a GitOps FVT environment (true/false)
 --aiservice_operator_log_level ${COLOR_YELLOW}AISERVICE_OPERATOR_LOG_LEVEL${TEXT_RESET}                     Log level for the AI Service operator (e.g., info, debug)
 --mas-icr-cp ${COLOR_YELLOW}MAS_ICR_CP${TEXT_RESET}                                                         IBM Cloud Pak container registry URL
 --mas-icr-cpopen ${COLOR_YELLOW}MAS_ICR_CPOPEN${TEXT_RESET}                                                 IBM Cloud Pak Open container registry URL
@@ -108,6 +109,7 @@ function gitops_aiservice_tenant_noninteractive() {
   export AISERVICE_TENANT_INSTALL_PLAN_APPROVAL=${AISERVICE_TENANT_INSTALL_PLAN_APPROVAL:-"Automatic"}
   export CATALOG_SOURCE=${CATALOG_SOURCE:-"ibm-operator-catalog"}
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
+  export IS_GITOPS_FVT_ENV=${IS_GITOPS_FVT_ENV:-"false"}
   export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
   export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
   export AISERVICE_S3_BUCKET_PREFIX=${AISERVICE_S3_BUCKET_PREFIX:-"m"}
@@ -184,6 +186,9 @@ function gitops_aiservice_tenant_noninteractive() {
       --in-saas-env)
         export IN_SAAS_ENV=$1 && shift
         ;;
+      --is-gitops-fvt-env)
+        export IS_GITOPS_FVT_ENV=$1 && shift
+        ;;
       --mas-icr-cp)
         export MAS_ICR_CP=$1 && shift
         ;;
@@ -486,7 +491,12 @@ fi
   sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
   sm_verify_secret_exists ${SECRETS_PREFIX}dro "dro_api_token,dro_ca_b64enc"
   if [ -z "$STANDALONE_SLS_SERVICE" ]; then
-    sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc"
+    # In GitOps FVT environment, skip SLS secret verification as they will be created by postSync job
+    if [[ "${IS_GITOPS_FVT_ENV}" != "true" ]]; then
+      sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc"
+    else
+      echo "GitOps FVT Environment: Skipping SLS secret verification (will be created by postSync job)"
+    fi
   else
     sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "registration_key,ca_b64,sls_url"
   fi

From a89de4ebea36c7b60213862edb13c7cf2dec2acf Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Mon, 11 May 2026 12:49:56 +0530
Subject: [PATCH 227/258] Update secrets

---
 .secrets.baseline | 64 +++++------------------------------------------
 1 file changed, 6 insertions(+), 58 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 22ba44c5d89..0fc602cf6f0 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -230,63 +230,11 @@
         "type": "Secret Keyword",
         "verified_result": null
       },
-      {
-        "hashed_secret": "db40a6131d9b574bb057875df98fb03f9874d5b4",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 92,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "6fbaa59234a602571baf17a51592b436b33f8491",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 93,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "bd1b0b7f343605538b1da78056db3a7bddf3f807",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 96,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 312,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_aiservice_tenant": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 368,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_aiservice": [
-      {
-        "hashed_secret": "6ffb91fd9c01e69b8e9093d84439c8b88dd8fe35",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 75,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
       {
         "hashed_secret": "0ded7396e06414c0d5fb316e08aec58ca4394378",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 91,
+        "line_number": 92,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -294,7 +242,7 @@
         "hashed_secret": "db40a6131d9b574bb057875df98fb03f9874d5b4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 92,
+        "line_number": 93,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -302,7 +250,7 @@
         "hashed_secret": "6fbaa59234a602571baf17a51592b436b33f8491",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 93,
+        "line_number": 94,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -310,7 +258,7 @@
         "hashed_secret": "bd1b0b7f343605538b1da78056db3a7bddf3f807",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 96,
+        "line_number": 97,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -318,7 +266,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 313,
+        "line_number": 317,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -328,7 +276,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 338,
+        "line_number": 467,
         "type": "Secret Keyword",
         "verified_result": null
       }

From b32976e80c4f360d438ca018b533ba94d31cb7e7 Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Thu, 14 May 2026 13:47:18 +0530
Subject: [PATCH 228/258] Update secrets

---
 .secrets.baseline | 136 ++++++++++++----------------------------------
 1 file changed, 36 insertions(+), 100 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 0fc602cf6f0..a9191628bf7 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-01-07T17:29:26Z",
+  "generated_at": "2026-05-12T12:20:28Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -102,7 +102,7 @@
         "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 31,
+        "line_number": 40,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -187,6 +187,10 @@
     ],
     "image/cli/app-root/src/save-junit-to-mongo.py": [
       {
+        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 4,
         "type": "Basic Auth Credentials",
         "verified_result": null
       }
@@ -296,7 +300,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 502,
+        "line_number": 498,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -308,11 +312,6 @@
         "is_verified": false,
         "line_number": 153,
         "type": "Secret Keyword",
-        "filename": "image/cli/mascli/functions/gitops_cos",
-        "hashed_secret": "5bcc2c4d81811ed80bdd75460668f2bc84ab2137",
-        "is_verified": false,
-        "line_number": 154,
-        "type": "Secret Keyword",
         "verified_result": null
       }
     ],
@@ -323,31 +322,6 @@
         "is_verified": false,
         "line_number": 488,
         "type": "Secret Keyword",
-        "filename": "image/cli/mascli/functions/gitops_cos",
-        "hashed_secret": "ac6402fecd64e90dc6ba48a0b533988e179aa4d8",
-        "is_verified": false,
-        "line_number": 481,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_deprovision_aibroker": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 169,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_deprovision_aibroker_tenant": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 176,
-        "type": "Secret Keyword",
         "verified_result": null
       }
     ],
@@ -378,30 +352,25 @@
         "is_verified": false,
         "line_number": 177,
         "type": "Secret Keyword",
-        "filename": "image/cli/mascli/functions/gitops_deprovision_cos",
-        "hashed_secret": "5bcc2c4d81811ed80bdd75460668f2bc84ab2137",
-        "is_verified": false,
-        "line_number": 117,
-        "type": "Secret Keyword",
         "verified_result": null
       }
     ],
-    "image/cli/mascli/functions/gitops_deprovision_kafka": [
+    "image/cli/mascli/functions/gitops_deprovision_efs": [
       {
         "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 232,
+        "line_number": 117,
         "type": "Secret Keyword",
         "verified_result": null
       }
     ],
-    "image/cli/mascli/functions/gitops_deprovision_kmodel": [
+    "image/cli/mascli/functions/gitops_deprovision_kafka": [
       {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": true,
+        "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 173,
+        "line_number": 232,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -456,6 +425,10 @@
         "verified_result": null
       },
       {
+        "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 283,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -467,11 +440,6 @@
         "is_verified": false,
         "line_number": 140,
         "type": "Secret Keyword",
-        "filename": "image/cli/mascli/functions/gitops_deprovision_cos",
-        "hashed_secret": "44d54155c3c518b7cf98349d03ddbfc0d9d2f11a",
-        "is_verified": false,
-        "line_number": 112,
-        "type": "Secret Keyword",
         "verified_result": null
       }
     ],
@@ -480,12 +448,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 704,
-        "type": "Secret Keyword",
-        "filename": "image/cli/mascli/functions/gitops_mas_config",
-        "hashed_secret": "c1da82792ffb8b665d42102d41918b0a9bfb5e08",
-        "is_verified": false,
-        "line_number": 628,
+        "line_number": 747,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -493,12 +456,15 @@
         "hashed_secret": "effb7852555adce89885fb075fb43a77a1e0e77e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 923,
+        "line_number": 982,
         "type": "Secret Keyword",
-        "filename": "image/cli/mascli/functions/gitops_mas_config",
-        "hashed_secret": "5ffe533b830f08a0326348a9160afafc8ada44db",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
+        "is_secret": false,
         "is_verified": false,
-        "line_number": 925,
+        "line_number": 984,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -508,6 +474,14 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
+        "line_number": 205,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
+        "is_secret": false,
+        "is_verified": false,
         "line_number": 213,
         "type": "Secret Keyword",
         "verified_result": null
@@ -721,7 +695,7 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2": [
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2": [
       {
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,
@@ -749,44 +723,6 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant-base.yaml.j2": [
-      {
-        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 21,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2": [
-      {
-        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 37,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice.yaml.j2": [
-      {
-        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 38,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 42,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
     "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2": [
       {
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
@@ -812,7 +748,7 @@
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 21,
+        "line_number": 22,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -1008,7 +944,7 @@
       }
     ]
   },
-  "version": "0.13.1+ibm.62.dss",
+  "version": "0.13.1+ibm.64.dss",
   "word_list": {
     "file": null,
     "hash": null

From 6546a88621c0af57315e1c1dcc3b4cd2a2987e70 Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Thu, 14 May 2026 13:57:02 +0530
Subject: [PATCH 229/258] Update secrets

---
 .secrets.baseline | 100 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 99 insertions(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index a9191628bf7..54d043994a1 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -942,6 +942,104 @@
         "type": "Base64 High Entropy String",
         "verified_result": null
       }
+    ],
+    "image/cli/mascli/functions/gitops_deprovision_kmodel": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 173,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_deprovision_aibroker": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 169,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_deprovision_aibroker_tenant": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 176,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_kmodel": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 335,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_aibroker": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 304,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_aibroker_tenant": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 348,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2": [
+      {
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 21,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2": [
+      {
+        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 27,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 54,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2": [
+      {
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 38,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
     ]
   },
   "version": "0.13.1+ibm.64.dss",
@@ -949,4 +1047,4 @@
     "file": null,
     "hash": null
   }
-}
+}
\ No newline at end of file

From 7ffd3ac70126228fa612fdb852d8abadd506764d Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Thu, 14 May 2026 14:05:44 +0530
Subject: [PATCH 230/258] update secrets

---
 .secrets.baseline | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 54d043994a1..da31ed2af93 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-05-12T12:20:28Z",
+  "generated_at": "2026-05-14T08:34:25Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -1047,4 +1047,4 @@
     "file": null,
     "hash": null
   }
-}
\ No newline at end of file
+}

From 4ce47f4ad8592fbf887d135a0605abae69fa4c2b Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Thu, 14 May 2026 14:16:30 +0530
Subject: [PATCH 231/258] Update secrets

---
 .secrets.baseline | 120 +++-------------------------------------------
 1 file changed, 7 insertions(+), 113 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index da31ed2af93..4af0850c8c3 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-05-14T08:34:25Z",
+  "generated_at": "2026-05-12T12:20:28Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -230,15 +230,7 @@
         "hashed_secret": "6ffb91fd9c01e69b8e9093d84439c8b88dd8fe35",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 76,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "0ded7396e06414c0d5fb316e08aec58ca4394378",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 92,
+        "line_number": 75,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -246,7 +238,7 @@
         "hashed_secret": "db40a6131d9b574bb057875df98fb03f9874d5b4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 93,
+        "line_number": 91,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -254,7 +246,7 @@
         "hashed_secret": "6fbaa59234a602571baf17a51592b436b33f8491",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 94,
+        "line_number": 92,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -262,7 +254,7 @@
         "hashed_secret": "bd1b0b7f343605538b1da78056db3a7bddf3f807",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 97,
+        "line_number": 95,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -270,7 +262,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 317,
+        "line_number": 308,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -280,7 +272,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 467,
+        "line_number": 372,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -942,104 +934,6 @@
         "type": "Base64 High Entropy String",
         "verified_result": null
       }
-    ],
-    "image/cli/mascli/functions/gitops_deprovision_kmodel": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 173,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_deprovision_aibroker": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 169,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_deprovision_aibroker_tenant": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 176,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_kmodel": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 335,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_aibroker": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 304,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_aibroker_tenant": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 348,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2": [
-      {
-        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 21,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2": [
-      {
-        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 27,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 54,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2": [
-      {
-        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 38,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
     ]
   },
   "version": "0.13.1+ibm.64.dss",

From 13d461b7b20b692918a3d19b2b1935a11686a091 Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Thu, 14 May 2026 15:48:51 +0530
Subject: [PATCH 232/258] update secrets

---
 .secrets.baseline | 114 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 106 insertions(+), 8 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 4af0850c8c3..a11fb25cc7a 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-05-12T12:20:28Z",
+  "generated_at": "2026-05-14T10:16:56Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -225,6 +225,26 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/functions/gitops_aibroker": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 304,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_aibroker_tenant": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 348,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/functions/gitops_aiservice": [
       {
         "hashed_secret": "6ffb91fd9c01e69b8e9093d84439c8b88dd8fe35",
@@ -272,7 +292,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 372,
+        "line_number": 373,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -292,7 +312,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 498,
+        "line_number": 502,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -317,6 +337,26 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/functions/gitops_deprovision_aibroker": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 169,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/functions/gitops_deprovision_aibroker_tenant": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 176,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/functions/gitops_deprovision_aiservice": [
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
@@ -367,6 +407,16 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/functions/gitops_deprovision_kmodel": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 173,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/functions/gitops_deprovision_mongo": [
       {
         "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
@@ -382,7 +432,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 188,
+        "line_number": 170,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -425,6 +475,16 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/functions/gitops_kmodel": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 335,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/functions/gitops_license": [
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
@@ -440,7 +500,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 747,
+        "line_number": 704,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -448,7 +508,7 @@
         "hashed_secret": "effb7852555adce89885fb075fb43a77a1e0e77e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 982,
+        "line_number": 923,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -456,7 +516,7 @@
         "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 984,
+        "line_number": 925,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -677,6 +737,44 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2": [
+      {
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 21,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2": [
+      {
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 38,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2": [
+      {
+        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 27,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 54,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant-base.yaml.j2": [
       {
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
@@ -740,7 +838,7 @@
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 22,
+        "line_number": 21,
         "type": "Secret Keyword",
         "verified_result": null
       }

From 4d6f962e71e88915dd326e697fbbefe4547bc6b7 Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Fri, 15 May 2026 12:41:05 +0530
Subject: [PATCH 233/258] Added IS_GITOPS_FVT_ENV variable to bypass secrets in
 FVT run

---
 image/cli/mascli/functions/gitops_aiservice   | 14 ++++++++++----
 .../mascli/functions/gitops_aiservice_tenant  | 19 ++++++++++---------
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aiservice b/image/cli/mascli/functions/gitops_aiservice
index 08d33bcc589..eb0b1377051 100644
--- a/image/cli/mascli/functions/gitops_aiservice
+++ b/image/cli/mascli/functions/gitops_aiservice
@@ -381,10 +381,16 @@ function gitops_aiservice() {
   export MAS_ENTITLEMENT_KEY=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
   export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
 
-  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
-  sm_verify_secret_exists ${SECRETS_PREFIX}dro "dro_api_token,dro_url,dro_ca_b64enc"
-  sm_verify_secret_exists ${SECRETS_PREFIX}s3 "sm_s3_accesskey,sm_s3_secretkey,sm_s3_host,sm_s3_region"
-  sm_verify_secret_exists ${SECRETS_PREFIX}jdbc "jdbccfg_username,jdbccfg_password,jdbccfg_url,jdbccfg_sslenabled,jdbccfg_ca_b64enc"
+  # Skip DRO, S3, and JDBC secret validation in FVT environments
+  # These secrets will be created by postSync jobs after deployment
+  if [[ "${IS_GITOPS_FVT_ENV}" != "true" ]]; then
+    sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
+    sm_verify_secret_exists ${SECRETS_PREFIX}dro "dro_api_token,dro_url,dro_ca_b64enc"
+    sm_verify_secret_exists ${SECRETS_PREFIX}s3 "sm_s3_accesskey,sm_s3_secretkey,sm_s3_host,sm_s3_region"
+    sm_verify_secret_exists ${SECRETS_PREFIX}jdbc "jdbccfg_username,jdbccfg_password,jdbccfg_url,jdbccfg_sslenabled,jdbccfg_ca_b64enc"
+  else
+    echo "IS_GITOPS_FVT_ENV is true - Skipping DRO, S3, and JDBC secret validation"
+  fi
 
     if [ -z $GIT_SSH ]; then
       export GIT_SSH=false
diff --git a/image/cli/mascli/functions/gitops_aiservice_tenant b/image/cli/mascli/functions/gitops_aiservice_tenant
index 092be7de14e..87599163132 100644
--- a/image/cli/mascli/functions/gitops_aiservice_tenant
+++ b/image/cli/mascli/functions/gitops_aiservice_tenant
@@ -488,19 +488,20 @@ fi
 
   # check for those variables present into the aws sm 
 
-  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
-  sm_verify_secret_exists ${SECRETS_PREFIX}dro "dro_api_token,dro_ca_b64enc"
-  if [ -z "$STANDALONE_SLS_SERVICE" ]; then
-    # In GitOps FVT environment, skip SLS secret verification as they will be created by postSync job
-    if [[ "${IS_GITOPS_FVT_ENV}" != "true" ]]; then
-      sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc"
+  if [[ "${IS_GITOPS_FVT_ENV}" != "true" ]]; then
+    sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
+    sm_verify_secret_exists ${SECRETS_PREFIX}dro "dro_api_token,dro_ca_b64enc"
+    if [ -z "$STANDALONE_SLS_SERVICE" ]; then
+      # In GitOps FVT environment, skip SLS secret verification as they will be created by postSync job
+      sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_b64enc"    
     else
-      echo "GitOps FVT Environment: Skipping SLS secret verification (will be created by postSync job)"
+      sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "registration_key,ca_b64,sls_url"
     fi
+    sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token"
+    sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id"
   else
-    sm_verify_secret_exists ${SLS_SECRETS_PREFIX}sls "registration_key,ca_b64,sls_url"
+      echo "GitOps FVT Environment: Skipping SLS secret verification (will be created by postSync job)"
   fi
-  sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id"
 
   # Load scheduling config file
   # ---------------------------------------------------------------------------

From 591e644287a0b21089b5d19026651a22e612440b Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Fri, 15 May 2026 19:23:37 +0530
Subject: [PATCH 234/258] minor fix for FVT pipeline execution

---
 image/cli/mascli/functions/gitops_odh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/image/cli/mascli/functions/gitops_odh b/image/cli/mascli/functions/gitops_odh
index 8c1f1d2b221..440e8e82b95 100755
--- a/image/cli/mascli/functions/gitops_odh
+++ b/image/cli/mascli/functions/gitops_odh
@@ -323,6 +323,8 @@ function gitops_odh_noninteractive() {
         export AISERVICE_STORAGE_PROVIDER=$1 && shift
         ;;
       --storage-ssl|--aiservice-storage-ssl)
+        export AISERVICE_STORAGE_SSL=$1 && shift
+        ;;
       --storage-accesskey)
         export AISERVICE_STORAGE_ACCESSKEY=$1 && shift
         ;;

From b605315b712921ddf39729c831406480648b3d8a Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Mon, 18 May 2026 12:05:15 +0530
Subject: [PATCH 235/258] Update .secrets.baseline

---
 .secrets.baseline | 116 ++++------------------------------------------
 1 file changed, 9 insertions(+), 107 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index a11fb25cc7a..bc2045d68b9 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-05-14T10:16:56Z",
+  "generated_at": "2026-05-16T15:00:24Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -225,26 +225,6 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/functions/gitops_aibroker": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 304,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_aibroker_tenant": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 348,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
     "image/cli/mascli/functions/gitops_aiservice": [
       {
         "hashed_secret": "6ffb91fd9c01e69b8e9093d84439c8b88dd8fe35",
@@ -292,7 +272,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 373,
+        "line_number": 372,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -312,7 +292,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 502,
+        "line_number": 498,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -337,26 +317,6 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/functions/gitops_deprovision_aibroker": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 169,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/functions/gitops_deprovision_aibroker_tenant": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 176,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
     "image/cli/mascli/functions/gitops_deprovision_aiservice": [
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
@@ -407,16 +367,6 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/functions/gitops_deprovision_kmodel": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 173,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
     "image/cli/mascli/functions/gitops_deprovision_mongo": [
       {
         "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
@@ -432,7 +382,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 170,
+        "line_number": 188,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -475,16 +425,6 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/functions/gitops_kmodel": [
-      {
-        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 335,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
     "image/cli/mascli/functions/gitops_license": [
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
@@ -500,7 +440,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 704,
+        "line_number": 747,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -508,7 +448,7 @@
         "hashed_secret": "effb7852555adce89885fb075fb43a77a1e0e77e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 923,
+        "line_number": 996,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -516,7 +456,7 @@
         "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 925,
+        "line_number": 998,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -737,44 +677,6 @@
         "verified_result": null
       }
     ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2": [
-      {
-        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 21,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2": [
-      {
-        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 38,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2": [
-      {
-        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 27,
-        "type": "Secret Keyword",
-        "verified_result": null
-      },
-      {
-        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
-        "is_secret": true,
-        "is_verified": false,
-        "line_number": 54,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
     "image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant-base.yaml.j2": [
       {
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
@@ -838,7 +740,7 @@
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 21,
+        "line_number": 22,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -978,7 +880,7 @@
         "hashed_secret": "206c80413b9a96c1312cc346b7d2517b84463edd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 339,
+        "line_number": 344,
         "type": "Secret Keyword",
         "verified_result": null
       }

From ff7676ededed8d9821871a060c4520093c1f543d Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Mon, 18 May 2026 13:17:40 +0530
Subject: [PATCH 236/258] delete some files related to AI Broker

---
 .../gitops/gitops-aibroker-tenant.yml.j2      | 189 -----------------
 .../src/tasks/gitops/gitops-aibroker.yml.j2   | 190 ------------------
 .../gitops-deprovision-aibroker-tenant.yml.j2 |  89 --------
 .../gitops/gitops-deprovision-aibroker.yml.j2 |  85 --------
 4 files changed, 553 deletions(-)
 delete mode 100644 tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
 delete mode 100644 tekton/src/tasks/gitops/gitops-aibroker.yml.j2
 delete mode 100644 tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
 delete mode 100644 tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2

diff --git a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
deleted file mode 100644
index 57522e859af..00000000000
--- a/tekton/src/tasks/gitops/gitops-aibroker-tenant.yml.j2
+++ /dev/null
@@ -1,189 +0,0 @@
----
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  name: gitops-aibroker-tenant
-spec:
-  params: 
-    - name: cluster_name
-      type: string
-    - name: account
-      type: string
-    - name: cluster_url
-      type: string
-    - name: secrets_path
-      type: string
-    - name: avp_aws_secret_region
-      type: string
-    - name: git_branch
-      type: string
-    - name: github_org
-      type: string
-    - name: github_repo
-      type: string
-    - name: github_host
-      type: string
-    - name: aibroker_namespace
-      type: string
-    - name: mas_aibroker_provision_tenant
-      type: string
-    - name: aibroker_instance_id
-      type: string
-    - name: tenantNamespace
-      type: string
-    - name: tenant_id
-      type: string
-    - name: mas_aibroker_tenant_name
-      type: string
-    - name: cluster_domain
-      type: string
-    - name: in_saas_env
-      type: string
-    - name: mas_icr_cp
-      type: string
-    - name: mas_icr_cpopen
-      type: string
-    - name: drocfg_url
-      type: string
-    - name: slscfg_url
-      type: string
-    - name: mas_aibroker_sls_subscription_id
-      type: string
-    - name: mas_aibroker_watsonxai_url
-      type: string
-    - name: mas_aibroker_watsonxai_project_id
-      type: string
-    - name: mas_aibroker_storage_port
-      type: string
-    - name: mas_aibroker_storage_region
-      type: string
-    - name: mas_aibroker_storage_provider
-      type: string
-    - name: mas_aibroker_storage_pipelines_bucket
-      type: string
-    - name: mas_aibroker_storage_ssl
-      type: string
-    - name: mas_aibroker_s3_endpoint_url
-      type: string
-    - name: mas_aibroker_s3_region
-      type: string
-    - name: mas_aibroker_s3_bucket_prefix
-      type: string
-    - name: rsl_url
-      type: string
-    - name: tenant_entitlement_type
-      type: string
-    - name: tenant_entitlement_start_date
-      type: string
-    - name: tenant_entitlement_end_date
-      type: string
-  stepTemplate:
-    name: gitops-aibroker-tenant
-    env:
-      - name: CLUSTER_NAME
-        value: $(params.cluster_name)
-      - name: ACCOUNT
-        value: $(params.account)
-      - name: CLUSTER_URL
-        value: $(params.cluster_url)
-      - name: SECRET_PATH
-        value: $(params.secrets_path)
-      - name: SM_AWS_REGION
-        value: $(params.avp_aws_secret_region)
-      - name: GIT_BRANCH
-        value: $(params.git_branch)
-      - name: GITHUB_ORG
-        value: $(params.github_org)
-      - name: GITHUB_HOST
-        value: $(params.github_host)
-      - name: GITHUB_REPO
-        value: $(params.github_repo)
-      - name: AIBROKER_NAMESPACE
-        value: $(params.aibroker_namespace)
-      - name: MAS_AIBROKER_PROVISION_TENANT
-        value: $(params.mas_aibroker_provision_tenant)
-      - name: AIBROKER_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
-      - name: TENANT_NAMESPACE
-        value: $(params.tenantNamespace)
-      - name: TENANT_ID
-        value: $(params.tenant_id)
-      - name: MAS_AIBROKER_TENANT_NAME
-        value: $(params.mas_aibroker_tenant_name)
-      - name: CLUSTER_DOMAIN
-        value: $(params.cluster_domain)
-      - name: IN_SAAS_ENV
-        value: $(params.in_saas_env)
-      - name: MAS_ICR_CP
-        value: $(params.mas_icr_cp)
-      - name: MAS_ICR_CPOPEN
-        value: $(params.mas_icr_cpopen)
-      - name: DROCFG_URL
-        value: $(params.drocfg_url)
-      - name: SLSCFG_URL
-        value: $(params.slscfg_url)
-
-      - name: MAS_AIBROKER_SLS_SUBSCRIPTION_ID
-        value: $(params.mas_aibroker_sls_subscription_id)
-      - name: MAS_AIBROKER_WATSONXAI_URL
-        value: $(params.mas_aibroker_watsonxai_url)
-      - name: MAS_AIBROKER_WATSONXAI_PROJECT_ID
-        value: $(params.mas_aibroker_watsonxai_project_id)
-      - name: MAS_AIBROKER_STORAGE_PORT
-        value: $(params.mas_aibroker_storage_port)
-      - name: MAS_AIBROKER_STORAGE_REGION
-        value: $(params.mas_aibroker_storage_region)
-      - name: MAS_AIBROKER_STORAGE_PROVIDER
-        value: $(params.mas_aibroker_storage_provider)
-      - name: MAS_AIBROKER_STORAGE_PIPELINES_BUCKET
-        value: $(params.mas_aibroker_storage_pipelines_bucket)
-      - name: MAS_AIBROKER_STORAGE_SSL
-        value: $(params.mas_aibroker_storage_ssl)
-      - name: MAS_AIBROKER_S3_ENDPOINT_URL
-        value: $(params.mas_aibroker_s3_endpoint_url)
-      - name: MAS_AIBROKER_S3_REGION
-        value: $(params.mas_aibroker_s3_region)
-      - name: MAS_AIBROKER_S3_BUCKET_PREFIX
-        value: $(params.mas_aibroker_s3_bucket_prefix)
-      - name: RSL_URL
-        value: $(params.rsl_url)
-      - name: TENANT_ENTITLEMENT_TYPE
-        value: $(params.tenant_entitlement_type)
-      - name: TENANT_ENTITLEMENT_START_DATE
-        value: $(params.tenant_entitlement_start_date)
-      - name: TENANT_ENTITLEMENT_END_DATE
-        value: $(params.tenant_entitlement_end_date)
-    envFrom:
-      - configMapRef:
-          name: environment-properties
-          optional: true
-      - secretRef:
-          name: secure-properties
-  steps:
-    - args:
-      - |-
-        git config --global user.name "MAS Automation"
-        git config --global user.email "you@example.com"
-        git config --global user.password $GITHUB_PAT
-
-        mkdir -p /tmp/init-aibroker-tenant
-        
-        mas gitops-aibroker-tenant -a $ACCOUNT -c $CLUSTER_NAME \
-        --secrets-path $SECRET_PATH \
-        --dir /tmp/init-aibroker-tenant \
-        --github-push \
-        --github-host "$GITHUB_HOST" \
-        --github-org "$GITHUB_ORG" \
-        --github-repo "$GITHUB_REPO" \
-        --git-branch "$GIT_BRANCH" \
-
-
-        exit $?
-      command:
-        - /bin/sh
-        - -c
-      name: gitops-aibroker-tenant
-      imagePullPolicy: IfNotPresent
-      image: quay.io/ibmmas/cli:latest
-  workspaces:
-    - name: configs
diff --git a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
deleted file mode 100644
index a0f6af9af47..00000000000
--- a/tekton/src/tasks/gitops/gitops-aibroker.yml.j2
+++ /dev/null
@@ -1,190 +0,0 @@
----
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  name: gitops-aibroker
-spec:
-  params:
-    - name: cluster_name
-      type: string
-    - name: account
-      type: string
-    - name: cluster_url
-      type: string
-      default: ""
-    - name: secrets_path
-      type: string
-    - name: avp_aws_secret_region
-      type: string
-    - name: git_branch
-      type: string
-    - name: github_org
-      type: string
-    - name: github_repo
-      type: string
-    - name: github_host
-      type: string
-    - name: aibroker_instance_id
-      type: string
-    - name: aibroker_namespace
-      type: string
-    - name: mas_aibroker_watsonx_secret
-      type: string
-    - name: pull_secret_name
-      type: string
-    - name: mas_aibroker_storage_provider
-      type: string
-    - name: mas_aibroker_storage_secret
-      type: string
-    - name: mas_aibroker_storage_host
-      type: string
-    - name: mas_aibroker_storage_port
-      type: string
-    - name: mas_aibroker_storage_ssl
-      type: string
-    - name: mas_aibroker_storage_region
-      type: string
-    - name: mas_aibroker_storage_pipelines_bucket
-      type: string
-    - name: mas_aibroker_storage_tenants_bucket
-      type: string
-    - name: mas_aibroker_storage_templates_bucket
-      type: string
-    - name: mas_aibroker_mariadb_secret
-      type: string
-    - name: primary_storage_class
-      type: string
-    - name: artifactory_username
-      type: string
-    - name: mas_app_channel
-      type: string
-    - name: mas_catalog_source
-      type: string
-    - name: mas_icr_cp
-      type: string
-    - name: mas_icr_cpopen
-      type: string
-    - name: cluster_domain
-      type: string
-    - name: in_saas_env
-      type: string
-    - name: is_external_route
-      type: string
-    - name: environment_type
-      type: string
-    - name: mas_aibroker_s3_endpoint_url
-      type: string
-    - name: mas_aibroker_s3_region
-      type: string
-    - name: mas_aibroker_s3_bucket_prefix
-      type: string
-
-  stepTemplate:
-    name: gitops-aibroker
-    env:
-      - name: CLUSTER_NAME
-        value: $(params.cluster_name)
-      - name: ACCOUNT
-        value: $(params.account)
-      - name: CLUSTER_URL
-        value: $(params.cluster_url)
-      - name: SECRET_PATH
-        value: $(params.secrets_path)
-      - name: SM_AWS_REGION
-        value: $(params.avp_aws_secret_region)
-      - name: GIT_BRANCH
-        value: $(params.git_branch)
-      - name: GITHUB_ORG
-        value: $(params.github_org)
-      - name: GITHUB_HOST
-        value: $(params.github_host)
-      - name: GITHUB_REPO
-        value: $(params.github_repo)
-      - name: AIBROKER_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
-      - name: AIBROKER_NAMESPACE
-        value: $(params.aibroker_namespace)
-      - name: MAS_AIBROKER_WATSONX_SECRET
-        value: $(params.mas_aibroker_watsonx_secret)
-      - name: PULL_SECRET_NAME
-        value: $(params.pull_secret_name)
-      - name: MAS_AIBROKER_STORAGE_PROVIDER
-        value: $(params.mas_aibroker_storage_provider)
-      - name: MAS_AIBROKER_STORAGE_SECRET
-        value: $(params.mas_aibroker_storage_secret)
-      - name: MAS_AIBROKER_STORAGE_HOST
-        value: $(params.mas_aibroker_storage_host)
-      - name: MAS_AIBROKER_STORAGE_PORT
-        value: $(params.mas_aibroker_storage_port)
-      - name: MAS_AIBROKER_STORAGE_SSL
-        value: $(params.mas_aibroker_storage_ssl)
-      - name: MAS_AIBROKER_STORAGE_REGION
-        value: $(params.mas_aibroker_storage_region)
-      - name: MAS_AIBROKER_STORAGE_PIPELINES_BUCKET
-        value: $(params.mas_aibroker_storage_pipelines_bucket)
-      - name: MAS_AIBROKER_STORAGE_TENANTS_BUCKET
-        value: $(params.mas_aibroker_storage_tenants_bucket)
-      - name: MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET
-        value: $(params.mas_aibroker_storage_templates_bucket)
-      - name: MAS_AIBROKER_MARIADB_SECRET
-        value: $(params.mas_aibroker_mariadb_secret)
-      - name: PRIMARY_STORAGE_CLASS
-        value: $(params.primary_storage_class)
-      - name: ARTIFACTORY_USERNAME
-        value: $(params.artifactory_username)
-      - name: MAS_APP_CHANNEL
-        value: $(params.mas_app_channel)
-      - name: MAS_CATALOG_SOURCE
-        value: $(params.mas_catalog_source)
-      - name: MAS_ICR_CP
-        value: $(params.mas_icr_cp)
-      - name: MAS_ICR_CPOPEN
-        value: $(params.mas_icr_cpopen)
-      - name: CLUSTER_DOMAIN
-        value: $(params.cluster_domain)
-      - name: IN_SAAS_ENV
-        value: $(params.in_saas_env)
-      - name: IS_EXTERNAL_ROUTE
-        value: $(params.is_external_route)
-      - name: ENVIRONMENT_TYPE
-        value: $(params.environment_type)
-      - name: MAS_AIBROKER_S3_ENDPOINT_URL
-        value: $(params.mas_aibroker_s3_endpoint_url)
-      - name: MAS_AIBROKER_S3_REGION
-        value: $(params.mas_aibroker_s3_region)
-      - name: MAS_AIBROKER_S3_BUCKET_PREFIX
-        value: $(params.mas_aibroker_s3_bucket_prefix)
-    envFrom:
-      - configMapRef:
-          name: environment-properties
-          optional: true
-      - secretRef:
-          name: secure-properties
-  
-  
-  steps:
-    - args:
-      - |-
-        git config --global user.name "MAS Automation"
-        git config --global user.email "you@example.com"
-        git config --global user.password $GITHUB_PAT
-
-        mkdir -p /tmp/init-aibroker
-        mas gitops-aibroker -a $ACCOUNT -c $CLUSTER_NAME \
-        --secrets-path $SECRET_PATH \
-        --dir /tmp/init-aibroker \
-        --github-push \
-        --github-host $GITHUB_HOST \
-        --github-org  $GITHUB_ORG \
-        --github-repo $GITHUB_REPO \
-        --git-branch $GIT_BRANCH
-
-        exit $?
-      command:
-        - /bin/sh
-        - -c
-      name: gitops-aibroker
-      imagePullPolicy: IfNotPresent
-      image: quay.io/ibmmas/cli:latest
-  workspaces:
-    - name: configs
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
deleted file mode 100644
index 4311f86df50..00000000000
--- a/tekton/src/tasks/gitops/gitops-deprovision-aibroker-tenant.yml.j2
+++ /dev/null
@@ -1,89 +0,0 @@
----
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  name: gitops-deprovision-aibroker-tenant
-spec:
-  params: 
-    - name: cluster_name
-      type: string
-    - name: account
-      type: string
-    - name: cluster_url
-      type: string
-    - name: secrets_path
-      type: string
-    - name: avp_aws_secret_region
-      type: string
-    - name: git_branch
-      type: string
-    - name: github_org
-      type: string
-    - name: github_repo
-      type: string
-    - name: github_host
-      type: string
-    - name: aibroker_instance_id
-      type: string
-    - name: tenant_id
-      type: string
-      
-  stepTemplate:
-    name: gitops-deprovision-aibroker-tenant
-    env:
-      - name: CLUSTER_NAME
-        value: $(params.cluster_name)
-      - name: ACCOUNT
-        value: $(params.account)
-      - name: CLUSTER_URL
-        value: $(params.cluster_url)
-      - name: SECRET_PATH
-        value: $(params.secrets_path)
-      - name: SM_AWS_REGION
-        value: $(params.avp_aws_secret_region)
-      - name: GIT_BRANCH
-        value: $(params.git_branch)
-      - name: GITHUB_ORG
-        value: $(params.github_org)
-      - name: GITHUB_HOST
-        value: $(params.github_host)
-      - name: GITHUB_REPO
-        value: $(params.github_repo)
-      - name: AIBROKER_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
-      - name: TENANT_ID
-        value: $(params.tenant_id)
-    envFrom:
-      - configMapRef:
-          name: environment-properties
-          optional: true
-      - secretRef:
-          name: secure-properties
-  steps:
-    - args:
-      - |-
-        git config --global user.name "MAS Automation"
-        git config --global user.email "you@example.com"
-        git config --global user.password $GITHUB_PAT
-
-        mkdir -p /tmp/init-aibroker-tenant
-        
-        mas gitops-deprovision-aibroker-tenant -a $ACCOUNT -c $CLUSTER_NAME \
-        --secrets-path $SECRET_PATH \
-        --dir /tmp/init-aibroker-tenant \
-        --github-push \
-        --github-host "$GITHUB_HOST" \
-        --github-org "$GITHUB_ORG" \
-        --github-repo "$GITHUB_REPO" \
-        --git-branch "$GIT_BRANCH" \
-
-
-        exit $?
-      command:
-        - /bin/sh
-        - -c
-      name: gitops-deprovision-aibroker-tenant
-      imagePullPolicy: IfNotPresent
-      image: quay.io/ibmmas/cli:latest
-  workspaces:
-    - name: configs
diff --git a/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2 b/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
deleted file mode 100644
index efecd0dd154..00000000000
--- a/tekton/src/tasks/gitops/gitops-deprovision-aibroker.yml.j2
+++ /dev/null
@@ -1,85 +0,0 @@
----
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  name: gitops-deprovision-aibroker
-spec:
-  params: 
-    - name: cluster_name
-      type: string
-    - name: account
-      type: string
-    - name: cluster_url
-      type: string
-    - name: secrets_path
-      type: string
-    - name: avp_aws_secret_region
-      type: string
-    - name: git_branch
-      type: string
-    - name: github_org
-      type: string
-    - name: github_repo
-      type: string
-    - name: github_host
-      type: string
-    - name: aibroker_instance_id
-      type: string
-      
-  stepTemplate:
-    name: gitops-deprovision-aibroker
-    env:
-      - name: CLUSTER_NAME
-        value: $(params.cluster_name)
-      - name: ACCOUNT
-        value: $(params.account)
-      - name: CLUSTER_URL
-        value: $(params.cluster_url)
-      - name: SECRET_PATH
-        value: $(params.secrets_path)
-      - name: SM_AWS_REGION
-        value: $(params.avp_aws_secret_region)
-      - name: GIT_BRANCH
-        value: $(params.git_branch)
-      - name: GITHUB_ORG
-        value: $(params.github_org)
-      - name: GITHUB_HOST
-        value: $(params.github_host)
-      - name: GITHUB_REPO
-        value: $(params.github_repo)
-      - name: AIBROKER_INSTANCE_ID
-        value: $(params.aibroker_instance_id)
-    envFrom:
-      - configMapRef:
-          name: environment-properties
-          optional: true
-      - secretRef:
-          name: secure-properties
-  steps:
-    - args:
-      - |-
-        git config --global user.name "MAS Automation"
-        git config --global user.email "you@example.com"
-        git config --global user.password $GITHUB_PAT
-
-        mkdir -p /tmp/init-aibroker
-        
-        mas gitops-deprovision-aibroker -a $ACCOUNT -c $CLUSTER_NAME \
-        --secrets-path $SECRET_PATH \
-        --dir /tmp/init-aibroker \
-        --github-push \
-        --github-host "$GITHUB_HOST" \
-        --github-org "$GITHUB_ORG" \
-        --github-repo "$GITHUB_REPO" \
-        --git-branch "$GIT_BRANCH" \
-
-
-        exit $?
-      command:
-        - /bin/sh
-        - -c
-      name: gitops-deprovision-aibroker
-      imagePullPolicy: IfNotPresent
-      image: quay.io/ibmmas/cli:latest
-  workspaces:
-    - name: configs

From c0bb2dac90f2d01c522d0ef8282abe6ffaeb153a Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Mon, 18 May 2026 13:29:39 +0530
Subject: [PATCH 237/258] - Deleted files for AI Service

---
 .../templates/gitops/bootstrap/argocd.yaml.j2 |   2 +-
 .../deprovision-mas-aibroker-tenant.yml.j2    |  70 ----
 .../gitops/deprovision-mas-aibroker.yml.j2    | 137 -------
 .../gitops/gitops-mas-aibroker-tenant.yml.j2  | 166 ---------
 .../gitops/gitops-mas-aibroker.yml.j2         | 343 ------------------
 5 files changed, 1 insertion(+), 717 deletions(-)
 delete mode 100644 tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
 delete mode 100644 tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
 delete mode 100644 tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
 delete mode 100644 tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2

diff --git a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2 b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
index ae492d1a7cc..8fe1c58717f 100644
--- a/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
+++ b/image/cli/mascli/templates/gitops/bootstrap/argocd.yaml.j2
@@ -251,7 +251,7 @@ spec:
           hs.message = ""
           return hs  
 
-      apps.mas.ibm.com/AiBrokerApp:
+      apps.mas.ibm.com/AIServiceApp:
         health.lua: |
           hs = {}
           if obj.status ~= nil then
diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
deleted file mode 100644
index b446d64a067..00000000000
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker-tenant.yml.j2
+++ /dev/null
@@ -1,70 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: Pipeline
-metadata:
-  name: gitops-deprovision-mas-aibroker-tenant
-spec:
-  params:
-    - name: cluster_name
-      type: string
-    - name: cluster_id
-      type: string
-    - name: account
-      type: string
-    - name: aibroker_instance_id
-      type: string
-    - name: tenant_id
-      type: string
-    - name: cluster_url
-      type: string
-      default: ""
-    - name: secrets_path
-      type: string
-    - name: avp_aws_secret_region
-      type: string
-    - name: git_branch
-      type: string
-    - name: github_org
-      type: string
-    - name: github_repo
-      type: string
-    - name: github_host
-      type: string
-  workspaces:
-    - name: configs
-  tasks:
-    - name: run-gitops-deprovision-aibroker-tenant
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-aibroker-tenant
-      workspaces:
-        - name: configs
-          workspace: configs
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: cluster_id
-          value: $(params.cluster_id)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: aibroker_instance_id
-          value: $(params.aibroker_instance_id)
-        - name: tenant_id
-          value: $(params.tenant_id)
-          
-
-      
-   
\ No newline at end of file
diff --git a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
deleted file mode 100644
index 95c2d992102..00000000000
--- a/tekton/src/pipelines/gitops/deprovision-mas-aibroker.yml.j2
+++ /dev/null
@@ -1,137 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: Pipeline
-metadata:
-  name: gitops-deprovision-mas-aibroker
-spec:
-  params:
-    - name: cluster_name
-      type: string
-    - name: cluster_id
-      type: string
-    - name: account
-      type: string
-    - name: aibroker_instance_id
-      type: string
-    - name: cluster_url
-      type: string
-      default: ""
-    - name: secrets_path
-      type: string
-    - name: avp_aws_secret_region
-      type: string
-    - name: git_branch
-      type: string
-    - name: github_org
-      type: string
-    - name: github_repo
-      type: string
-    - name: github_host
-      type: string
-  workspaces:
-    - name: configs
-
-  tasks:
-  # 1.gitops-deprovision-kmodel
-    # -------------------------------------------------------------------------
-    - name: run-gitops-deprovision-kmodel
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-kmodel
-      workspaces:
-        - name: configs
-          workspace: configs
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: cluster_id
-          value: $(params.cluster_id)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: aibroker_instance_id
-          value: $(params.aibroker_instance_id)
-
-   #2. gitops-deprovision-aibroker
-    # -------------------------------------------------------------------------------------------------------
-    - name: run-gitops-deprovision-aibroker
-      runAfter:
-        - run-gitops-deprovision-kmodel
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-aibroker
-      workspaces:
-        - name: configs
-          workspace: configs
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: cluster_id
-          value: $(params.cluster_id)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: aibroker_instance_id
-          value: $(params.aibroker_instance_id)
-
-  #3.gitops-deprovision-odh
-    # -------------------------------------------------------------------------
-    - name: run-gitops-deprovision-odh
-      runAfter:
-        - run-gitops-deprovision-aibroker
-      taskRef:
-        kind: Task
-        name: gitops-deprovision-odh
-      workspaces:
-        - name: configs
-          workspace: configs
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: cluster_id
-          value: $(params.cluster_id)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: aibroker_instance_id
-          value: $(params.aibroker_instance_id)
-
-   
\ No newline at end of file
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
deleted file mode 100644
index 3661a6ea406..00000000000
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker-tenant.yml.j2
+++ /dev/null
@@ -1,166 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: Pipeline
-metadata:
-  name: gitops-mas-aibroker-tenant
-spec:
-  params:
-    - name: cluster_name
-      type: string
-    - name: account
-      type: string
-    - name: cluster_id
-      type: string
-    - name: cluster_url
-      type: string
-    - name: secrets_path
-      type: string
-    - name: avp_aws_secret_region
-      type: string
-    - name: git_branch
-      type: string
-    - name: github_org
-      type: string
-    - name: github_repo
-      type: string
-    - name: github_host
-      type: string
-    - name: aibroker_namespace
-      type: string
-    - name: mas_aibroker_provision_tenant
-      type: string
-    - name: aibroker_instance_id
-      type: string
-    - name: tenantNamespace
-      type: string
-    - name: tenant_id
-      type: string
-    - name: mas_aibroker_tenant_name
-      type: string
-    - name: cluster_domain
-      type: string
-    - name: in_saas_env
-      type: string
-    - name: mas_icr_cp
-      type: string
-    - name: mas_icr_cpopen
-      type: string
-    - name: drocfg_url
-      type: string
-    - name: slscfg_url
-      type: string
-    - name: mas_aibroker_sls_subscription_id
-      type: string
-    - name: mas_aibroker_watsonxai_url
-      type: string
-    - name: mas_aibroker_watsonxai_project_id
-      type: string
-    - name: mas_aibroker_storage_port
-      type: string
-    - name: mas_aibroker_storage_region
-      type: string
-    - name: mas_aibroker_storage_provider
-      type: string
-    - name: mas_aibroker_storage_pipelines_bucket
-      type: string
-    - name: mas_aibroker_storage_ssl
-      type: string
-    - name: mas_aibroker_s3_endpoint_url
-      type: string
-    - name: mas_aibroker_s3_region
-      type: string
-    - name: mas_aibroker_s3_bucket_prefix
-      type: string
-    - name: rsl_url
-      type: string
-    - name: tenant_entitlement_type
-      type: string
-    - name: tenant_entitlement_start_date
-      type: string
-    - name: tenant_entitlement_end_date
-      type: string
-
-  workspaces:
-    - name: configs
-  tasks:
-    - name: run-gitops-aibroker-tenant
-      taskRef:
-        name: gitops-aibroker-tenant
-      workspaces:
-        - name: configs
-          workspace: configs
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: cluster_id
-          value: $(params.cluster_id)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: aibroker_namespace
-          value: $(params.aibroker_namespace)
-        - name: mas_aibroker_provision_tenant
-          value: $(params.mas_aibroker_provision_tenant)
-        - name: aibroker_instance_id
-          value: $(params.aibroker_instance_id)
-        - name: tenantNamespace
-          value: $(params.tenantNamespace)
-        - name: tenant_id
-          value: $(params.tenant_id)
-        - name: mas_aibroker_tenant_name
-          value: $(params.mas_aibroker_tenant_name)
-        - name: cluster_domain
-          value: $(params.cluster_domain)
-        - name: in_saas_env
-          value: $(params.in_saas_env)
-        - name: mas_icr_cp
-          value: $(params.mas_icr_cp)
-        - name: mas_icr_cpopen
-          value: $(params.mas_icr_cpopen)
-        - name: drocfg_url
-          value: $(params.drocfg_url)
-        - name: slscfg_url
-          value: $(params.slscfg_url)
-        - name: mas_aibroker_sls_subscription_id
-          value: $(params.mas_aibroker_sls_subscription_id)
-        - name: mas_aibroker_watsonxai_url
-          value: $(params.mas_aibroker_watsonxai_url)
-        - name: mas_aibroker_watsonxai_project_id
-          value: $(params.mas_aibroker_watsonxai_project_id)
-        - name: mas_aibroker_storage_port
-          value: $(params.mas_aibroker_storage_port)
-        - name: mas_aibroker_storage_region
-          value: $(params.mas_aibroker_storage_region)
-        - name: mas_aibroker_storage_provider
-          value: $(params.mas_aibroker_storage_provider)
-        - name: mas_aibroker_storage_pipelines_bucket
-          value: $(params.mas_aibroker_storage_pipelines_bucket)
-        - name: mas_aibroker_storage_ssl
-          value: $(params.mas_aibroker_storage_ssl)
-        - name: mas_aibroker_s3_endpoint_url
-          value: $(params.mas_aibroker_s3_endpoint_url)
-        - name: mas_aibroker_s3_region
-          value: $(params.mas_aibroker_s3_region)
-        - name: mas_aibroker_s3_bucket_prefix
-          value: $(params.mas_aibroker_s3_bucket_prefix)
-        - name: rsl_url
-          value: $(params.rsl_url)
-        - name: tenant_entitlement_type
-          value: $(params.tenant_entitlement_type)
-        - name: tenant_entitlement_start_date
-          value: $(params.tenant_entitlement_start_date)
-        - name: tenant_entitlement_end_date
-          value: $(params.tenant_entitlement_end_date)
-        
\ No newline at end of file
diff --git a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
deleted file mode 100644
index c84f67d2327..00000000000
--- a/tekton/src/pipelines/gitops/gitops-mas-aibroker.yml.j2
+++ /dev/null
@@ -1,343 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: Pipeline
-metadata:
-  name: gitops-mas-aibroker
-spec:
-  params:
-    - name: cluster_name
-      type: string
-    - name: cluster_id
-      type: string
-    - name: account
-      type: string
-    - name: aibroker_instance_id
-      type: string
-    - name: cluster_url
-      type: string
-      default: ""
-    - name: secrets_path
-      type: string
-    - name: avp_aws_secret_region
-      type: string
-    - name: git_branch
-      type: string
-    - name: github_org
-      type: string
-    - name: github_repo
-      type: string
-    - name: github_host
-      type: string
-
-    # AIBROKER-specific
-    - name: aibroker_namespace
-      type: string
-    - name: mas_aibroker_watsonx_secret
-      type: string
-    - name: pull_secret_name
-      type: string
-    - name: mas_aibroker_storage_provider
-      type: string
-    - name: mas_aibroker_storage_secret
-      type: string
-    - name: mas_aibroker_storage_host
-      type: string
-    - name: mas_aibroker_storage_port
-      type: string
-    - name: mas_aibroker_storage_ssl
-      type: string
-    - name: mas_aibroker_storage_region
-      type: string
-    - name: mas_aibroker_storage_pipelines_bucket
-      type: string
-    - name: mas_aibroker_storage_tenants_bucket
-      type: string
-    - name: mas_aibroker_storage_templates_bucket
-      type: string
-    - name: mas_aibroker_mariadb_secret
-      type: string
-    - name: primary_storage_class
-      type: string
-    - name: artifactory_username
-      type: string
-    - name: mas_app_channel
-      type: string
-    - name: mas_catalog_source
-      type: string
-    - name: mas_icr_cp
-      type: string
-    - name: mas_icr_cpopen
-      type: string
-    - name: cluster_domain
-      type: string
-    - name: in_saas_env
-      type: string
-    - name: is_external_route
-      type: string
-
-    # ODH-specific
-    - name: odh_channel
-      type: string
-    - name: odh_subscription_install_plan
-      type: string
-    - name: opendatahub_name
-      type: string
-    - name: opendatahub_operator_group
-      type: string
-    - name: opendatahub_namespace
-      type: string
-    - name: odh_operator_version
-      type: string
-
-    # KMODEL-specific 
-    - name: aibroker_internal_tls
-      type: string
-    - name: docker_server
-      type: string
-    - name: image_controller
-      type: string
-    - name: image_store
-      type: string
-    - name: image_watcher
-      type: string
-    - name: mas_aibroker_connector_tag
-      type: string
-    - name: mas_aibroker_provision_tenant
-      type: string
-    - name: mas_aibroker_saas
-      type: string
-    - name: model_id_prefix
-      type: string
-    - name: model_id_unique_length
-      type: string
-    - name: ssh_secret_name
-      type: string
-    - name: tenantNamespace
-      type: string 
-    - name: environment_type
-      type: string
-    - name: mas_aibroker_s3_endpoint_url
-      type: string
-    - name: mas_aibroker_s3_region
-      type: string
-    - name: mas_aibroker_s3_bucket_prefix
-      type: string
-
-  workspaces:
-    - name: configs
-
-  tasks:
-
-    # 2.gitops-odh
-    # -------------------------------------------------------------------------
-    - name: gitops-odh
-      taskRef:
-        name: gitops-odh
-      workspaces:
-        - name: configs
-          workspace: configs
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: aibroker_instance_id
-          value: $(params.aibroker_instance_id)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: odh_channel
-          value: $(params.odh_channel)
-        - name: odh_subscription_install_plan
-          value: $(params.odh_subscription_install_plan)
-        - name: opendatahub_name
-          value: $(params.opendatahub_name)
-        - name: opendatahub_operator_group
-          value: $(params.opendatahub_operator_group)
-        - name: opendatahub_namespace
-          value: $(params.opendatahub_namespace)
-        - name: odh_operator_version
-          value: $(params.odh_operator_version)
-        - name: mas_aibroker_storage_ssl
-          value: $(params.mas_aibroker_storage_ssl)
-          
-    # 3.gitops-Aibroker
-    # -------------------------------------------------------------------------
-
-    - name: gitops-aibroker
-      taskRef:
-        name: gitops-aibroker
-      runAfter:
-        - gitops-odh
-      workspaces:
-        - name: configs
-          workspace: configs
-      params:
-        # AIBROKER shared and specific params
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: aibroker_instance_id
-          value: $(params.aibroker_instance_id)
-        - name: aibroker_namespace
-          value: $(params.aibroker_namespace)
-        - name: mas_aibroker_watsonx_secret
-          value: $(params.mas_aibroker_watsonx_secret)
-        - name: pull_secret_name
-          value: $(params.pull_secret_name)
-        - name: mas_aibroker_storage_provider
-          value: $(params.mas_aibroker_storage_provider)
-        - name: mas_aibroker_storage_secret
-          value: $(params.mas_aibroker_storage_secret)
-        - name: mas_aibroker_storage_host
-          value: $(params.mas_aibroker_storage_host)
-        - name: mas_aibroker_storage_port
-          value: $(params.mas_aibroker_storage_port)
-        - name: mas_aibroker_storage_ssl
-          value: $(params.mas_aibroker_storage_ssl)
-        - name: mas_aibroker_storage_region
-          value: $(params.mas_aibroker_storage_region)
-        - name: mas_aibroker_storage_pipelines_bucket
-          value: $(params.mas_aibroker_storage_pipelines_bucket)
-        - name: mas_aibroker_storage_tenants_bucket
-          value: $(params.mas_aibroker_storage_tenants_bucket)
-        - name: mas_aibroker_storage_templates_bucket
-          value: $(params.mas_aibroker_storage_templates_bucket)
-        - name: mas_aibroker_mariadb_secret
-          value: $(params.mas_aibroker_mariadb_secret)
-        - name: primary_storage_class
-          value: $(params.primary_storage_class)
-        - name: artifactory_username
-          value: $(params.artifactory_username)
-        - name: mas_app_channel
-          value: $(params.mas_app_channel)
-        - name: mas_catalog_source
-          value: $(params.mas_catalog_source)
-        - name: mas_icr_cp
-          value: $(params.mas_icr_cp)
-        - name: mas_icr_cpopen
-          value: $(params.mas_icr_cpopen)
-        - name: cluster_domain
-          value: $(params.cluster_domain)
-        - name: in_saas_env
-          value: $(params.in_saas_env)
-        - name: is_external_route
-          value: $(params.is_external_route)
-        - name: environment_type
-          value: $(params.environment_type)
-        - name: mas_aibroker_s3_endpoint_url
-          value: $(params.mas_aibroker_s3_endpoint_url)
-        - name: mas_aibroker_s3_region
-          value: $(params.mas_aibroker_s3_region)
-        - name: mas_aibroker_s3_bucket_prefix
-          value: $(params.mas_aibroker_s3_bucket_prefix)
-        
-
-    # 4.gitops-Kmodel
-    # -------------------------------------------------------------------------
-    - name: gitops-kmodel
-      taskRef:
-        name: gitops-kmodel
-      runAfter:
-        - gitops-aibroker
-      workspaces:
-        - name: configs
-          workspace: configs
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: cluster_id
-          value: $(params.cluster_id)
-        - name: cluster_url
-          value: $(params.cluster_url)
-        - name: secrets_path
-          value: $(params.secrets_path)
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: git_branch
-          value: $(params.git_branch)
-        - name: github_org
-          value: $(params.github_org)
-        - name: github_repo
-          value: $(params.github_repo)
-        - name: github_host
-          value: $(params.github_host)
-        - name: aibroker_instance_id
-          value: $(params.aibroker_instance_id)
-        - name: aibroker_internal_tls
-          value: $(params.aibroker_internal_tls)
-        - name: aibroker_namespace
-          value: $(params.aibroker_namespace)
-        - name: pull_secret_name
-          value: $(params.pull_secret_name)
-        - name: mas_aibroker_storage_provider
-          value: $(params.mas_aibroker_storage_provider)
-        - name: mas_aibroker_storage_ssl
-          value: $(params.mas_aibroker_storage_ssl)
-        - name: mas_aibroker_storage_host
-          value: $(params.mas_aibroker_storage_host)
-        - name: mas_aibroker_storage_port
-          value: $(params.mas_aibroker_storage_port)
-        - name: mas_aibroker_storage_region
-          value: $(params.mas_aibroker_storage_region)
-        - name: mas_aibroker_storage_templates_bucket
-          value: $(params.mas_aibroker_storage_templates_bucket)
-        - name: mas_aibroker_storage_tenants_bucket
-          value: $(params.mas_aibroker_storage_tenants_bucket)
-        - name: mas_aibroker_storage_pipelines_bucket
-          value: $(params.mas_aibroker_storage_pipelines_bucket)
-        - name: ssh_secret_name
-          value: $(params.ssh_secret_name)
-        - name: docker_server
-          value: $(params.docker_server)
-        - name: tenantNamespace
-          value: $(params.tenantNamespace)
-        - name: mas_aibroker_provision_tenant
-          value: $(params.mas_aibroker_provision_tenant)
-        - name: primary_storage_class
-          value: $(params.primary_storage_class)
-        - name: image_store
-          value: $(params.image_store)
-        - name: image_watcher
-          value: $(params.image_watcher)
-        - name: image_controller
-          value: $(params.image_controller)
-        - name: mas_aibroker_connector_tag
-          value: $(params.mas_aibroker_connector_tag)
-        - name: mas_aibroker_saas
-          value: $(params.mas_aibroker_saas)
-        - name: model_id_unique_length
-          value: $(params.model_id_unique_length)
-        - name: model_id_prefix
-          value: $(params.model_id_prefix)
-        - name: mas_app_channel
-          value: $(params.mas_app_channel)
-        - name: mas_icr_cp
-          value: $(params.mas_icr_cp)
\ No newline at end of file

From 9d3dd606d9ca80e69e0ca53a32dd17c7c4701394 Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Mon, 18 May 2026 13:37:00 +0530
Subject: [PATCH 238/258] - Deleted file related to AI service

---
 image/cli/mascli/mas                          | 36 +++------
 .../instance/ibm-aibroker-tenant-base.yaml.j2 | 22 ------
 .../instance/ibm-aibroker-tenant.yaml.j2      | 59 --------------
 .../cluster/instance/ibm-aibroker.yaml.j2     | 78 -------------------
 4 files changed, 10 insertions(+), 185 deletions(-)
 delete mode 100644 image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
 delete mode 100644 image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
 delete mode 100644 image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2

diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index bda874df3d3..18f251cd080 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -697,20 +697,20 @@ case $1 in
     gitops_deprovision_kmodel "$@"
     ;;
 
-  gitops-aibroker)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker Manager (v${VERSION})${TEXT_RESET}"
+  gitops-aiservice)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite AIService Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
     reset_colors
-    gitops_aibroker "$@"
+    gitops_aiservice "$@"
     ;;
 
-  gitops-aibroker-tenant)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker tenant Manager (v${VERSION})${TEXT_RESET}"
+  gitops-aiservice-tenant)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite AIService Tenant Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
     reset_colors
-    gitops_aibroker_tenant "$@"
+    gitops_aiservice_tenant "$@"
     ;;
 
   gitops-iac)
@@ -783,15 +783,15 @@ case $1 in
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
     reset_colors
-    gitops_deprovision_aibroker_tenant "$@"
+    gitops_deprovision_aiservice_tenant "$@"
     ;;
 
-   gitops-deprovision-aibroker)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker tenant deprovision Manager (v${VERSION})${TEXT_RESET}"
+   gitops-deprovision-aiservice)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite AIService tenant deprovision Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
     echo
     reset_colors
-    gitops_deprovision_aibroker "$@"
+    gitops_deprovision_aiservice "$@"
     ;;
 
   gitops-mas-provisioner)
@@ -869,22 +869,6 @@ case $1 in
     gitops_kmodel "$@"
     ;;
 
-  gitops-aibroker)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker Manager (v${VERSION})${TEXT_RESET}"
-    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
-    echo
-    reset_colors
-    gitops_aibroker "$@"
-    ;;
-
-  gitops-aibroker-tenant)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite aibroker tenant Manager (v${VERSION})${TEXT_RESET}"
-    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
-    echo
-    reset_colors
-    gitops_aibroker_tenant "$@"
-    ;;
-
   *)
     echo "unknown parameter $1"
     exit 1
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
deleted file mode 100644
index 9ad2d1a8c07..00000000000
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}/{{ TENANT_ID }}"
-
-account:
-  id: {{ ACCOUNT_ID }}
-
-region:
-  id: {{ REGION_ID }}
-
-cluster:
-  id: {{ CLUSTER_ID }}
-  url: {{ CLUSTER_URL }}
-
-instance:
-  id: {{ AIBROKER_INSTANCE_ID }}
-
-tenant:
-  id: {{ TENANT_ID }}
-
-sm:
-  aws_access_key_id: "<path:{{ SECRETS_PATH }}:{{ACCOUNT_ID}}/{{CLUSTER_ID}}/aws#sm_aws_access_key_id>"
-  aws_secret_access_key: "<path:{{ SECRETS_PATH }}:{{ACCOUNT_ID}}/{{CLUSTER_ID}}/aws#sm_aws_secret_access_key>"
-
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
deleted file mode 100644
index b7ece1f502d..00000000000
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2
+++ /dev/null
@@ -1,59 +0,0 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}/{{ TENANT_ID }}"
-
-ibm_aibroker_tenant:
-  # aibroker
-  tenant_id: "{{ TENANT_ID }}"
-  aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
-  mas_aibroker_provision_tenant: "{{ MAS_AIBROKER_PROVISION_TENANT }}"
-  aibroker_instance_id: "{{ AIBROKER_INSTANCE_ID }}"
-  tenantNamespace: "{{ TENANT_NAMESPACE }}"
-  cluster_domain: "{{ CLUSTER_DOMAIN }}"
-  in_saas_env: "{{ IN_SAAS_ENV }}"
-  ibm_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IBM_ENTITLEMENT }}>"
-
-  mas_icr_cp: "{{ MAS_ICR_CP }}"
-  mas_icr_cpopen: "{{ MAS_ICR_CPOPEN }}"
-
-  # dro
-  artifactory_token: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_ARTIFACTORY_TOKEN }}>"
-  drocfg_url: "{{ DROCFG_URL }}"
-  drocfg_ca: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DROCFG_CA }}>"
-  drocfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_DROCFG_REGISTRATION_KEY }}>"
-
-  # sls
-  slscfg_ca_tenant: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_CA_TENANT }}>"
-  slscfg_url: "{{ SLSCFG_URL }}"
-  slscfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_SLSCFG_REGISTRATION_KEY }}>"
-  mas_aibroker_sls_subscription_id: "{{ MAS_AIBROKER_SLS_SUBSCRIPTION_ID }}"
-  
-  rsl_url: "{{ RSL_URL }}"
-  rsl_org_id: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_RSL_ORG_ID }}>"
-  rsl_token: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_RSL_TOKEN }}>"
-  
-
-  
-  # watsonx
-  mas_aibroker_watsonxai_url: "{{ MAS_AIBROKER_WATSONXAI_URL }}"
-  mas_aibroker_watsonxai_project_id: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_WATSONXAI_PROJECT_ID }}>"
-  mas_aibroker_watsonxai_apikey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_WATSONXAI_APIKEY }}>"
-
-  # storage
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_HOST }}>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_PORT }}>"
-  mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_ACCESSKEY }}>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_SECRETKEY }}>"
-  mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
-
-
-  #tenant 
-  # S3
-  mas_aibroker_storage_provider: "{{ MAS_AIBROKER_STORAGE_PROVIDER }}"
-  mas_aibroker_s3_endpoint_url: "{{ MAS_AIBROKER_S3_ENDPOINT_URL }}"
-  mas_aibroker_s3_region: "{{ MAS_AIBROKER_S3_REGION }}"
-  mas_aibroker_s3_bucket_prefix: "{{ MAS_AIBROKER_S3_BUCKET_PREFIX }}"
-
-  tenant_entitlement_type: "{{ TENANT_ENTITLEMENT_TYPE }}"
-  tenant_entitlement_start_date: "{{ TENANT_ENTITLEMENT_START_DATE }}"
-  tenant_entitlement_end_date: "{{ TENANT_ENTITLEMENT_END_DATE }}"
-  
\ No newline at end of file
diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
deleted file mode 100644
index 20aedbc6e62..00000000000
--- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2
+++ /dev/null
@@ -1,78 +0,0 @@
-merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}/{{ AIBROKER_INSTANCE_ID }}"
-
-ibm_aibroker:
-  aibroker_instance_id: "{{ AIBROKER_INSTANCE_ID }}"
-  aibroker_namespace: "{{ AIBROKER_NAMESPACE }}"
-  mas_aibroker_watsonx_secret: "{{ MAS_AIBROKER_WATSONX_SECRET }}"
-  ibm_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_IBM_ENTITLEMENT }}>"
-
-  mas_aibroker_storage_provider: "{{ MAS_AIBROKER_STORAGE_PROVIDER }}"
-  mas_aibroker_storage_ssl: "{{ MAS_AIBROKER_STORAGE_SSL }}"
-  mas_aibroker_storage_region: "{{ MAS_AIBROKER_STORAGE_REGION }}"
-  mas_aibroker_storage_secret: "{{ MAS_AIBROKER_STORAGE_SECRET }}"
-
-  mas_aibroker_storage_accesskey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_ACCESSKEY }}>"
-  mas_aibroker_storage_secretkey: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_SECRETKEY }}>"
-  mas_aibroker_storage_host: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_HOST }}>"
-  mas_aibroker_storage_port: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_STORAGE_PORT }}>"
-
-  mas_aibroker_storage_pipelines_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_PIPELINES }}>"
-  mas_aibroker_storage_tenants_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_TENANTS }}>"
-  mas_aibroker_storage_templates_bucket: "<path:{{ SECRETS_PATH }}:{{ SM_STORAGE_BUCKET_TEMPLATES }}>"
-
-
-
-  # MariaDB
-  mas_aibroker_db_host: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_HOST }}>"
-  mas_aibroker_mariadb_secret: "{{ MAS_AIBROKER_MARIADB_SECRET }}"
-  mas_aibroker_db_port: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_PORT }}>"
-  mas_aibroker_db_user: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_USER }}>"
-  mas_aibroker_db_database: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_DATABASE }}>"
-  mas_aibroker_db_secret_name: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_SECRET_NAME }}>"
-  mas_aibroker_db_secret_value: "<path:{{ SECRETS_PATH }}:{{ MAS_AIBROKER_DB_SECRET_VALUE }}>"
-  primary_storage_class: "{{ PRIMARY_STORAGE_CLASS }}"
-
-  #SLS
-  slscfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ SLSCFG_REGISTRATION_KEY }}>"
-
-  #DRO
-  drocfg_ca: "<path:{{ SECRETS_PATH }}:{{ DROCFG_CA }}>"
-  drocfg_registration_key: "<path:{{ SECRETS_PATH }}:{{ DROCFG_REGISTRATION_KEY }}>"
-  drocfg_url: "<path:{{ SECRETS_PATH }}:{{ DROCFG_URL }}>"
-  drocfg_ca_tenant: "<path:{{ SECRETS_PATH }}:{{ DROCFG_TENANT }}>"
-
-  
-  environment_type: "{{ ENVIRONMENT_TYPE }}"
-  # S3 
-  mas_aibroker_s3_endpoint_url: "{{ MAS_AIBROKER_S3_ENDPOINT_URL }}"
-  mas_aibroker_s3_region: "{{ MAS_AIBROKER_S3_REGION }}"
-  mas_aibroker_s3_bucket_prefix: "{{ MAS_AIBROKER_S3_BUCKET_PREFIX }}"
-    
-
-  #JDBC
-  jdbccfg_username: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_USERNAME }}>"
-  jdbccfg_password: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_PASSWORD }}>"
-  jdbccfg_url: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_URL }}>"
-  jdbccfg_sslenabled: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_SSLENABLED }}>"
-  jdbccfg_ca: "<path:{{ SECRETS_PATH }}:{{ JDBCCFG_CA }}>"  
-
-  # MAS Entitlement
-  mas_entitlement_key: "<path:{{ SECRETS_PATH }}:{{ MAS_ENTITLEMENT_KEY }}>"
-  
-  # Development Registry Entitlement
-  artifactory_username: "{{ ARTIFACTORY_USERNAME }}"
-  artifactory_token: "<path:{{ SECRETS_PATH }}:{{ ARTIFACTORY_TOKEN }}>"
-  # Environment Variable:
-  mas_app_channel: "{{ MAS_APP_CHANNEL }}"
-  # mas_app_channel: "9.1.x-dev"
-  mas_catalog_source: "{{ MAS_CATALOG_SOURCE }}"
-
-  # Source container registry
-  # -----------------------------------------------------------------------------
- 
-  mas_icr_cp: "{{ MAS_ICR_CP }}"
-  mas_icr_cpopen: "{{ MAS_ICR_CPOPEN }}"
-
-  cluster_domain: "{{ CLUSTER_DOMAIN }}"
-  in_saas_env: "{{ IN_SAAS_ENV }}"
-  is_external_route: "{{ IS_EXTERNAL_ROUTE }}"

From 5ea820ed12e4a3e154ff76eedee2e0ffeab00754 Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Mon, 18 May 2026 13:39:26 +0530
Subject: [PATCH 239/258] Update mirror_aiservice_images

---
 image/cli/mascli/functions/mirror_aiservice_images | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/image/cli/mascli/functions/mirror_aiservice_images b/image/cli/mascli/functions/mirror_aiservice_images
index 59012cb1c45..8fb9752637e 100644
--- a/image/cli/mascli/functions/mirror_aiservice_images
+++ b/image/cli/mascli/functions/mirror_aiservice_images
@@ -7,7 +7,7 @@ function mirror_aiservice_everything() {
     MIRROR_CATALOG=true
 
     # Apps
-    MIRROR_AISERVICE=true
+    MIRROR_MAS_AISERVICE=true
 
     # Dependencies (Other)
     MIRROR_DB2U=true
@@ -20,7 +20,7 @@ function mirror_aiservice_everything() {
 
 function mirror_aiservice_to_registry_noninteractive() {
   # Main content
-  MIRROR_AISERVICE=false
+  MIRROR_MAS_AISERVICE=false
 
   # Dependencies
   MIRROR_CATALOG=false
@@ -95,7 +95,7 @@ function mirror_aiservice_to_registry_noninteractive() {
 
       # Content Selection (Applications):
       --mirror-aiservice)
-        MIRROR_AISERVICE=true
+        MIRROR_MAS_AISERVICE=true
         ;;
 
       # Content Selection (Other Dependencies)
@@ -161,7 +161,7 @@ function mirror_aiservice_to_registry_interactive() {
     mirror_aiservice_everything
   else
     prompt_for_confirm_default_yes "IBM Maximo Operator Catalog" MIRROR_CATALOG
-    prompt_for_confirm "IBM Maximo Application Suite - AI Service" MIRROR_AISERVICE
+    prompt_for_confirm "IBM Maximo Application Suite - AI Service" MIRROR_MAS_AISERVICE
 
     prompt_for_confirm_default_yes "IBM Db2" MIRROR_DB2U
     prompt_for_confirm "Minio" MIRROR_MINIO
@@ -213,7 +213,7 @@ export MIRROR_MINIO
   reset_colors
   echo_h4 "Content Selection (Core Platform)" "    "
   show_mirror_status "IBM Maximo Operator Catalog ........." $MIRROR_CATALOG
-  show_mirror_status "IBM Maximo AI Service ..............." $MIRROR_AISERVICE
+  show_mirror_status "IBM Maximo AI Service ..............." $MIRROR_MAS_AISERVICE
 
   echo
   reset_colors
@@ -227,6 +227,6 @@ export MIRROR_MINIO
 
   confirm_mirror
 
-  mirror_one_thing $MIRROR_AISERVICE        "IBM Maximo AI Service"                 "$LOG_PREFIX-aiservice.log"        mirror_add_aiservice
+  mirror_one_thing $MIRROR_MAS_AISERVICE        "IBM Maximo AI Service"                 "$LOG_PREFIX-aiservice.log"        mirror_add_aiservice
   mirror_one_thing $MIRROR_DEPS                 "Selected Dependencies"                 "$LOG_PREFIX-dependencies.log"     mirror_dependencies
 }

From 709e4acbb3d9c96f7b6bdb4f6c0c65b293a81541 Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Mon, 18 May 2026 14:16:45 +0530
Subject: [PATCH 240/258] Remove aibroker related files

---
 image/cli/mascli/functions/gitops_aibroker    | 455 -----------------
 .../mascli/functions/gitops_aibroker_tenant   | 482 ------------------
 2 files changed, 937 deletions(-)
 delete mode 100644 image/cli/mascli/functions/gitops_aibroker
 delete mode 100644 image/cli/mascli/functions/gitops_aibroker_tenant

diff --git a/image/cli/mascli/functions/gitops_aibroker b/image/cli/mascli/functions/gitops_aibroker
deleted file mode 100644
index 7d3183271a8..00000000000
--- a/image/cli/mascli/functions/gitops_aibroker
+++ /dev/null
@@ -1,455 +0,0 @@
-#!/usr/bin/env bash
-
-function gitops_aibroker_help() {
-  [[ -n "$1" ]] && echo_warning "$1"
-  reset_colors
-  cat << EOM
-
-
-Usage:
-  mas gitops-aibroker [options]
-Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
-When no options are specified on the command line, interactive-mode will be enabled by default.
-
-Basic Configuration:
-  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                  Account name that the cluster belongs to
-  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                  Cluster ID
-  -i, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                              AI Broker instance ID  
-
-Secrets Manager:
-      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
-      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}  
-
-ibm aibroker(required):
-      --aibroker-namespace ${TEXT_RESET}AIBROKER_NAMESPACE${TEXT_RESET}
-      --aibroker-instance-id ${TEXT_RESET}AIBROKER_INSTANCE_ID${TEXT_RESET}
-      --primary-storage-class ${TEXT_RESET}PRIMARY_STORAGE_CLASS${TEXT_RESET}
-
-storage provider:
-      --mas-aibroker-storage-provider ${TEXT_RESET}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}
-      --mas-aibroker-storage-secret ${TEXT_RESET}MAS_AIBROKER_STORAGE_SECRET${TEXT_RESET}
-      --mas-aibroker-storage-host ${TEXT_RESET}MAS_AIBROKER_STORAGE_HOST${TEXT_RESET}
-      --mas-aibroker-storage-port ${TEXT_RESET}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}
-      --mas-aibroker-storage-ssl ${TEXT_RESET}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}
-      --mas-aibroker-storage-region ${TEXT_RESET}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}
-      --mas-aibroker-storage-pipelines-bucket ${TEXT_RESET}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}
-      --mas-aibroker-storage-tenants-bucket ${TEXT_RESET}MAS_AIBROKER_STORAGE_TENANTS_BUCKET${TEXT_RESET}
-      --mas-aibroker-storage-templates-bucket ${TEXT_RESET}MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET${TEXT_RESET}
-
-mariadb storage
-      --mas-aibroker-mariadb-secret ${TEXT_RESET}MAS_AIBROKER_MARIADB_SECRET${TEXT_RESET}
-
-sls_dro_jdbc
-      --artifactory-username ${TEXT_RESET}ARTIFACTORY_USERNAME${TEXT_RESET}
-      --mas-app-channel ${TEXT_RESET}MAS_APP_CHANNEL${TEXT_RESET}
-      --mas-catalog-source ${TEXT_RESET}MAS_CATALOG_SOURCE${TEXT_RESET}
-      --mas-icr-cp ${TEXT_RESET}MAS_ICR_CP${TEXT_RESET}
-      --mas-icr-cpopen ${TEXT_RESET}MAS_ICR_CPOPEN${TEXT_RESET}
-      --cluster-domain ${TEXT_RESET}CLUSTER_DOMAIN${TEXT_RESET}
-      --in-saas-env ${TEXT_RESET}IN_SAAS_ENV${TEXT_RESET}
-      --is-external-route ${TEXT_RESET}IS_EXTERNAL_ROUTE${TEXT_RESET}  # A flag indicating to enable external route (default value is: false)
-
-Target Cluster (Optional):
-      --cluster-url ${COLOR_YELLOW}CLUSTER_URL${TEXT_RESET}       Set to target a remote Kubernetes cluster (defaults to 'https://kubernetes.default.svc')
-
-Automatic GitHub Push (Optional):
-  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}        Enable automatic push to GitHub
-  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}        GitHub Hostname for your GitOps repository
-  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}          Github org for your GitOps repository
-  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}        Github repo for your GitOps repository
-  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}             Git ssh key path
-  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}          Git branch to commit to of your GitOps repository
-  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}  Git commit message to use when committing to of your GitOps repository
-
-Other Commands:
-  -h, --help                                      Show this help message
-EOM
-  [[ -n "$1" ]] && exit 1 || exit 0
-}
-
-function gitops_aibroker_noninteractive() {
-  GITOPS_WORKING_DIR=$PWD/working-dir
-  SECRETS_KEY_SEPERATOR="/"
-  GIT_COMMIT_MSG="gitops-aibroker commit"
-
-   #adding default values # all generic values should to put here # check with ansible playbook/gitops anvs 
-   #only export below in whiel loop
-
-  #adding default values 
-  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${AIBROKER_INSTANCE_ID}-aibroker"}
-  export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
-  export IS_EXTERNAL_ROUTE=${IS_EXTERNAL_ROUTE:-"false"}  # Default to "false", can be set to "true" if needed  
-  export MAS_ICR_CP=${MAS_ICR_CP:-"cp.icr.io/cp"}
-  export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"icr.io/cpopen"}
-  # -- SLS Defaults
-  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}} 
-  export MAS_APP_ID=${MAS_APP_ID:-"aibroker"}
-  export MAS_AIBROKER_WATSONX_SECRET=${MAS_AIBROKER_WATSONX_SECRET:-"${MAS_APP_ID}-watsonxcfg"}
-  export MAS_AIBROKER_STORAGE_PROVIDER=${MAS_AIBROKER_STORAGE_PROVIDER:-"aws"}
-  #Storage Defaults
-  export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
-  export MAS_AIBROKER_STORAGE_SSL=${MAS_AIBROKER_STORAGE_SSL:-"true"}
-  export MAS_AIBROKER_STORAGE_SECRET=${MAS_AIBROKER_STORAGE_SECRET:-"${MAS_APP_ID}-miniocfg"}
-  export MAS_CATALOG_SOURCE=${MAS_CATALOG_SOURCE:-"ibm-operator-catalog"}
-  #-- mariadb defaults
-  export MAS_AIBROKER_MARIADB_SECRET=${MAS_AIBROKER_MARIADB_SECRET:-"${MAS_APP_ID}-mariadbcfge"}
-
-  export MAS_AIBROKER_S3_BUCKET_PREFIX=${MAS_AIBROKER_S3_BUCKET_PREFIX:-"m"}
-  export MAS_AIBROKER_S3_REGION=${MAS_AIBROKER_S3_REGION:-"us-east-2"}
-  export ENVIRONMENT_TYPE=${ENVIRONMENT_TYPE:-"PRODUCTION"}
-
-
-  # Target the local (to ArgoCD) cluster
-  export CLUSTER_URL=${CLUSTER_URL:-"https://kubernetes.default.svc"}
-
-  while [[ $# -gt 0 ]]
-  do
-    key="$1"
-    shift
-    case $key in
-      # GitOps Configuration
-      -d|--dir)
-        export GITOPS_WORKING_DIR=$1 && shift
-        ;;
-      -a|--account-id)
-        export ACCOUNT_ID=$1 && shift
-        ;;
-      -c|--cluster-id)
-        export CLUSTER_ID=$1 && shift
-        ;;
-
-      # AWS Secrets Manager Configuration
-      --sm-aws-secret-region)
-        export SM_AWS_REGION=$1
-        export REGION_ID=$1
-        shift
-        ;;
-      --sm-aws-access-key)
-        export SM_AWS_ACCESS_KEY_ID=$1 && shift
-        ;;
-      --sm-aws-secret-key)
-        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
-        ;;
-      --secrets-path)
-        export SECRETS_PATH=$1 && shift
-        ;;
-
-      --aibroker-namespace)
-          export AIBROKER_NAMESPACE=$1 && shift
-        ;;
-      --in-saas-env)
-          export IN_SAAS_ENV=$1 && shift
-        ;;
-      --is-external-route)
-          export IS_EXTERNAL_ROUTE=$1 && shift
-        ;;
-      --mas-icr-cp)
-        export MAS_ICR_CP=$1 && shift
-        ;;
-      --mas-icr-cpopen)
-        export MAS_ICR_CPOPEN=$1 && shift
-        ;;
-
-      --region-id)
-        export REGION_ID=$1 && shift
-        ;;
-
-      --mas-aibroker-watsonx-secret)
-          export MAS_AIBROKER_WATSONX_SECRET=$1 && shift
-        ;;
-      --mas-aibroker-storage-provider)
-          export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
-        ;;
-      --mas-aibroker-storage-region)
-        export MAS_AIBROKER_STORAGE_REGION=$1 && shift
-        ;;
-      --mas-aibroker-storage-ssl)
-        export MAS_AIBROKER_STORAGE_SSL=$1 && shift
-        ;;
-      --mas-aibroker-storage-secret)
-          export MAS_AIBROKER_STORAGE_SECRET=$1 && shift
-        ;;
-      --mas-catalog-source)
-          export MAS_CATALOG_SOURCE=$1 && shift
-        ;;
-
-      --mas-aibroker-mariadb-secret)
-          export MAS_AIBROKER_MARIADB_SECRET=$1 && shift
-        ;;
-      --environment-type)
-        export ENVIRONMENT_TYPE=$1 && shift
-        ;;
-
-      --mas-aibroker-s3-endpoint-url)
-        export MAS_AIBROKER_S3_ENDPOINT_URL=$1 && shift
-        ;;
-
-      --mas-aibroker-s3-region)
-        export MAS_AIBROKER_S3_REGION=$1 && shift
-        ;;
-
-      --mas-aibroker-s3-bucket-prefix)
-        export MAS_AIBROKER_S3_BUCKET_PREFIX=$1 && shift
-        ;;
-
-     # Target Cluster (Optional)
-      --cluster-url)
-        export CLUSTER_URL=$1 && shift
-        ;;
-        
-      # Automatic GitHub Push
-      -P|--github-push)
-        export GITHUB_PUSH=true
-        ;;
-      -H|--github-host)
-        export GITHUB_HOST=$1 && shift
-        ;;
-      -O|--github-org)
-        export GITHUB_ORG=$1 && shift
-        ;;
-      -R|--github-repo)
-        export GITHUB_REPO=$1 && shift
-        ;;
-      -S|--github-ssh)
-        export GIT_SSH=$1 && shift
-        ;;
-      -B|--git-branch)
-        export GIT_BRANCH=$1 && shift
-        ;;
-      -M|--git-commit-msg)
-        export GIT_COMMIT_MSG=$1 && shift
-        ;;
-
-      # Other Commands
-      -h|--help)
-        gitops_aibroker_help
-        ;;
-      *)
-        # unknown option
-        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
-        gitops_aibroker_help  "Usage Error: Unsupported option \"${key}\" "
-        exit 1
-        ;;
-      esac
-  done
-
-
-  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_aibroker_help "GITOPS_WORKING_DIR is not set"
-  [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_help "ACCOUNT_ID is not set"
-  [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_help "CLUSTER_ID is not set"
-  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_aibroker_help "REGION_ID or SM_AWS_REGION is not set"
-  [[ -z "$CLUSTER_URL" ]] && gitops_suite_help "CLUSTER_URL is not set"
-  
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    [[ -z "$GITHUB_HOST" ]] && gitops_aibroker_help "GITHUB_HOST is not set"
-    [[ -z "$GITHUB_ORG" ]] && gitops_aibroker_help "GITHUB_ORG is not set"
-    [[ -z "$GITHUB_REPO" ]] && gitops_aibroker_help "GITHUB_REPO is not set"
-    [[ -z "$GIT_BRANCH" ]] && gitops_aibroker_help "GIT_BRANCH is not set"
-    
-  fi
-
-# add validation below like above  for those variable which have the value needed for further execution
-# -- AIBroker
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_aibroker_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
-  [[ -z "$PRIMARY_STORAGE_CLASS" ]] && gitops_aibroker_help "PRIMARY_STORAGE_CLASS is not set. Please provide the primary storage class using --primary-storage-class."
-  [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster-domain."
-  [[ -z "$ARTIFACTORY_USERNAME" ]] && gitops_aibroker_help "ARTIFACTORY_USERNAME is not set. Please provide the artifactory username using --artifactory-username"
-  [[ -z "$MAS_APP_CHANNEL" ]] && gitops_aibroker_help "MAS_APP_CHANNEL is not set. Please provide the mas app channel using --mas-app-channel"
-  [[ -z "$MAS_CATALOG_SOURCE" ]] && gitops_aibroker_help "MAS_CATALOG_SOURCE is not set. Please provide the mas catalog source using --mas-catalog-source"
-  [[ -z "$MAS_ICR_CP" ]] && gitops_aibroker_help "MAS_ICR_CP is not set. Please provide the MAS ICR CP using --mas-icr-cp"
-  [[ -z "$MAS_ICR_CPOPEN" ]] && gitops_aibroker_help "MAS_ICR_CPOPEN is not set. Please provide the MAS ICR CPOPEN using --mas-icr-cpopopen"
-  [[ -z "$IN_SAAS_ENV" ]] && gitops_aibroker_help "IN_SAAS_ENV is not set. Please specify if this is in SaaS environment using --in-saas-env."
-  [[ -z "$IS_EXTERNAL_ROUTE" ]] && gitops_aibroker_help "IS_EXTERNAL_ROUTE is not set. Please specify if this is an external route using --is-external-route."
-  [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
-
-
-}
-
-function gitops_aibroker() {
-  # Take the first parameter off (it will be create-gitops)
-  shift
-  if [[ $# -gt 0 ]]; then
-    gitops_aibroker_noninteractive "$@"
-  else
-    echo "Not supported yet"
-    exit 1
-    gitops_aibroker_interactive
-  fi
-
-  # catch errors
-  set -o pipefail
-  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
-
-  rm -rf $GITOPS_WORKING_DIR
-  mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
-
-  echo
-  reset_colors
-  echo_h2 "Review Settings"
-
-  echo "${TEXT_DIM}"
-  echo_h2 "Target" "    "
-  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
-  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
-  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
-  echo_reset_dim "Cluster URL .................... ${COLOR_MAGENTA}${CLUSTER_URL}"
-  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  echo_h2 "AWS Secrets Manager" "    "
-  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
-  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
-  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
-  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ........................ ${COLOR_GREEN}Enabled"
-    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-    echo_reset_dim "Host .................................. ${COLOR_MAGENTA}${GITHUB_HOST}"
-    echo_reset_dim "Organization .......................... ${COLOR_MAGENTA}${GITHUB_ORG}"
-    echo_reset_dim "Repository ............................ ${COLOR_MAGENTA}${GITHUB_REPO}"
-    echo_reset_dim "Branch ................................ ${COLOR_MAGENTA}${GIT_BRANCH}"
-  else
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ........................ ${COLOR_RED}Disabled"
-    echo_reset_dim "Working Directory ..................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-  fi
-  reset_colors
-
-  # echo all the variables of gitops+envs
-  export MAS_INSTANCE_ID="$AIBROKER_INSTANCE_ID"
-  echo_reset_dim "MAS Instance ID ....................... ${COLOR_MAGENTA}${MAS_INSTANCE_ID}"
-  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-  echo_reset_dim "AI Broker Namespace ................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
-  echo_reset_dim "MAS AI Broker WatsonX Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONX_SECRET}"
-  echo_reset_dim "Pull Secret Name ...................... ${COLOR_MAGENTA}${PULL_SECRET_NAME}"
-  # Storage variables
-  echo_reset_dim "MAS AI Broker Storage Provider ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
-  echo_reset_dim "MAS AI Broker Storage Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SECRET}"
-  echo_reset_dim "MAS AI Broker Storage Host ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_HOST}"
-  echo_reset_dim "MAS AI Broker Storage Port ............ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PORT}"
-  echo_reset_dim "MAS AI Broker Storage SSL ............. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
-  echo_reset_dim "MAS AI Broker Storage Region .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_REGION}"
-  echo_reset_dim "MAS AI Broker Pipelines Bucket ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PIPELINES_BUCKET}"
-  echo_reset_dim "MAS AI Broker Tenants Bucket .......... ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TENANTS_BUCKET}"
-  echo_reset_dim "MAS AI Broker Templates Bucket ........ ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET}"
-  echo_reset_dim "MAS AI Broker MariaDB Secret .......... ${COLOR_MAGENTA}${MAS_AIBROKER_MARIADB_SECRET}"
-  
-  echo_reset_dim "Primary Storage Class ................. ${COLOR_MAGENTA}${PRIMARY_STORAGE_CLASS}"
-  echo_reset_dim "Artifactory Username ................... ${COLOR_MAGENTA}${ARTIFACTORY_USERNAME}"
-  echo_reset_dim "MAS App Channel ........................ ${COLOR_MAGENTA}${MAS_APP_CHANNEL}"
-  echo_reset_dim "MAS Catalog Source ..................... ${COLOR_MAGENTA}${MAS_CATALOG_SOURCE}"
-  echo_reset_dim "MAS ICR CP ............................. ${COLOR_MAGENTA}${MAS_ICR_CP}"
-  echo_reset_dim "MAS ICR CPOpen ......................... ${COLOR_MAGENTA}${MAS_ICR_CPOPEN}"
-  echo_reset_dim "Cluster Domain ......................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
-  echo_reset_dim "In SaaS Environment .................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
-  echo_reset_dim "Is External Route ...................... ${COLOR_MAGENTA}${IS_EXTERNAL_ROUTE}"
-
-  AVP_TYPE=aws  # Support for IBM will be added later
-  sm_login
-  # update those varialbe which are necessory to be updated into aws , 
-  SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
-
-  export SECRET_KEY_IBM_ENTITLEMENT=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
-
-  #storage
-  # mas_aibroker_storage_accesskey
-  export SECRET_KEY_STORAGE_ACCESSKEY=${SECRETS_PREFIX}storage#sm_storage_accesskey
-  export SECRET_KEY_STORAGE_SECRETKEY=${SECRETS_PREFIX}storage#sm_storage_secretkey
-  # mas_aibroker_storage_host
-  export SECRET_KEY_STORAGE_HOST=${SECRETS_PREFIX}storage#sm_storage_host
-  export SECRET_KEY_STORAGE_PORT=${SECRETS_PREFIX}storage#sm_storage_port
-  # mas_aibroker_storage_templates_bucket
-  export SM_STORAGE_BUCKET_TEMPLATES=${SECRETS_PREFIX}storage#sm_storage_bucket_templates
-  # mas_aibroker_storage_tenants_bucket
-  export SM_STORAGE_BUCKET_TENANTS=${SECRETS_PREFIX}storage#sm_storage_bucket_tenants
-  # mas_aibroker_storage_pipelines_bucket
-  export SM_STORAGE_BUCKET_PIPELINES=${SECRETS_PREFIX}storage#sm_storage_bucket_pipelines
-
-
-  #mariadb
-  export MAS_AIBROKER_DB_HOST=${SECRETS_PREFIX}mariadb#sm_mariadb_host
-  export MAS_AIBROKER_DB_PORT=${SECRETS_PREFIX}mariadb#sm_mariadb_port
-  export MAS_AIBROKER_DB_USER=${SECRETS_PREFIX}mariadb#sm_mariadb_user
-  export MAS_AIBROKER_DB_DATABASE=${SECRETS_PREFIX}mariadb#sm_mariadb_database
-  export MAS_AIBROKER_DB_SECRET_NAME=${SECRETS_PREFIX}mariadb#sm_mariadb_secret_name
-  export MAS_AIBROKER_DB_SECRET_VALUE=${SECRETS_PREFIX}mariadb#sm_mariadb_secret_value
-
-  #sls
-  export SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
-  #dro
-  export DROCFG_CA=${SECRETS_PREFIX}droai#drocfg_ca
-  export DROCFG_TENANT=${SECRETS_PREFIX}droai#drocfg_ca_tenant
-  export DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}droai#drocfg_registration_key
-  export DROCFG_URL=${SECRETS_PREFIX}droai#drocfg_url
-  #jdbc
-  export JDBCCFG_USERNAME=${SECRETS_PREFIX}jdbc#jdbccfg_username
-  export JDBCCFG_PASSWORD=${SECRETS_PREFIX}jdbc#jdbccfg_password
-  export JDBCCFG_URL=${SECRETS_PREFIX}jdbc#jdbccfg_url
-  export JDBCCFG_SSLENABLED=${SECRETS_PREFIX}jdbc#jdbccfg_sslenabled
-  export JDBCCFG_CA=${SECRETS_PREFIX}jdbc#jdbccfg_ca
-
-  export MAS_ENTITLEMENT_KEY=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
-  export ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
-
-  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
-  sm_verify_secret_exists ${SECRETS_PREFIX}droai "drocfg_ca,drocfg_registration_key,drocfg_url,drocfg_ca_tenant"
-  sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key"
-  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey,sm_storage_bucket_templates,sm_storage_bucket_tenants,sm_storage_bucket_pipelines"
-  sm_verify_secret_exists ${SECRETS_PREFIX}jdbc "jdbccfg_username,jdbccfg_password,jdbccfg_url,jdbccfg_sslenabled,jdbccfg_ca"
-  sm_verify_secret_exists ${SECRETS_PREFIX}mariadb "sm_mariadb_host,sm_mariadb_port,sm_mariadb_user,sm_mariadb_database,sm_mariadb_secret_name,sm_mariadb_secret_value"
-
-  
-
-    if [ -z $GIT_SSH ]; then
-      export GIT_SSH=false
-    fi
-
-    # Clone github target repo
-    # ---------------------------------------------------------------------------
-    if [ "$GITHUB_PUSH" == "true" ]; then
-      echo
-      echo "GITOPS_WORKING_DIR  ${GITOPS_WORKING_DIR}"
-      echo "GITOPS_CLUSTER_DIR  ${GITOPS_CLUSTER_DIR}"
-      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
-    fi
-    mkdir -p ${GITOPS_CLUSTER_DIR}
-
-    # Generate ArgoApps
-    # ---------------------------------------------------------------------------
-    echo
-    echo_h2 "Generating Argo Project and Applications"
-    echo "- Base Config"
-    echo "Generating aibroker base file ${GITOPS_CLUSTER_DIR}/ibm-aibroker-instance-base.yaml"
-    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-mas-instance-base.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker-instance-base.yaml
-
-    # Generate ArgoApps
-    # ---------------------------------------------------------------------------
-    echo
-    echo_h2 "Generating aibroker operator Applications"
-    echo "- aibroker operator"
-
-    echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml"
-    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-aibroker.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml
-
-    # Commit and push to github target repo
-    # ---------------------------------------------------------------------------
-    if [ "$GITHUB_PUSH" == "true" ]; then
-      echo
-      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
-      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
-    fi
-
-    # rm -rf $TEMP_DIR
-    rm -rf $GITOPS_WORKING_DIR
-
-
-  exit 0 
-}
\ No newline at end of file
diff --git a/image/cli/mascli/functions/gitops_aibroker_tenant b/image/cli/mascli/functions/gitops_aibroker_tenant
deleted file mode 100644
index bda0b4c6c1c..00000000000
--- a/image/cli/mascli/functions/gitops_aibroker_tenant
+++ /dev/null
@@ -1,482 +0,0 @@
-#!/usr/bin/env bash
-
-function gitops_aibroker_tenant_help() {
-  [[ -n "$1" ]] && echo_warning "$1"
-  reset_colors
-  cat << EOM
-Usage:
-  mas gitops-aibroker-tenant [options]
-Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
-When no options are specified on the command line, interactive-mode will be enabled by default.
-
-Basic Configuration:
-  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                  Directory for GitOps repository
-  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                   Account name that the cluster belongs to
-  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                   Cluster ID
-  -i, --Instance-id ${COLOR_YELLOW}INSTANCE_ID${TEXT_RESET}                                                  Instance ID
-
-ibm_aibroker_tenant(required):
-      --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                                          The AIBROKER instance ID used by AI Broker
-      --tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                        The tenant's Kubernetes namespace
-      --tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                     The tenant ID for the AI Broker instance
-      --mas-aibroker-tenant-name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                       The name of the AI Broker tenant
-      --cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                           The domain name of the Kubernetes cluster (e.g., cluster.local)
-      --drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                   URL of the DRO configuration service
-      --slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                   URL of the SLS configuration service
-      --mas_aibroker_watsonxai_url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                   Endpoint URL for Watsonx.ai
-      --mas_aibroker_watsonxai_project_id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}     Watsonx.ai project ID used by AI Broker
-
-
-AIBroker :
---aibroker-namespace ${COLOR_YELLOW}AIBROKER_NAMESPACE${TEXT_RESET}                                         The namespace where AI Broker is deployed
---mas-aibroker-provision-tenant ${COLOR_YELLOW}MAS_AIBROKER_PROVISION_TENANT${TEXT_RESET}                   Whether to provision the AI Broker tenant
---aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                                     The AI Broker instance ID
---tenantNamespace ${COLOR_YELLOW}TENANT_NAMESPACE${TEXT_RESET}                                              The tenant's Kubernetes namespace
---tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                           The tenant ID for the AI Broker instance
---mas_aibroker_tenant_name ${COLOR_YELLOW}MAS_AIBROKER_TENANT_NAME${TEXT_RESET}                             The name of the AI Broker tenant
---cluster-domain ${COLOR_YELLOW}CLUSTER_DOMAIN${TEXT_RESET}                                                 The domain name of the Kubernetes cluster (e.g., cluster.local)
---in-saas-env ${COLOR_YELLOW}IN_SAAS_ENV${TEXT_RESET}                                                       Whether the environment is SaaS (true/false)
-
---mas-icr-cp ${COLOR_YELLOW}MAS_ICR_CP${TEXT_RESET}                                                         IBM Cloud Pak container registry URL
---mas-icr-cpopen ${COLOR_YELLOW}MAS_ICR_CPOPEN${TEXT_RESET}                                                 IBM Cloud Pak Open container registry URL
-
-DRO :
---drocfg-url ${COLOR_YELLOW}DROCFG_URL${TEXT_RESET}                                                         URL of the DRO configuration service
-
-SLS :
---slscfg-url ${COLOR_YELLOW}SLSCFG_URL${TEXT_RESET}                                                          URL of the SLS configuration service
---mas-aibroker-sls-subscription-id ${COLOR_YELLOW}MAS_AIBROKER_SLS_SUBSCRIPTION_ID${TEXT_RESET}              Subscription ID associated with SLS
-
-Watsonx :
---mas-aibroker-watsonxai-url ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_URL${TEXT_RESET}                          Endpoint URL for Watsonx.ai
---mas-aibroker-watsonxai-project-id ${COLOR_YELLOW}MAS_AIBROKER_WATSONXAI_PROJECT_ID${TEXT_RESET}            Watsonx.ai project ID used by AI Broker
-
-Storage :
---mas_aibroker_storage_provider ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PROVIDER${TEXT_RESET}                    The storage provider used by AI Broker (e.g., S3, MinIO)
---mas-aibroker-storage-port ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PORT${TEXT_RESET}                            Port number STORAGE is exposed on
---mas-aibroker-storage-region ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_REGION${TEXT_RESET}                        Storage region used in STORAGE (if applicable)
---mas-aibroker-storage-pipelines-bucket ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_PIPELINES_BUCKET${TEXT_RESET}    The STORAGE bucket used to store pipeline assets
---mas-aibroker-storage-ssl ${COLOR_YELLOW}MAS_AIBROKER_STORAGE_SSL${TEXT_RESET}                              Whether STORAGE uses SSL (true/false)
-
-
-Automatic GitHub Push (Optional):
-  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}                                                  Enable automatic push to GitHub
-  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}                                                  GitHub Hostname for your GitOps repository
-  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}                                                    Github org for your GitOps repository
-  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}                                                  Github repo for your GitOps repository
-  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}                                                       Git ssh key path
-  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}                                                    Git branch to commit to of your GitOps repository
-  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}                                            Git commit message to use when committing to of your GitOps repository
-
-Other Commands:
-  -h, --help                                      Show this help message
-EOM
-  [[ -n "$1" ]] && exit 1 || exit 0
-}
-
-function gitops_aibroker_tenant_noninteractive() {
-  GITOPS_WORKING_DIR=$PWD/working-dir
-  SECRETS_KEY_SEPERATOR="/"
-  GIT_COMMIT_MSG="gitops-aibroker-tenant commit"
-
-  # adding default values 
-  # all generic values should to put here 
-  # check with ansible playbook/gitops envs 
-  # only export below in whiel loop
-  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
-
-  #adding default values # -- AIBroker Defaults
-  export AIBROKER_NAMESPACE=${AIBROKER_NAMESPACE:-"mas-${AIBROKER_INSTANCE_ID}-aibroker"}
-  export MAS_AIBROKER_PROVISION_TENANT=${MAS_AIBROKER_PROVISION_TENANT:-"provision-tenant"}
-  export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
-  export MAS_ICR_CP=${MAS_ICR_CP:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local"}
-  export MAS_ICR_CPOPEN=${MAS_ICR_CPOPEN:-"docker-na-public.artifactory.swg-devops.com/wiotp-docker-local/cpopen"}
-  
-  
-  export MAS_AIBROKER_S3_BUCKET_PREFIX=${MAS_AIBROKER_S3_BUCKET_PREFIX:-"m"}
-  export MAS_AIBROKER_S3_REGION=${MAS_AIBROKER_S3_REGION:-"us-east-2"}
-  export TENANT_ENTITLEMENT_TYPE=${TENANT_ENTITLEMENT_TYPE:-"standard"}
-  export TENANT_ENTITLEMENT_START_DATE=${TENANT_ENTITLEMENT_START_DATE:-"2025-06-11"}
-  export TENANT_ENTITLEMENT_END_DATE=${TENANT_ENTITLEMENT_END_DATE:-"2049-11-11"}
-  
-
-  # -- SLS Defaults
-  export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=${MAS_AIBROKER_SLS_SUBSCRIPTION_ID:-"001"}
-
-  # -- STORAGE Defaults
-  export MAS_AIBROKER_STORAGE_REGION=${MAS_AIBROKER_STORAGE_REGION:-""}
-
-  while [[ $# -gt 0 ]]
-  do
-    key="$1"
-    shift
-    case $key in
-      # GitOps Configuration
-      -d|--dir)
-        export GITOPS_WORKING_DIR=$1 && shift
-        ;;
-      -a|--account-id)
-        export ACCOUNT_ID=$1 && shift
-        ;;
-      -c|--cluster-id)
-        export CLUSTER_ID=$1 && shift
-        ;;
-      -i|--instance-id)
-        export INSTANCE_ID=$1 && shift 
-        ;;
-      # AWS Secrets Manager Configuration
-      --sm-aws-secret-region)
-        export SM_AWS_REGION=$1
-        export REGION_ID=$1
-        shift
-        ;;
-      --sm-aws-access-key)
-        export SM_AWS_ACCESS_KEY_ID=$1 && shift
-        ;;
-      --sm-aws-secret-key)
-        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
-        ;;
-      --secrets-path)
-        export SECRETS_PATH=$1 && shift
-        ;;
-
-      # -- AIBroker
-      --aibroker-namespace)
-        export AIBROKER_NAMESPACE=$1 && shift
-        ;;
-      --mas-aibroker-provision-tenant)
-        export MAS_AIBROKER_PROVISION_TENANT=$1 && shift
-        ;;
-      --aibroker-instance-id)
-        export AIBROKER_INSTANCE_ID=$1 && shift
-        ;;
-      --tenantNamespace)
-        export TENANT_NAMESPACE=$1 && shift
-        ;;
-      --tenant-id)
-        export TENANT_ID=$1 && shift
-        ;;
-      --mas-aibroker-tenant-name)
-        export MAS_AIBROKER_TENANT_NAME=$1 && shift
-        ;;
-      --cluster-domain)
-        export CLUSTER_DOMAIN=$1 && shift
-        ;;
-      --in-saas-env)
-        export IN_SAAS_ENV=$1 && shift
-        ;;
-      --mas-icr-cp)
-        export MAS_ICR_CP=$1 && shift
-        ;;
-      --mas-icr-cpopen)
-        export MAS_ICR_CPOPEN=$1 && shift
-        ;;
-
-      # -- DRO
-      --drocfg-url)
-        export DROCFG_URL=$1 && shift
-        ;;
-
-      # -- SLS
-      --slscfg-url)
-        export SLSCFG_URL=$1 && shift
-        ;;
-
-      --mas-aibroker-sls-subscription-id)
-        export MAS_AIBROKER_SLS_SUBSCRIPTION_ID=$1 && shift
-        ;;
-
-      # -- Watsonx
-      --mas-aibroker-watsonxai-url)
-        export MAS_AIBROKER_WATSONXAI_URL=$1 && shift
-        ;;
-      --mas-aibroker-watsonxai-project-id)
-        export MAS_AIBROKER_WATSONXAI_PROJECT_ID=$1 && shift
-        ;;
-
-      # -- STORAGE
-      --mas-aibroker-storage-port)
-        export MAS_AIBROKER_STORAGE_PORT=$1 && shift
-        ;;
-      --mas-aibroker-storage-region)
-        export MAS_AIBROKER_STORAGE_REGION=$1 && shift
-        ;;
-      --mas-aibroker-storage-pipelines-bucket)
-        export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET=$1 && shift
-        ;;
-      --mas-aibroker-storage-ssl)
-        export MAS_AIBROKER_STORAGE_SSL=$1 && shift
-        ;;
-
-      
-      --rsl-url)
-        export RSL_URL=$1 && shift
-        ;;
-
-      --mas-aibroker-storage-provider)
-        export MAS_AIBROKER_STORAGE_PROVIDER=$1 && shift
-        ;;
-      --mas-aibroker-s3-endpoint-url)
-        export MAS_AIBROKER_S3_ENDPOINT_URL=$1 && shift
-        ;;
-      --mas-aibroker-s3-region)
-        export MAS_AIBROKER_S3_REGION=$1 && shift
-        ;;
-
-      --mas-aibroker-s3-bucket-prefix)
-        export MAS_AIBROKER_S3_BUCKET_PREFIX=$1 && shift
-        ;;
-
-      --tenant-entitlement-type)
-        export TENANT_ENTITLEMENT_TYPE=$1 && shift
-        ;;
-
-      --tenant-entitlement-start-date)
-        export TENANT_ENTITLEMENT_START_DATE=$1 && shift
-        ;;
-
-      --tenant-entitlement-end-date)
-        export TENANT_ENTITLEMENT_END_DATE=$1 && shift
-        ;;
-        
-
-      # Automatic GitHub Push
-      -P|--github-push)
-        export GITHUB_PUSH=true
-        ;;
-      -H|--github-host)
-        export GITHUB_HOST=$1 && shift
-        ;;
-      -O|--github-org)
-        export GITHUB_ORG=$1 && shift
-        ;;
-      -R|--github-repo)
-        export GITHUB_REPO=$1 && shift
-        ;;
-      -B|--git-branch)
-        export GIT_BRANCH=$1 && shift
-        ;;
-      -M|--git-commit-msg)
-        export GIT_COMMIT_MSG=$1 && shift
-        ;;
-
-      # Other Commands
-      -h|--help)
-        gitops_aibroker_tenant_help
-        ;;
-      *)
-        # unknown option
-        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
-        gitops_aibroker_tenant_help  "Usage Error: Unsupported option \"${key}\" "
-        exit 1
-        ;;
-      esac
-  done
-
-  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_aibroker_tenant_help "GITOPS_WORKING_DIR is not set"
-  [[ -z "$ACCOUNT_ID" ]] && gitops_aibroker_tenant_help "ACCOUNT_ID is not set"
-  [[ -z "$CLUSTER_ID" ]] && gitops_aibroker_tenant_help "CLUSTER_ID is not set"
-  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_aibroker_tenant_help "REGION_ID or SM_AWS_REGION is not set"
-
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    [[ -z "$GITHUB_HOST" ]] && gitops_aibroker_tenant_help "GITHUB_HOST is not set"
-    [[ -z "$GITHUB_ORG" ]] && gitops_aibroker_tenant_help "GITHUB_ORG is not set"
-    [[ -z "$GITHUB_REPO" ]] && gitops_aibroker_tenant_help "GITHUB_REPO is not set"
-    [[ -z "$GIT_BRANCH" ]] && gitops_aibroker_tenant_help "GIT_BRANCH is not set"
-  fi
-
-  # add validation below like above  for those variable which have the value needed for further execution
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_aibroker_tenant_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
-  [[ -z "$TENANT_NAMESPACE" ]] && gitops_aibroker_tenant_help "TENANT_NAMESPACE is not set. Please specify the tenant namespace using --tenantNamespace."
-  [[ -z "$TENANT_ID" ]] && gitops_aibroker_tenant_help "TENANT_ID is not set. Please provide the tenant ID using --tenant-id."
-  # [[ -z "$MAS_AIBROKER_TENANT_NAME" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_TENANT_NAME is not set. Please provide the AI Broker tenant name using --mas-aibroker-tenant-name."
-  [[ -z "$CLUSTER_DOMAIN" ]] && gitops_aibroker_tenant_help "CLUSTER_DOMAIN is not set. Please provide the cluster domain using --cluster-domain."
-  
-  # -- DRO
-  [[ -z "$DROCFG_URL" ]] && gitops_aibroker_tenant_help "DROCFG_URL is not set. Please specify the DRO configuration URL using --drocfg-url."
-  
-  # -- SLS
-  [[ -z "$SLSCFG_URL" ]] && gitops_aibroker_tenant_help "SLSCFG_URL is not set. Please specify the SLS configuration URL using --slscfg-url."
-
-  # -- Watsonx
-  [[ -z "$MAS_AIBROKER_WATSONXAI_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --mas-aibroker-watsonxai-url."
-  
-  [[ -z "$RSL_URL" ]] && gitops_aibroker_tenant_help "RSL_URL is not set. Please specify the RSL URL using --rsl-url."
-  [[ -z "$MAS_AIBROKER_S3_ENDPOINT_URL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --mas-aibroker-s3-endpoint-url."
-  
-  [[ -z "$MAS_AIBROKER_STORAGE_SSL" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_SSL is not set. Please specify whether SSL is enabled for STORAGE using --mas-aibroker-storage-ssl."
-  [[ -z "$MAS_AIBROKER_STORAGE_PROVIDER" ]] && gitops_aibroker_tenant_help "MAS_AIBROKER_STORAGE_PROVIDER is not set. Please specify the STORAGE provider using --mas-aibroker-storage-provider."
- 
- }
-
-function gitops_aibroker_tenant() {
-  # Take the first parameter off (it will be create-gitops)
-  shift
-  if [[ $# -gt 0 ]]; then
-    gitops_aibroker_tenant_noninteractive "$@"
-  else
-    echo "Not supported yet"
-    exit 1
-    gitops_aibroker_tenant_interactive
-  fi
-
-  # catch errors
-  set -o pipefail
-  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
-
-  rm -rf $GITOPS_WORKING_DIR
-  mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}/${TENANT_ID}
-
-
-  echo
-  reset_colors
-  echo_h2 "Review Settings"
-
-  echo "${TEXT_DIM}"
-  echo_h2 "Target" "    "
-  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
-  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
-  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
-  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  echo_h2 "AWS Secrets Manager" "    "
-  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
-  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
-  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
-  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ............................. ${COLOR_GREEN}Enabled"
-    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-    echo_reset_dim "Host ....................................... ${COLOR_MAGENTA}${GITHUB_HOST}"
-    echo_reset_dim "Organization ............................... ${COLOR_MAGENTA}${GITHUB_ORG}"
-    echo_reset_dim "Repository ................................. ${COLOR_MAGENTA}${GITHUB_REPO}"
-    echo_reset_dim "Branch ..................................... ${COLOR_MAGENTA}${GIT_BRANCH}"
-  else
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ............................. ${COLOR_RED}Disabled"
-    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-  fi
-  reset_colors
-
-  # echo all the variables of gitops envs
-
-  # -- AIBroker
-  echo_reset_dim "aibroker namespace ........................... ${COLOR_MAGENTA}${AIBROKER_NAMESPACE}"
-  echo_reset_dim "mas aibroker provision tenant ................ ${COLOR_MAGENTA}${MAS_AIBROKER_PROVISION_TENANT}"
-  echo_reset_dim "aibroker instance ID ......................... ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-  echo_reset_dim "tenant namespace ............................. ${COLOR_MAGENTA}${TENANT_NAMESPACE}"
-  echo_reset_dim "tenant ID .................................... ${COLOR_MAGENTA}${TENANT_ID}"
-  echo_reset_dim "mas aibroker tenant name ..................... ${COLOR_MAGENTA}${MAS_AIBROKER_TENANT_NAME}"
-  echo_reset_dim "cluster domain ............................... ${COLOR_MAGENTA}${CLUSTER_DOMAIN}"
-  echo_reset_dim "in SaaS environment .......................... ${COLOR_MAGENTA}${IN_SAAS_ENV}"
-
-  echo_reset_dim "MAS ICR CP registry .......................... ${COLOR_MAGENTA}${MAS_ICR_CP}"
-  echo_reset_dim "MAS ICR CPOPEN registry ...................... ${COLOR_MAGENTA}${MAS_ICR_CPOPEN}"
-
-  # -- SLS
-  echo_reset_dim "SLS subscription ID .......................... ${COLOR_MAGENTA}${MAS_AIBROKER_SLS_SUBSCRIPTION_ID}"
-
-  # -- Watsonx
-  echo_reset_dim "Watsonx.ai URL ............................... ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_URL}"
-  echo_reset_dim "Watsonx.ai project ID ........................ ${COLOR_MAGENTA}${MAS_AIBROKER_WATSONXAI_PROJECT_ID}"
-
-  # -- STORAGE
-  echo_reset_dim "SSL enabled .................................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_SSL}"
-  echo_reset_dim "Storage provider ............................. ${COLOR_MAGENTA}${MAS_AIBROKER_STORAGE_PROVIDER}"
-  AVP_TYPE=aws  # Support for IBM will be added later
-  sm_login
-
-  SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
-
-  # aibroker
-  export SECRET_KEY_IBM_ENTITLEMENT=${SECRETS_PREFIX}ibm_entitlement#entitlement_key
-  # dro
-  export SECRET_KEY_ARTIFACTORY_TOKEN=${SECRETS_PREFIX}ibm_entitlement#image_pull_secret_b64
-  export SECRET_KEY_DROCFG_CA=${SECRETS_PREFIX}droai#drocfg_ca_tenant
-  export SECRET_KEY_DROCFG_REGISTRATION_KEY=${SECRETS_PREFIX}droai#drocfg_registration_key
-
-  # sls
-  export SECRET_KEY_SLSCFG_REGISTRATION_KEY=${SECRETS_PREFIX}sls#slscfg_registration_key
-  export SECRET_KEY_SLSCFG_CA_TENANT=${SECRETS_PREFIX}sls#slscfg_ca_tenant
-
-  export SECRET_KEY_RSL_ORG_ID=${SECRETS_PREFIX}rsl#rsl_org_id
-  export SECRET_KEY_RSL_TOKEN=${SECRETS_PREFIX}rsl#rsl_token
-  #watsonx
-  export SECRET_KEY_WATSONXAI_APIKEY=${SECRETS_PREFIX}watsonx#watsonxai_apikey
-  export MAS_AIBROKER_WATSONXAI_PROJECT_ID=${SECRETS_PREFIX}watsonx#watsonxai_project_id
-  
-
-
-  # STORAGE
-  export SECRET_KEY_STORAGE_HOST=${SECRETS_PREFIX}storage#sm_storage_host
-  export SECRET_KEY_STORAGE_PORT=${SECRETS_PREFIX}storage#sm_storage_port
-  export SECRET_KEY_STORAGE_ACCESSKEY=${SECRETS_PREFIX}storage#sm_storage_accesskey
-  export SECRET_KEY_STORAGE_SECRETKEY=${SECRETS_PREFIX}storage#sm_storage_secretkey
-
-  # check for those variables present into the aws sm 
-
-  sm_verify_secret_exists ${SECRETS_PREFIX}ibm_entitlement "image_pull_secret_b64,entitlement_key"
- 
-  sm_verify_secret_exists ${SECRETS_PREFIX}droai "drocfg_ca,drocfg_registration_key"
-
-  sm_verify_secret_exists ${SECRETS_PREFIX}sls "slscfg_registration_key,slscfg_ca_tenant"
- 
-  sm_verify_secret_exists ${SECRETS_PREFIX}storage "sm_storage_host,sm_storage_accesskey,sm_storage_secretkey"
-
-  sm_verify_secret_exists ${SECRETS_PREFIX}rsl "rsl_org_id,rsl_token"
-
-  sm_verify_secret_exists ${SECRETS_PREFIX}watsonx "watsonxai_apikey,watsonxai_project_id"
-  
-  # finally push them into the git repo
-
-    if [ -z $GIT_SSH ]; then
-      export GIT_SSH=false
-    fi
-
-    # Clone github target repo
-    # ---------------------------------------------------------------------------
-    if [ "$GITHUB_PUSH" == "true" ]; then
-      echo
-      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
-    fi
-    mkdir -p ${GITOPS_CLUSTER_DIR}
-
-    # Generate ArgoApps
-    # ---------------------------------------------------------------------------
-    echo
-    echo_h2 "Generating Argo Project and Applications"
-    echo "- Base Config"
-    echo "Generating aibroker base file ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant-base.yaml"
-    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant-base.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant-base.yaml
-
-    # Generate ArgoApps
-    # ---------------------------------------------------------------------------
-    echo
-    echo_h2 "Generating aibroker operator Applications"
-    echo "- aibroker tenant operator"
-
-    echo "Generating aibroker file ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant.yaml"
-    jinjanate_commmon $CLI_DIR/templates/gitops/appset-configs/cluster/instance/ibm-aibroker-tenant.yaml.j2 ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant.yaml
-
-    # Commit and push to github target repo
-    # ---------------------------------------------------------------------------
-    if [ "$GITHUB_PUSH" == "true" ]; then
-      echo
-      echo "Github push" "$GITHUB_HOST" "$GITHUB_ORG" "$GITHUB_REPO" "$GIT_BRANCH" "Working: " "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" " Commit :" "$GIT_COMMIT_MSG"
-      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
-      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
-    fi
-
-    # rm -rf $TEMP_DIR
-    rm -rf $GITOPS_WORKING_DIR
-
-  exit 0
-}

From b159e67698ead73c1ee2a1ea299fe0e8dcd8d9ec Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Mon, 18 May 2026 14:34:09 +0530
Subject: [PATCH 241/258] Remove derovision aibroker related files

---
 .../functions/gitops_deprovision_aibroker     | 258 -----------------
 .../gitops_deprovision_aibroker_tenant        | 269 ------------------
 2 files changed, 527 deletions(-)
 delete mode 100644 image/cli/mascli/functions/gitops_deprovision_aibroker
 delete mode 100644 image/cli/mascli/functions/gitops_deprovision_aibroker_tenant

diff --git a/image/cli/mascli/functions/gitops_deprovision_aibroker b/image/cli/mascli/functions/gitops_deprovision_aibroker
deleted file mode 100644
index a45e5afa341..00000000000
--- a/image/cli/mascli/functions/gitops_deprovision_aibroker
+++ /dev/null
@@ -1,258 +0,0 @@
-#!/usr/bin/env bash
-
-function gitops_deprovision_aibroker_help() {
-  [[ -n "$1" ]] && echo_warning "$1"
-  reset_colors
-  cat << EOM
-Usage:
-  mas gitops-aibroker-deprovision [options]
-Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
-When no options are specified on the command line, interactive-mode will be enabled by default.
-
-Basic Configuration:
-  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                  Directory for GitOps repository
-  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                   Account name that the cluster belongs to
-  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                   Cluster ID
-
-Secrets Manager:
-      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
-      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}  
-
-
-ibm_aibroker(required):
-  -i, --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                              AI Broker instance ID  
-
-
-Automatic GitHub Push (Optional):
-  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}                                                  Enable automatic push to GitHub
-  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}                                                  GitHub Hostname for your GitOps repository
-  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}                                                    Github org for your GitOps repository
-  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}                                                  Github repo for your GitOps repository
-  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}                                                       Git ssh key path
-  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}                                                    Git branch to commit to of your GitOps repository
-  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}                                            Git commit message to use when committing to of your GitOps repository
-
-Other Commands:
-  -h, --help                                      Show this help message
-EOM
-  [[ -n "$1" ]] && exit 1 || exit 0
-}
-
-function gitops_deprovision_aibroker_noninteractive() {
-  GITOPS_WORKING_DIR=$PWD/working-dir
-  SECRETS_KEY_SEPERATOR="/"
-  GIT_COMMIT_MSG="gitops-aibroker-deprovision commit"
-
-  # adding default values 
-  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
-
-  while [[ $# -gt 0 ]]
-  do
-    key="$1"
-    shift
-    case $key in
-      # GitOps Configuration
-      -d|--dir)
-        export GITOPS_WORKING_DIR=$1 && shift
-        ;;
-      -a|--account-id)
-        export ACCOUNT_ID=$1 && shift
-        ;;
-      -c|--cluster-id)
-        export CLUSTER_ID=$1 && shift
-        ;;
-      --aibroker-instance-id)
-        export AIBROKER_INSTANCE_ID=$1 && shift
-        ;;
-      # AWS Secrets Manager Configuration
-      --sm-aws-secret-region)
-        export SM_AWS_REGION=$1
-        export REGION_ID=$1
-        shift
-        ;;
-      --sm-aws-access-key)
-        export SM_AWS_ACCESS_KEY_ID=$1 && shift
-        ;;
-      --sm-aws-secret-key)
-        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
-        ;;
-      --secrets-path)
-        export SECRETS_PATH=$1 && shift
-        ;;
-      # Automatic GitHub Push
-      -P|--github-push)
-        export GITHUB_PUSH=true
-        ;;
-      -H|--github-host)
-        export GITHUB_HOST=$1 && shift
-        ;;
-      -O|--github-org)
-        export GITHUB_ORG=$1 && shift
-        ;;
-      -R|--github-repo)
-        export GITHUB_REPO=$1 && shift
-        ;;
-      -B|--git-branch)
-        export GIT_BRANCH=$1 && shift
-        ;;
-      -M|--git-commit-msg)
-        export GIT_COMMIT_MSG=$1 && shift
-        ;;
-
-      # Other Commands
-      -h|--help)
-        gitops_deprovision_aibroker_help
-        ;;
-      *)
-        # unknown option
-        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
-        gitops_deprovision_aibroker_help  "Usage Error: Unsupported option \"${key}\" "
-        exit 1
-        ;;
-      esac
-  done
-
-  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_deprovision_aibroker_help "GITOPS_WORKING_DIR is not set"
-  [[ -z "$ACCOUNT_ID" ]] && gitops_deprovision_aibroker_help "ACCOUNT_ID is not set"
-  [[ -z "$CLUSTER_ID" ]] && gitops_deprovision_aibroker_help "CLUSTER_ID is not set"
-  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_deprovision_aibroker_help "REGION_ID or SM_AWS_REGION is not set"
-
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    [[ -z "$GITHUB_HOST" ]] && gitops_deprovision_aibroker_help "GITHUB_HOST is not set"
-    [[ -z "$GITHUB_ORG" ]] && gitops_deprovision_aibroker_help "GITHUB_ORG is not set"
-    [[ -z "$GITHUB_REPO" ]] && gitops_deprovision_aibroker_help "GITHUB_REPO is not set"
-    [[ -z "$GIT_BRANCH" ]] && gitops_deprovision_aibroker_help "GIT_BRANCH is not set"
-  fi
-
-  # add validation below like above  for those variable which have the value needed for further execution
-  # -- AIBroker
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_deprovision_aibroker_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
-
- }
-
-function gitops_deprovision_aibroker() {
-  # Take the first parameter off (it will be create-gitops)
-  shift
-  if [[ $# -gt 0 ]]; then
-    gitops_deprovision_aibroker_noninteractive "$@"
-  else
-    echo "Not supported yet"
-    exit 1
-    gitops_deprovision_aibroker_interactive
-  fi
-
-  # catch errors
-  set -o pipefail
-  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
-
-  # rm -rf $GITOPS_WORKING_DIR
-  mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}
-
-
-  echo
-  reset_colors
-  echo_h2 "Review Settings"
-
-  echo "${TEXT_DIM}"
-  echo_h2 "Target" "    "
-  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
-  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
-  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
-  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  echo_h2 "AWS Secrets Manager" "    "
-  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
-  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
-  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
-  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ............................. ${COLOR_GREEN}Enabled"
-    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-    echo_reset_dim "Host ....................................... ${COLOR_MAGENTA}${GITHUB_HOST}"
-    echo_reset_dim "Organization ............................... ${COLOR_MAGENTA}${GITHUB_ORG}"
-    echo_reset_dim "Repository ................................. ${COLOR_MAGENTA}${GITHUB_REPO}"
-    echo_reset_dim "Branch ..................................... ${COLOR_MAGENTA}${GIT_BRANCH}"
-  else
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ............................. ${COLOR_RED}Disabled"
-    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-  fi
-  reset_colors
-
-  # echo all the variables of gitops envs
-
-  # -- AIBroker
-  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-  
- echo -e "login aws"
-
- AVP_TYPE=aws  # Support for IBM will be added later
-  sm_login
-
-  SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
-
-  export SECRET_IBM_ENTITLEMENT_AUTH=${SECRETS_PREFIX}ibm_entitlement
-  export SECRET_STORAGE_AUTH=${SECRETS_PREFIX}storage
-  export SECRET_MARIADB_AUTH=${SECRETS_PREFIX}mariadb
-  export SECRET_DRO_AUTH=${SECRETS_PREFIX}droai
-  export SECRET_SLS_AUTH=${SECRETS_PREFIX}sls
-  export SECRET_JDBC_AUTH=${SECRETS_PREFIX}jdbc
-
-#   #deleting secrets from aws
-#    echo -e "Deleting ibm_entitlement secrets $SECRET_IBM_ENTITLEMENT_AUTH"
-#    sm_delete_secret $SECRET_IBM_ENTITLEMENT_AUTH
-
-#    echo -e "Deleting storage secrets $SECRET_STORAGE_AUTH"
-#    sm_delete_secret $SECRET_STORAGE_AUTH
-
-#    echo -e "Deleting watsonx secrets $SECRET_MARIADB_AUTH"
-#    sm_delete_secret $SECRET_MARIADB_AUTH
-
-#    echo -e "Deleting dro secrets $SECRET_DRO_AUTH"
-#    sm_delete_secret $SECRET_DRO_AUTH
-
-#    echo -e "Deleting jdbc secrets $SECRET_JDBC_AUTH"
-#    sm_delete_secret $SECRET_JDBC_AUTH
-
-#    echo -e "Deleting sls secrets $SECRET_SLS_AUTH"
-#    sm_delete_secret $SECRET_SLS_AUTH
-  
-
-  # finally push them into the git repo
-
-    if [ -z $GIT_SSH ]; then
-      export GIT_SSH=false
-    fi
-
-    #Clone github target repo
-    #---------------------------------------------------------------------------
-    if [ "$GITHUB_PUSH" == "true" ]; then
-     echo
-      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
-    fi
-
-
-    # Generate ArgoApps
-    # ---------------------------------------------------------------------------
-    echo
-    echo_h2 "Deleting application configuration files"
-    echo "- Deleting aibroker "
-   
-   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker-instance-base.yaml
-   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker.yaml
-    if [ "$GITHUB_PUSH" == "true" ]; then
-      echo
-      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
-      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
-    fi
-
-}
diff --git a/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant b/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
deleted file mode 100644
index da4fdfeffd0..00000000000
--- a/image/cli/mascli/functions/gitops_deprovision_aibroker_tenant
+++ /dev/null
@@ -1,269 +0,0 @@
-#!/usr/bin/env bash
-
-function gitops_deprovision_aibroker_tenant_help() {
-  [[ -n "$1" ]] && echo_warning "$1"
-  reset_colors
-  cat << EOM
-Usage:
-  mas gitops-aibroker-tenant-deprovision [options]
-Where ${COLOR_YELLOW}specified${TEXT_RESET} each option may also be defined by setting the appropriate environment variable.
-When no options are specified on the command line, interactive-mode will be enabled by default.
-
-Basic Configuration:
-  -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}                                                  Directory for GitOps repository
-  -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}                                                   Account name that the cluster belongs to
-  -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}                                                   Cluster ID
-
-
-Secrets Manager:
-      --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET}                                              Secrets Manager path
-      --secrets-key-seperator ${COLOR_YELLOW}SECRETS_KEY_SEPERATOR${TEXT_RESET}  
-
-
-ibm_aibroker_tenant(required):
-      --aibroker-instance-id ${COLOR_YELLOW}AIBROKER_INSTANCE_ID${TEXT_RESET}                               The AIBROKER instance ID used by AI Broker
-      --tenant-id ${COLOR_YELLOW}TENANT_ID${TEXT_RESET}                                                     The tenant ID for the AI Broker instance
-
-
-Automatic GitHub Push (Optional):
-  -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET}                                                  Enable automatic push to GitHub
-  -H, --github-host ${COLOR_YELLOW}GITHUB_HOST${TEXT_RESET}                                                  GitHub Hostname for your GitOps repository
-  -O, --github-org ${COLOR_YELLOW}GITHUB_ORG${TEXT_RESET}                                                    Github org for your GitOps repository
-  -R, --github-repo ${COLOR_YELLOW}GITHUB_REPO${TEXT_RESET}                                                  Github repo for your GitOps repository
-  -S, --github-ssh ${COLOR_YELLOW}GIT_SSH${TEXT_RESET}                                                       Git ssh key path
-  -B, --git-branch ${COLOR_YELLOW}GIT_BRANCH${TEXT_RESET}                                                    Git branch to commit to of your GitOps repository
-  -M, --git-commit-msg ${COLOR_YELLOW}GIT_COMMIT_MSG${TEXT_RESET}                                            Git commit message to use when committing to of your GitOps repository
-
-Other Commands:
-  -h, --help                                      Show this help message
-EOM
-  [[ -n "$1" ]] && exit 1 || exit 0
-}
-
-function gitops_deprovision_aibroker_tenant_noninteractive() {
-  GITOPS_WORKING_DIR=$PWD/working-dir
-  SECRETS_KEY_SEPERATOR="/"
-  GIT_COMMIT_MSG="gitops-aibroker-tenant-deprovision commit"
-
-  # adding default values 
-  export REGION_ID=${REGION_ID:-${SM_AWS_REGION}}
-
-  while [[ $# -gt 0 ]]
-  do
-    key="$1"
-    shift
-    case $key in
-      # GitOps Configuration
-      -d|--dir)
-        export GITOPS_WORKING_DIR=$1 && shift
-        ;;
-      -a|--account-id)
-        export ACCOUNT_ID=$1 && shift
-        ;;
-      -c|--cluster-id)
-        export CLUSTER_ID=$1 && shift
-        ;;
-      --aibroker-instance-id)
-        export AIBROKER_INSTANCE_ID=$1 && shift
-        ;;
-      # AWS Secrets Manager Configuration
-      --sm-aws-secret-region)
-        export SM_AWS_REGION=$1
-        export REGION_ID=$1
-        shift
-        ;;
-      --sm-aws-access-key)
-        export SM_AWS_ACCESS_KEY_ID=$1 && shift
-        ;;
-      --sm-aws-secret-key)
-        export SM_AWS_SECRET_ACCESS_KEY=$1 && shift
-        ;;
-      --secrets-path)
-        export SECRETS_PATH=$1 && shift
-        ;;  
-      --tenant-id)
-        export TENANT_ID=$1 && shift
-        ;;
-
-      # Automatic GitHub Push
-      -P|--github-push)
-        export GITHUB_PUSH=true
-        ;;
-      -H|--github-host)
-        export GITHUB_HOST=$1 && shift
-        ;;
-      -O|--github-org)
-        export GITHUB_ORG=$1 && shift
-        ;;
-      -R|--github-repo)
-        export GITHUB_REPO=$1 && shift
-        ;;
-      -B|--git-branch)
-        export GIT_BRANCH=$1 && shift
-        ;;
-      -M|--git-commit-msg)
-        export GIT_COMMIT_MSG=$1 && shift
-        ;;
-
-      # Other Commands
-      -h|--help)
-        gitops_deprovision_aibroker_tenant_help
-        ;;
-      *)
-        # unknown option
-        echo -e "${COLOR_RED}Usage Error: Unsupported option \"${key}\"${COLOR_RESET}\n"
-        gitops_deprovision_aibroker_tenant_help  "Usage Error: Unsupported option \"${key}\" "
-        exit 1
-        ;;
-      esac
-  done
-
-  [[ -z "$GITOPS_WORKING_DIR" ]] && gitops_deprovision_aibroker_tenant_help "GITOPS_WORKING_DIR is not set"
-  [[ -z "$ACCOUNT_ID" ]] && gitops_deprovision_aibroker_tenant_help "ACCOUNT_ID is not set"
-  [[ -z "$CLUSTER_ID" ]] && gitops_deprovision_aibroker_tenant_help "CLUSTER_ID is not set"
-  [[ -z "$REGION_ID" && -z "$SM_AWS_REGION" ]] && gitops_deprovision_aibroker_tenant_help "REGION_ID or SM_AWS_REGION is not set"
-
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    [[ -z "$GITHUB_HOST" ]] && gitops_deprovision_aibroker_tenant_help "GITHUB_HOST is not set"
-    [[ -z "$GITHUB_ORG" ]] && gitops_deprovision_aibroker_tenant_help "GITHUB_ORG is not set"
-    [[ -z "$GITHUB_REPO" ]] && gitops_deprovision_aibroker_tenant_help "GITHUB_REPO is not set"
-    [[ -z "$GIT_BRANCH" ]] && gitops_deprovision_aibroker_tenant_help "GIT_BRANCH is not set"
-  fi
-
-  # add validation below like above  for those variable which have the value needed for further execution
-  # -- AIBroker
-  [[ -z "$AIBROKER_INSTANCE_ID" ]] && gitops_deprovision_aibroker_tenant_help "AIBROKER_INSTANCE_ID is not set. Please specify the AI Broker instance ID using --aibroker_instance_id."
-  [[ -z "$TENANT_ID" ]] && gitops_deprovision_aibroker_tenant_help "TENANT_ID is not set. Please provide the tenant ID using --tenant-id."
-
- }
-
-function gitops_deprovision_aibroker_tenant() {
-  # Take the first parameter off (it will be create-gitops)
-  shift
-  if [[ $# -gt 0 ]]; then
-    gitops_deprovision_aibroker_tenant_noninteractive "$@"
-  else
-    echo "Not supported yet"
-    exit 1
-    gitops_deprovision_aibroker_tenant_interactive
-  fi
-
-  # catch errors
-  set -o pipefail
-  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
-
-  # rm -rf $GITOPS_WORKING_DIR
-  mkdir -p ${GITOPS_WORKING_DIR}
-  GITOPS_CLUSTER_DIR=${GITOPS_WORKING_DIR}/${GITHUB_REPO}/${ACCOUNT_ID}/${CLUSTER_ID}/${AIBROKER_INSTANCE_ID}/${TENANT_ID}
-
-
-  echo
-  reset_colors
-  echo_h2 "Review Settings"
-
-  echo "${TEXT_DIM}"
-  echo_h2 "Target" "    "
-  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT_ID}"
-  echo_reset_dim "Region ID ...................... ${COLOR_MAGENTA}${REGION_ID}"
-  echo_reset_dim "Cluster ID ..................... ${COLOR_MAGENTA}${CLUSTER_ID}"
-  echo_reset_dim "Cluster Config Directory ....... ${COLOR_MAGENTA}${GITOPS_CLUSTER_DIR}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  echo_h2 "AWS Secrets Manager" "    "
-  echo_reset_dim "Region ......................... ${COLOR_MAGENTA}${SM_AWS_REGION}"
-  echo_reset_dim "Secret Key ..................... ${COLOR_MAGENTA}${SM_AWS_ACCESS_KEY_ID:0:4}<snip>"
-  echo_reset_dim "Access Key ..................... ${COLOR_MAGENTA}${SM_AWS_SECRET_ACCESS_KEY:0:4}<snip>"
-  echo_reset_dim "Secrets Path ................... ${COLOR_MAGENTA}${SECRETS_PATH}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  if [[ "$GITHUB_PUSH" == "true" ]]; then
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ............................. ${COLOR_GREEN}Enabled"
-    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-    echo_reset_dim "Host ....................................... ${COLOR_MAGENTA}${GITHUB_HOST}"
-    echo_reset_dim "Organization ............................... ${COLOR_MAGENTA}${GITHUB_ORG}"
-    echo_reset_dim "Repository ................................. ${COLOR_MAGENTA}${GITHUB_REPO}"
-    echo_reset_dim "Branch ..................................... ${COLOR_MAGENTA}${GIT_BRANCH}"
-  else
-    echo_h2 "GitOps Target" "    "
-    echo_reset_dim "Automatic Push ............................. ${COLOR_RED}Disabled"
-    echo_reset_dim "Working Directory .......................... ${COLOR_MAGENTA}${GITOPS_WORKING_DIR}"
-  fi
-  reset_colors
-
-  # echo all the variables of gitops envs
-
-  # -- AIBroker
-  
-  echo_reset_dim "AI Broker Instance ID ................. ${COLOR_MAGENTA}${AIBROKER_INSTANCE_ID}"
-   
-  echo_reset_dim "tenant ID .................................... ${COLOR_MAGENTA}${TENANT_ID}"
-  
-  echo -e "login aws"
-
- AVP_TYPE=aws  # Support for IBM will be added later
-  sm_login
-
-  SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
-
-  export SECRET_IBM_ENTITLEMENT_AUTH=${SECRETS_PREFIX}ibm_entitlement
-  export SECRET_DRO_AUTH=${SECRETS_PREFIX}droai
-  export SECRET_SLS_AUTH=${SECRETS_PREFIX}sls
-  export SECRET_WATSONX_AUTH=${SECRETS_PREFIX}watsonx
-  export SECRET_RSL_AUTH=${SECRETS_PREFIX}rsl
-  export SECRET_STORAGE_AUTH=${SECRETS_PREFIX}storage
-
-
-  #deleting secrets from aws
-  #  echo -e "Deleting ibm_entitlement secrets $SECRET_IBM_ENTITLEMENT_AUTH"
-  #  sm_delete_secret $SECRET_IBM_ENTITLEMENT_AUTH
-
-  #  echo -e "Deleting dro secrets $SECRET_DRO_AUTH"
-  #  sm_delete_secret $SECRET_DRO_AUTH
-
-  #  echo -e "Deleting sls secrets $SECRET_SLS_AUTH"
-  #  sm_delete_secret $SECRET_SLS_AUTH
-
-  #  echo -e "Deleting watsonx secrets $SECRET_WATSONX_AUTH"
-  #  sm_delete_secret $SECRET_WATSONX_AUTH
-
-  #  echo -e "Deleting rsl secrets $SECRET_RSL_AUTH"
-  #  sm_delete_secret $SECRET_RSL_AUTH
-
-  #  echo -e "Deleting storage secrets $SECRET_STORAGE_AUTH"
-  #  sm_delete_secret $SECRET_STORAGE_AUTH
-
-
-  # finally push them into the git repo
-
-    if [ -z $GIT_SSH ]; then
-      export GIT_SSH=false
-    fi
-
-    #Clone github target repo
-    #---------------------------------------------------------------------------
-    if [ "$GITHUB_PUSH" == "true" ]; then
-     echo
-      echo_h2 "Cloning GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      clone_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH $GITOPS_WORKING_DIR $GIT_SSH
-    fi
-
-
-    # Generate ArgoApps
-    # ---------------------------------------------------------------------------
-    echo
-    echo_h2 "Deleting application configuration files"
-    echo "- Deleting aibroker tenant"
-   
-   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant-base.yaml
-   rm -rf ${GITOPS_CLUSTER_DIR}/ibm-aibroker-tenant.yaml
-    if [ "$GITHUB_PUSH" == "true" ]; then
-      echo
-      echo_h2 "Commit and push changes to GitHub repo $GITHUB_ORG $GITHUB_REPO"
-      save_to_target_git_repo $GITHUB_HOST $GITHUB_ORG $GITHUB_REPO $GIT_BRANCH "${GITOPS_WORKING_DIR}/${GITHUB_REPO}" "${GIT_COMMIT_MSG}"
-      remove_git_repo_clone $GITOPS_WORKING_DIR/$GITHUB_REPO
-    fi
-
-}

From 1fb1628635938f3e2750c925f01612c7922fc47d Mon Sep 17 00:00:00 2001
From: joshiricha444 <joshi.richa444@gmail.com>
Date: Mon, 18 May 2026 14:48:29 +0530
Subject: [PATCH 242/258] Change aibroker to aiservice in
 gitops_deprovision_odh

---
 image/cli/mascli/functions/gitops_deprovision_odh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_deprovision_odh b/image/cli/mascli/functions/gitops_deprovision_odh
index 6ab7fa9f63d..eba52fe1d93 100644
--- a/image/cli/mascli/functions/gitops_deprovision_odh
+++ b/image/cli/mascli/functions/gitops_deprovision_odh
@@ -15,7 +15,7 @@ GitOps Configuration:
   -d, --dir ${COLOR_YELLOW}GITOPS_WORKING_DIR${TEXT_RESET}         Directory for GitOps repository
   -a, --account-id ${COLOR_YELLOW}ACCOUNT_ID${TEXT_RESET}          Account name that the cluster belongs to
   -c, --cluster-id ${COLOR_YELLOW}CLUSTER_ID${TEXT_RESET}          Cluster ID
-  -i, --aibroker-instance-id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET}                    AI Broker instance ID  
+  -i, --aiservice-instance-id ${COLOR_YELLOW}AISERVICE_INSTANCE_ID${TEXT_RESET}                    AI Service instance ID  
 
 
 Secrets Manager:
@@ -76,7 +76,7 @@ function gitops_deprovision_odh_noninteractive() {
       --secrets-path)
         export SECRETS_PATH=$1 && shift
         ;;
-      --aibroker-instance-id)
+      --aiservice-instance-id)
         export AISERVICE_INSTANCE_ID=$1 && shift
         ;;
       # Automatic GitHub Push

From 7384248767030909b7e919b4f4d0fbefa2188bd5 Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Wed, 20 May 2026 13:21:10 +0530
Subject: [PATCH 243/258] [patch] gitOps fvt variable passed

---
 image/cli/mascli/functions/gitops_aiservice            | 1 +
 tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 | 5 +++++
 tekton/src/tasks/gitops/gitops-aiservice.yml.j2        | 5 +++++
 3 files changed, 11 insertions(+)

diff --git a/image/cli/mascli/functions/gitops_aiservice b/image/cli/mascli/functions/gitops_aiservice
index eb0b1377051..b8c59ce5e6a 100644
--- a/image/cli/mascli/functions/gitops_aiservice
+++ b/image/cli/mascli/functions/gitops_aiservice
@@ -353,6 +353,7 @@ function gitops_aiservice() {
   echo_reset_dim "Is External Route ...................... ${COLOR_MAGENTA}${IS_EXTERNAL_ROUTE}"
   echo_reset_dim "JDBC Secret ............................ ${COLOR_MAGENTA}${JDBC_SECRET}"
   echo_reset_dim "Use AWS DB2 ............................ ${COLOR_MAGENTA}${USE_AWS_DB2}"
+  echo_reset_dim "Is GitOps FVT ENV ............................ ${COLOR_MAGENTA}${IS_GITOPS_FVT_ENV}"
 
   AVP_TYPE=aws  # Support for IBM will be added later
   sm_login
diff --git a/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2
index 56a1d2c1797..1bf20ea2998 100644
--- a/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2
@@ -93,6 +93,9 @@ spec:
     - name: sls_service
       type: string
       default: ""
+    - name: is_gitops_fvt_env
+      type: string
+      default: "false"  
   stepTemplate:
     name: gitops-aiservice-tenant
     env:
@@ -180,6 +183,8 @@ spec:
         value: $(params.tenant_scheduling_config_yaml)
       - name: STANDALONE_SLS_SERVICE
         value: $(params.sls_service)
+      - name: IS_GITOPS_FVT_ENV
+        value: $(params.is_gitops_fvt_env)  
     envFrom:
       - configMapRef:
           name: environment-properties
diff --git a/tekton/src/tasks/gitops/gitops-aiservice.yml.j2 b/tekton/src/tasks/gitops/gitops-aiservice.yml.j2
index 7f3a5a3b69a..d771cd17312 100644
--- a/tekton/src/tasks/gitops/gitops-aiservice.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-aiservice.yml.j2
@@ -79,6 +79,9 @@ spec:
       type: string
     - name: use_aws_db2
       type: string
+    - name: is_gitops_fvt_env
+      type: string
+      default: "false"
 
   stepTemplate:
     name: gitops-aiservice
@@ -155,6 +158,8 @@ spec:
         value: $(params.jdbc_secret)
       - name: USE_AWS_DB2
         value: $(params.use_aws_db2)
+      - name: IS_GITOPS_FVT_ENV
+        value: $(params.is_gitops_fvt_env)   
         
     envFrom:
       - configMapRef:

From d1611777835b7c866b31b434efc8e21e46a58d68 Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Wed, 20 May 2026 14:42:26 +0530
Subject: [PATCH 244/258] - Variables added for AI FVT

---
 image/cli/mascli/functions/gitops_aiservice                 | 4 ++++
 .../src/pipelines/gitops/gitops-aiservice-pipeline.yml.j2   | 6 +++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/image/cli/mascli/functions/gitops_aiservice b/image/cli/mascli/functions/gitops_aiservice
index b8c59ce5e6a..e2375940825 100644
--- a/image/cli/mascli/functions/gitops_aiservice
+++ b/image/cli/mascli/functions/gitops_aiservice
@@ -72,6 +72,7 @@ function gitops_aiservice_noninteractive() {
   #adding default values 
   export AISERVICE_NAMESPACE=${AISERVICE_NAMESPACE:-"aiservice-${AISERVICE_INSTANCE_ID}"}
   export IN_SAAS_ENV=${IN_SAAS_ENV:-"true"}
+  export IS_GITOPS_FVT_ENV=${IS_GITOPS_FVT_ENV:-"false"}
   export IS_EXTERNAL_ROUTE=${IS_EXTERNAL_ROUTE:-"false"}  # Default to "false", can be set to "true" if needed  
   export JDBC_SECRET=${JDBC_SECRET:-"aiservice-jdbc-secret"}
   export USE_AWS_DB2=${USE_AWS_DB2:-"false"}  # Default to "false", can be set to "true" if needed
@@ -136,6 +137,9 @@ function gitops_aiservice_noninteractive() {
       --in-saas-env)
           export IN_SAAS_ENV=$1 && shift
         ;;
+      --is-gitops-fvt-env)
+        export IS_GITOPS_FVT_ENV=$1 && shift
+        ;;  
       --is-external-route)
           export IS_EXTERNAL_ROUTE=$1 && shift
         ;;
diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-pipeline.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-pipeline.yml.j2
index 49254042750..5c9be3ee67e 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-pipeline.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-pipeline.yml.j2
@@ -63,6 +63,8 @@ spec:
       type: string
     - name: use_aws_db2
       type: string
+    - name: is_gitops_fvt_env
+      type: string  
 
     # ODH-specific
     - name: odh_channel
@@ -242,4 +244,6 @@ spec:
         - name: jdbc_secret
           value: $(params.jdbc_secret)
         - name: use_aws_db2
-          value: $(params.use_aws_db2)
\ No newline at end of file
+          value: $(params.use_aws_db2)
+        - name: is_gitops_fvt_env
+          value: $(params.is_gitops_fvt_env)  
\ No newline at end of file

From 0928eb4f42fc94827f818cf348d76234cfcc6af7 Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Wed, 20 May 2026 17:35:17 +0530
Subject: [PATCH 245/258] Update gitops-mas-initiator.yml.j2

---
 tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index beab1e44038..fd4fd17cc2f 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -125,6 +125,9 @@ spec:
     - name: centralised_sls
       type: string
       default: ""
+    - name: is_gitops_fvt_env
+      type: string
+      default: ""  
   stepTemplate:
     name: gitops-mas-initiator
     env:
@@ -160,6 +163,8 @@ spec:
         value: $(params.mas_instance_id)
       - name: AISERVICE_INSTANCE_ID
         value: $(params.aiservice_instance_id)
+      - name: IS_GITOPS_FVT_ENV
+        value: $(params.is_gitops_fvt_env)  
       - name: MAS_APP_CHANNEL_ASSIST
         value: $(params.mas_app_channel_assist)
       - name: MAS_APP_INSTALL_PLAN_ASSIST
@@ -260,6 +265,8 @@ spec:
 
         echo "gitops-mas-initiator: Deployment mode - MAS_INSTANCE_ID=${MAS_INSTANCE_ID}, AISERVICE_INSTANCE_ID=${AISERVICE_INSTANCE_ID}"
 
+        echo "gitops-mas-initiator: AI Service Deployment mode - MAS_INSTANCE_ID=${MAS_INSTANCE_ID}, IS_GITOPS_FVT_ENV=${IS_GITOPS_FVT_ENV}"
+
         if [ -n $IBMCLOUD_APIKEY ]; then
 
           export SECRET_NAME=${ACCOUNT}${SECRETS_KEY_SEPERATOR}${CLUSTER_NAME}${SECRETS_KEY_SEPERATOR}cis

From dfb695bbabf16eacb52ad0fcda08264cff3733ea Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Thu, 21 May 2026 11:29:22 +0530
Subject: [PATCH 246/258] Update gitops-mas-initiator.yml.j2

---
 tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
index 513531c2721..0b8655d23b3 100644
--- a/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-mas-initiator.yml.j2
@@ -66,6 +66,9 @@ spec:
     - name: aiservice_instance_id
       type: string
       default: ""
+    - name: is_gitops_fvt_env
+      type: string
+      default: ""  
     - name: mas_app_channel_assist
       type: string
       default: ""
@@ -200,6 +203,8 @@ spec:
           value: $(params.mas_instance_id)
         - name: aiservice_instance_id
           value: $(params.aiservice_instance_id)
+        - name: is_gitops_fvt_env
+          value: $(params.is_gitops_fvt_env)  
         - name: mas_app_channel_assist
           value: $(params.mas_app_channel_assist)
         - name: mas_app_channel_iot

From 471907fe33d34bceb11ed6af921010ee8468301f Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Fri, 22 May 2026 15:58:10 +0530
Subject: [PATCH 247/258] Update gitops_aiservice_tenant

---
 .../mascli/functions/gitops_aiservice_tenant  | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aiservice_tenant b/image/cli/mascli/functions/gitops_aiservice_tenant
index 87599163132..d00171d3c16 100644
--- a/image/cli/mascli/functions/gitops_aiservice_tenant
+++ b/image/cli/mascli/functions/gitops_aiservice_tenant
@@ -331,14 +331,17 @@ function gitops_aiservice_tenant_noninteractive() {
     [[ -z "$SLSCFG_URL" ]] && gitops_aiservice_tenant_help "SLSCFG_URL is not set. Please specify the SLS configuration URL using --slscfg-url."
   fi
 
-  # -- Watsonx
-  [[ -z "$AISERVICE_WATSONXAI_URL" ]] && gitops_aiservice_tenant_help "AISERVICE_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --aiservice-watsonxai-url."
-  [[ -z "$AISERVICE_WATSONX_FULL" ]] && gitops_aiservice_tenant_help "AISERVICE_WATSONX_FULL is not set. Please specify the full Watsonx.ai URL using --aiservice-watsonx-full."
-  [[ -z "$AISERVICE_S3_ENDPOINT_URL" ]] && gitops_aiservice_tenant_help "AISERVICE_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --aiservice-s3-endpoint-url."
-  
-  [[ -z "$AISERVICE_STORAGE_SSL" ]] && gitops_aiservice_tenant_help "AISERVICE_STORAGE_SSL is not set. Please specify whether SSL is enabled for STORAGE using --aiservice-storage-ssl."
-  [[ -z "$AISERVICE_STORAGE_PROVIDER" ]] && gitops_aiservice_tenant_help "AISERVICE_STORAGE_PROVIDER is not set. Please specify the STORAGE provider using --aiservice-storage-provider."
- 
+  if [[ "${IS_GITOPS_FVT_ENV}" != "true" ]]; then
+    # -- Watsonx
+    [[ -z "$AISERVICE_WATSONXAI_URL" ]] && gitops_aiservice_tenant_help "AISERVICE_WATSONXAI_URL is not set. Please specify the Watsonx.ai URL using --aiservice-watsonxai-url."
+    [[ -z "$AISERVICE_WATSONX_FULL" ]] && gitops_aiservice_tenant_help "AISERVICE_WATSONX_FULL is not set. Please specify the full Watsonx.ai URL using --aiservice-watsonx-full."
+    [[ -z "$AISERVICE_S3_ENDPOINT_URL" ]] && gitops_aiservice_tenant_help "AISERVICE_S3_ENDPOINT_URL is not set. Please specify the S3 endpoint URL using --aiservice-s3-endpoint-url."
+    
+    [[ -z "$AISERVICE_STORAGE_SSL" ]] && gitops_aiservice_tenant_help "AISERVICE_STORAGE_SSL is not set. Please specify whether SSL is enabled for STORAGE using --aiservice-storage-ssl."
+    [[ -z "$AISERVICE_STORAGE_PROVIDER" ]] && gitops_aiservice_tenant_help "AISERVICE_STORAGE_PROVIDER is not set. Please specify the STORAGE provider using --aiservice-storage-provider."
+  else
+      echo "GitOps FVT Environment: Skipping watsonx verification (will be created by postSync job)"
+  fi
  }
 
 function gitops_aiservice_tenant() {

From 87aa637e8341f59c9a2f928dc4b78d77dbae3dc6 Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Mon, 25 May 2026 19:21:18 +0530
Subject: [PATCH 248/258] Update .secrets.baseline

---
 .secrets.baseline | 62 +++++++++++++++++++++++------------------------
 1 file changed, 31 insertions(+), 31 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index bc2045d68b9..65c0956905a 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-05-16T15:00:24Z",
+  "generated_at": "2026-05-25T13:49:33Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -89,30 +89,10 @@
     ],
     "docs/guides/configure-airgap.md": [
       {
-        "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 44,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "docs/commands/provision-roks.md": [
-      {
-        "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 40,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ],
-    "docs/commands/setup-registry.md": [
-      {
-        "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
+        "hashed_secret": "354b3a4b7715d3694c88a4fa7db49e41de86568e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 31,
+        "line_number": 145,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -230,7 +210,7 @@
         "hashed_secret": "6ffb91fd9c01e69b8e9093d84439c8b88dd8fe35",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 75,
+        "line_number": 77,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -238,7 +218,7 @@
         "hashed_secret": "db40a6131d9b574bb057875df98fb03f9874d5b4",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 91,
+        "line_number": 93,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -246,7 +226,7 @@
         "hashed_secret": "6fbaa59234a602571baf17a51592b436b33f8491",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 92,
+        "line_number": 94,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -254,7 +234,7 @@
         "hashed_secret": "bd1b0b7f343605538b1da78056db3a7bddf3f807",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 95,
+        "line_number": 97,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -262,7 +242,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 308,
+        "line_number": 316,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -272,7 +252,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 372,
+        "line_number": 382,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -367,6 +347,16 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/functions/gitops_deprovision_kmodel": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 173,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/functions/gitops_deprovision_mongo": [
       {
         "hashed_secret": "2582aea6f911bd00fc04cb25e0ec16d5ead62068",
@@ -382,7 +372,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 188,
+        "line_number": 170,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -425,6 +415,16 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/functions/gitops_kmodel": [
+      {
+        "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 335,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/functions/gitops_license": [
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
@@ -692,7 +692,7 @@
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 43,
+        "line_number": 45,
         "type": "Secret Keyword",
         "verified_result": null
       }

From a3f6ffc4043af69e617019230bb0b447c77841b7 Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Mon, 25 May 2026 19:55:46 +0530
Subject: [PATCH 249/258] Update gitops-mas-initiator.yml.j2

---
 tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2 b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
index fd4fd17cc2f..b237676c4bc 100644
--- a/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-mas-initiator.yml.j2
@@ -601,10 +601,14 @@ spec:
           process_j2_files "$TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/icn"
 
           # Now extract ICN and SAAS_SUB_ID from sls.sls_service parameter
-          SLS_SERVICE=$(yq '.sls.sls_service // ""' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml)
-          
+          if [[ "${IS_GITOPS_FVT_ENV}" == true ]] && [ -n "$AISERVICE_INSTANCE_ID" ]; then
+            SLS_SERVICE=$(yq '.sls.sls_service // ""' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$AISERVICE_INSTANCE_ID/aiservice-params.yaml)
+          else
+            SLS_SERVICE=$(yq '.sls.sls_service // ""' $TARGET_LOCAL_DIR/$TARGET_GITHUB_REPO/gitops/$ACCOUNT/$REGION/$CLUSTER_NAME/$MAS_INSTANCE_ID/mas-instance-params.yaml)
+          fi
+
           if [ -z "$SLS_SERVICE" ]; then
-            echo "Error: CENTRALISED_SLS is true but no SLS service reference found in mas-instance-params.yaml" >&2
+            echo "Error: CENTRALISED_SLS is true but no SLS service reference found in either mas-instance-params.yaml or aiservice-params.yaml" >&2
             exit 1
           fi
           

From b80605c1fce189a3141cfc6da1d5254d867bd4ab Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Wed, 27 May 2026 12:19:19 +0530
Subject: [PATCH 250/258] Update gitops_aiservice

---
 image/cli/mascli/functions/gitops_aiservice | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/image/cli/mascli/functions/gitops_aiservice b/image/cli/mascli/functions/gitops_aiservice
index e2375940825..a0395bd416f 100644
--- a/image/cli/mascli/functions/gitops_aiservice
+++ b/image/cli/mascli/functions/gitops_aiservice
@@ -395,6 +395,17 @@ function gitops_aiservice() {
     sm_verify_secret_exists ${SECRETS_PREFIX}jdbc "jdbccfg_username,jdbccfg_password,jdbccfg_url,jdbccfg_sslenabled,jdbccfg_ca_b64enc"
   else
     echo "IS_GITOPS_FVT_ENV is true - Skipping DRO, S3, and JDBC secret validation"
+
+    export WATSONXAI_APIKEY=${WATSONXAI_APIKEY:-"watsonxai-apikey"}
+    export WATSONXAI_PROJECT_ID=${WATSONXAI_PROJECT_ID:-"watsonxai-project-id"}
+
+    echo "WATSONXAI_APIKEY is set - ${WATSONXAI_APIKEY}"
+    echo "WATSONXAI_PROJECT_ID is set - ${WATSONXAI_PROJECT_ID}"
+
+    export SECRET_NAME_WATSONXAI=${SECRETS_PREFIX}watsonx
+
+    TAGS="[{\"Key\": \"watsonxai_apikey\", \"Value\": \"watsonxai_apikey\"}, {\"Key\": \"watsonxai_project_id\", \"Value\": \"watsonxai_project_id\"}]"
+    sm_update_secret $SECRET_NAME_WATSONXAI "{\"watsonxai_apikey\": \"$WATSONXAI_APIKEY\", \"watsonxai_project_id\": \"$WATSONXAI_PROJECT_ID\"}" "${TAGS}"
   fi
 
     if [ -z $GIT_SSH ]; then

From 2a89a685aeee0fe85bf56830c265877f0c3c7d72 Mon Sep 17 00:00:00 2001
From: Jaydip Golviya <jgolviya@ibm.com>
Date: Thu, 28 May 2026 14:16:52 +0530
Subject: [PATCH 251/258] Update gitops_aiservice

---
 image/cli/mascli/functions/gitops_aiservice | 49 ++++++++++++++++-----
 1 file changed, 39 insertions(+), 10 deletions(-)

diff --git a/image/cli/mascli/functions/gitops_aiservice b/image/cli/mascli/functions/gitops_aiservice
index a0395bd416f..609cc651bb4 100644
--- a/image/cli/mascli/functions/gitops_aiservice
+++ b/image/cli/mascli/functions/gitops_aiservice
@@ -278,6 +278,44 @@ function gitops_aiservice_noninteractive() {
 
 }
 
+function gitops_aiservice_fvt_prepare() {
+
+  SECRETS_PREFIX="${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}"
+
+  WATSONXAI_APIKEY=${WATSONXAI_APIKEY:-"watsonxai-apikey"}
+  WATSONXAI_PROJECT_ID=${WATSONXAI_PROJECT_ID:-"watsonxai-project-id"}
+
+  SECRET_NAME_WATSONXAI=${SECRETS_PREFIX}watsonx
+
+  TAGS="[{\"Key\": \"watsonxai_apikey\", \"Value\": \"watsonxai_apikey\"}, {\"Key\": \"watsonxai_project_id\", \"Value\": \"watsonxai_project_id\"}]"
+  
+  sm_update_secret \
+    "$SECRET_NAME_WATSONXAI" \
+    "{\"watsonxai_apikey\":\"$WATSONXAI_APIKEY\",\"watsonxai_project_id\":\"$WATSONXAI_PROJECT_ID\"}" \
+    "$TAGS" || {
+      echo "Failed to update WatsonX secret"
+      return 1
+    }
+
+  SM_S3_ACCESSKEY=${SM_S3_ACCESSKEY:-"sm_s3_accesskey"}
+  SM_S3_SECRETKEY=${SM_S3_SECRETKEY:-"sm_s3_secretkey"}
+  SM_S3_HOST=${SM_S3_HOST:-"sm_s3_host"}
+  SM_S3_REGION=${SM_S3_REGION:-"sm_s3_region"}
+
+  SECRET_NAME_S3=${SECRETS_PREFIX}s3
+  TAGS="[{\"Key\": \"sm_s3_accesskey\", \"Value\": \"sm_s3_accesskey\"}, {\"Key\": \"sm_s3_secretkey\", \"Value\": \"sm_s3_secretkey\"}, {\"Key\": \"sm_s3_host\", \"Value\": \"sm_s3_host\"}, {\"Key\": \"sm_s3_region\", \"Value\": \"sm_s3_region\"}]"
+  
+  sm_update_secret \
+    "$SECRET_NAME_S3" \
+    "{\"sm_s3_accesskey\":\"$SM_S3_ACCESSKEY\",\"sm_s3_secretkey\":\"$SM_S3_SECRETKEY\",\"sm_s3_host\":\"$SM_S3_HOST\",\"sm_s3_region\":\"$SM_S3_REGION\"}" \
+    "$TAGS" || {
+      echo "Failed to update S3 secret"
+      return 1
+    }
+
+  echo "AI Service FVT secret creating function end"
+}
+
 function gitops_aiservice() {
   # Take the first parameter off (it will be create-gitops)
   shift
@@ -396,16 +434,7 @@ function gitops_aiservice() {
   else
     echo "IS_GITOPS_FVT_ENV is true - Skipping DRO, S3, and JDBC secret validation"
 
-    export WATSONXAI_APIKEY=${WATSONXAI_APIKEY:-"watsonxai-apikey"}
-    export WATSONXAI_PROJECT_ID=${WATSONXAI_PROJECT_ID:-"watsonxai-project-id"}
-
-    echo "WATSONXAI_APIKEY is set - ${WATSONXAI_APIKEY}"
-    echo "WATSONXAI_PROJECT_ID is set - ${WATSONXAI_PROJECT_ID}"
-
-    export SECRET_NAME_WATSONXAI=${SECRETS_PREFIX}watsonx
-
-    TAGS="[{\"Key\": \"watsonxai_apikey\", \"Value\": \"watsonxai_apikey\"}, {\"Key\": \"watsonxai_project_id\", \"Value\": \"watsonxai_project_id\"}]"
-    sm_update_secret $SECRET_NAME_WATSONXAI "{\"watsonxai_apikey\": \"$WATSONXAI_APIKEY\", \"watsonxai_project_id\": \"$WATSONXAI_PROJECT_ID\"}" "${TAGS}"
+    gitops_aiservice_fvt_prepare
   fi
 
     if [ -z $GIT_SSH ]; then

From 33a2a2535daf80fa53b52f1a257103d1a543e2aa Mon Sep 17 00:00:00 2001
From: Richa Joshi <Richa.Joshi@ibm.com>
Date: Fri, 29 May 2026 02:14:59 +0530
Subject: [PATCH 252/258] DB2 Provisioning and secrets

---
 image/cli/mascli/functions/gitops             |   1 +
 .../cli/mascli/functions/gitops_provision_db2 | 185 ++++++++++++++++++
 image/cli/mascli/mas                          |   9 +
 tekton/generate-tekton-tasks.yml              |   1 +
 .../gitops/gitops-aiservice-deps.yml.j2       |  39 ++++
 .../tasks/gitops/gitops-provision-db2.yml.j2  |  80 ++++++++
 6 files changed, 315 insertions(+)
 create mode 100644 image/cli/mascli/functions/gitops_provision_db2
 create mode 100644 tekton/src/tasks/gitops/gitops-provision-db2.yml.j2

diff --git a/image/cli/mascli/functions/gitops b/image/cli/mascli/functions/gitops
index e90393fa5e2..055c5106a5b 100644
--- a/image/cli/mascli/functions/gitops
+++ b/image/cli/mascli/functions/gitops
@@ -23,6 +23,7 @@ function gitops() {
   echo "${COLOR_CYAN}GitOps Dependencies:${TEXT_RESET}"
   echo "  ${COLOR_YELLOW}mas gitops-mongo${TEXT_RESET}                                Deploy MongoDB for MAS using GitOps"
   echo "  ${COLOR_YELLOW}mas gitops-process-mongo-user${TEXT_RESET}                   Process and configure MongoDB user credentials"
+  echo "  ${COLOR_YELLOW}mas gitops-provision-db2${TEXT_RESET}                        Provision DB2 for AI Service using GitOps"
   echo "  ${COLOR_YELLOW}mas gitops-kafka${TEXT_RESET}                                Deploy Apache Kafka for MAS using GitOps"
   echo "  ${COLOR_YELLOW}mas gitops-db2u${TEXT_RESET}                                 Deploy Db2 Universal for MAS using GitOps"
   echo "  ${COLOR_YELLOW}mas gitops-db2u-database${TEXT_RESET}                        Create and configure Db2 databases"
diff --git a/image/cli/mascli/functions/gitops_provision_db2 b/image/cli/mascli/functions/gitops_provision_db2
new file mode 100644
index 00000000000..4f45914d5d3
--- /dev/null
+++ b/image/cli/mascli/functions/gitops_provision_db2
@@ -0,0 +1,185 @@
+#!/bin/bash
+
+function gitops_provision_db2_noninteractive() {
+  # No interactive mode needed for FVT automation
+  echo "DB2 provisioning for AI Service FVT"
+}
+
+function gitops_provision_db2() {
+  # Catch errors
+  set -o pipefail
+  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
+
+  echo
+  reset_colors
+  echo_h2 "Review Settings"
+
+  echo "${TEXT_DIM}"
+  echo_h4 "Target" "    "
+  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT}"
+  echo_reset_dim "Cluster Name ................... ${COLOR_MAGENTA}${CLUSTER_NAME}"
+  echo_reset_dim "AI Service Instance ID ......... ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}"
+  reset_colors
+
+  echo "${TEXT_DIM}"
+  echo_h4 "DB2 Configuration" "    "
+  echo_reset_dim "DB2 Channel .................... ${COLOR_MAGENTA}${DB2_CHANNEL}"
+  echo_reset_dim "DB2 Meta Storage Class ......... ${COLOR_MAGENTA}${DB2_META_STORAGE_CLASS}"
+  echo_reset_dim "DB2 Data Storage Class ......... ${COLOR_MAGENTA}${DB2_DATA_STORAGE_CLASS}"
+  echo_reset_dim "DB2 Backup Storage Class ....... ${COLOR_MAGENTA}${DB2_BACKUP_STORAGE_CLASS}"
+  echo_reset_dim "DB2 Logs Storage Class ......... ${COLOR_MAGENTA}${DB2_LOGS_STORAGE_CLASS}"
+  echo_reset_dim "DB2 Temp Storage Class ......... ${COLOR_MAGENTA}${DB2_TEMP_STORAGE_CLASS}"
+  reset_colors
+  echo
+
+  # Set up AWS Secrets Manager connection
+  export SECRET_NAME_JDBC=${ACCOUNT}${SECRETS_KEY_SEPERATOR}${CLUSTER_NAME}${SECRETS_KEY_SEPERATOR}jdbc
+  AVP_TYPE=aws
+  sm_login
+
+  # Create temporary directory for Ansible execution
+  CURRENT_DIR=$PWD
+  TEMP_DIR=$CURRENT_DIR/tmp-db2
+  rm -rf $TEMP_DIR
+  mkdir -p $TEMP_DIR
+
+  # Set Ansible environment variables for DB2 role
+  export MAS_CONFIG_DIR=$TEMP_DIR
+  export MAS_INSTANCE_ID=${AISERVICE_INSTANCE_ID}
+  export MAS_CONFIG_SCOPE=system
+  export ROLE_NAME=db2
+  
+  # DB2 Installation Parameters
+  export DB2_ACTION=install
+  export DB2_NAMESPACE=db2u
+  export DB2_INSTANCE_NAME=${AISERVICE_INSTANCE_ID}-db2wh
+  export DB2_CHANNEL=${DB2_CHANNEL:-v11.5}
+  export DB2_DBNAME=BLUDB
+  export DB2_TYPE=db2wh
+  export DB2_4K_DEVICE_SUPPORT=ON
+  export DB2_WORKLOAD=ANALYTICS
+  export DB2_TABLE_ORG=ROW
+  export TLS_VERSION=TLSv1.2
+  
+  # Storage Configuration - use the storage classes passed from Tekton
+  export DB2_META_STORAGE_SIZE=10Gi
+  export DB2_META_STORAGE_ACCESSMODE=ReadWriteMany
+  
+  export DB2_DATA_STORAGE_SIZE=50Gi
+  export DB2_DATA_STORAGE_ACCESSMODE=ReadWriteOnce
+  
+  export DB2_BACKUP_STORAGE_SIZE=50Gi
+  export DB2_BACKUP_STORAGE_ACCESSMODE=ReadWriteMany
+  
+  export DB2_LOGS_STORAGE_SIZE=10Gi
+  export DB2_LOGS_STORAGE_ACCESSMODE=ReadWriteOnce
+  
+  export DB2_TEMP_STORAGE_SIZE=10Gi
+  export DB2_TEMP_STORAGE_ACCESSMODE=ReadWriteOnce
+  
+  export DB2_ARCHIVELOGS_STORAGE_CLASS=${DB2_LOGS_STORAGE_CLASS}
+  export DB2_ARCHIVELOGS_STORAGE_SIZE=10Gi
+  export DB2_ARCHIVELOGS_STORAGE_ACCESSMODE=ReadWriteOnce
+  
+  # Resource Configuration
+  export DB2_CPU_REQUESTS=4000m
+  export DB2_CPU_LIMITS=6000m
+  export DB2_MEMORY_REQUESTS=8Gi
+  export DB2_MEMORY_LIMITS=16Gi
+  
+  # DB2 MPP Configuration (single node for AI Service)
+  export DB2_MLN_COUNT=1
+  export DB2_NUM_PODS=1
+  
+  # Use Db2uInstance (recommended, not deprecated Db2uCluster)
+  export DB2U_KIND=db2uinstance
+
+  echo
+  echo_h2 "Provisioning DB2 via Ansible"
+  echo "Executing: ansible-playbook ibm.mas_devops.run_role"
+  echo
+
+  # Execute Ansible playbook to provision DB2
+  ansible-playbook ibm.mas_devops.run_role
+  rc=$?
+  if [ $rc -ne 0 ]; then
+    echo "[ERROR] DB2 provisioning failed with return code $rc"
+    rm -rf $TEMP_DIR
+    exit $rc
+  fi
+
+  echo
+  echo_h2 "Extracting DB2 Connection Details"
+  
+  # Wait for DB2 to be fully ready
+  echo "Waiting for DB2 instance to be ready..."
+  sleep 30
+  
+  # Extract DB2 connection details from Kubernetes
+  echo "Retrieving DB2 password..."
+  DB2_PASSWORD=$(oc get secret c-${DB2_INSTANCE_NAME}-instancepassword -n ${DB2_NAMESPACE} -o jsonpath='{.data.password}' 2>/dev/null | base64 -d)
+  if [[ -z "${DB2_PASSWORD}" ]]; then
+    echo "[ERROR] Failed to retrieve DB2 password from secret c-${DB2_INSTANCE_NAME}-instancepassword"
+    rm -rf $TEMP_DIR
+    exit 1
+  fi
+  
+  echo "Retrieving DB2 TLS certificate..."
+  DB2_CA_CERT=$(oc get secret db2u-certificate-${DB2_INSTANCE_NAME} -n ${DB2_NAMESPACE} -o jsonpath='{.data.ca\.crt}' 2>/dev/null)
+  if [[ -z "${DB2_CA_CERT}" ]]; then
+    echo "[ERROR] Failed to retrieve DB2 CA certificate from secret db2u-certificate-${DB2_INSTANCE_NAME}"
+    rm -rf $TEMP_DIR
+    exit 1
+  fi
+  
+  echo "Retrieving DB2 route..."
+  DB2_HOST=$(oc get route db2u-${DB2_INSTANCE_NAME}-tls-route -n ${DB2_NAMESPACE} -o jsonpath='{.spec.host}' 2>/dev/null)
+  if [[ -z "${DB2_HOST}" ]]; then
+    echo "[ERROR] Failed to retrieve DB2 route db2u-${DB2_INSTANCE_NAME}-tls-route"
+    rm -rf $TEMP_DIR
+    exit 1
+  fi
+  
+  # DB2 TLS port is always 50443
+  DB2_PORT=50443
+  DB2_USERNAME=db2inst1
+  
+  # Construct JDBC URL
+  JDBC_URL="jdbc:db2://${DB2_HOST}:${DB2_PORT}/${DB2_DBNAME}:sslConnection=true;sslVersion=${TLS_VERSION};"
+  
+  echo
+  echo "DB2 Connection Details:"
+  echo "  Host ........... ${DB2_HOST}"
+  echo "  Port ........... ${DB2_PORT}"
+  echo "  Database ....... ${DB2_DBNAME}"
+  echo "  Username ....... ${DB2_USERNAME}"
+  echo "  JDBC URL ....... ${JDBC_URL}"
+  
+  echo
+  echo_h2 "Creating JDBC Secret in AWS Secrets Manager"
+  
+  # Create the JDBC secret in AWS Secrets Manager
+  TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_provision_db2\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_NAME}\"}, {\"Key\": \"aiservice_instance\", \"Value\": \"${AISERVICE_INSTANCE_ID}\"}]"
+  
+  sm_update_secret $SECRET_NAME_JDBC "{\"jdbccfg_username\": \"${DB2_USERNAME}\", \"jdbccfg_password\": \"${DB2_PASSWORD}\", \"jdbccfg_url\": \"${JDBC_URL}\", \"jdbccfg_sslenabled\": \"true\", \"jdbccfg_ca_b64enc\": \"${DB2_CA_CERT}\"}" "${TAGS}"
+  
+  if [ $? -eq 0 ]; then
+    echo "✓ JDBC secret created successfully: ${SECRET_NAME_JDBC}"
+  else
+    echo "[ERROR] Failed to create JDBC secret in AWS Secrets Manager"
+    rm -rf $TEMP_DIR
+    exit 1
+  fi
+  
+  # Clean up temporary directory
+  rm -rf $TEMP_DIR
+  
+  echo
+  echo_h2 "DB2 Provisioning Complete"
+  echo "✓ DB2 instance provisioned: ${DB2_INSTANCE_NAME}"
+  echo "✓ JDBC secret created: ${SECRET_NAME_JDBC}"
+  echo "✓ AI Service can now consume the JDBC configuration"
+  echo
+
+  exit 0
+}
\ No newline at end of file
diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index 18f251cd080..6874fc8eecb 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -63,6 +63,7 @@ mkdir -p $CONFIG_DIR
 . $CLI_DIR/functions/gitops_cp4d_service
 . $CLI_DIR/functions/gitops_license
 . $CLI_DIR/functions/gitops_mongo
+. $CLI_DIR/functions/gitops_provision_db2
 . $CLI_DIR/functions/gitops_kafka
 . $CLI_DIR/functions/gitops_suite
 . $CLI_DIR/functions/gitops_suite_app_install
@@ -373,6 +374,14 @@ case $1 in
     gitops_mongo "$@"
     ;;
 
+  gitops-provision-db2)
+    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite GitOps Manager (v${VERSION})${TEXT_RESET}"
+    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
+    echo
+    reset_colors
+    gitops_provision_db2 "$@"
+    ;;
+
   gitops-process-mongo-user)
     echo "${TEXT_UNDERLINE}IBM Maximo Application Suite GitOps Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
diff --git a/tekton/generate-tekton-tasks.yml b/tekton/generate-tekton-tasks.yml
index 6f51d193bf8..0c802b3446c 100644
--- a/tekton/generate-tekton-tasks.yml
+++ b/tekton/generate-tekton-tasks.yml
@@ -37,6 +37,7 @@
         - kafka
         - mongodb
         - nvidia-gpu
+        - provision-db2
         - ocs
         - rhoai-migration
         - sls-registry-update
diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 0e90ef8acb7..054c223f842 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -67,6 +67,12 @@ spec:
       default: ""
     - name: mas_instance_id
       type: string
+    - name: jdbc_type_aiservice
+      type: string
+      default: ""
+    - name: jdbc_instance_name_aiservice
+      type: string
+      default: ""
 
   tasks:
 {% if wait_for_provision == true %}
@@ -158,3 +164,36 @@ spec:
         - input: "$(params.mongodb_action)"
           operator: notin
           values: [""]
+
+    - name: gitops-provision-db2
+      runAfter:
+        - gitops-provision-mongo
+      params:
+        - name: cluster_name
+          value: $(params.cluster_name)
+        - name: account
+          value: $(params.account)
+        - name: aiservice_instance_id
+          value: $(params.mas_instance_id)
+        - name: db2_channel
+          value: "v11.5"
+        - name: db2_meta_storage_class
+          value: "gp3-csi"
+        - name: db2_data_storage_class
+          value: "gp3-csi"
+        - name: db2_backup_storage_class
+          value: "gp3-csi"
+        - name: db2_logs_storage_class
+          value: "gp3-csi"
+        - name: db2_temp_storage_class
+          value: "gp3-csi"
+      taskRef:
+        kind: Task
+        name: gitops-provision-db2
+      workspaces:
+        - name: configs
+          workspace: configs
+      when:
+        - input: "$(params.jdbc_type_aiservice)"
+          operator: in
+          values: ["db2"]
diff --git a/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2 b/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2
new file mode 100644
index 00000000000..2789c374200
--- /dev/null
+++ b/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2
@@ -0,0 +1,80 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: gitops-provision-db2
+spec:
+  params:
+    - name: cluster_name
+      type: string
+    - name: account
+      type: string
+    - name: aiservice_instance_id
+      type: string
+    - name: db2_channel
+      type: string
+      default: "v11.5"
+    - name: db2_meta_storage_class
+      type: string
+    - name: db2_data_storage_class
+      type: string
+    - name: db2_backup_storage_class
+      type: string
+    - name: db2_logs_storage_class
+      type: string
+    - name: db2_temp_storage_class
+      type: string
+  workspaces:
+    - name: configs
+  stepTemplate:
+    env:
+      - name: CLUSTER_NAME
+        value: $(params.cluster_name)
+      - name: ACCOUNT
+        value: $(params.account)
+      - name: AISERVICE_INSTANCE_ID
+        value: $(params.aiservice_instance_id)
+      - name: DB2_CHANNEL
+        value: $(params.db2_channel)
+      - name: DB2_META_STORAGE_CLASS
+        value: $(params.db2_meta_storage_class)
+      - name: DB2_DATA_STORAGE_CLASS
+        value: $(params.db2_data_storage_class)
+      - name: DB2_BACKUP_STORAGE_CLASS
+        value: $(params.db2_backup_storage_class)
+      - name: DB2_LOGS_STORAGE_CLASS
+        value: $(params.db2_logs_storage_class)
+      - name: DB2_TEMP_STORAGE_CLASS
+        value: $(params.db2_temp_storage_class)
+      - name: SECRETS_KEY_SEPERATOR
+        value: "/"
+  steps:
+    - name: provision-db2
+      image: quay.io/ibmmas/cli:latest
+      imagePullPolicy: IfNotPresent
+      script: |
+        #!/bin/bash
+        set -e
+        
+        echo "=========================================================================="
+        echo "Provisioning DB2 for AI Service"
+        echo "=========================================================================="
+        echo "Cluster Name ................ ${CLUSTER_NAME}"
+        echo "Account ..................... ${ACCOUNT}"
+        echo "AI Service Instance ID ...... ${AISERVICE_INSTANCE_ID}"
+        echo "DB2 Channel ................. ${DB2_CHANNEL}"
+        echo "DB2 Meta Storage Class ...... ${DB2_META_STORAGE_CLASS}"
+        echo "DB2 Data Storage Class ...... ${DB2_DATA_STORAGE_CLASS}"
+        echo ""
+        
+        # Source the CLI functions
+        source /mascli/functions/gitops_utils
+        source /mascli/functions/gitops_provision_db2
+        
+        # Execute DB2 provisioning
+        gitops_provision_db2
+        
+        echo ""
+        echo "=========================================================================="
+        echo "DB2 Provisioning Complete"
+        echo "=========================================================================="
\ No newline at end of file

From 65084a0ae9b884bb94c844edafe98014a1e39166 Mon Sep 17 00:00:00 2001
From: Richa Joshi <Richa.Joshi@ibm.com>
Date: Fri, 29 May 2026 02:45:15 +0530
Subject: [PATCH 253/258] update secrets

---
 .secrets.baseline | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index 65c0956905a..d5d1837b4d1 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-05-25T13:49:33Z",
+  "generated_at": "2026-05-28T21:13:48Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -238,11 +238,19 @@
         "type": "Secret Keyword",
         "verified_result": null
       },
+      {
+        "hashed_secret": "d8a1d01c81ccc3a024b078bd0af28e40cb38cdc4",
+        "is_secret": true,
+        "is_verified": false,
+        "line_number": 285,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
       {
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 316,
+        "line_number": 354,
         "type": "Secret Keyword",
         "verified_result": null
       }

From 249c1a2ebb2cf58bae36ded760d8aa1020a08033 Mon Sep 17 00:00:00 2001
From: Richa Joshi <Richa.Joshi@ibm.com>
Date: Fri, 29 May 2026 02:50:22 +0530
Subject: [PATCH 254/258] minor fix

---
 tekton/generate-tekton-tasks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tekton/generate-tekton-tasks.yml b/tekton/generate-tekton-tasks.yml
index 0c802b3446c..cf90b11b57f 100644
--- a/tekton/generate-tekton-tasks.yml
+++ b/tekton/generate-tekton-tasks.yml
@@ -37,7 +37,6 @@
         - kafka
         - mongodb
         - nvidia-gpu
-        - provision-db2
         - ocs
         - rhoai-migration
         - sls-registry-update
@@ -249,6 +248,7 @@
         - gitops-mongo
         - gitops-nvidia-gpu
         - gitops-process-mongo-user
+        - gitops-provision-db2
         - gitops-rosa
         - gitops-sls
         - gitops-suite-app-install

From ddae3f1618fab9bd165651b8787f2f2f69f11466 Mon Sep 17 00:00:00 2001
From: Richa Joshi <Richa.Joshi@ibm.com>
Date: Fri, 29 May 2026 11:42:52 +0530
Subject: [PATCH 255/258] minor fix

---
 tekton/src/tasks/gitops/gitops-provision-db2.yml.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2 b/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2
index 2789c374200..b0b840db141 100644
--- a/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2
@@ -68,6 +68,7 @@ spec:
         echo ""
         
         # Source the CLI functions
+        source /mascli/functions/internal/utils
         source /mascli/functions/gitops_utils
         source /mascli/functions/gitops_provision_db2
         

From 953fce41c3dcb143e29bdf82c3242f40054d456d Mon Sep 17 00:00:00 2001
From: Richa Joshi <Richa.Joshi@ibm.com>
Date: Fri, 29 May 2026 15:57:45 +0530
Subject: [PATCH 256/258] minor fix

---
 .../cli/mascli/functions/gitops_provision_db2 | 37 +++++++++++++++++++
 .../gitops/gitops-aiservice-deps.yml.j2       |  6 +++
 .../tasks/gitops/gitops-provision-db2.yml.j2  | 17 +++++++++
 3 files changed, 60 insertions(+)

diff --git a/image/cli/mascli/functions/gitops_provision_db2 b/image/cli/mascli/functions/gitops_provision_db2
index 4f45914d5d3..93716f3f407 100644
--- a/image/cli/mascli/functions/gitops_provision_db2
+++ b/image/cli/mascli/functions/gitops_provision_db2
@@ -49,6 +49,43 @@ function gitops_provision_db2() {
   export MAS_CONFIG_SCOPE=system
   export ROLE_NAME=db2
   
+  # IBM Entitlement Key - retrieve from cluster secret
+  # Try multiple namespaces and registry paths
+  export IBM_ENTITLEMENT_KEY=""
+  
+  # Try default namespace with cp.icr.io/cp
+  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
+    IBM_ENTITLEMENT_KEY=$(oc get secret ibm-entitlement -n default -o jsonpath='{.data.\.dockerconfigjson}' 2>/dev/null | base64 -d | jq -r '.auths."cp.icr.io/cp".password' 2>/dev/null || echo "")
+  fi
+  
+  # Try default namespace with cp.icr.io
+  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
+    IBM_ENTITLEMENT_KEY=$(oc get secret ibm-entitlement -n default -o jsonpath='{.data.\.dockerconfigjson}' 2>/dev/null | base64 -d | jq -r '.auths."cp.icr.io".password' 2>/dev/null || echo "")
+  fi
+  
+  # Try ibm-common-services namespace
+  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
+    IBM_ENTITLEMENT_KEY=$(oc get secret ibm-entitlement -n ibm-common-services -o jsonpath='{.data.\.dockerconfigjson}' 2>/dev/null | base64 -d | jq -r '.auths."cp.icr.io".password' 2>/dev/null || echo "")
+  fi
+  
+  # Try openshift-operators namespace
+  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
+    IBM_ENTITLEMENT_KEY=$(oc get secret ibm-entitlement -n openshift-operators -o jsonpath='{.data.\.dockerconfigjson}' 2>/dev/null | base64 -d | jq -r '.auths."cp.icr.io".password' 2>/dev/null || echo "")
+  fi
+  
+  # Try openshift-marketplace namespace
+  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
+    IBM_ENTITLEMENT_KEY=$(oc get secret ibm-entitlement -n openshift-marketplace -o jsonpath='{.data.\.dockerconfigjson}' 2>/dev/null | base64 -d | jq -r '.auths."cp.icr.io".password' 2>/dev/null || echo "")
+  fi
+  
+  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
+    echo "[ERROR] IBM Entitlement Key not found in cluster. Checked namespaces: default, ibm-common-services, openshift-operators, openshift-marketplace"
+    rm -rf $TEMP_DIR
+    exit 1
+  fi
+  
+  echo "✓ IBM Entitlement Key retrieved successfully"
+  
   # DB2 Installation Parameters
   export DB2_ACTION=install
   export DB2_NAMESPACE=db2u
diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index 054c223f842..aadc1dd9588 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -187,6 +187,12 @@ spec:
           value: "gp3-csi"
         - name: db2_temp_storage_class
           value: "gp3-csi"
+        - name: avp_aws_secret_region
+          value: $(params.avp_aws_secret_region)
+        - name: avp_aws_secret_key
+          value: $(params.avp_aws_secret_key)
+        - name: avp_aws_access_key
+          value: $(params.avp_aws_access_key)
       taskRef:
         kind: Task
         name: gitops-provision-db2
diff --git a/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2 b/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2
index b0b840db141..02f53d715fb 100644
--- a/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2
+++ b/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2
@@ -24,6 +24,12 @@ spec:
       type: string
     - name: db2_temp_storage_class
       type: string
+    - name: avp_aws_secret_region
+      type: string
+    - name: avp_aws_secret_key
+      type: string
+    - name: avp_aws_access_key
+      type: string
   workspaces:
     - name: configs
   stepTemplate:
@@ -46,6 +52,12 @@ spec:
         value: $(params.db2_logs_storage_class)
       - name: DB2_TEMP_STORAGE_CLASS
         value: $(params.db2_temp_storage_class)
+      - name: SM_AWS_REGION
+        value: $(params.avp_aws_secret_region)
+      - name: SM_AWS_SECRET_ACCESS_KEY
+        value: $(params.avp_aws_secret_key)
+      - name: SM_AWS_ACCESS_KEY_ID
+        value: $(params.avp_aws_access_key)
       - name: SECRETS_KEY_SEPERATOR
         value: "/"
   steps:
@@ -67,6 +79,11 @@ spec:
         echo "DB2 Data Storage Class ...... ${DB2_DATA_STORAGE_CLASS}"
         echo ""
         
+        # Set up logging directory and file
+        export LOG_DIR="/tmp/mas-logs"
+        mkdir -p $LOG_DIR
+        export LOGFILE=$LOG_DIR/db2-provision.log
+        
         # Source the CLI functions
         source /mascli/functions/internal/utils
         source /mascli/functions/gitops_utils

From 6e9c8c83f0fc0e9b9be956311f1c0fe7274d19bc Mon Sep 17 00:00:00 2001
From: Richa Joshi <Richa.Joshi@ibm.com>
Date: Sat, 30 May 2026 02:21:34 +0530
Subject: [PATCH 257/258] revert db2 relate changes

---
 image/cli/mascli/functions/gitops             |   1 -
 .../cli/mascli/functions/gitops_provision_db2 | 222 ------------------
 image/cli/mascli/mas                          |   9 -
 tekton/generate-tekton-tasks.yml              |   1 -
 .../gitops/gitops-aiservice-deps.yml.j2       |  45 ----
 .../tasks/gitops/gitops-provision-db2.yml.j2  |  98 --------
 6 files changed, 376 deletions(-)
 delete mode 100644 image/cli/mascli/functions/gitops_provision_db2
 delete mode 100644 tekton/src/tasks/gitops/gitops-provision-db2.yml.j2

diff --git a/image/cli/mascli/functions/gitops b/image/cli/mascli/functions/gitops
index 055c5106a5b..e90393fa5e2 100644
--- a/image/cli/mascli/functions/gitops
+++ b/image/cli/mascli/functions/gitops
@@ -23,7 +23,6 @@ function gitops() {
   echo "${COLOR_CYAN}GitOps Dependencies:${TEXT_RESET}"
   echo "  ${COLOR_YELLOW}mas gitops-mongo${TEXT_RESET}                                Deploy MongoDB for MAS using GitOps"
   echo "  ${COLOR_YELLOW}mas gitops-process-mongo-user${TEXT_RESET}                   Process and configure MongoDB user credentials"
-  echo "  ${COLOR_YELLOW}mas gitops-provision-db2${TEXT_RESET}                        Provision DB2 for AI Service using GitOps"
   echo "  ${COLOR_YELLOW}mas gitops-kafka${TEXT_RESET}                                Deploy Apache Kafka for MAS using GitOps"
   echo "  ${COLOR_YELLOW}mas gitops-db2u${TEXT_RESET}                                 Deploy Db2 Universal for MAS using GitOps"
   echo "  ${COLOR_YELLOW}mas gitops-db2u-database${TEXT_RESET}                        Create and configure Db2 databases"
diff --git a/image/cli/mascli/functions/gitops_provision_db2 b/image/cli/mascli/functions/gitops_provision_db2
deleted file mode 100644
index 93716f3f407..00000000000
--- a/image/cli/mascli/functions/gitops_provision_db2
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/bash
-
-function gitops_provision_db2_noninteractive() {
-  # No interactive mode needed for FVT automation
-  echo "DB2 provisioning for AI Service FVT"
-}
-
-function gitops_provision_db2() {
-  # Catch errors
-  set -o pipefail
-  trap 'echo "[ERROR] Error occurred at $BASH_SOURCE, line $LINENO, exited with $?"; exit 1' ERR
-
-  echo
-  reset_colors
-  echo_h2 "Review Settings"
-
-  echo "${TEXT_DIM}"
-  echo_h4 "Target" "    "
-  echo_reset_dim "Account ID ..................... ${COLOR_MAGENTA}${ACCOUNT}"
-  echo_reset_dim "Cluster Name ................... ${COLOR_MAGENTA}${CLUSTER_NAME}"
-  echo_reset_dim "AI Service Instance ID ......... ${COLOR_MAGENTA}${AISERVICE_INSTANCE_ID}"
-  reset_colors
-
-  echo "${TEXT_DIM}"
-  echo_h4 "DB2 Configuration" "    "
-  echo_reset_dim "DB2 Channel .................... ${COLOR_MAGENTA}${DB2_CHANNEL}"
-  echo_reset_dim "DB2 Meta Storage Class ......... ${COLOR_MAGENTA}${DB2_META_STORAGE_CLASS}"
-  echo_reset_dim "DB2 Data Storage Class ......... ${COLOR_MAGENTA}${DB2_DATA_STORAGE_CLASS}"
-  echo_reset_dim "DB2 Backup Storage Class ....... ${COLOR_MAGENTA}${DB2_BACKUP_STORAGE_CLASS}"
-  echo_reset_dim "DB2 Logs Storage Class ......... ${COLOR_MAGENTA}${DB2_LOGS_STORAGE_CLASS}"
-  echo_reset_dim "DB2 Temp Storage Class ......... ${COLOR_MAGENTA}${DB2_TEMP_STORAGE_CLASS}"
-  reset_colors
-  echo
-
-  # Set up AWS Secrets Manager connection
-  export SECRET_NAME_JDBC=${ACCOUNT}${SECRETS_KEY_SEPERATOR}${CLUSTER_NAME}${SECRETS_KEY_SEPERATOR}jdbc
-  AVP_TYPE=aws
-  sm_login
-
-  # Create temporary directory for Ansible execution
-  CURRENT_DIR=$PWD
-  TEMP_DIR=$CURRENT_DIR/tmp-db2
-  rm -rf $TEMP_DIR
-  mkdir -p $TEMP_DIR
-
-  # Set Ansible environment variables for DB2 role
-  export MAS_CONFIG_DIR=$TEMP_DIR
-  export MAS_INSTANCE_ID=${AISERVICE_INSTANCE_ID}
-  export MAS_CONFIG_SCOPE=system
-  export ROLE_NAME=db2
-  
-  # IBM Entitlement Key - retrieve from cluster secret
-  # Try multiple namespaces and registry paths
-  export IBM_ENTITLEMENT_KEY=""
-  
-  # Try default namespace with cp.icr.io/cp
-  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
-    IBM_ENTITLEMENT_KEY=$(oc get secret ibm-entitlement -n default -o jsonpath='{.data.\.dockerconfigjson}' 2>/dev/null | base64 -d | jq -r '.auths."cp.icr.io/cp".password' 2>/dev/null || echo "")
-  fi
-  
-  # Try default namespace with cp.icr.io
-  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
-    IBM_ENTITLEMENT_KEY=$(oc get secret ibm-entitlement -n default -o jsonpath='{.data.\.dockerconfigjson}' 2>/dev/null | base64 -d | jq -r '.auths."cp.icr.io".password' 2>/dev/null || echo "")
-  fi
-  
-  # Try ibm-common-services namespace
-  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
-    IBM_ENTITLEMENT_KEY=$(oc get secret ibm-entitlement -n ibm-common-services -o jsonpath='{.data.\.dockerconfigjson}' 2>/dev/null | base64 -d | jq -r '.auths."cp.icr.io".password' 2>/dev/null || echo "")
-  fi
-  
-  # Try openshift-operators namespace
-  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
-    IBM_ENTITLEMENT_KEY=$(oc get secret ibm-entitlement -n openshift-operators -o jsonpath='{.data.\.dockerconfigjson}' 2>/dev/null | base64 -d | jq -r '.auths."cp.icr.io".password' 2>/dev/null || echo "")
-  fi
-  
-  # Try openshift-marketplace namespace
-  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
-    IBM_ENTITLEMENT_KEY=$(oc get secret ibm-entitlement -n openshift-marketplace -o jsonpath='{.data.\.dockerconfigjson}' 2>/dev/null | base64 -d | jq -r '.auths."cp.icr.io".password' 2>/dev/null || echo "")
-  fi
-  
-  if [[ -z "${IBM_ENTITLEMENT_KEY}" ]]; then
-    echo "[ERROR] IBM Entitlement Key not found in cluster. Checked namespaces: default, ibm-common-services, openshift-operators, openshift-marketplace"
-    rm -rf $TEMP_DIR
-    exit 1
-  fi
-  
-  echo "✓ IBM Entitlement Key retrieved successfully"
-  
-  # DB2 Installation Parameters
-  export DB2_ACTION=install
-  export DB2_NAMESPACE=db2u
-  export DB2_INSTANCE_NAME=${AISERVICE_INSTANCE_ID}-db2wh
-  export DB2_CHANNEL=${DB2_CHANNEL:-v11.5}
-  export DB2_DBNAME=BLUDB
-  export DB2_TYPE=db2wh
-  export DB2_4K_DEVICE_SUPPORT=ON
-  export DB2_WORKLOAD=ANALYTICS
-  export DB2_TABLE_ORG=ROW
-  export TLS_VERSION=TLSv1.2
-  
-  # Storage Configuration - use the storage classes passed from Tekton
-  export DB2_META_STORAGE_SIZE=10Gi
-  export DB2_META_STORAGE_ACCESSMODE=ReadWriteMany
-  
-  export DB2_DATA_STORAGE_SIZE=50Gi
-  export DB2_DATA_STORAGE_ACCESSMODE=ReadWriteOnce
-  
-  export DB2_BACKUP_STORAGE_SIZE=50Gi
-  export DB2_BACKUP_STORAGE_ACCESSMODE=ReadWriteMany
-  
-  export DB2_LOGS_STORAGE_SIZE=10Gi
-  export DB2_LOGS_STORAGE_ACCESSMODE=ReadWriteOnce
-  
-  export DB2_TEMP_STORAGE_SIZE=10Gi
-  export DB2_TEMP_STORAGE_ACCESSMODE=ReadWriteOnce
-  
-  export DB2_ARCHIVELOGS_STORAGE_CLASS=${DB2_LOGS_STORAGE_CLASS}
-  export DB2_ARCHIVELOGS_STORAGE_SIZE=10Gi
-  export DB2_ARCHIVELOGS_STORAGE_ACCESSMODE=ReadWriteOnce
-  
-  # Resource Configuration
-  export DB2_CPU_REQUESTS=4000m
-  export DB2_CPU_LIMITS=6000m
-  export DB2_MEMORY_REQUESTS=8Gi
-  export DB2_MEMORY_LIMITS=16Gi
-  
-  # DB2 MPP Configuration (single node for AI Service)
-  export DB2_MLN_COUNT=1
-  export DB2_NUM_PODS=1
-  
-  # Use Db2uInstance (recommended, not deprecated Db2uCluster)
-  export DB2U_KIND=db2uinstance
-
-  echo
-  echo_h2 "Provisioning DB2 via Ansible"
-  echo "Executing: ansible-playbook ibm.mas_devops.run_role"
-  echo
-
-  # Execute Ansible playbook to provision DB2
-  ansible-playbook ibm.mas_devops.run_role
-  rc=$?
-  if [ $rc -ne 0 ]; then
-    echo "[ERROR] DB2 provisioning failed with return code $rc"
-    rm -rf $TEMP_DIR
-    exit $rc
-  fi
-
-  echo
-  echo_h2 "Extracting DB2 Connection Details"
-  
-  # Wait for DB2 to be fully ready
-  echo "Waiting for DB2 instance to be ready..."
-  sleep 30
-  
-  # Extract DB2 connection details from Kubernetes
-  echo "Retrieving DB2 password..."
-  DB2_PASSWORD=$(oc get secret c-${DB2_INSTANCE_NAME}-instancepassword -n ${DB2_NAMESPACE} -o jsonpath='{.data.password}' 2>/dev/null | base64 -d)
-  if [[ -z "${DB2_PASSWORD}" ]]; then
-    echo "[ERROR] Failed to retrieve DB2 password from secret c-${DB2_INSTANCE_NAME}-instancepassword"
-    rm -rf $TEMP_DIR
-    exit 1
-  fi
-  
-  echo "Retrieving DB2 TLS certificate..."
-  DB2_CA_CERT=$(oc get secret db2u-certificate-${DB2_INSTANCE_NAME} -n ${DB2_NAMESPACE} -o jsonpath='{.data.ca\.crt}' 2>/dev/null)
-  if [[ -z "${DB2_CA_CERT}" ]]; then
-    echo "[ERROR] Failed to retrieve DB2 CA certificate from secret db2u-certificate-${DB2_INSTANCE_NAME}"
-    rm -rf $TEMP_DIR
-    exit 1
-  fi
-  
-  echo "Retrieving DB2 route..."
-  DB2_HOST=$(oc get route db2u-${DB2_INSTANCE_NAME}-tls-route -n ${DB2_NAMESPACE} -o jsonpath='{.spec.host}' 2>/dev/null)
-  if [[ -z "${DB2_HOST}" ]]; then
-    echo "[ERROR] Failed to retrieve DB2 route db2u-${DB2_INSTANCE_NAME}-tls-route"
-    rm -rf $TEMP_DIR
-    exit 1
-  fi
-  
-  # DB2 TLS port is always 50443
-  DB2_PORT=50443
-  DB2_USERNAME=db2inst1
-  
-  # Construct JDBC URL
-  JDBC_URL="jdbc:db2://${DB2_HOST}:${DB2_PORT}/${DB2_DBNAME}:sslConnection=true;sslVersion=${TLS_VERSION};"
-  
-  echo
-  echo "DB2 Connection Details:"
-  echo "  Host ........... ${DB2_HOST}"
-  echo "  Port ........... ${DB2_PORT}"
-  echo "  Database ....... ${DB2_DBNAME}"
-  echo "  Username ....... ${DB2_USERNAME}"
-  echo "  JDBC URL ....... ${JDBC_URL}"
-  
-  echo
-  echo_h2 "Creating JDBC Secret in AWS Secrets Manager"
-  
-  # Create the JDBC secret in AWS Secrets Manager
-  TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_provision_db2\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_NAME}\"}, {\"Key\": \"aiservice_instance\", \"Value\": \"${AISERVICE_INSTANCE_ID}\"}]"
-  
-  sm_update_secret $SECRET_NAME_JDBC "{\"jdbccfg_username\": \"${DB2_USERNAME}\", \"jdbccfg_password\": \"${DB2_PASSWORD}\", \"jdbccfg_url\": \"${JDBC_URL}\", \"jdbccfg_sslenabled\": \"true\", \"jdbccfg_ca_b64enc\": \"${DB2_CA_CERT}\"}" "${TAGS}"
-  
-  if [ $? -eq 0 ]; then
-    echo "✓ JDBC secret created successfully: ${SECRET_NAME_JDBC}"
-  else
-    echo "[ERROR] Failed to create JDBC secret in AWS Secrets Manager"
-    rm -rf $TEMP_DIR
-    exit 1
-  fi
-  
-  # Clean up temporary directory
-  rm -rf $TEMP_DIR
-  
-  echo
-  echo_h2 "DB2 Provisioning Complete"
-  echo "✓ DB2 instance provisioned: ${DB2_INSTANCE_NAME}"
-  echo "✓ JDBC secret created: ${SECRET_NAME_JDBC}"
-  echo "✓ AI Service can now consume the JDBC configuration"
-  echo
-
-  exit 0
-}
\ No newline at end of file
diff --git a/image/cli/mascli/mas b/image/cli/mascli/mas
index 6874fc8eecb..18f251cd080 100755
--- a/image/cli/mascli/mas
+++ b/image/cli/mascli/mas
@@ -63,7 +63,6 @@ mkdir -p $CONFIG_DIR
 . $CLI_DIR/functions/gitops_cp4d_service
 . $CLI_DIR/functions/gitops_license
 . $CLI_DIR/functions/gitops_mongo
-. $CLI_DIR/functions/gitops_provision_db2
 . $CLI_DIR/functions/gitops_kafka
 . $CLI_DIR/functions/gitops_suite
 . $CLI_DIR/functions/gitops_suite_app_install
@@ -374,14 +373,6 @@ case $1 in
     gitops_mongo "$@"
     ;;
 
-  gitops-provision-db2)
-    echo "${TEXT_UNDERLINE}IBM Maximo Application Suite GitOps Manager (v${VERSION})${TEXT_RESET}"
-    echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
-    echo
-    reset_colors
-    gitops_provision_db2 "$@"
-    ;;
-
   gitops-process-mongo-user)
     echo "${TEXT_UNDERLINE}IBM Maximo Application Suite GitOps Manager (v${VERSION})${TEXT_RESET}"
     echo "Powered by ${COLOR_CYAN}${TEXT_UNDERLINE}https://github.com/ibm-mas/gitops/${TEXT_RESET}"
diff --git a/tekton/generate-tekton-tasks.yml b/tekton/generate-tekton-tasks.yml
index cf90b11b57f..6f51d193bf8 100644
--- a/tekton/generate-tekton-tasks.yml
+++ b/tekton/generate-tekton-tasks.yml
@@ -248,7 +248,6 @@
         - gitops-mongo
         - gitops-nvidia-gpu
         - gitops-process-mongo-user
-        - gitops-provision-db2
         - gitops-rosa
         - gitops-sls
         - gitops-suite-app-install
diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
index aadc1dd9588..0e90ef8acb7 100644
--- a/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
+++ b/tekton/src/pipelines/gitops/gitops-aiservice-deps.yml.j2
@@ -67,12 +67,6 @@ spec:
       default: ""
     - name: mas_instance_id
       type: string
-    - name: jdbc_type_aiservice
-      type: string
-      default: ""
-    - name: jdbc_instance_name_aiservice
-      type: string
-      default: ""
 
   tasks:
 {% if wait_for_provision == true %}
@@ -164,42 +158,3 @@ spec:
         - input: "$(params.mongodb_action)"
           operator: notin
           values: [""]
-
-    - name: gitops-provision-db2
-      runAfter:
-        - gitops-provision-mongo
-      params:
-        - name: cluster_name
-          value: $(params.cluster_name)
-        - name: account
-          value: $(params.account)
-        - name: aiservice_instance_id
-          value: $(params.mas_instance_id)
-        - name: db2_channel
-          value: "v11.5"
-        - name: db2_meta_storage_class
-          value: "gp3-csi"
-        - name: db2_data_storage_class
-          value: "gp3-csi"
-        - name: db2_backup_storage_class
-          value: "gp3-csi"
-        - name: db2_logs_storage_class
-          value: "gp3-csi"
-        - name: db2_temp_storage_class
-          value: "gp3-csi"
-        - name: avp_aws_secret_region
-          value: $(params.avp_aws_secret_region)
-        - name: avp_aws_secret_key
-          value: $(params.avp_aws_secret_key)
-        - name: avp_aws_access_key
-          value: $(params.avp_aws_access_key)
-      taskRef:
-        kind: Task
-        name: gitops-provision-db2
-      workspaces:
-        - name: configs
-          workspace: configs
-      when:
-        - input: "$(params.jdbc_type_aiservice)"
-          operator: in
-          values: ["db2"]
diff --git a/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2 b/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2
deleted file mode 100644
index 02f53d715fb..00000000000
--- a/tekton/src/tasks/gitops/gitops-provision-db2.yml.j2
+++ /dev/null
@@ -1,98 +0,0 @@
----
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  name: gitops-provision-db2
-spec:
-  params:
-    - name: cluster_name
-      type: string
-    - name: account
-      type: string
-    - name: aiservice_instance_id
-      type: string
-    - name: db2_channel
-      type: string
-      default: "v11.5"
-    - name: db2_meta_storage_class
-      type: string
-    - name: db2_data_storage_class
-      type: string
-    - name: db2_backup_storage_class
-      type: string
-    - name: db2_logs_storage_class
-      type: string
-    - name: db2_temp_storage_class
-      type: string
-    - name: avp_aws_secret_region
-      type: string
-    - name: avp_aws_secret_key
-      type: string
-    - name: avp_aws_access_key
-      type: string
-  workspaces:
-    - name: configs
-  stepTemplate:
-    env:
-      - name: CLUSTER_NAME
-        value: $(params.cluster_name)
-      - name: ACCOUNT
-        value: $(params.account)
-      - name: AISERVICE_INSTANCE_ID
-        value: $(params.aiservice_instance_id)
-      - name: DB2_CHANNEL
-        value: $(params.db2_channel)
-      - name: DB2_META_STORAGE_CLASS
-        value: $(params.db2_meta_storage_class)
-      - name: DB2_DATA_STORAGE_CLASS
-        value: $(params.db2_data_storage_class)
-      - name: DB2_BACKUP_STORAGE_CLASS
-        value: $(params.db2_backup_storage_class)
-      - name: DB2_LOGS_STORAGE_CLASS
-        value: $(params.db2_logs_storage_class)
-      - name: DB2_TEMP_STORAGE_CLASS
-        value: $(params.db2_temp_storage_class)
-      - name: SM_AWS_REGION
-        value: $(params.avp_aws_secret_region)
-      - name: SM_AWS_SECRET_ACCESS_KEY
-        value: $(params.avp_aws_secret_key)
-      - name: SM_AWS_ACCESS_KEY_ID
-        value: $(params.avp_aws_access_key)
-      - name: SECRETS_KEY_SEPERATOR
-        value: "/"
-  steps:
-    - name: provision-db2
-      image: quay.io/ibmmas/cli:latest
-      imagePullPolicy: IfNotPresent
-      script: |
-        #!/bin/bash
-        set -e
-        
-        echo "=========================================================================="
-        echo "Provisioning DB2 for AI Service"
-        echo "=========================================================================="
-        echo "Cluster Name ................ ${CLUSTER_NAME}"
-        echo "Account ..................... ${ACCOUNT}"
-        echo "AI Service Instance ID ...... ${AISERVICE_INSTANCE_ID}"
-        echo "DB2 Channel ................. ${DB2_CHANNEL}"
-        echo "DB2 Meta Storage Class ...... ${DB2_META_STORAGE_CLASS}"
-        echo "DB2 Data Storage Class ...... ${DB2_DATA_STORAGE_CLASS}"
-        echo ""
-        
-        # Set up logging directory and file
-        export LOG_DIR="/tmp/mas-logs"
-        mkdir -p $LOG_DIR
-        export LOGFILE=$LOG_DIR/db2-provision.log
-        
-        # Source the CLI functions
-        source /mascli/functions/internal/utils
-        source /mascli/functions/gitops_utils
-        source /mascli/functions/gitops_provision_db2
-        
-        # Execute DB2 provisioning
-        gitops_provision_db2
-        
-        echo ""
-        echo "=========================================================================="
-        echo "DB2 Provisioning Complete"
-        echo "=========================================================================="
\ No newline at end of file

From 8fda9dbebba723f98bc79c2d09cbb285109a4907 Mon Sep 17 00:00:00 2001
From: Richa Joshi <Richa.Joshi@ibm.com>
Date: Sat, 30 May 2026 02:29:05 +0530
Subject: [PATCH 258/258] update secrets

---
 .secrets.baseline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.secrets.baseline b/.secrets.baseline
index d5d1837b4d1..f202a8c998a 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/",
     "lines": null
   },
-  "generated_at": "2026-05-28T21:13:48Z",
+  "generated_at": "2026-05-29T20:58:44Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"