sap-jenkins-library/resources/metadata/vaultRotateSecretId.yaml

metadata:
  name: vaultRotateSecretId
  description: Rotate vault AppRole Secret ID
  longDescription: This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.
spec:
  inputs:
    params:
      - name: secretStore
        type: string
        description: "The store to which the secret should be written back to"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default: "jenkins"
        possibleValues:
          - jenkins
      - name: jenkinsUrl
        type: string
        description: "The jenkins url"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        secret: true
        resourceRef:
          - type: vaultSecret
            paths:
              - $(vaultPath)/jenkins
              - $(vaultBasePath)/$(vaultPipelineName)/jenkins
              - $(vaultBasePath)/GROUP-SECRETS/jenkins
        aliases:
          - name: url
      - name: jenkinsCredentialDomain
        type: string
        description: The jenkins credential domain which should be used
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default: "_"
      - name: jenkinsUsername
        type: string
        description: "The jenkins username"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        secret: true
        aliases:
          - name: userId
        resourceRef:
          - type: vaultSecret
            paths:
              - $(vaultPath)/jenkins
              - $(vaultBasePath)/$(vaultPipelineName)/jenkins
              - $(vaultBasePath)/GROUP-SECRETS/jenkins
      - name: jenkinsToken
        type: string
        description: "The jenkins token"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        secret: true
        aliases:
          - name: token
        resourceRef:
          - type: vaultSecret
            paths:
              - $(vaultPath)/jenkins
              - $(vaultBasePath)/$(vaultPipelineName)/jenkins
              - $(vaultBasePath)/GROUP-SECRETS/jenkins
      - name: vaultAppRoleSecretTokenCredentialsId
        type: string
        description: The Jenkins credential ID for the Vault AppRole Secret ID credential
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        mandatory: true
      - name: vaultServerUrl
        type: string
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        description: The URL for the Vault server to use
        mandatory: true
      - name: vaultNamespace
        type: string
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        description: The vault namespace that should be used (optional)
      - name: daysBeforeExpiry
        type: int
        description: The amount of days before expiry until the secret ID gets rotated
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default: 15
Feature/approle secret id rotation (#2311) * add new step vault secret * add debug log Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-11-17 14:49:31 +02:00			`metadata:`
			`name: vaultRotateSecretId`
			`description: Rotate vault AppRole Secret ID`
			`longDescription: This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.`
			`spec:`
			`inputs:`
			`params:`
			`- name: secretStore`
			`type: string`
			`description: "The store to which the secret should be written back to"`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`default: "jenkins"`
			`possibleValues:`
			`- jenkins`
			`- name: jenkinsUrl`
			`type: string`
			`description: "The jenkins url"`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`secret: true`
			`resourceRef:`
			`- type: vaultSecret`
			`paths:`
			`- $(vaultPath)/jenkins`
			`- $(vaultBasePath)/$(vaultPipelineName)/jenkins`
			`- $(vaultBasePath)/GROUP-SECRETS/jenkins`
			`aliases:`
			`- name: url`
			`- name: jenkinsCredentialDomain`
			`type: string`
			`description: The jenkins credential domain which should be used`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`default: "_"`
			`- name: jenkinsUsername`
			`type: string`
			`description: "The jenkins username"`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`secret: true`
			`aliases:`
			`- name: userId`
			`resourceRef:`
			`- type: vaultSecret`
			`paths:`
			`- $(vaultPath)/jenkins`
			`- $(vaultBasePath)/$(vaultPipelineName)/jenkins`
			`- $(vaultBasePath)/GROUP-SECRETS/jenkins`
			`- name: jenkinsToken`
			`type: string`
			`description: "The jenkins token"`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`secret: true`
			`aliases:`
			`- name: token`
			`resourceRef:`
			`- type: vaultSecret`
			`paths:`
			`- $(vaultPath)/jenkins`
			`- $(vaultBasePath)/$(vaultPipelineName)/jenkins`
			`- $(vaultBasePath)/GROUP-SECRETS/jenkins`
			`- name: vaultAppRoleSecretTokenCredentialsId`
			`type: string`
			`description: The Jenkins credential ID for the Vault AppRole Secret ID credential`
			`scope:`
			`- GENERAL`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`mandatory: true`
			`- name: vaultServerUrl`
			`type: string`
			`scope:`
			`- GENERAL`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`description: The URL for the Vault server to use`
			`mandatory: true`
			`- name: vaultNamespace`
			`type: string`
			`scope:`
			`- GENERAL`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`description: The vault namespace that should be used (optional)`
			`- name: daysBeforeExpiry`
			`type: int`
			`description: The amount of days before expiry until the secret ID gets rotated`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`default: 15`