chore: align Vault naming (#3372)

* Align Vault naming

* remove duplicate debug  output

* correct message

* align vault naming

* Update vault.md

cmd/piper.go

@@ -206,8 +206,8 @@ func addRootFlags(rootCmd *cobra.Command) {
 	rootCmd.PersistentFlags().BoolVar(&GeneralConfig.NoTelemetry, "noTelemetry", false, "Disables telemetry reporting")
 	rootCmd.PersistentFlags().BoolVarP(&GeneralConfig.Verbose, "verbose", "v", false, "verbose output")
 	rootCmd.PersistentFlags().StringVar(&GeneralConfig.LogFormat, "logFormat", "default", "Log format to use. Options: default, timestamp, plain, full.")
-	rootCmd.PersistentFlags().StringVar(&GeneralConfig.VaultServerURL, "vaultServerUrl", "", "The vault server which should be used to fetch credentials")
+	rootCmd.PersistentFlags().StringVar(&GeneralConfig.VaultServerURL, "vaultServerUrl", "", "The Vault server which should be used to fetch credentials")
-	rootCmd.PersistentFlags().StringVar(&GeneralConfig.VaultNamespace, "vaultNamespace", "", "The vault namespace which should be used to fetch credentials")
+	rootCmd.PersistentFlags().StringVar(&GeneralConfig.VaultNamespace, "vaultNamespace", "", "The Vault namespace which should be used to fetch credentials")
 	rootCmd.PersistentFlags().StringVar(&GeneralConfig.VaultPath, "vaultPath", "", "The path which should be used to fetch credentials")
 	rootCmd.PersistentFlags().StringVar(&GeneralConfig.GCPJsonKeyFilePath, "gcpJsonKeyFilePath", "", "File path to Google Cloud Platform JSON key file")
 	rootCmd.PersistentFlags().StringVar(&GeneralConfig.GCSFolderPath, "gcsFolderPath", "", "GCS folder path. One of the components of GCS target folder")

cmd/shellExecute_generated.go

@@ -33,7 +33,7 @@ func ShellExecuteCommand() *cobra.Command {
 	var createShellExecuteCmd = &cobra.Command{
 		Use:   STEP_NAME,
 		Short: "Step executes defined script",
-		Long:  `Step executes defined script with using test vault credentials`,
+		Long:  `Step executes defined script with using test Vault credentials`,
 		PreRunE: func(cmd *cobra.Command, _ []string) error {
 			startTime = time.Now()
 			log.SetStepName(STEP_NAME)

cmd/vaultRotateSecretId.go

@@ -48,7 +48,7 @@ func vaultRotateSecretId(config vaultRotateSecretIdOptions, telemetryData *telem
 	}
 	client, err := vault.NewClientWithAppRole(vaultConfig, GeneralConfig.VaultRoleID, GeneralConfig.VaultRoleSecretID)
 	if err != nil {
-		log.Entry().WithError(err).Fatal("could not create vault client")
+		log.Entry().WithError(err).Fatal("could not create Vault client")
 	}
 	defer client.MustRevokeToken()
 
@@ -69,7 +69,7 @@ func runVaultRotateSecretID(utils vaultRotateSecretIDUtils) error {
 
 	roleName, err := utils.GetAppRoleName()
 	if err != nil {
-		log.Entry().WithError(err).Warn("Could not fetch approle role name from vault. Secret ID rotation failed!")
+		log.Entry().WithError(err).Warn("Could not fetch Vault AppRole role name from Vault. Secret ID rotation failed!")
 		return nil
 	}
 
@@ -108,7 +108,7 @@ func writeVaultSecretIDToStore(config *vaultRotateSecretIdOptions, secretID stri
 		ctx := context.Background()
 		instance, err := jenkins.Instance(ctx, &http.Client{}, config.JenkinsURL, config.JenkinsUsername, config.JenkinsToken)
 		if err != nil {
-			log.Entry().Warn("Could not write secret ID back to jenkins")
+			log.Entry().Warn("Could not write secret ID back to Jenkins")
 			return err
 		}
 		credManager := jenkins.NewCredentialsManager(instance)

cmd/vaultRotateSecretId_generated.go

@@ -31,7 +31,7 @@ type vaultRotateSecretIdOptions struct {
 	AdoPipelineID                        int    `json:"adoPipelineId,omitempty"`
 }
 
-// VaultRotateSecretIdCommand Rotate vault AppRole Secret ID
+// VaultRotateSecretIdCommand Rotate Vault AppRole Secret ID
 func VaultRotateSecretIdCommand() *cobra.Command {
 	const STEP_NAME = "vaultRotateSecretId"
 
@@ -44,7 +44,7 @@ func VaultRotateSecretIdCommand() *cobra.Command {
 
 	var createVaultRotateSecretIdCmd = &cobra.Command{
 		Use:   STEP_NAME,
-		Short: "Rotate vault AppRole Secret ID",
+		Short: "Rotate Vault AppRole Secret ID",
 		Long:  `This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.`,
 		PreRunE: func(cmd *cobra.Command, _ []string) error {
 			startTime = time.Now()
@@ -131,7 +131,7 @@ func addVaultRotateSecretIdFlags(cmd *cobra.Command, stepConfig *vaultRotateSecr
 	cmd.Flags().StringVar(&stepConfig.JenkinsToken, "jenkinsToken", os.Getenv("PIPER_jenkinsToken"), "The jenkins token")
 	cmd.Flags().StringVar(&stepConfig.VaultAppRoleSecretTokenCredentialsID, "vaultAppRoleSecretTokenCredentialsId", os.Getenv("PIPER_vaultAppRoleSecretTokenCredentialsId"), "The Jenkins credential ID or Azure DevOps variable name for the Vault AppRole Secret ID credential")
 	cmd.Flags().StringVar(&stepConfig.VaultServerURL, "vaultServerUrl", os.Getenv("PIPER_vaultServerUrl"), "The URL for the Vault server to use")
-	cmd.Flags().StringVar(&stepConfig.VaultNamespace, "vaultNamespace", os.Getenv("PIPER_vaultNamespace"), "The vault namespace that should be used (optional)")
+	cmd.Flags().StringVar(&stepConfig.VaultNamespace, "vaultNamespace", os.Getenv("PIPER_vaultNamespace"), "The Vault namespace that should be used (optional)")
 	cmd.Flags().IntVar(&stepConfig.DaysBeforeExpiry, "daysBeforeExpiry", 15, "The amount of days before expiry until the secret ID gets rotated")
 	cmd.Flags().StringVar(&stepConfig.AdoOrganization, "adoOrganization", os.Getenv("PIPER_adoOrganization"), "The Azure DevOps organization name")
 	cmd.Flags().StringVar(&stepConfig.AdoPersonalAccessToken, "adoPersonalAccessToken", os.Getenv("PIPER_adoPersonalAccessToken"), "The Azure DevOps personal access token")
@@ -148,7 +148,7 @@ func vaultRotateSecretIdMetadata() config.StepData {
 		Metadata: config.StepMetadata{
 			Name:        "vaultRotateSecretId",
 			Aliases:     []config.Alias{},
-			Description: "Rotate vault AppRole Secret ID",
+			Description: "Rotate Vault AppRole Secret ID",
 		},
 		Spec: config.StepSpec{
 			Inputs: config.StepInputs{

documentation/developer_hints/VaultResourceReference.md

@@ -2,7 +2,7 @@
 
 ## Preconditions
 
-Parameters that have a ResourceReference of type `vaultSecret` will be looked up from vault when all of the following things are true...
+Parameters that have a ResourceReference of type `vaultSecret` will be looked up from Vault when all of the following things are true...
 
 * The environment variables `PIPER_vaultAppRoleID` and `PIPER_vaultAppRoleSecretID` must both be set to the Vault AppRole role ID and to the Vault AppRole secret ID. See [Vault AppRole docs](https://www.vaultproject.io/docs/auth/approle)
 * `vaultServerUrl` ist set in the `general` section of the configuration file.
@@ -26,4 +26,4 @@ Parameters that have a ResourceReference of type `vaultSecret` will be looked up
 
 With the example above piper will check whether the the `token` parameter has already been set when the config was resolved. If `token` hasn't be resolved yet we will go through every item of the `paths` array, interpolate every string by using the already resolved config and then check whether there is a secret stored at the given path.
 
-In case we find a secret we check whether it has a field (secrets in vault are **flat** json documents) that matches the parameters name (or one of the alias names), in the example above this would be `token`.
+In case we find a secret we check whether it has a field (secrets in Vault are **flat** json documents) that matches the parameters name (or one of the alias names), in the example above this would be `token`.

documentation/docs/infrastructure/vault.md

@@ -18,7 +18,7 @@ since Piper is able to regularly rotate the SecretID, which is not possible with
 To authenticate against Vault, using [AppRole](https://www.vaultproject.io/docs/auth/approle) authentication you need to
 do the following things
 
-- Enable AppRole authentication in your vault instance.
+- Enable AppRole authentication in your Vault instance.
 - After that you have
   to [create an AppRole Role](https://www.vaultproject.io/api-docs/auth/approle#create-update-approle) for Piper
 - Assign the necessary policies to your newly created AppRole.
@@ -30,8 +30,8 @@ do the following things
 ### Token Authentication
 
 First step to use Token authentication is
-to [Create a vault Token](https://www.vaultproject.io/api/auth/token#create-token)
+to [Create a Vault Token](https://www.vaultproject.io/api/auth/token#create-token)
-In order to use a Vault Token for authentication you need to store the vault token inside your Jenkins instance as shown
+In order to use a Vault token for authentication you need to store the Vault token inside your Jenkins instance as shown
 below.
 
 ![Create a Jenkins secret text credential](../images/jenkins-vault-token-credential.png)
@@ -95,13 +95,13 @@ steps:
     skipVault: true   # Skip Vault Secret Lookup for this step
 ```
 
-## Using vault for general purpose and test credentials
+## Using Vault for general purpose and test credentials
 
-Vault can be used with piper to fetch any credentials, e.g. when they need to be appended to custom piper extensions or when they need to be appended to test command. The configuration for vault general purpose credentials can be added to **any** piper golang-based step. The configuration has to be done as follows:
+Vault can be used with piper to fetch any credentials, e.g. when they need to be appended to custom piper extensions or when they need to be appended to test command. The configuration for Vault general purpose credentials can be added to **any** piper golang-based step. The configuration has to be done as follows:
 
 ```yaml
 general:
-  < your vault configuration > # see above
+  < your Vault configuration > # see above
 ...
 steps:
   < piper go step >:
@@ -109,7 +109,7 @@ steps:
     vaultCredentialKeys: ['myAppId', 'myAppSecret']
 ```
 
-The `vaultCredentialPath` parameter is the endpoint of your credential path in vault. Depending on your _general_ config, the lookup for the credential IDs will be done in the following order respectively locations. The first path with found general purpose credentials will be used.
+The `vaultCredentialPath` parameter is the endpoint of your credential path in Vault. Depending on your _general_ config, the lookup for the credential IDs will be done in the following order respectively locations. The first path with found general purpose credentials will be used.
 
 1. `<vaultPath>/<vaultCredentialPath>`
 2. `<vaultBasePath>/<vaultPipelineName>/<vaultCredentialPath>`
@@ -123,15 +123,15 @@ The `vaultCredentialKeys`parameter is a list of credential IDs. The secret value
     It is possible to use a custom prefix by setting for example `vaultCredentialEnvPrefix: MY_CUSTOM_PREFIX` in your configuration.
     With this above credential ID named `myAppId` will be populated into an environment variable with the name `MY_CUSTOM_PREFIX_MYAPPID`.
 
-Extended logging for vault secret fetching (e.g. found credentials and environment variable names) can be activated via `verbose: true` configuration.
+Extended logging for Vault secret fetching (e.g. found credentials and environment variable names) can be activated via `verbose: true` configuration.
 
-## Using vault for test credentials (Deprecated : use general purpose and test credentials as above)
+## Using Vault for test credentials (Deprecated : use general purpose and test credentials as above)
 
-Vault can be used with piper to fetch any credentials, e.g. when they need to be appended to test command. The configuration for vault test credentials can be added to **any** piper golang-based step. The configuration has to be done as follows:
+Vault can be used with piper to fetch any credentials, e.g. when they need to be appended to test command. The configuration for Vault test credentials can be added to **any** piper golang-based step. The configuration has to be done as follows:
 
 ```yaml
 general:
-  < your vault configuration > # see above
+  < your Vault configuration > # see above
 ...
 steps:
   < piper go step >:
@@ -153,4 +153,4 @@ The `vaultTestCredentialKeys`parameter is a list of credential IDs. The secret v
     It is possible to use a custom prefix by setting for example `vaultTestCredentialEnvPrefix: MY_CUSTOM_PREFIX` in your configuration.
     With this above credential ID named `myAppId` will be populated into an environment variable with the name `MY_CUSTOM_PREFIX_MYAPPID`.
 
-Extended logging for vault secret fetching (e.g. found credentials and environment variable names) can be activated via `verbose: true` configuration.
+Extended logging for Vault secret fetching (e.g. found credentials and environment variable names) can be activated via `verbose: true` configuration.

pkg/config/vault.go

@@ -94,14 +94,14 @@ func getVaultClientFromConfig(config StepConfig, creds VaultCredentials) (vaultC
 	// if vault isn't used it's not an error
 
 	if !addressOk || creds.VaultToken == "" && (creds.AppRoleID == "" || creds.AppRoleSecretID == "") {
-		log.Entry().Debug("Skipping fetching secrets from vault since it is not configured")
+		log.Entry().Debug("Skipping fetching secrets from Vault since it is not configured")
 		return nil, nil
 	}
 	namespace := ""
 	// namespaces are only available in vault enterprise so using them should be optional
 	if config.Config["vaultNamespace"] != nil {
 		namespace = config.Config["vaultNamespace"].(string)
-		log.Entry().Debugf("Using vault namespace %s", namespace)
+		log.Entry().Debugf("Using Vault namespace %s", namespace)
 	}
 
 	var client vaultClient
@@ -111,14 +111,14 @@ func getVaultClientFromConfig(config StepConfig, creds VaultCredentials) (vaultC
 		log.Entry().Debugf("Using Vault Token Authentication")
 		client, err = vault.NewClient(clientConfig, creds.VaultToken)
 	} else {
-		log.Entry().Debugf("Using Vaults AppRole Authentication")
+		log.Entry().Debugf("Using Vault AppRole Authentication")
 		client, err = vault.NewClientWithAppRole(clientConfig, creds.AppRoleID, creds.AppRoleSecretID)
 	}
 	if err != nil {
 		return nil, err
 	}
 
-	log.Entry().Infof("Fetching secrets from vault at %s", address)
+	log.Entry().Infof("Fetching secrets from Vault at %s", address)
 	return client, nil
 }
 
@@ -136,7 +136,7 @@ func resolveAllVaultReferences(config *StepConfig, client vaultClient, params []
 func resolveVaultReference(ref *ResourceReference, config *StepConfig, client vaultClient, param StepParameters) {
 	vaultDisableOverwrite, _ := config.Config["vaultDisableOverwrite"].(bool)
 	if _, ok := config.Config[param.Name].(string); vaultDisableOverwrite && ok {
-		log.Entry().Debugf("Not fetching '%s' from vault since it has already been set", param.Name)
+		log.Entry().Debugf("Not fetching '%s' from Vault since it has already been set", param.Name)
 		return
 	}
 
@@ -150,7 +150,7 @@ func resolveVaultReference(ref *ResourceReference, config *StepConfig, client va
 
 		secretValue = lookupPath(client, vaultPath, &param)
 		if secretValue != nil {
-			log.Entry().Debugf("Resolved param '%s' with vault path '%s'", param.Name, vaultPath)
+			log.Entry().Debugf("Resolved param '%s' with Vault path '%s'", param.Name, vaultPath)
 			if ref.Type == "vaultSecret" {
 				config.Config[param.Name] = *secretValue
 			} else if ref.Type == "vaultSecretFile" {
@@ -165,7 +165,7 @@ func resolveVaultReference(ref *ResourceReference, config *StepConfig, client va
 		}
 	}
 	if secretValue == nil {
-		log.Entry().Warnf("Could not resolve param '%s' from vault", param.Name)
+		log.Entry().Warnf("Could not resolve param '%s' from Vault", param.Name)
 	}
 }
 
@@ -174,7 +174,7 @@ func resolveVaultTestCredentials(config *StepConfig, client vaultClient) {
 	credPath, pathOk := config.Config[vaultTestCredentialPath].(string)
 	keys := getTestCredentialKeys(config)
 	if !(pathOk && keys != nil) || credPath == "" || len(keys) == 0 {
-		log.Entry().Debugf("Not fetching test credentials from vault since they are not (properly) configured")
+		log.Entry().Debugf("Not fetching test credentials from Vault since they are not (properly) configured")
 		return
 	}
 
@@ -306,14 +306,13 @@ func populateCredentialsAsEnvs(config *StepConfig, secret map[string]string, key
 func getTestCredentialKeys(config *StepConfig) []string {
 	keysRaw, ok := config.Config[vaultTestCredentialKeys].([]interface{})
 	if !ok {
-		log.Entry().Debugf("Not fetching test credentials from vault since they are not (properly) configured")
 		return nil
 	}
 	keys := make([]string, 0, len(keysRaw))
 	for _, keyRaw := range keysRaw {
 		key, ok := keyRaw.(string)
 		if !ok {
-			log.Entry().Warnf("%s is needs to be an array of strings", vaultTestCredentialKeys)
+			log.Entry().Warnf("%s needs to be an array of strings", vaultTestCredentialKeys)
 			return nil
 		}
 		keys = append(keys, key)
@@ -380,7 +379,7 @@ func createTemporarySecretFile(namePattern string, content string) (string, erro
 }
 
 func lookupPath(client vaultClient, path string, param *StepParameters) *string {
-	log.Entry().Debugf("Trying to resolve vault parameter '%s' at '%s'", param.Name, path)
+	log.Entry().Debugf("Trying to resolve Vault parameter '%s' at '%s'", param.Name, path)
 	secret, err := client.GetKvSecret(path)
 	if err != nil {
 		log.Entry().WithError(err).Warnf("Couldn't fetch secret at '%s'", path)
@@ -403,7 +402,7 @@ func lookupPath(client vaultClient, path string, param *StepParameters) *string
 		if field != "" {
 			log.RegisterSecret(field)
 			if alias.Deprecated {
-				log.Entry().WithField("package", "SAP/jenkins-library/pkg/config").Warningf("DEPRECATION NOTICE: old step config key '%s' used in vault. Please switch to '%s'!", alias.Name, param.Name)
+				log.Entry().WithField("package", "SAP/jenkins-library/pkg/config").Warningf("DEPRECATION NOTICE: old step config key '%s' used in Vault. Please switch to '%s'!", alias.Name, param.Name)
 			}
 			return &field
 		}

pkg/config/vault_test.go

@@ -31,7 +31,7 @@ func TestVaultConfigLoad(t *testing.T) {
 		assert.Equal(t, "value1", stepConfig.Config[secretName])
 	})
 
-	t.Run("Load secret from vault with path override", func(t *testing.T) {
+	t.Run("Load secret from Vault with path override", func(t *testing.T) {
 		vaultMock := &mocks.VaultMock{}
 		stepConfig := StepConfig{Config: map[string]interface{}{
 			"vaultPath":           "team1",

pkg/vault/client.go

@@ -46,7 +46,7 @@ func NewClient(config *Config, token string) (Client, error) {
 	}
 
 	client.SetToken(token)
-	log.Entry().Debugf("Login to vault %s in namespace %s successfull", config.Address, config.Namespace)
+	log.Entry().Debugf("Login to Vault %s in namespace %s successfull", config.Address, config.Namespace)
 	return Client{client.Logical(), config}, nil
 }
 
@@ -69,7 +69,7 @@ func NewClientWithAppRole(config *Config, roleID, secretID string) (Client, erro
 		client.SetNamespace(config.Namespace)
 	}
 
-	log.Entry().Debug("Using approle login")
+	log.Entry().Debug("Using AppRole login")
 	result, err := client.Logical().Write(path.Join(config.AppRoleMountPoint, "/login"), map[string]interface{}{
 		"role_id":   roleID,
 		"secret_id": secretID,

resources/metadata/shellExecute.yaml

@@ -1,7 +1,7 @@
 metadata:
   name: shellExecute
   description: Step executes defined script
-  longDescription: Step executes defined script with using test vault credentials
+  longDescription: Step executes defined script with using test Vault credentials
 spec:
   inputs:
     params:

resources/metadata/vaultRotateSecretId.yaml

@@ -1,6 +1,6 @@
 metadata:
   name: vaultRotateSecretId
-  description: Rotate vault AppRole Secret ID
+  description: Rotate Vault AppRole Secret ID
   longDescription: This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.
 spec:
   inputs:
@@ -91,7 +91,7 @@ spec:
           - PARAMETERS
           - STAGES
           - STEPS
-        description: The vault namespace that should be used (optional)
+        description: The Vault namespace that should be used (optional)
       - name: daysBeforeExpiry
         type: int
         description: The amount of days before expiry until the secret ID gets rotated