jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-09-16 09:26:22 +02:00
Code Issues Releases Activity

Feature/vault refactoring (#3113)

Browse Source 
* refactor vault code

* adjust generator

* wip: fix tests

* regenerate influxdb

* fix test

* add another test

* fix test & docs

* fix formatting

* Minorupdate and fixes

Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
This commit is contained in:
Eugene Kortelyov
2021-09-21 14:06:32 +03:00
committed by GitHub
parent 893edfe4d6
commit 56be54c504
55 changed files with 338 additions and 348 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/abapEnvironmentCreateSystem_generated.go
View File

@@ -169,9 +169,9 @@ func abapEnvironmentCreateSystemMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)"},
Name: "cloudfoundryVaultSecretName",
Type: "vaultSecret",
Default: "cloudfoundry-$(org)-$(space)",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -190,9 +190,9 @@ func abapEnvironmentCreateSystemMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)"},
Name: "cloudfoundryVaultSecretName",
Type: "vaultSecret",
Default: "cloudfoundry-$(org)-$(space)",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

8
cmd/artifactPrepareVersion_generated.go
View File

@@ -368,9 +368,9 @@ func artifactPrepareVersionMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/gitHttpsCredential", "$(vaultBasePath)/$(vaultPipelineName)/gitHttpsCredential", "$(vaultBasePath)/GROUP-SECRETS/gitHttpsCredential"},
Name: "gitHttpsCredentialVaultSecretName",
Type: "vaultSecret",
Default: "gitHttpsCredential",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -425,9 +425,9 @@ func artifactPrepareVersionMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/gitHttpsCredential", "$(vaultBasePath)/$(vaultPipelineName)/gitHttpsCredential", "$(vaultBasePath)/GROUP-SECRETS/gitHttpsCredential"},
Name: "gitHttpsCredentialVaultSecretName",
Type: "vaultSecret",
Default: "gitHttpsCredential",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

8
cmd/checkmarxExecuteScan_generated.go
View File

@@ -380,9 +380,9 @@ func checkmarxExecuteScanMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/checkmarx", "$(vaultBasePath)/$(vaultPipelineName)/checkmarx", "$(vaultBasePath)/GROUP-SECRETS/checkmarx"},
Name: "checkmarxVaultSecretName",
Type: "vaultSecret",
Default: "checkmarx",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -464,9 +464,9 @@ func checkmarxExecuteScanMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/checkmarx", "$(vaultBasePath)/$(vaultPipelineName)/checkmarx", "$(vaultBasePath)/GROUP-SECRETS/checkmarx"},
Name: "checkmarxVaultSecretName",
Type: "vaultSecret",
Default: "checkmarx",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

8
cmd/cloudFoundryCreateServiceKey_generated.go
View File

@@ -153,9 +153,9 @@ func cloudFoundryCreateServiceKeyMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)"},
Name: "cloudfoundryVaultSecretName",
Type: "vaultSecret",
Default: "cloudfoundry-$(org)-$(space)",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -174,9 +174,9 @@ func cloudFoundryCreateServiceKeyMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)"},
Name: "cloudfoundryVaultSecretName",
Type: "vaultSecret",
Default: "cloudfoundry-$(org)-$(space)",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

8
cmd/cloudFoundryCreateService_generated.go
View File

@@ -172,9 +172,9 @@ func cloudFoundryCreateServiceMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)"},
Name: "cloudfoundryVaultSecretName",
Type: "vaultSecret",
Default: "cloudfoundry-$(org)-$(space)",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -193,9 +193,9 @@ func cloudFoundryCreateServiceMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)"},
Name: "cloudfoundryVaultSecretName",
Type: "vaultSecret",
Default: "cloudfoundry-$(org)-$(space)",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

8
cmd/cloudFoundryDeleteService_generated.go
View File

@@ -150,9 +150,9 @@ func cloudFoundryDeleteServiceMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)"},
Name: "cloudfoundryVaultSecretName",
Type: "vaultSecret",
Default: "cloudfoundry-$(org)-$(space)",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -171,9 +171,9 @@ func cloudFoundryDeleteServiceMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)"},
Name: "cloudfoundryVaultSecretName",
Type: "vaultSecret",
Default: "cloudfoundry-$(org)-$(space)",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

8
cmd/cloudFoundryDeploy_generated.go
View File

@@ -478,9 +478,9 @@ func cloudFoundryDeployMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)"},
Name: "cloudfoundryVaultSecretName",
Type: "vaultSecret",
Default: "cloudfoundry-$(org)-$(space)",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -526,9 +526,9 @@ func cloudFoundryDeployMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)", "$(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)"},
Name: "cloudfoundryVaultSecretName",
Type: "vaultSecret",
Default: "cloudfoundry-$(org)-$(space)",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

1
cmd/cnbBuild_generated.go
View File

@@ -230,7 +230,6 @@ func cnbBuildMetadata() config.StepData {
{
Name: "",
Paths: []string{"$(vaultPath)/docker-config", "$(vaultBasePath)/$(vaultPipelineName)/docker-config", "$(vaultBasePath)/GROUP-SECRETS/docker-config"},
Type: "vaultSecretFile",
},
},

4
cmd/detectExecuteScan_generated.go
View File

@@ -229,9 +229,9 @@ func detectExecuteScanMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/detect", "$(vaultBasePath)/$(vaultPipelineName)/detect", "$(vaultBasePath)/GROUP-SECRETS/detect"},
Name: "detectVaultSecretName",
Type: "vaultSecret",
Default: "detect",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

8
cmd/fortifyExecuteScan_generated.go
View File

@@ -329,9 +329,9 @@ func fortifyExecuteScanMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/fortify", "$(vaultBasePath)/$(vaultPipelineName)/fortify", "$(vaultBasePath)/GROUP-SECRETS/fortify"},
Name: "fortifyVaultSecretName",
Type: "vaultSecret",
Default: "fortify",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -367,9 +367,9 @@ func fortifyExecuteScanMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
Name: "githubVaultSecretName",
Type: "vaultSecret",
Default: "github",
},
},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},

4
cmd/githubCheckBranchProtection_generated.go
View File

@@ -215,9 +215,9 @@ func githubCheckBranchProtectionMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
Name: "githubVaultSecretName",
Type: "vaultSecret",
Default: "github",
},
},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},

4
cmd/githubCommentIssue_generated.go
View File

@@ -195,9 +195,9 @@ func githubCommentIssueMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
Name: "githubVaultSecretName",
Type: "vaultSecret",
Default: "github",
},
},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},

4
cmd/githubCreateIssue_generated.go
View File

@@ -204,9 +204,9 @@ func githubCreateIssueMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
Name: "githubVaultSecretName",
Type: "vaultSecret",
Default: "github",
},
},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},

4
cmd/githubCreatePullRequest_generated.go
View File

@@ -243,9 +243,9 @@ func githubCreatePullRequestMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
Name: "githubVaultSecretName",
Type: "vaultSecret",
Default: "github",
},
},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},

4
cmd/githubPublishRelease_generated.go
View File

@@ -283,9 +283,9 @@ func githubPublishReleaseMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
Name: "githubVaultSecretName",
Type: "vaultSecret",
Default: "github",
},
},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},

4
cmd/githubSetCommitStatus_generated.go
View File

@@ -240,9 +240,9 @@ func githubSetCommitStatusMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
Name: "githubVaultSecretName",
Type: "vaultSecret",
Default: "github",
},
},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},

4
cmd/influxWriteData_generated.go
View File

@@ -143,9 +143,9 @@ func influxWriteDataMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/influxdb", "$(vaultBasePath)/$(vaultPipelineName)/influxdb", "$(vaultBasePath)/GROUP-SECRETS/influxdb"},
Name: "influxVaultSecretName",
Type: "vaultSecret",
Default: "influxdb",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

4
cmd/kanikoExecute_generated.go
View File

@@ -260,9 +260,9 @@ func kanikoExecuteMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/docker-config", "$(vaultBasePath)/$(vaultPipelineName)/docker-config", "$(vaultBasePath)/GROUP-SECRETS/docker-config"},
Name: "dockerConfigFileVaultSecretName",
Type: "vaultSecretFile",
Default: "docker-config",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

7
cmd/kubernetesDeploy_generated.go
View File

@@ -370,9 +370,9 @@ func kubernetesDeployMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/kube-config", "$(vaultBasePath)/$(vaultPipelineName)/kube-config", "$(vaultBasePath)/GROUP-SECRETS/kube-config"},
Name: "kubeConfigFileSecretName",
Type: "vaultSecretFile",
Default: "kube-config",
},
},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
@@ -436,8 +436,7 @@ func kubernetesDeployMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/docker-config", "$(vaultBasePath)/$(vaultPipelineName)/docker-config", "$(vaultBasePath)/GROUP-SECRETS/docker-config"},
Name: "dockerConfigFileVaultSecretName",
Type: "vaultSecretFile",
},
},

4
cmd/mavenBuild_generated.go
View File

@@ -244,9 +244,9 @@ func mavenBuildMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/alt-deployment-repository-passowrd", "$(vaultBasePath)/$(vaultPipelineName)/alt-deployment-repository-passowrd", "$(vaultBasePath)/GROUP-SECRETS/alt-deployment-repository-passowrd"},
Name: "altDeploymentRepositoryPasswordFileVaultSecretName",
Type: "vaultSecretFile",
Default: "alt-deployment-repository-passowrd",
},
},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},

12
cmd/protecodeExecuteScan_generated.go
View File

@@ -268,9 +268,9 @@ func protecodeExecuteScanMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/docker-config", "$(vaultBasePath)/$(vaultPipelineName)/docker-config", "$(vaultBasePath)/GROUP-SECRETS/docker-config"},
Name: "dockerConfigFileVaultSecretName",
Type: "vaultSecretFile",
Default: "docker-config",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -379,9 +379,9 @@ func protecodeExecuteScanMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/protecode", "$(vaultBasePath)/$(vaultPipelineName)/protecode", "$(vaultBasePath)/GROUP-SECRETS/protecode"},
Name: "protecodeVaultSecretName",
Type: "vaultSecret",
Default: "protecode",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -400,9 +400,9 @@ func protecodeExecuteScanMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/protecode", "$(vaultBasePath)/$(vaultPipelineName)/protecode", "$(vaultBasePath)/GROUP-SECRETS/protecode"},
Name: "protecodeVaultSecretName",
Type: "vaultSecret",
Default: "protecode",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

8
cmd/sonarExecuteScan_generated.go
View File

@@ -241,9 +241,9 @@ func sonarExecuteScanMetadata() config.StepData {
Name: "token",
ResourceRef: []config.ResourceReference{
{
Name: "",
Paths: []string{"$(vaultPath)/sonar", "$(vaultBasePath)/$(vaultPipelineName)/sonar", "$(vaultBasePath)/GROUP-SECRETS/sonar"},
Name: "sonarSecretName",
Type: "vaultSecret",
Default: "sonar",
},
{
@@ -452,9 +452,9 @@ func sonarExecuteScanMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
Name: "githubVaultSecretName",
Type: "vaultSecret",
Default: "github",
},
},
Scope: []string{"PARAMETERS"},

4
cmd/terraformExecute_generated.go
View File

@@ -125,9 +125,9 @@ func terraformExecuteMetadata() config.StepData {
Name: "terraformSecrets",
ResourceRef: []config.ResourceReference{
{
Name: "",
Paths: []string{"$(vaultPath)/terraformExecute", "$(vaultBasePath)/$(vaultPipelineName)/terraformExecute", "$(vaultBasePath)/GROUP-SECRETS/terraformExecute"},
Name: "terraformExecuteFileVaultSecret",
Type: "vaultSecretFile",
Default: "terraformExecute",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},

13
cmd/vaultRotateSecretId_generated.go
View File

@@ -151,9 +151,9 @@ func vaultRotateSecretIdMetadata() config.StepData {
Name: "jenkinsUrl",
ResourceRef: []config.ResourceReference{
{
Name: "",
Paths: []string{"$(vaultPath)/jenkins", "$(vaultBasePath)/$(vaultPipelineName)/jenkins", "$(vaultBasePath)/GROUP-SECRETS/jenkins"},
Name: "jenkinsVaultSecret",
Type: "vaultSecret",
Default: "jenkins",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -175,9 +175,9 @@ func vaultRotateSecretIdMetadata() config.StepData {
Name: "jenkinsUsername",
ResourceRef: []config.ResourceReference{
{
Name: "",
Paths: []string{"$(vaultPath)/jenkins", "$(vaultBasePath)/$(vaultPipelineName)/jenkins", "$(vaultBasePath)/GROUP-SECRETS/jenkins"},
Name: "jenkinsVaultSecret",
Type: "vaultSecret",
Default: "jenkins",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -190,9 +190,9 @@ func vaultRotateSecretIdMetadata() config.StepData {
Name: "jenkinsToken",
ResourceRef: []config.ResourceReference{
{
Name: "",
Paths: []string{"$(vaultPath)/jenkins", "$(vaultBasePath)/$(vaultPipelineName)/jenkins", "$(vaultBasePath)/GROUP-SECRETS/jenkins"},
Name: "jenkinsVaultSecret",
Type: "vaultSecret",
Default: "jenkins",
},
},
Scope: []string{"PARAMETERS", "STAGES", "STEPS"},
@@ -251,7 +251,6 @@ func vaultRotateSecretIdMetadata() config.StepData {
ResourceRef: []config.ResourceReference{
{
Name: "",
Paths: []string{"$(vaultPath)/jenkins", "$(vaultBasePath)/$(vaultPipelineName)/jenkins", "$(vaultBasePath)/GROUP-SECRETS/jenkins"},
Type: "vaultSecret",
},
},

4
cmd/whitesourceExecuteScan_generated.go
View File

@@ -614,9 +614,9 @@ func whitesourceExecuteScanMetadata() config.StepData {
},
{
Name: "",
Paths: []string{"$(vaultPath)/whitesource", "$(vaultBasePath)/$(vaultPipelineName)/whitesource", "$(vaultBasePath)/GROUP-SECRETS/whitesource"},
Name: "whitesourceVaultSecret",
Type: "vaultSecret",
Default: "whitesource",
},
},
Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},

4
pkg/config/config.go
View File

@@ -191,7 +191,7 @@ func (c *Config) GetStepConfig(flagValues map[string]interface{}, paramJSON stri
stepConfig.mixIn(def.General, filters.General)
stepConfig.mixIn(def.Steps[stepName], filters.Steps)
stepConfig.mixIn(def.Stages[stageName], filters.Steps)
stepConfig.mixinVaultConfig(def.General, def.Steps[stepName], def.Stages[stageName])
stepConfig.mixinVaultConfig(parameters, def.General, def.Steps[stepName], def.Stages[stageName])
stepConfig.mixInHookConfig(def.Hooks)
}
@@ -233,7 +233,7 @@ func (c *Config) GetStepConfig(flagValues map[string]interface{}, paramJSON stri
log.Entry().Warnf("invalid value for parameter verbose: '%v'", stepConfig.Config["verbose"])
}
stepConfig.mixinVaultConfig(c.General, c.Steps[stepName], c.Stages[stageName])
stepConfig.mixinVaultConfig(parameters, c.General, c.Steps[stepName], c.Stages[stageName])
// check whether vault should be skipped
if skip, ok := stepConfig.Config["skipVault"].(bool); !ok || !skip {
// fetch secrets from vault

19
pkg/config/stepmeta.go
View File

@@ -64,7 +64,7 @@ type ResourceReference struct {
Name string `json:"name"`
Type string `json:"type,omitempty"`
Param string `json:"param,omitempty"`
Paths []string `json:"paths,omitempty"`
Default string `json:"default,omitempty"`
Aliases []Alias `json:"aliases,omitempty"`
}
@@ -411,6 +411,23 @@ func (m *StepParameters) GetReference(refType string) *ResourceReference {
return nil
}
func getFilterForResourceReferences(params []StepParameters) []string {
var filter []string
for _, param := range params {
reference := param.GetReference("vaultSecret")
if reference == nil {
reference = param.GetReference("vaultSecretFile")
}
if reference == nil {
return filter
}
if reference.Name != "" {
filter = append(filter, reference.Name)
}
}
return filter
}
// HasReference checks whether StepData contains a parameter that has Reference with the given type
func (m *StepData) HasReference(refType string) bool {
for _, param := range m.Spec.Inputs.Parameters {

76
pkg/config/vault.go
View File

@@ -3,6 +3,7 @@ package config
import (
"io/ioutil"
"os"
"path"
"regexp"
"strings"
@@ -13,27 +14,45 @@ import (
)
const (
vaultRootPaths = "vaultRootPaths"
vaultTestCredentialPath = "vaultTestCredentialPath"
vaultTestCredentialKeys = "vaultTestCredentialKeys"
vaultTestCredentialEnvPrefix_Default = "PIPER_TESTCREDENTIAL_"
vaultAppRoleID = "vaultAppRoleID"
vaultAppRoleSecretID = "vaultAppRoleSecreId"
vaultServerUrl = "vaultServerUrl"
vaultNamespace = "vaultNamespace"
vaultBasePath = "vaultBasePath"
vaultPipelineName = "vaultPipelineName"
vaultPath = "vaultPath"
skipVault = "skipVault"
vaultDisableOverwrite = "vaultDisableOverwrite"
vaultTestCredentialEnvPrefixDefault = "PIPER_TESTCREDENTIAL_"
)
var (
vaultFilter = []string{
"vaultAppRoleID",
"vaultAppRoleSecreId",
"vaultServerUrl",
"vaultNamespace",
"vaultBasePath",
"vaultPipelineName",
"vaultPath",
"vaultTestCredentialEnvPrefix",
"skipVault",
"vaultDisableOverwrite",
vaultRootPaths,
vaultAppRoleID,
vaultAppRoleSecretID,
vaultServerUrl,
vaultNamespace,
vaultBasePath,
vaultPipelineName,
vaultPath,
skipVault,
vaultDisableOverwrite,
vaultTestCredentialPath,
vaultTestCredentialKeys,
}
// VaultRootPaths are the lookup paths piper tries to use during the vault lookup.
// A path is only used if it's variables can be interpolated from the config
VaultRootPaths = []string{
"$(vaultPath)",
"$(vaultBasePath)/$(vaultPipelineName)",
"$(vaultBasePath)/GROUP-SECRETS",
}
// VaultSecretFileDirectory holds the directory for the current step run to temporarily store secret files fetched from vault
VaultSecretFileDirectory = ""
)
@@ -51,9 +70,13 @@ type vaultClient interface {
MustRevokeToken()
}
func (s *StepConfig) mixinVaultConfig(configs ...map[string]interface{}) {
func (s *StepConfig) mixinVaultConfig(parameters []StepParameters, configs ...map[string]interface{}) {
for _, config := range configs {
s.mixIn(config, vaultFilter)
// when an empty filter is returned we skip the mixin call since an empty filter will allow everything
if referencesFilter := getFilterForResourceReferences(parameters); len(referencesFilter) > 0 {
s.mixIn(config, referencesFilter)
}
}
}
@@ -109,7 +132,7 @@ func resolveVaultReference(ref *ResourceReference, config *StepConfig, client va
}
var secretValue *string
for _, vaultPath := range ref.Paths {
for _, vaultPath := range getSecretReferencePaths(ref, config.Config) {
// it should be possible to configure the root path were the secret is stored
vaultPath, ok := interpolation.ResolveString(vaultPath, config.Config)
if !ok {
@@ -179,7 +202,7 @@ func populateTestCredentialsAsEnvs(config *StepConfig, secret map[string]string,
vaultTestCredentialEnvPrefix, ok := config.Config["vaultTestCredentialEnvPrefix"].(string)
if !ok || len(vaultTestCredentialEnvPrefix) == 0 {
vaultTestCredentialEnvPrefix = vaultTestCredentialEnvPrefix_Default
vaultTestCredentialEnvPrefix = vaultTestCredentialEnvPrefixDefault
}
for secretKey, secretValue := range secret {
for _, key := range keys {
@@ -284,3 +307,28 @@ func lookupPath(client vaultClient, path string, param *StepParameters) *string
}
return nil
}
func getSecretReferencePaths(reference *ResourceReference, config map[string]interface{}) []string {
retPaths := make([]string, 0, len(VaultRootPaths))
secretName := reference.Default
if providedName, ok := config[reference.Name].(string); ok && providedName != "" {
secretName = providedName
}
for _, rootPath := range VaultRootPaths {
fullPath := path.Join(rootPath, secretName)
retPaths = append(retPaths, fullPath)
}
return retPaths
}
func toStringSlice(interfaceSlice []interface{}) []string {
retSlice := make([]string, 0, len(interfaceSlice))
for _, vRaw := range interfaceSlice {
if v, ok := vRaw.(string); ok {
retSlice = append(retSlice, v)
continue
}
log.Entry().Warnf("'%s' needs to be of type string or an array of strings but got %T (%[2]v)", vaultPath, vRaw)
}
return retSlice
}

96
pkg/config/vault_test.go
View File

@@ -2,28 +2,44 @@ package config
import (
"fmt"
"github.com/stretchr/testify/mock"
"io/ioutil"
"os"
"path"
"strings"
"testing"
"github.com/SAP/jenkins-library/pkg/config/mocks"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
)
func TestVaultConfigLoad(t *testing.T) {
const secretName = "testSecret"
const secretNameOverrideKey = "mySecretVaultSecretName"
t.Parallel()
t.Run("Load secret from vault", func(t *testing.T) {
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultBasePath": "team1",
"vaultPath": "team1",
}}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", secretNameOverrideKey, secretName)}
vaultData := map[string]string{secretName: "value1"}
vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
vaultMock.On("GetKvSecret", path.Join("team1", secretName)).Return(vaultData, nil)
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.Equal(t, "value1", stepConfig.Config[secretName])
})
t.Run("Load secret from vault with path override", func(t *testing.T) {
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultPath": "team1",
secretNameOverrideKey: "overrideSecretName",
}}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", secretNameOverrideKey, secretName)}
vaultData := map[string]string{secretName: "value1"}
vaultMock.On("GetKvSecret", path.Join("team1", "overrideSecretName")).Return(vaultData, nil)
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.Equal(t, "value1", stepConfig.Config[secretName])
})
@@ -31,13 +47,13 @@ func TestVaultConfigLoad(t *testing.T) {
t.Run("Secrets are not overwritten", func(t *testing.T) {
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultBasePath": "team1",
"vaultPath": "team1",
secretName: "preset value",
"vaultDisableOverwrite": true,
}}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", secretNameOverrideKey, secretName)}
vaultData := map[string]string{secretName: "value1"}
vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
vaultMock.On("GetKvSecret", path.Join("team1", secretName)).Return(vaultData, nil)
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.Equal(t, "preset value", stepConfig.Config[secretName])
@@ -46,12 +62,12 @@ func TestVaultConfigLoad(t *testing.T) {
t.Run("Secrets can be overwritten", func(t *testing.T) {
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultBasePath": "team1",
"vaultPath": "team1",
secretName: "preset value",
}}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", secretNameOverrideKey, secretName)}
vaultData := map[string]string{secretName: "value1"}
vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
vaultMock.On("GetKvSecret", path.Join("team1", secretName)).Return(vaultData, nil)
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.Equal(t, "value1", stepConfig.Config[secretName])
@@ -60,10 +76,10 @@ func TestVaultConfigLoad(t *testing.T) {
t.Run("Error is passed through", func(t *testing.T) {
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultBasePath": "team1",
"vaultPath": "team1",
}}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")}
vaultMock.On("GetKvSecret", "team1/pipelineA").Return(nil, fmt.Errorf("test"))
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", secretNameOverrideKey, secretName)}
vaultMock.On("GetKvSecret", path.Join("team1", secretName)).Return(nil, fmt.Errorf("test"))
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.Len(t, stepConfig.Config, 1)
})
@@ -71,10 +87,10 @@ func TestVaultConfigLoad(t *testing.T) {
t.Run("Secret doesn't exist", func(t *testing.T) {
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultBasePath": "team1",
"vaultPath": "team1",
}}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")}
vaultMock.On("GetKvSecret", "team1/pipelineA").Return(nil, nil)
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", secretNameOverrideKey, secretName)}
vaultMock.On("GetKvSecret", path.Join("team1", secretName)).Return(nil, nil)
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.Len(t, stepConfig.Config, 1)
})
@@ -83,13 +99,13 @@ func TestVaultConfigLoad(t *testing.T) {
aliasName := "alias"
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultBasePath": "team1",
"vaultPath": "team1",
}}
param := stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")
param := stepParam(secretName, "vaultSecret", secretNameOverrideKey, secretName)
addAlias(&param, aliasName)
stepParams := []StepParameters{param}
vaultData := map[string]string{aliasName: "value1"}
vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
vaultMock.On("GetKvSecret", path.Join("team1", secretName)).Return(vaultData, nil)
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.Equal(t, "value1", stepConfig.Config[secretName])
})
@@ -97,37 +113,23 @@ func TestVaultConfigLoad(t *testing.T) {
t.Run("Search over multiple paths", func(t *testing.T) {
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultBasePath": "team1",
"vaultBasePath": "team2",
"vaultPath": "team1",
}}
stepParams := []StepParameters{
stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA", "$(vaultBasePath)/pipelineB"),
stepParam(secretName, "vaultSecret", secretNameOverrideKey, secretName),
}
vaultData := map[string]string{secretName: "value1"}
vaultMock.On("GetKvSecret", "team1/pipelineA").Return(nil, nil)
vaultMock.On("GetKvSecret", "team1/pipelineB").Return(vaultData, nil)
vaultMock.On("GetKvSecret", path.Join("team1", secretName)).Return(nil, nil)
vaultMock.On("GetKvSecret", path.Join("team2/GROUP-SECRETS", secretName)).Return(vaultData, nil)
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.Equal(t, "value1", stepConfig.Config[secretName])
})
t.Run("Stop lookup when secret was found", func(t *testing.T) {
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultBasePath": "team1",
}}
stepParams := []StepParameters{
stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA", "$(vaultBasePath)/pipelineB"),
}
vaultData := map[string]string{secretName: "value1"}
vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.Equal(t, "value1", stepConfig.Config[secretName])
vaultMock.AssertNotCalled(t, "GetKvSecret", "team1/pipelineB")
})
t.Run("No BasePath is stepConfig.Configured", func(t *testing.T) {
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{}}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")}
stepParams := []StepParameters{stepParam(secretName, "vaultSecret", secretNameOverrideKey, secretName)}
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.Equal(t, nil, stepConfig.Config[secretName])
vaultMock.AssertNotCalled(t, "GetKvSecret", mock.AnythingOfType("string"))
@@ -136,14 +138,15 @@ func TestVaultConfigLoad(t *testing.T) {
func TestVaultSecretFiles(t *testing.T) {
const secretName = "testSecret"
const secretNameOverrideKey = "mySecretVaultSecretName"
t.Run("Test Vault Secret File Reference", func(t *testing.T) {
vaultMock := &mocks.VaultMock{}
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultPath": "team1",
}}
stepParams := []StepParameters{stepParam(secretName, "vaultSecretFile", "$(vaultPath)/pipelineA")}
stepParams := []StepParameters{stepParam(secretName, "vaultSecretFile", secretNameOverrideKey, secretName)}
vaultData := map[string]string{secretName: "value1"}
vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
vaultMock.On("GetKvSecret", path.Join("team1", secretName)).Return(vaultData, nil)
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.NotNil(t, stepConfig.Config[secretName])
path := stepConfig.Config[secretName].(string)
@@ -161,10 +164,10 @@ func TestVaultSecretFiles(t *testing.T) {
stepConfig := StepConfig{Config: map[string]interface{}{
"vaultPath": "team1",
}}
stepParams := []StepParameters{stepParam(secretName, "vaultSecretFile", "$(vaultPath)/pipelineA")}
stepParams := []StepParameters{stepParam(secretName, "vaultSecretFile", secretNameOverrideKey, secretName)}
vaultData := map[string]string{secretName: "value1"}
assert.NoDirExists(t, VaultSecretFileDirectory)
vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
vaultMock.On("GetKvSecret", path.Join("team1", secretName)).Return(vaultData, nil)
resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
assert.NotNil(t, stepConfig.Config[secretName])
path := stepConfig.Config[secretName].(string)
@@ -191,7 +194,7 @@ func TestMixinVault(t *testing.T) {
"unknownConfig": "test",
}
config.mixinVaultConfig(general, steps)
config.mixinVaultConfig(nil, general, steps)
assert.Contains(t, config.Config, "vaultServerUrl")
assert.Equal(t, vaultServerUrl, config.Config["vaultServerUrl"])
@@ -201,14 +204,15 @@ func TestMixinVault(t *testing.T) {
}
func stepParam(name string, refType string, refPaths ...string) StepParameters {
func stepParam(name, refType, vaultSecretNameProperty, defaultSecretNameName string) StepParameters {
return StepParameters{
Name: name,
Aliases: []Alias{},
ResourceRef: []ResourceReference{
{
Type: refType,
Paths: refPaths,
Name: vaultSecretNameProperty,
Default: defaultSecretNameName,
},
},
}

5
pkg/documentation/generator/parameters.go
View File

@@ -2,6 +2,7 @@ package generator
import (
"fmt"
"path"
"sort"
"strings"
@@ -271,8 +272,8 @@ func addVaultResourceDetails(resource config.ResourceReference, resourceDetails
if resource.Type == "vaultSecret" {
resourceDetails += "<br/>Vault paths: <br />"
resourceDetails += "<ul>"
for _, path := range resource.Paths[0:1] {
resourceDetails += fmt.Sprintf("<li>`%s`</li>", path)
for _, rootPath := range config.VaultRootPaths {
resourceDetails += fmt.Sprintf("<li>`%s`</li>", path.Join(rootPath, resource.Default))
}
resourceDetails += "</ul>"
}

6
pkg/generator/helper/helper.go
View File

@@ -172,11 +172,11 @@ func {{.FlagsFunc}}(cmd *cobra.Command, stepConfig *{{.StepName}}Options) {
{{- if .Param }}
Param: "{{ .Param }}",
{{- end }}
{{- if gt (len .Paths) 0 }}
Paths: []string{{ "{" }}{{ range $_, $path := .Paths }}"{{$path}}",{{ end }}{{"}"}},
{{- end }}
{{- if .Type }}
Type: "{{ .Type }}",
{{- if .Default }}
Default: "{{ .Default }}",
{{- end}}
{{- end }}
{{ "}" }},
{{- nindent 24 ""}}

12
resources/metadata/abapEnvironmentCreateSystem.yaml
View File

@@ -39,10 +39,8 @@ spec:
type: secret
param: username
- type: vaultSecret
paths:
- $(vaultPath)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)
name: cloudfoundryVaultSecretName
default: cloudfoundry-$(org)-$(space)
- name: password
type: string
description: Password for Cloud Foundry User
@@ -57,10 +55,8 @@ spec:
type: secret
param: password
- type: vaultSecret
paths:
- $(vaultPath)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)
name: cloudfoundryVaultSecretName
default: cloudfoundry-$(org)-$(space)
- name: cfOrg
type: string
description: Cloud Foundry org

12
resources/metadata/checkmarx.yaml
View File

@@ -95,10 +95,8 @@ spec:
type: secret
param: password
- type: vaultSecret
paths:
- $(vaultPath)/checkmarx
- $(vaultBasePath)/$(vaultPipelineName)/checkmarx
- $(vaultBasePath)/GROUP-SECRETS/checkmarx
name: checkmarxVaultSecretName
default: checkmarx
- name: preset
type: string
description: The preset to use for scanning, if not set explicitly the step will attempt to look up the project's setting based on the availability of `checkmarxCredentialsId`
@@ -177,10 +175,8 @@ spec:
type: secret
param: username
- type: vaultSecret
paths:
- $(vaultPath)/checkmarx
- $(vaultBasePath)/$(vaultPipelineName)/checkmarx
- $(vaultBasePath)/GROUP-SECRETS/checkmarx
name: checkmarxVaultSecretName
default: checkmarx
- name: verifyOnly
type: bool
description: Whether the step shall only apply verification checks or whether it does a full scan and check cycle

12
resources/metadata/cloudFoundryCreateService.yaml
View File

@@ -47,10 +47,8 @@ spec:
type: secret
param: username
- type: vaultSecret
paths:
- $(vaultPath)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)
name: cloudfoundryVaultSecretName
default: cloudfoundry-$(org)-$(space)
- name: password
type: string
description: Password for Cloud Foundry User
@@ -65,10 +63,8 @@ spec:
type: secret
param: password
- type: vaultSecret
paths:
- $(vaultPath)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)
default: cloudfoundry-$(org)-$(space)
name: cloudfoundryVaultSecretName
- name: cfOrg
type: string
description: Cloud Foundry org

12
resources/metadata/cloudFoundryCreateServiceKey.yaml
View File

@@ -35,10 +35,8 @@ spec:
type: secret
param: username
- type: vaultSecret
paths:
- $(vaultPath)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)
default: cloudfoundry-$(org)-$(space)
name: cloudfoundryVaultSecretName
- name: password
type: string
description: User Password for CF User
@@ -53,10 +51,8 @@ spec:
type: secret
param: password
- type: vaultSecret
paths:
- $(vaultPath)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)
default: cloudfoundry-$(org)-$(space)
name: cloudfoundryVaultSecretName
- name: cfOrg
type: string
description: CF org

12
resources/metadata/cloudFoundryDeleteService.yaml
View File

@@ -35,10 +35,8 @@ spec:
type: secret
param: username
- type: vaultSecret
paths:
- $(vaultPath)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)
default: cloudfoundry-$(org)-$(space)
name: cloudfoundryVaultSecretName
- name: password
type: string
description: User Password for CF User
@@ -53,10 +51,8 @@ spec:
type: secret
param: password
- type: vaultSecret
paths:
- $(vaultPath)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)
default: cloudfoundry-$(org)-$(space)
name: cloudfoundryVaultSecretName
- name: cfOrg
type: string
description: CF org

12
resources/metadata/cloudFoundryDeploy.yaml
View File

@@ -321,10 +321,8 @@ spec:
type: secret
param: password
- type: vaultSecret
paths:
- $(vaultPath)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)
default: cloudfoundry-$(org)-$(space)
name: cloudfoundryVaultSecretName
- name: smokeTestScript
type: string
description:
@@ -376,10 +374,8 @@ spec:
type: secret
param: username
- type: vaultSecret
paths:
- $(vaultPath)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/$(vaultPipelineName)/cloudfoundry-$(org)-$(space)
- $(vaultBasePath)/GROUP-SECRETS/cloudfoundry-$(org)-$(space)
default: cloudfoundry-$(org)-$(space)
name: cloudfoundryVaultSecretName
containers:
- name: cfDeploy
image: ppiper/cf-cli:6

6
resources/metadata/detect.yaml
View File

@@ -35,10 +35,8 @@ spec:
- name: detectTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/detect
- $(vaultBasePath)/$(vaultPipelineName)/detect
- $(vaultBasePath)/GROUP-SECRETS/detect
name: detectVaultSecretName
default: detect
scope:
- PARAMETERS
- STAGES

12
resources/metadata/fortify.yaml
View File

@@ -57,10 +57,8 @@ spec:
- name: fortifyCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/fortify
- $(vaultBasePath)/$(vaultPipelineName)/fortify
- $(vaultBasePath)/GROUP-SECRETS/fortify
name: fortifyVaultSecretName
default: fortify
- name: buildDescriptorExcludeList
type: "[]string"
description: "List of build descriptors and therefore modules to exclude from the scan and assessment activities."
@@ -97,10 +95,8 @@ spec:
- name: githubTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/github
- $(vaultBasePath)/$(vaultPipelineName)/github
- $(vaultBasePath)/GROUP-SECRETS/github
default: github
name: githubVaultSecretName
- name: autoCreate
type: bool
description:

6
resources/metadata/githubbranchprotection.yaml
View File

@@ -97,7 +97,5 @@ spec:
- name: githubTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/github
- $(vaultBasePath)/$(vaultPipelineName)/github
- $(vaultBasePath)/GROUP-SECRETS/github
default: github
name: githubVaultSecretName

6
resources/metadata/githubcommentissue.yaml
View File

@@ -84,7 +84,5 @@ spec:
- name: githubTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/github
- $(vaultBasePath)/$(vaultPipelineName)/github
- $(vaultBasePath)/GROUP-SECRETS/github
default: github
name: githubVaultSecretName

6
resources/metadata/githubcreateissue.yaml
View File

@@ -89,7 +89,5 @@ spec:
- name: githubTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/github
- $(vaultBasePath)/$(vaultPipelineName)/github
- $(vaultBasePath)/GROUP-SECRETS/github
default: github
name: githubVaultSecretName

6
resources/metadata/githubcreatepr.yaml
View File

@@ -118,10 +118,8 @@ spec:
- name: githubTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/github
- $(vaultBasePath)/$(vaultPipelineName)/github
- $(vaultBasePath)/GROUP-SECRETS/github
default: github
name: githubVaultSecretName
- name: labels
description: Labels to be added to the pull request.
scope:

6
resources/metadata/githubrelease.yaml
View File

@@ -146,10 +146,8 @@ spec:
- name: githubTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/github
- $(vaultBasePath)/$(vaultPipelineName)/github
- $(vaultBasePath)/GROUP-SECRETS/github
default: github
name: githubVaultSecretName
- name: uploadUrl
aliases:
- name: githubUploadUrl

6
resources/metadata/githubstatus.yaml
View File

@@ -119,7 +119,5 @@ spec:
- name: githubTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/github
- $(vaultBasePath)/$(vaultPipelineName)/github
- $(vaultBasePath)/GROUP-SECRETS/github
default: github
name: githubVaultSecretName

6
resources/metadata/influx.yaml
View File

@@ -32,10 +32,8 @@ spec:
- name: influxAuthTokenId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/influxdb
- $(vaultBasePath)/$(vaultPipelineName)/influxdb
- $(vaultBasePath)/GROUP-SECRETS/influxdb
name: influxVaultSecretName
default: influxdb
- name: bucket
type: string
description: Name of database (1.8) or bucket (2.0)

6
resources/metadata/kaniko.yaml
View File

@@ -100,10 +100,8 @@ spec:
- name: dockerConfigJsonCredentialsId
type: secret
- type: vaultSecretFile
paths:
- $(vaultPath)/docker-config
- $(vaultBasePath)/$(vaultPipelineName)/docker-config
- $(vaultBasePath)/GROUP-SECRETS/docker-config
name: dockerConfigFileVaultSecretName
default: docker-config
- name: dockerfilePath
aliases:
- name: dockerfile

11
resources/metadata/kubernetesdeploy.yaml
View File

@@ -245,10 +245,8 @@ spec:
- name: kubeConfigFileCredentialsId
type: secret
- type: vaultSecretFile
paths:
- $(vaultPath)/kube-config
- $(vaultBasePath)/$(vaultPipelineName)/kube-config
- $(vaultBasePath)/GROUP-SECRETS/kube-config
name: kubeConfigFileSecretName
default: kube-config
- name: kubeContext
type: string
description: Defines the context to use from the \"kubeconfig\" file.
@@ -300,10 +298,7 @@ spec:
- name: dockerConfigJsonCredentialsId
type: secret
- type: vaultSecretFile
paths:
- $(vaultPath)/docker-config
- $(vaultBasePath)/$(vaultPipelineName)/docker-config
- $(vaultBasePath)/GROUP-SECRETS/docker-config
name: dockerConfigFileVaultSecretName
containers:
- image: dtzar/helm-kubectl:3.4.1
workingDir: /config

6
resources/metadata/mavenBuild.yaml
View File

@@ -115,10 +115,8 @@ spec:
- name: altDeploymentRepositoryPasswordId
type: secret
- type: vaultSecretFile
paths:
- $(vaultPath)/alt-deployment-repository-passowrd
- $(vaultBasePath)/$(vaultPipelineName)/alt-deployment-repository-passowrd
- $(vaultBasePath)/GROUP-SECRETS/alt-deployment-repository-passowrd
name: altDeploymentRepositoryPasswordFileVaultSecretName
default: alt-deployment-repository-passowrd
- name: altDeploymentRepositoryUser
type: string
description: User for the alternative deployment repository to which the project artifacts should be deployed ( other than those specified in <distributionManagement> ). This user will be updated in settings.xml . When no settings.xml is provided a new one is created corresponding with <servers> tag

18
resources/metadata/protecode.yaml
View File

@@ -75,10 +75,8 @@ spec:
- name: dockerConfigJsonCredentialsId
type: secret
- type: vaultSecretFile
paths:
- $(vaultPath)/docker-config
- $(vaultBasePath)/$(vaultPipelineName)/docker-config
- $(vaultBasePath)/GROUP-SECRETS/docker-config
name: dockerConfigFileVaultSecretName
default: docker-config
- name: cleanupMode
type: string
description: Decides which parts are removed from the Protecode backend after the scan
@@ -187,10 +185,8 @@ spec:
type: secret
param: username
- type: vaultSecret
paths:
- $(vaultPath)/protecode
- $(vaultBasePath)/$(vaultPipelineName)/protecode
- $(vaultBasePath)/GROUP-SECRETS/protecode
name: protecodeVaultSecretName
default: protecode
- name: password
type: string
description: Password which is used for the user
@@ -205,10 +201,8 @@ spec:
type: secret
param: password
- type: vaultSecret
paths:
- $(vaultPath)/protecode
- $(vaultBasePath)/$(vaultPipelineName)/protecode
- $(vaultBasePath)/GROUP-SECRETS/protecode
name: protecodeVaultSecretName
default: protecode
- name: version
aliases:
- name: artifactVersion

12
resources/metadata/sonar.yaml
View File

@@ -42,10 +42,8 @@ spec:
secret: true
resourceRef:
- type: vaultSecret
paths:
- $(vaultPath)/sonar
- $(vaultBasePath)/$(vaultPipelineName)/sonar
- $(vaultBasePath)/GROUP-SECRETS/sonar
name: sonarSecretName
default: sonar
- name: sonarTokenCredentialsId
type: secret
aliases:
@@ -226,10 +224,8 @@ spec:
- name: githubTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/github
- $(vaultBasePath)/$(vaultPipelineName)/github
- $(vaultBasePath)/GROUP-SECRETS/github
name: githubVaultSecretName
default: github
- name: disableInlineComments
type: bool
description: "Pull-Request only: Disables the pull-request decoration with inline comments.

6
resources/metadata/terraformExecute.yaml
View File

@@ -21,10 +21,8 @@ spec:
type: string
resourceRef:
- type: vaultSecretFile
paths:
- $(vaultPath)/terraformExecute
- $(vaultBasePath)/$(vaultPipelineName)/terraformExecute
- $(vaultBasePath)/GROUP-SECRETS/terraformExecute
name: terraformExecuteFileVaultSecret
default: terraformExecute
- name: additionalArgs
type: "[]string"
scope:

18
resources/metadata/vaultRotateSecretId.yaml
View File

@@ -26,10 +26,8 @@ spec:
secret: true
resourceRef:
- type: vaultSecret
paths:
- $(vaultPath)/jenkins
- $(vaultBasePath)/$(vaultPipelineName)/jenkins
- $(vaultBasePath)/GROUP-SECRETS/jenkins
name: jenkinsVaultSecret
default: jenkins
aliases:
- name: url
- name: jenkinsCredentialDomain
@@ -52,10 +50,8 @@ spec:
- name: userId
resourceRef:
- type: vaultSecret
paths:
- $(vaultPath)/jenkins
- $(vaultBasePath)/$(vaultPipelineName)/jenkins
- $(vaultBasePath)/GROUP-SECRETS/jenkins
name: jenkinsVaultSecret
default: jenkins
- name: jenkinsToken
type: string
description: "The jenkins token"
@@ -68,10 +64,8 @@ spec:
- name: token
resourceRef:
- type: vaultSecret
paths:
- $(vaultPath)/jenkins
- $(vaultBasePath)/$(vaultPipelineName)/jenkins
- $(vaultBasePath)/GROUP-SECRETS/jenkins
name: jenkinsVaultSecret
default: jenkins
- name: vaultAppRoleSecretTokenCredentialsId
type: string
description: The Jenkins credential ID or Azure DevOps variable name for the Vault AppRole Secret ID credential

12
resources/metadata/versioning.yaml
View File

@@ -198,10 +198,8 @@ spec:
type: secret
param: password
- type: vaultSecret
paths:
- $(vaultPath)/gitHttpsCredential
- $(vaultBasePath)/$(vaultPipelineName)/gitHttpsCredential
- $(vaultBasePath)/GROUP-SECRETS/gitHttpsCredential
name: gitHttpsCredentialVaultSecretName
default: gitHttpsCredential
- name: projectSettingsFile
aliases:
- name: maven/projectSettingsFile
@@ -247,10 +245,8 @@ spec:
type: secret
param: username
- type: vaultSecret
paths:
- $(vaultPath)/gitHttpsCredential
- $(vaultBasePath)/$(vaultPipelineName)/gitHttpsCredential
- $(vaultBasePath)/GROUP-SECRETS/gitHttpsCredential
name: gitHttpsCredentialVaultSecretName
default: gitHttpsCredential
- name: versioningTemplate
type: string
description: "DEPRECATED: Defines the template for the automatic version which will be created"

6
resources/metadata/whitesource.yaml
View File

@@ -360,10 +360,8 @@ spec:
- name: userTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/whitesource
- $(vaultBasePath)/$(vaultPipelineName)/whitesource
- $(vaultBasePath)/GROUP-SECRETS/whitesource
name: whitesourceVaultSecret
default: whitesource
- name: versioningModel
type: string
description: "The default project versioning model used in case `projectVersion` parameter is