From 59f32cf04297966058539c8a76fe279ebcaa1584 Mon Sep 17 00:00:00 2001 From: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> Date: Tue, 22 Dec 2020 17:57:11 +0100 Subject: [PATCH] feature(vault) retrieve github token from Vault (#2484) --- cmd/fortifyExecuteScan_generated.go | 6 ++++++ cmd/githubCreatePullRequest_generated.go | 6 ++++++ cmd/githubPublishRelease_generated.go | 6 ++++++ cmd/githubSetCommitStatus_generated.go | 6 ++++++ cmd/sonarExecuteScan_generated.go | 6 ++++++ resources/metadata/fortify.yaml | 5 +++++ resources/metadata/githubcreatepr.yaml | 5 +++++ resources/metadata/githubrelease.yaml | 5 +++++ resources/metadata/githubstatus.yaml | 5 +++++ resources/metadata/sonar.yaml | 5 +++++ 10 files changed, 55 insertions(+) diff --git a/cmd/fortifyExecuteScan_generated.go b/cmd/fortifyExecuteScan_generated.go index 8a4397246..2d29aac71 100644 --- a/cmd/fortifyExecuteScan_generated.go +++ b/cmd/fortifyExecuteScan_generated.go @@ -281,6 +281,12 @@ func fortifyExecuteScanMetadata() config.StepData { Name: "githubTokenCredentialsId", Type: "secret", }, + + { + Name: "", + Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"}, + Type: "vaultSecret", + }, }, Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, Type: "string", diff --git a/cmd/githubCreatePullRequest_generated.go b/cmd/githubCreatePullRequest_generated.go index 883d9cb3d..b7dd215c6 100644 --- a/cmd/githubCreatePullRequest_generated.go +++ b/cmd/githubCreatePullRequest_generated.go @@ -210,6 +210,12 @@ func githubCreatePullRequestMetadata() config.StepData { Name: "githubTokenCredentialsId", Type: "secret", }, + + { + Name: "", + Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"}, + Type: "vaultSecret", + }, }, Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, Type: "string", diff --git a/cmd/githubPublishRelease_generated.go b/cmd/githubPublishRelease_generated.go index 94f9e5393..549406812 100644 --- a/cmd/githubPublishRelease_generated.go +++ b/cmd/githubPublishRelease_generated.go @@ -247,6 +247,12 @@ func githubPublishReleaseMetadata() config.StepData { Name: "githubTokenCredentialsId", Type: "secret", }, + + { + Name: "", + Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"}, + Type: "vaultSecret", + }, }, Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, Type: "string", diff --git a/cmd/githubSetCommitStatus_generated.go b/cmd/githubSetCommitStatus_generated.go index 9ecf12409..5455168ca 100644 --- a/cmd/githubSetCommitStatus_generated.go +++ b/cmd/githubSetCommitStatus_generated.go @@ -208,6 +208,12 @@ func githubSetCommitStatusMetadata() config.StepData { Name: "githubTokenCredentialsId", Type: "secret", }, + + { + Name: "", + Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"}, + Type: "vaultSecret", + }, }, Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, Type: "string", diff --git a/cmd/sonarExecuteScan_generated.go b/cmd/sonarExecuteScan_generated.go index 3e0afcdb8..a1a74c7e3 100644 --- a/cmd/sonarExecuteScan_generated.go +++ b/cmd/sonarExecuteScan_generated.go @@ -369,6 +369,12 @@ func sonarExecuteScanMetadata() config.StepData { Name: "githubTokenCredentialsId", Type: "secret", }, + + { + Name: "", + Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"}, + Type: "vaultSecret", + }, }, Scope: []string{"PARAMETERS"}, Type: "string", diff --git a/resources/metadata/fortify.yaml b/resources/metadata/fortify.yaml index 41ece58f4..214fa4770 100644 --- a/resources/metadata/fortify.yaml +++ b/resources/metadata/fortify.yaml @@ -59,6 +59,11 @@ spec: resourceRef: - name: githubTokenCredentialsId type: secret + - type: vaultSecret + paths: + - $(vaultPath)/github + - $(vaultBasePath)/$(vaultPipelineName)/github + - $(vaultBasePath)/GROUP-SECRETS/github - name: autoCreate type: bool description: diff --git a/resources/metadata/githubcreatepr.yaml b/resources/metadata/githubcreatepr.yaml index 3ae10a561..7aa25cc96 100644 --- a/resources/metadata/githubcreatepr.yaml +++ b/resources/metadata/githubcreatepr.yaml @@ -116,6 +116,11 @@ spec: resourceRef: - name: githubTokenCredentialsId type: secret + - type: vaultSecret + paths: + - $(vaultPath)/github + - $(vaultBasePath)/$(vaultPipelineName)/github + - $(vaultBasePath)/GROUP-SECRETS/github - name: labels description: Labels to be added to the pull request. scope: diff --git a/resources/metadata/githubrelease.yaml b/resources/metadata/githubrelease.yaml index 0dd324b07..9b8988a72 100644 --- a/resources/metadata/githubrelease.yaml +++ b/resources/metadata/githubrelease.yaml @@ -144,6 +144,11 @@ spec: resourceRef: - name: githubTokenCredentialsId type: secret + - type: vaultSecret + paths: + - $(vaultPath)/github + - $(vaultBasePath)/$(vaultPipelineName)/github + - $(vaultBasePath)/GROUP-SECRETS/github - name: uploadUrl aliases: - name: githubUploadUrl diff --git a/resources/metadata/githubstatus.yaml b/resources/metadata/githubstatus.yaml index 6ed43f86e..bcbc51a55 100644 --- a/resources/metadata/githubstatus.yaml +++ b/resources/metadata/githubstatus.yaml @@ -117,3 +117,8 @@ spec: resourceRef: - name: githubTokenCredentialsId type: secret + - type: vaultSecret + paths: + - $(vaultPath)/github + - $(vaultBasePath)/$(vaultPipelineName)/github + - $(vaultBasePath)/GROUP-SECRETS/github diff --git a/resources/metadata/sonar.yaml b/resources/metadata/sonar.yaml index af0fcf633..4b9a617e9 100644 --- a/resources/metadata/sonar.yaml +++ b/resources/metadata/sonar.yaml @@ -202,6 +202,11 @@ spec: resourceRef: - name: githubTokenCredentialsId type: secret + - type: vaultSecret + paths: + - $(vaultPath)/github + - $(vaultBasePath)/$(vaultPipelineName)/github + - $(vaultBasePath)/GROUP-SECRETS/github - name: disableInlineComments type: bool description: "Pull-Request only: Disables the pull-request decoration with inline comments.