feature(vault) retrieve github token from Vault (#2484)

2024-12-12 10:55:20 +02:00 · 2020-12-22 17:57:11 +01:00 · 2020-12-22 17:57:11 +01:00 · 59f32cf042
commit 59f32cf042
parent 4bd155d1ed
10 changed files with 55 additions and 0 deletions
--- a/cmd/fortifyExecuteScan_generated.go
+++ b/cmd/fortifyExecuteScan_generated.go
@ -281,6 +281,12 @@ func fortifyExecuteScanMetadata() config.StepData {
 								Name: "githubTokenCredentialsId",
 								Type: "secret",
 							},
+
+							{
+								Name:  "",
+								Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
+								Type:  "vaultSecret",
+							},
 						},
 						Scope:     []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
 						Type:      "string",
--- a/cmd/githubCreatePullRequest_generated.go
+++ b/cmd/githubCreatePullRequest_generated.go
@ -210,6 +210,12 @@ func githubCreatePullRequestMetadata() config.StepData {
 								Name: "githubTokenCredentialsId",
 								Type: "secret",
 							},
+
+							{
+								Name:  "",
+								Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
+								Type:  "vaultSecret",
+							},
 						},
 						Scope:     []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
 						Type:      "string",
--- a/cmd/githubPublishRelease_generated.go
+++ b/cmd/githubPublishRelease_generated.go
@ -247,6 +247,12 @@ func githubPublishReleaseMetadata() config.StepData {
 								Name: "githubTokenCredentialsId",
 								Type: "secret",
 							},
+
+							{
+								Name:  "",
+								Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
+								Type:  "vaultSecret",
+							},
 						},
 						Scope:     []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
 						Type:      "string",
--- a/cmd/githubSetCommitStatus_generated.go
+++ b/cmd/githubSetCommitStatus_generated.go
@ -208,6 +208,12 @@ func githubSetCommitStatusMetadata() config.StepData {
 								Name: "githubTokenCredentialsId",
 								Type: "secret",
 							},
+
+							{
+								Name:  "",
+								Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
+								Type:  "vaultSecret",
+							},
 						},
 						Scope:     []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
 						Type:      "string",
--- a/cmd/sonarExecuteScan_generated.go
+++ b/cmd/sonarExecuteScan_generated.go
@ -369,6 +369,12 @@ func sonarExecuteScanMetadata() config.StepData {
 								Name: "githubTokenCredentialsId",
 								Type: "secret",
 							},
+
+							{
+								Name:  "",
+								Paths: []string{"$(vaultPath)/github", "$(vaultBasePath)/$(vaultPipelineName)/github", "$(vaultBasePath)/GROUP-SECRETS/github"},
+								Type:  "vaultSecret",
+							},
 						},
 						Scope:     []string{"PARAMETERS"},
 						Type:      "string",
--- a/resources/metadata/fortify.yaml
+++ b/resources/metadata/fortify.yaml
@ -59,6 +59,11 @@ spec:
        resourceRef:
          - name: githubTokenCredentialsId
            type: secret
+          - type: vaultSecret
+            paths:
+            - $(vaultPath)/github
+            - $(vaultBasePath)/$(vaultPipelineName)/github
+            - $(vaultBasePath)/GROUP-SECRETS/github
      - name: autoCreate
        type: bool
        description:
--- a/resources/metadata/githubcreatepr.yaml
+++ b/resources/metadata/githubcreatepr.yaml
@ -116,6 +116,11 @@ spec:
        resourceRef:
          - name: githubTokenCredentialsId
            type: secret
+          - type: vaultSecret
+            paths:
+            - $(vaultPath)/github
+            - $(vaultBasePath)/$(vaultPipelineName)/github
+            - $(vaultBasePath)/GROUP-SECRETS/github
      - name: labels
        description: Labels to be added to the pull request.
        scope:
--- a/resources/metadata/githubrelease.yaml
+++ b/resources/metadata/githubrelease.yaml
@ -144,6 +144,11 @@ spec:
        resourceRef:
          - name: githubTokenCredentialsId
            type: secret
+          - type: vaultSecret
+            paths:
+            - $(vaultPath)/github
+            - $(vaultBasePath)/$(vaultPipelineName)/github
+            - $(vaultBasePath)/GROUP-SECRETS/github
      - name: uploadUrl
        aliases:
          - name: githubUploadUrl
--- a/resources/metadata/githubstatus.yaml
+++ b/resources/metadata/githubstatus.yaml
@ -117,3 +117,8 @@ spec:
        resourceRef:
          - name: githubTokenCredentialsId
            type: secret
+          - type: vaultSecret
+            paths:
+            - $(vaultPath)/github
+            - $(vaultBasePath)/$(vaultPipelineName)/github
+            - $(vaultBasePath)/GROUP-SECRETS/github
--- a/resources/metadata/sonar.yaml
+++ b/resources/metadata/sonar.yaml
@ -202,6 +202,11 @@ spec:
        resourceRef:
          - name: githubTokenCredentialsId
            type: secret
+          - type: vaultSecret
+            paths:
+            - $(vaultPath)/github
+            - $(vaultBasePath)/$(vaultPipelineName)/github
+            - $(vaultBasePath)/GROUP-SECRETS/github
      - name: disableInlineComments
        type: bool
        description: "Pull-Request only: Disables the pull-request decoration with inline comments.