mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-12 10:55:20 +02:00
56be54c504
* refactor vault code * adjust generator * wip: fix tests * regenerate influxdb * fix test * add another test * fix test & docs * fix formatting * Minorupdate and fixes Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
139 lines
3.8 KiB
YAML
139 lines
3.8 KiB
YAML
metadata:
|
|
name: vaultRotateSecretId
|
|
description: Rotate vault AppRole Secret ID
|
|
longDescription: This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.
|
|
spec:
|
|
inputs:
|
|
params:
|
|
- name: secretStore
|
|
type: string
|
|
description: "The store to which the secret should be written back to"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: "jenkins"
|
|
possibleValues:
|
|
- jenkins
|
|
- ado
|
|
- name: jenkinsUrl
|
|
type: string
|
|
description: "The jenkins url"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
name: jenkinsVaultSecret
|
|
default: jenkins
|
|
aliases:
|
|
- name: url
|
|
- name: jenkinsCredentialDomain
|
|
type: string
|
|
description: The jenkins credential domain which should be used
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: "_"
|
|
- name: jenkinsUsername
|
|
type: string
|
|
description: "The jenkins username"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
aliases:
|
|
- name: userId
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
name: jenkinsVaultSecret
|
|
default: jenkins
|
|
- name: jenkinsToken
|
|
type: string
|
|
description: "The jenkins token"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
aliases:
|
|
- name: token
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
name: jenkinsVaultSecret
|
|
default: jenkins
|
|
- name: vaultAppRoleSecretTokenCredentialsId
|
|
type: string
|
|
description: The Jenkins credential ID or Azure DevOps variable name for the Vault AppRole Secret ID credential
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
mandatory: true
|
|
- name: vaultServerUrl
|
|
type: string
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The URL for the Vault server to use
|
|
mandatory: true
|
|
- name: vaultNamespace
|
|
type: string
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The vault namespace that should be used (optional)
|
|
- name: daysBeforeExpiry
|
|
type: int
|
|
description: The amount of days before expiry until the secret ID gets rotated
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: 15
|
|
- name: adoOrganization
|
|
type: string
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The Azure DevOps organization name
|
|
- name: adoPersonalAccessToken
|
|
type: string
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The Azure DevOps personal access token
|
|
secret: true
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
paths:
|
|
- $(vaultPath)/jenkins
|
|
- $(vaultBasePath)/$(vaultPipelineName)/jenkins
|
|
- $(vaultBasePath)/GROUP-SECRETS/jenkins
|
|
- name: adoProject
|
|
type: string
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The Azure DevOps project ID. Project name also can be used
|
|
- name: adoPipelineId
|
|
type: int
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The Azure DevOps pipeline ID. Also called as definition ID
|