mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-12 10:55:20 +02:00
51feacadbf
* Align Vault naming * remove duplicate debug output * correct message * align vault naming * Update vault.md
142 lines
3.8 KiB
YAML
142 lines
3.8 KiB
YAML
metadata:
|
|
name: vaultRotateSecretId
|
|
description: Rotate Vault AppRole Secret ID
|
|
longDescription: This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.
|
|
spec:
|
|
inputs:
|
|
params:
|
|
- name: secretStore
|
|
type: string
|
|
description: "The store to which the secret should be written back to"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: "jenkins"
|
|
possibleValues:
|
|
- jenkins
|
|
- ado
|
|
- name: jenkinsUrl
|
|
type: string
|
|
description: "The jenkins url"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
name: jenkinsVaultSecretName
|
|
default: jenkins
|
|
aliases:
|
|
- name: url
|
|
- name: jenkinsCredentialDomain
|
|
type: string
|
|
description: The jenkins credential domain which should be used
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: "_"
|
|
- name: jenkinsUsername
|
|
type: string
|
|
description: "The jenkins username"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
aliases:
|
|
- name: userId
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
name: jenkinsVaultSecretName
|
|
default: jenkins
|
|
- name: jenkinsToken
|
|
type: string
|
|
description: "The jenkins token"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
aliases:
|
|
- name: token
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
name: jenkinsVaultSecretName
|
|
default: jenkins
|
|
- name: vaultAppRoleSecretTokenCredentialsId
|
|
type: string
|
|
description: The Jenkins credential ID or Azure DevOps variable name for the Vault AppRole Secret ID credential
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
mandatory: true
|
|
- name: vaultServerUrl
|
|
type: string
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The URL for the Vault server to use
|
|
mandatory: true
|
|
- name: vaultNamespace
|
|
type: string
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The Vault namespace that should be used (optional)
|
|
- name: daysBeforeExpiry
|
|
type: int
|
|
description: The amount of days before expiry until the secret ID gets rotated
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: 15
|
|
- name: adoOrganization
|
|
type: string
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The Azure DevOps organization name
|
|
- name: adoPersonalAccessToken
|
|
aliases:
|
|
- name: token
|
|
type: string
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The Azure DevOps personal access token
|
|
secret: true
|
|
mandatoryIf:
|
|
- name: secretStore
|
|
value: ado
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
name: azureDevOpsVaultSecretName
|
|
default: azure-dev-ops
|
|
- name: adoProject
|
|
type: string
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The Azure DevOps project ID. Project name also can be used
|
|
- name: adoPipelineId
|
|
type: int
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The Azure DevOps pipeline ID. Also called as definition ID
|