Add missing vault-secrets options
This patch adds the following options that are missing from JJB but available in the UI: - fail if path not found - skip ssl verification - k/v engine version Change-Id: Id8e14d63c668a1ef826ae88ae3ce0360609bde99
This commit is contained in:
Sagar Khushalani
parent
5fcd882d41
commit
7b805f9c0c
@ -1289,11 +1289,16 @@ def vault_secrets(registry, xml_parent, data):
|
||||
|
||||
:arg str vault-url: Vault URL
|
||||
:arg str credentials-id: Vault Credential
|
||||
:arg str engine-version: Vault K/V Engine version
|
||||
:arg bool fail-if-not-found: Fail if the secret path is not found
|
||||
:arg bool skip-ssl-verification: Skip verification of SSL certs
|
||||
:arg list secrets: List of secrets
|
||||
|
||||
:secrets:
|
||||
* **secret-path** (`str`) --
|
||||
The path of the secret in the vault server
|
||||
* **engine-version** (`str`) --
|
||||
Vault K/V Engine version
|
||||
|
||||
:secret-values:
|
||||
* **secret-values** (`list`) -- List of key / value pairs
|
||||
@ -1321,12 +1326,18 @@ def vault_secrets(registry, xml_parent, data):
|
||||
conf_mapping = [
|
||||
("vault-url", "vaultUrl", ""),
|
||||
("credentials-id", "vaultCredentialId", ""),
|
||||
("engine-version", "engineVersion", "1"),
|
||||
("fail-if-not-found", "failIfNotFound", "true"),
|
||||
("skip-ssl-verification", "skipSslVerification", "false"),
|
||||
]
|
||||
helpers.convert_mapping_to_xml(
|
||||
configuration, data, conf_mapping, fail_required=True
|
||||
)
|
||||
|
||||
secret_obj_mapping = [("secret-path", "path", "")]
|
||||
secret_obj_mapping = [
|
||||
("secret-path", "path", ""),
|
||||
("engine-version", "engineVersion", "1"),
|
||||
]
|
||||
secret_value_mapping = [("env-var", "envVar", ""), ("vault-key", "vaultKey", "")]
|
||||
secretsobj = XML.SubElement(vault, "vaultSecrets")
|
||||
secrets = data.get("secrets", [])
|
||||
|
||||
@ -5,10 +5,14 @@
|
||||
<configuration>
|
||||
<vaultUrl>http://127.0.0.1:8200</vaultUrl>
|
||||
<vaultCredentialId>myCredentials</vaultCredentialId>
|
||||
<engineVersion>2</engineVersion>
|
||||
<failIfNotFound>false</failIfNotFound>
|
||||
<skipSslVerification>true</skipSslVerification>
|
||||
</configuration>
|
||||
<vaultSecrets>
|
||||
<com.datapipe.jenkins.vault.model.VaultSecret>
|
||||
<path>secret/my-secret</path>
|
||||
<engineVersion>1</engineVersion>
|
||||
<secretValues>
|
||||
<com.datapipe.jenkins.vault.model.VaultSecretValue>
|
||||
<envVar>USERNAME</envVar>
|
||||
@ -22,6 +26,7 @@
|
||||
</com.datapipe.jenkins.vault.model.VaultSecret>
|
||||
<com.datapipe.jenkins.vault.model.VaultSecret>
|
||||
<path>secret/my-secret2</path>
|
||||
<engineVersion>2</engineVersion>
|
||||
<secretValues>
|
||||
<com.datapipe.jenkins.vault.model.VaultSecretValue>
|
||||
<envVar>USERNAME2</envVar>
|
||||
|
||||
@ -2,6 +2,9 @@ wrappers:
|
||||
- vault-secrets:
|
||||
vault-url: 'http://127.0.0.1:8200'
|
||||
credentials-id: 'myCredentials'
|
||||
fail-if-not-found: 'false'
|
||||
skip-ssl-verification: 'true'
|
||||
engine-version: '2'
|
||||
secrets:
|
||||
- secret-path: 'secret/my-secret'
|
||||
secret-values:
|
||||
@ -10,6 +13,7 @@ wrappers:
|
||||
- env-var: 'PASSWORD'
|
||||
vault-key: 'password'
|
||||
- secret-path: 'secret/my-secret2'
|
||||
engine-version: '2'
|
||||
secret-values:
|
||||
- env-var: 'USERNAME2'
|
||||
vault-key: 'username2'
|
||||
|
||||
@ -5,10 +5,14 @@
|
||||
<configuration>
|
||||
<vaultUrl>http://127.0.0.1:8200</vaultUrl>
|
||||
<vaultCredentialId>myCredentials</vaultCredentialId>
|
||||
<engineVersion>1</engineVersion>
|
||||
<failIfNotFound>true</failIfNotFound>
|
||||
<skipSslVerification>false</skipSslVerification>
|
||||
</configuration>
|
||||
<vaultSecrets>
|
||||
<com.datapipe.jenkins.vault.model.VaultSecret>
|
||||
<path>secret/my-token</path>
|
||||
<engineVersion>1</engineVersion>
|
||||
<secretValues>
|
||||
<com.datapipe.jenkins.vault.model.VaultSecretValue>
|
||||
<envVar>TOKEN</envVar>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user