Skip to content

Commit

Permalink
Move vault vars under zuul_vault (#33)
Browse files Browse the repository at this point in the history 
base jobs only generates secret for the job if zuul_vault var is set.

Signed-off-by: Artem Goncharov <artem.goncharov@gmail.com>
  • Loading branch information
@gtema
gtema authored Sep 16, 2024
1 parent 29d3a36 commit 65708a0
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
3 changes: 2 additions & 1 deletion playbooks/openstack/pre.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,13 @@
hosts: localhost
vars:
vault_addr: "{{ zuul_vault_addr }}"
vault_token: "{{ lookup('file', zuul_base_vault_token_path) }}"
vault_secret_dest: "{{ zuul.executor.work_root }}/.approle-secret"
vault_token_dest: "{{ zuul.executor.work_root }}/.approle-token"
vault_role_name: "{{ zuul_vault.vault_role_name }}"

roles:
- role: create-vault-approle-token
vault_role_id: "{{ zuul_vault.vault_role_id }}"
vault_wrapping_token_id: "{{ lookup('file', vault_secret_dest) }}"

- name: OpenStack access configuration file
Expand Down
5 changes: 3 additions & 2 deletions zuul.d/jobs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,5 +53,6 @@
vars:
cloud: "gx-scs-zuul"
vault_cloud_secret_path: "clouds/gx_scs_k8s_e2e"
vault_role_name: "zuul_scs_sovereigncloudstack_zuul-scs-jobs"
vault_role_id: "bc5d3801-3c73-acd0-1e63-de5ed0041a07"
zuul_vault:
vault_role_name: "zuul_scs_sovereigncloudstack_zuul-scs-jobs"
vault_role_id: "bc5d3801-3c73-acd0-1e63-de5ed0041a07"

0 comments on commit 65708a0

Please sign in to comment.