github.com/jaylevin/jenkins-library@v1.230.4/cmd/vaultRotateSecretId_generated.go (about)

     1  // Code generated by piper's step-generator. DO NOT EDIT.
     2  
     3  package cmd
     4  
     5  import (
     6  	"fmt"
     7  	"os"
     8  	"time"
     9  
    10  	"github.com/SAP/jenkins-library/pkg/config"
    11  	"github.com/SAP/jenkins-library/pkg/log"
    12  	"github.com/SAP/jenkins-library/pkg/splunk"
    13  	"github.com/SAP/jenkins-library/pkg/telemetry"
    14  	"github.com/SAP/jenkins-library/pkg/validation"
    15  	"github.com/spf13/cobra"
    16  )
    17  
    18  type vaultRotateSecretIdOptions struct {
    19  	SecretStore                          string `json:"secretStore,omitempty" validate:"possible-values=jenkins ado"`
    20  	JenkinsURL                           string `json:"jenkinsUrl,omitempty"`
    21  	JenkinsCredentialDomain              string `json:"jenkinsCredentialDomain,omitempty"`
    22  	JenkinsUsername                      string `json:"jenkinsUsername,omitempty"`
    23  	JenkinsToken                         string `json:"jenkinsToken,omitempty"`
    24  	VaultAppRoleSecretTokenCredentialsID string `json:"vaultAppRoleSecretTokenCredentialsId,omitempty"`
    25  	VaultServerURL                       string `json:"vaultServerUrl,omitempty"`
    26  	VaultNamespace                       string `json:"vaultNamespace,omitempty"`
    27  	DaysBeforeExpiry                     int    `json:"daysBeforeExpiry,omitempty"`
    28  	AdoOrganization                      string `json:"adoOrganization,omitempty"`
    29  	AdoPersonalAccessToken               string `json:"adoPersonalAccessToken,omitempty" validate:"required_if=SecretStore ado"`
    30  	AdoProject                           string `json:"adoProject,omitempty"`
    31  	AdoPipelineID                        int    `json:"adoPipelineId,omitempty"`
    32  }
    33  
    34  // VaultRotateSecretIdCommand Rotate Vault AppRole Secret ID
    35  func VaultRotateSecretIdCommand() *cobra.Command {
    36  	const STEP_NAME = "vaultRotateSecretId"
    37  
    38  	metadata := vaultRotateSecretIdMetadata()
    39  	var stepConfig vaultRotateSecretIdOptions
    40  	var startTime time.Time
    41  	var logCollector *log.CollectorHook
    42  	var splunkClient *splunk.Splunk
    43  	telemetryClient := &telemetry.Telemetry{}
    44  
    45  	var createVaultRotateSecretIdCmd = &cobra.Command{
    46  		Use:   STEP_NAME,
    47  		Short: "Rotate Vault AppRole Secret ID",
    48  		Long:  `This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.`,
    49  		PreRunE: func(cmd *cobra.Command, _ []string) error {
    50  			startTime = time.Now()
    51  			log.SetStepName(STEP_NAME)
    52  			log.SetVerbose(GeneralConfig.Verbose)
    53  
    54  			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
    55  
    56  			path, _ := os.Getwd()
    57  			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
    58  			log.RegisterHook(fatalHook)
    59  
    60  			err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile)
    61  			if err != nil {
    62  				log.SetErrorCategory(log.ErrorConfiguration)
    63  				return err
    64  			}
    65  			log.RegisterSecret(stepConfig.JenkinsURL)
    66  			log.RegisterSecret(stepConfig.JenkinsUsername)
    67  			log.RegisterSecret(stepConfig.JenkinsToken)
    68  			log.RegisterSecret(stepConfig.AdoPersonalAccessToken)
    69  
    70  			if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 {
    71  				sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID)
    72  				log.RegisterHook(&sentryHook)
    73  			}
    74  
    75  			if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 {
    76  				splunkClient = &splunk.Splunk{}
    77  				logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID}
    78  				log.RegisterHook(logCollector)
    79  			}
    80  
    81  			validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages())
    82  			if err != nil {
    83  				return err
    84  			}
    85  			if err = validation.ValidateStruct(stepConfig); err != nil {
    86  				log.SetErrorCategory(log.ErrorConfiguration)
    87  				return err
    88  			}
    89  
    90  			return nil
    91  		},
    92  		Run: func(_ *cobra.Command, _ []string) {
    93  			stepTelemetryData := telemetry.CustomData{}
    94  			stepTelemetryData.ErrorCode = "1"
    95  			handler := func() {
    96  				config.RemoveVaultSecretFiles()
    97  				stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
    98  				stepTelemetryData.ErrorCategory = log.GetErrorCategory().String()
    99  				stepTelemetryData.PiperCommitHash = GitCommit
   100  				telemetryClient.SetData(&stepTelemetryData)
   101  				telemetryClient.Send()
   102  				if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 {
   103  					splunkClient.Send(telemetryClient.GetData(), logCollector)
   104  				}
   105  			}
   106  			log.DeferExitHandler(handler)
   107  			defer handler()
   108  			telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME)
   109  			if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 {
   110  				splunkClient.Initialize(GeneralConfig.CorrelationID,
   111  					GeneralConfig.HookConfig.SplunkConfig.Dsn,
   112  					GeneralConfig.HookConfig.SplunkConfig.Token,
   113  					GeneralConfig.HookConfig.SplunkConfig.Index,
   114  					GeneralConfig.HookConfig.SplunkConfig.SendLogs)
   115  			}
   116  			vaultRotateSecretId(stepConfig, &stepTelemetryData)
   117  			stepTelemetryData.ErrorCode = "0"
   118  			log.Entry().Info("SUCCESS")
   119  		},
   120  	}
   121  
   122  	addVaultRotateSecretIdFlags(createVaultRotateSecretIdCmd, &stepConfig)
   123  	return createVaultRotateSecretIdCmd
   124  }
   125  
   126  func addVaultRotateSecretIdFlags(cmd *cobra.Command, stepConfig *vaultRotateSecretIdOptions) {
   127  	cmd.Flags().StringVar(&stepConfig.SecretStore, "secretStore", `jenkins`, "The store to which the secret should be written back to")
   128  	cmd.Flags().StringVar(&stepConfig.JenkinsURL, "jenkinsUrl", os.Getenv("PIPER_jenkinsUrl"), "The jenkins url")
   129  	cmd.Flags().StringVar(&stepConfig.JenkinsCredentialDomain, "jenkinsCredentialDomain", `_`, "The jenkins credential domain which should be used")
   130  	cmd.Flags().StringVar(&stepConfig.JenkinsUsername, "jenkinsUsername", os.Getenv("PIPER_jenkinsUsername"), "The jenkins username")
   131  	cmd.Flags().StringVar(&stepConfig.JenkinsToken, "jenkinsToken", os.Getenv("PIPER_jenkinsToken"), "The jenkins token")
   132  	cmd.Flags().StringVar(&stepConfig.VaultAppRoleSecretTokenCredentialsID, "vaultAppRoleSecretTokenCredentialsId", os.Getenv("PIPER_vaultAppRoleSecretTokenCredentialsId"), "The Jenkins credential ID or Azure DevOps variable name for the Vault AppRole Secret ID credential")
   133  	cmd.Flags().StringVar(&stepConfig.VaultServerURL, "vaultServerUrl", os.Getenv("PIPER_vaultServerUrl"), "The URL for the Vault server to use")
   134  	cmd.Flags().StringVar(&stepConfig.VaultNamespace, "vaultNamespace", os.Getenv("PIPER_vaultNamespace"), "The Vault namespace that should be used (optional)")
   135  	cmd.Flags().IntVar(&stepConfig.DaysBeforeExpiry, "daysBeforeExpiry", 15, "The amount of days before expiry until the secret ID gets rotated")
   136  	cmd.Flags().StringVar(&stepConfig.AdoOrganization, "adoOrganization", os.Getenv("PIPER_adoOrganization"), "The Azure DevOps organization name")
   137  	cmd.Flags().StringVar(&stepConfig.AdoPersonalAccessToken, "adoPersonalAccessToken", os.Getenv("PIPER_adoPersonalAccessToken"), "The Azure DevOps personal access token")
   138  	cmd.Flags().StringVar(&stepConfig.AdoProject, "adoProject", os.Getenv("PIPER_adoProject"), "The Azure DevOps project ID. Project name also can be used")
   139  	cmd.Flags().IntVar(&stepConfig.AdoPipelineID, "adoPipelineId", 0, "The Azure DevOps pipeline ID. Also called as definition ID")
   140  
   141  	cmd.MarkFlagRequired("vaultAppRoleSecretTokenCredentialsId")
   142  	cmd.MarkFlagRequired("vaultServerUrl")
   143  }
   144  
   145  // retrieve step metadata
   146  func vaultRotateSecretIdMetadata() config.StepData {
   147  	var theMetaData = config.StepData{
   148  		Metadata: config.StepMetadata{
   149  			Name:        "vaultRotateSecretId",
   150  			Aliases:     []config.Alias{},
   151  			Description: "Rotate Vault AppRole Secret ID",
   152  		},
   153  		Spec: config.StepSpec{
   154  			Inputs: config.StepInputs{
   155  				Parameters: []config.StepParameters{
   156  					{
   157  						Name:        "secretStore",
   158  						ResourceRef: []config.ResourceReference{},
   159  						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
   160  						Type:        "string",
   161  						Mandatory:   false,
   162  						Aliases:     []config.Alias{},
   163  						Default:     `jenkins`,
   164  					},
   165  					{
   166  						Name: "jenkinsUrl",
   167  						ResourceRef: []config.ResourceReference{
   168  							{
   169  								Name:    "jenkinsVaultSecretName",
   170  								Type:    "vaultSecret",
   171  								Default: "jenkins",
   172  							},
   173  						},
   174  						Scope:     []string{"PARAMETERS", "STAGES", "STEPS"},
   175  						Type:      "string",
   176  						Mandatory: false,
   177  						Aliases:   []config.Alias{{Name: "url"}},
   178  						Default:   os.Getenv("PIPER_jenkinsUrl"),
   179  					},
   180  					{
   181  						Name:        "jenkinsCredentialDomain",
   182  						ResourceRef: []config.ResourceReference{},
   183  						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
   184  						Type:        "string",
   185  						Mandatory:   false,
   186  						Aliases:     []config.Alias{},
   187  						Default:     `_`,
   188  					},
   189  					{
   190  						Name: "jenkinsUsername",
   191  						ResourceRef: []config.ResourceReference{
   192  							{
   193  								Name:    "jenkinsVaultSecretName",
   194  								Type:    "vaultSecret",
   195  								Default: "jenkins",
   196  							},
   197  						},
   198  						Scope:     []string{"PARAMETERS", "STAGES", "STEPS"},
   199  						Type:      "string",
   200  						Mandatory: false,
   201  						Aliases:   []config.Alias{{Name: "userId"}},
   202  						Default:   os.Getenv("PIPER_jenkinsUsername"),
   203  					},
   204  					{
   205  						Name: "jenkinsToken",
   206  						ResourceRef: []config.ResourceReference{
   207  							{
   208  								Name:    "jenkinsVaultSecretName",
   209  								Type:    "vaultSecret",
   210  								Default: "jenkins",
   211  							},
   212  						},
   213  						Scope:     []string{"PARAMETERS", "STAGES", "STEPS"},
   214  						Type:      "string",
   215  						Mandatory: false,
   216  						Aliases:   []config.Alias{{Name: "token"}},
   217  						Default:   os.Getenv("PIPER_jenkinsToken"),
   218  					},
   219  					{
   220  						Name:        "vaultAppRoleSecretTokenCredentialsId",
   221  						ResourceRef: []config.ResourceReference{},
   222  						Scope:       []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
   223  						Type:        "string",
   224  						Mandatory:   true,
   225  						Aliases:     []config.Alias{},
   226  						Default:     os.Getenv("PIPER_vaultAppRoleSecretTokenCredentialsId"),
   227  					},
   228  					{
   229  						Name:        "vaultServerUrl",
   230  						ResourceRef: []config.ResourceReference{},
   231  						Scope:       []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
   232  						Type:        "string",
   233  						Mandatory:   true,
   234  						Aliases:     []config.Alias{},
   235  						Default:     os.Getenv("PIPER_vaultServerUrl"),
   236  					},
   237  					{
   238  						Name:        "vaultNamespace",
   239  						ResourceRef: []config.ResourceReference{},
   240  						Scope:       []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
   241  						Type:        "string",
   242  						Mandatory:   false,
   243  						Aliases:     []config.Alias{},
   244  						Default:     os.Getenv("PIPER_vaultNamespace"),
   245  					},
   246  					{
   247  						Name:        "daysBeforeExpiry",
   248  						ResourceRef: []config.ResourceReference{},
   249  						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
   250  						Type:        "int",
   251  						Mandatory:   false,
   252  						Aliases:     []config.Alias{},
   253  						Default:     15,
   254  					},
   255  					{
   256  						Name:        "adoOrganization",
   257  						ResourceRef: []config.ResourceReference{},
   258  						Scope:       []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
   259  						Type:        "string",
   260  						Mandatory:   false,
   261  						Aliases:     []config.Alias{},
   262  						Default:     os.Getenv("PIPER_adoOrganization"),
   263  					},
   264  					{
   265  						Name: "adoPersonalAccessToken",
   266  						ResourceRef: []config.ResourceReference{
   267  							{
   268  								Name:    "azureDevOpsVaultSecretName",
   269  								Type:    "vaultSecret",
   270  								Default: "azure-dev-ops",
   271  							},
   272  						},
   273  						Scope:     []string{"PARAMETERS", "STAGES", "STEPS"},
   274  						Type:      "string",
   275  						Mandatory: false,
   276  						Aliases:   []config.Alias{{Name: "token"}},
   277  						Default:   os.Getenv("PIPER_adoPersonalAccessToken"),
   278  					},
   279  					{
   280  						Name:        "adoProject",
   281  						ResourceRef: []config.ResourceReference{},
   282  						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
   283  						Type:        "string",
   284  						Mandatory:   false,
   285  						Aliases:     []config.Alias{},
   286  						Default:     os.Getenv("PIPER_adoProject"),
   287  					},
   288  					{
   289  						Name:        "adoPipelineId",
   290  						ResourceRef: []config.ResourceReference{},
   291  						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
   292  						Type:        "int",
   293  						Mandatory:   false,
   294  						Aliases:     []config.Alias{},
   295  						Default:     0,
   296  					},
   297  				},
   298  			},
   299  		},
   300  	}
   301  	return theMetaData
   302  }