github.com/xgoffin/jenkins-library@v1.154.0/cmd/vaultRotateSecretId_generated.go (about) 1 // Code generated by piper's step-generator. DO NOT EDIT. 2 3 package cmd 4 5 import ( 6 "fmt" 7 "os" 8 "time" 9 10 "github.com/SAP/jenkins-library/pkg/config" 11 "github.com/SAP/jenkins-library/pkg/log" 12 "github.com/SAP/jenkins-library/pkg/splunk" 13 "github.com/SAP/jenkins-library/pkg/telemetry" 14 "github.com/SAP/jenkins-library/pkg/validation" 15 "github.com/spf13/cobra" 16 ) 17 18 type vaultRotateSecretIdOptions struct { 19 SecretStore string `json:"secretStore,omitempty" validate:"possible-values=jenkins ado"` 20 JenkinsURL string `json:"jenkinsUrl,omitempty"` 21 JenkinsCredentialDomain string `json:"jenkinsCredentialDomain,omitempty"` 22 JenkinsUsername string `json:"jenkinsUsername,omitempty"` 23 JenkinsToken string `json:"jenkinsToken,omitempty"` 24 VaultAppRoleSecretTokenCredentialsID string `json:"vaultAppRoleSecretTokenCredentialsId,omitempty"` 25 VaultServerURL string `json:"vaultServerUrl,omitempty"` 26 VaultNamespace string `json:"vaultNamespace,omitempty"` 27 DaysBeforeExpiry int `json:"daysBeforeExpiry,omitempty"` 28 AdoOrganization string `json:"adoOrganization,omitempty"` 29 AdoPersonalAccessToken string `json:"adoPersonalAccessToken,omitempty" validate:"required_if=SecretStore ado"` 30 AdoProject string `json:"adoProject,omitempty"` 31 AdoPipelineID int `json:"adoPipelineId,omitempty"` 32 } 33 34 // VaultRotateSecretIdCommand Rotate Vault AppRole Secret ID 35 func VaultRotateSecretIdCommand() *cobra.Command { 36 const STEP_NAME = "vaultRotateSecretId" 37 38 metadata := vaultRotateSecretIdMetadata() 39 var stepConfig vaultRotateSecretIdOptions 40 var startTime time.Time 41 var logCollector *log.CollectorHook 42 var splunkClient *splunk.Splunk 43 telemetryClient := &telemetry.Telemetry{} 44 45 var createVaultRotateSecretIdCmd = &cobra.Command{ 46 Use: STEP_NAME, 47 Short: "Rotate Vault AppRole Secret ID", 48 Long: `This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.`, 49 PreRunE: func(cmd *cobra.Command, _ []string) error { 50 startTime = time.Now() 51 log.SetStepName(STEP_NAME) 52 log.SetVerbose(GeneralConfig.Verbose) 53 54 GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) 55 56 path, _ := os.Getwd() 57 fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} 58 log.RegisterHook(fatalHook) 59 60 err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) 61 if err != nil { 62 log.SetErrorCategory(log.ErrorConfiguration) 63 return err 64 } 65 log.RegisterSecret(stepConfig.JenkinsURL) 66 log.RegisterSecret(stepConfig.JenkinsUsername) 67 log.RegisterSecret(stepConfig.JenkinsToken) 68 log.RegisterSecret(stepConfig.AdoPersonalAccessToken) 69 70 if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { 71 sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) 72 log.RegisterHook(&sentryHook) 73 } 74 75 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 76 splunkClient = &splunk.Splunk{} 77 logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} 78 log.RegisterHook(logCollector) 79 } 80 81 validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) 82 if err != nil { 83 return err 84 } 85 if err = validation.ValidateStruct(stepConfig); err != nil { 86 log.SetErrorCategory(log.ErrorConfiguration) 87 return err 88 } 89 90 return nil 91 }, 92 Run: func(_ *cobra.Command, _ []string) { 93 stepTelemetryData := telemetry.CustomData{} 94 stepTelemetryData.ErrorCode = "1" 95 handler := func() { 96 config.RemoveVaultSecretFiles() 97 stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) 98 stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() 99 stepTelemetryData.PiperCommitHash = GitCommit 100 telemetryClient.SetData(&stepTelemetryData) 101 telemetryClient.Send() 102 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 103 splunkClient.Send(telemetryClient.GetData(), logCollector) 104 } 105 } 106 log.DeferExitHandler(handler) 107 defer handler() 108 telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME) 109 if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { 110 splunkClient.Initialize(GeneralConfig.CorrelationID, 111 GeneralConfig.HookConfig.SplunkConfig.Dsn, 112 GeneralConfig.HookConfig.SplunkConfig.Token, 113 GeneralConfig.HookConfig.SplunkConfig.Index, 114 GeneralConfig.HookConfig.SplunkConfig.SendLogs) 115 } 116 vaultRotateSecretId(stepConfig, &stepTelemetryData) 117 stepTelemetryData.ErrorCode = "0" 118 log.Entry().Info("SUCCESS") 119 }, 120 } 121 122 addVaultRotateSecretIdFlags(createVaultRotateSecretIdCmd, &stepConfig) 123 return createVaultRotateSecretIdCmd 124 } 125 126 func addVaultRotateSecretIdFlags(cmd *cobra.Command, stepConfig *vaultRotateSecretIdOptions) { 127 cmd.Flags().StringVar(&stepConfig.SecretStore, "secretStore", `jenkins`, "The store to which the secret should be written back to") 128 cmd.Flags().StringVar(&stepConfig.JenkinsURL, "jenkinsUrl", os.Getenv("PIPER_jenkinsUrl"), "The jenkins url") 129 cmd.Flags().StringVar(&stepConfig.JenkinsCredentialDomain, "jenkinsCredentialDomain", `_`, "The jenkins credential domain which should be used") 130 cmd.Flags().StringVar(&stepConfig.JenkinsUsername, "jenkinsUsername", os.Getenv("PIPER_jenkinsUsername"), "The jenkins username") 131 cmd.Flags().StringVar(&stepConfig.JenkinsToken, "jenkinsToken", os.Getenv("PIPER_jenkinsToken"), "The jenkins token") 132 cmd.Flags().StringVar(&stepConfig.VaultAppRoleSecretTokenCredentialsID, "vaultAppRoleSecretTokenCredentialsId", os.Getenv("PIPER_vaultAppRoleSecretTokenCredentialsId"), "The Jenkins credential ID or Azure DevOps variable name for the Vault AppRole Secret ID credential") 133 cmd.Flags().StringVar(&stepConfig.VaultServerURL, "vaultServerUrl", os.Getenv("PIPER_vaultServerUrl"), "The URL for the Vault server to use") 134 cmd.Flags().StringVar(&stepConfig.VaultNamespace, "vaultNamespace", os.Getenv("PIPER_vaultNamespace"), "The Vault namespace that should be used (optional)") 135 cmd.Flags().IntVar(&stepConfig.DaysBeforeExpiry, "daysBeforeExpiry", 15, "The amount of days before expiry until the secret ID gets rotated") 136 cmd.Flags().StringVar(&stepConfig.AdoOrganization, "adoOrganization", os.Getenv("PIPER_adoOrganization"), "The Azure DevOps organization name") 137 cmd.Flags().StringVar(&stepConfig.AdoPersonalAccessToken, "adoPersonalAccessToken", os.Getenv("PIPER_adoPersonalAccessToken"), "The Azure DevOps personal access token") 138 cmd.Flags().StringVar(&stepConfig.AdoProject, "adoProject", os.Getenv("PIPER_adoProject"), "The Azure DevOps project ID. Project name also can be used") 139 cmd.Flags().IntVar(&stepConfig.AdoPipelineID, "adoPipelineId", 0, "The Azure DevOps pipeline ID. Also called as definition ID") 140 141 cmd.MarkFlagRequired("vaultAppRoleSecretTokenCredentialsId") 142 cmd.MarkFlagRequired("vaultServerUrl") 143 } 144 145 // retrieve step metadata 146 func vaultRotateSecretIdMetadata() config.StepData { 147 var theMetaData = config.StepData{ 148 Metadata: config.StepMetadata{ 149 Name: "vaultRotateSecretId", 150 Aliases: []config.Alias{}, 151 Description: "Rotate Vault AppRole Secret ID", 152 }, 153 Spec: config.StepSpec{ 154 Inputs: config.StepInputs{ 155 Parameters: []config.StepParameters{ 156 { 157 Name: "secretStore", 158 ResourceRef: []config.ResourceReference{}, 159 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 160 Type: "string", 161 Mandatory: false, 162 Aliases: []config.Alias{}, 163 Default: `jenkins`, 164 }, 165 { 166 Name: "jenkinsUrl", 167 ResourceRef: []config.ResourceReference{ 168 { 169 Name: "jenkinsVaultSecretName", 170 Type: "vaultSecret", 171 Default: "jenkins", 172 }, 173 }, 174 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 175 Type: "string", 176 Mandatory: false, 177 Aliases: []config.Alias{{Name: "url"}}, 178 Default: os.Getenv("PIPER_jenkinsUrl"), 179 }, 180 { 181 Name: "jenkinsCredentialDomain", 182 ResourceRef: []config.ResourceReference{}, 183 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 184 Type: "string", 185 Mandatory: false, 186 Aliases: []config.Alias{}, 187 Default: `_`, 188 }, 189 { 190 Name: "jenkinsUsername", 191 ResourceRef: []config.ResourceReference{ 192 { 193 Name: "jenkinsVaultSecretName", 194 Type: "vaultSecret", 195 Default: "jenkins", 196 }, 197 }, 198 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 199 Type: "string", 200 Mandatory: false, 201 Aliases: []config.Alias{{Name: "userId"}}, 202 Default: os.Getenv("PIPER_jenkinsUsername"), 203 }, 204 { 205 Name: "jenkinsToken", 206 ResourceRef: []config.ResourceReference{ 207 { 208 Name: "jenkinsVaultSecretName", 209 Type: "vaultSecret", 210 Default: "jenkins", 211 }, 212 }, 213 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 214 Type: "string", 215 Mandatory: false, 216 Aliases: []config.Alias{{Name: "token"}}, 217 Default: os.Getenv("PIPER_jenkinsToken"), 218 }, 219 { 220 Name: "vaultAppRoleSecretTokenCredentialsId", 221 ResourceRef: []config.ResourceReference{}, 222 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 223 Type: "string", 224 Mandatory: true, 225 Aliases: []config.Alias{}, 226 Default: os.Getenv("PIPER_vaultAppRoleSecretTokenCredentialsId"), 227 }, 228 { 229 Name: "vaultServerUrl", 230 ResourceRef: []config.ResourceReference{}, 231 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 232 Type: "string", 233 Mandatory: true, 234 Aliases: []config.Alias{}, 235 Default: os.Getenv("PIPER_vaultServerUrl"), 236 }, 237 { 238 Name: "vaultNamespace", 239 ResourceRef: []config.ResourceReference{}, 240 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 241 Type: "string", 242 Mandatory: false, 243 Aliases: []config.Alias{}, 244 Default: os.Getenv("PIPER_vaultNamespace"), 245 }, 246 { 247 Name: "daysBeforeExpiry", 248 ResourceRef: []config.ResourceReference{}, 249 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 250 Type: "int", 251 Mandatory: false, 252 Aliases: []config.Alias{}, 253 Default: 15, 254 }, 255 { 256 Name: "adoOrganization", 257 ResourceRef: []config.ResourceReference{}, 258 Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, 259 Type: "string", 260 Mandatory: false, 261 Aliases: []config.Alias{}, 262 Default: os.Getenv("PIPER_adoOrganization"), 263 }, 264 { 265 Name: "adoPersonalAccessToken", 266 ResourceRef: []config.ResourceReference{ 267 { 268 Name: "azureDevOpsVaultSecretName", 269 Type: "vaultSecret", 270 Default: "azure-dev-ops", 271 }, 272 }, 273 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 274 Type: "string", 275 Mandatory: false, 276 Aliases: []config.Alias{{Name: "token"}}, 277 Default: os.Getenv("PIPER_adoPersonalAccessToken"), 278 }, 279 { 280 Name: "adoProject", 281 ResourceRef: []config.ResourceReference{}, 282 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 283 Type: "string", 284 Mandatory: false, 285 Aliases: []config.Alias{}, 286 Default: os.Getenv("PIPER_adoProject"), 287 }, 288 { 289 Name: "adoPipelineId", 290 ResourceRef: []config.ResourceReference{}, 291 Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, 292 Type: "int", 293 Mandatory: false, 294 Aliases: []config.Alias{}, 295 Default: 0, 296 }, 297 }, 298 }, 299 }, 300 } 301 return theMetaData 302 }