Create additional wrapper to avoid regression

cachedout · Apr 14, 2021 · f65df2c · f65df2c
1 parent 0cefc1e
commit f65df2c
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/src/test/groovy/GetVaultSecretStepTests.groovy b/src/test/groovy/GetVaultSecretStepTests.groovy
@@ -102,12 +102,22 @@ class GetVaultSecretStepTests extends ApmBasePipelineTest {
   }
 
   @Test
-  void testReadSecretWrapper() throws Exception {
-    script.readSecretWrapper('dummy-role-id', 'dummy-secret-id') {
+  void testReadSecretWrapperWithParams() throws Exception {
+    script.readSecretWrapperWithParams('dummy-role-id', 'dummy-secret-id') {
       // TODO
     }
     printCallStack()
     assertTrue(assertMethodCallContainsPattern('withCredentials', '[{credentialsId=vault-addr, variable=VAULT_ADDR}, {credentialsId=dummy-role-id, variable=VAULT_ROLE_ID}, {credentialsId=dummy-secret-id, variable=VAULT_SECRET_ID}]'))
     assertJobStatusSuccess()
   }
+
+  @Test
+  void testReadSecretWrapper() throws Exception {
+    script.readSecretWrapper() {
+      // TODO
+    }
+    printCallStack()
+    assertTrue(assertMethodCallContainsPattern('withCredentials', '[{credentialsId=vault-addr, variable=VAULT_ADDR}, {credentialsId=vault-role-id, variable=VAULT_ROLE_ID}, {credentialsId=vault-secret-id, variable=VAULT_SECRET_ID}]'))
+    assertJobStatusSuccess()
+  }
 }
diff --git a/vars/getVaultSecret.groovy b/vars/getVaultSecret.groovy
@@ -47,7 +47,7 @@ def call(secret) {
 def readSecret(secret, role_id, secret_id) {
   def props = null
   log(level: 'INFO', text: 'getVaultSecret: Getting secrets')
-  readSecretWrapper(role_id, secret_id) {
+  readSecretWrapperWithParams(role_id, secret_id) {
     // When running in the CI with multiple parallel stages
     // the access could be considered as a DDOS attack. Let's sleep a bit if it fails.
     retryWithSleep(retries: 3, seconds: 5, backoff: true) {
@@ -60,7 +60,7 @@ def readSecret(secret, role_id, secret_id) {
   return props
 }
 
-def readSecretWrapper(role_id, secret_id, body) {
+def readSecretWrapperWithParams(role_id, secret_id, body) {
   withCredentials([
     string(credentialsId: 'vault-addr', variable: 'VAULT_ADDR'),
     string(credentialsId: role_id, variable: 'VAULT_ROLE_ID'),
@@ -74,6 +74,20 @@ def readSecretWrapper(role_id, secret_id, body) {
   }
 }
 
+def readSecretWrapper(body) {
+  withCredentials([
+    string(credentialsId: 'vault-addr', variable: 'VAULT_ADDR'),
+    string(credentialsId: 'vault-role-id', variable: 'VAULT_ROLE_ID'),
+    string(credentialsId: 'vault-secret-id', variable: 'VAULT_SECRET_ID')]) {
+      withEnv([
+        "VAULT_AUTH_METHOD=approle", //Used by Ansible Vault modules
+        "VAULT_AUTHTYPE=approle" //Used by Ansible Vault modules
+      ]){
+        body()
+      }
+  }
+}
+
 def getVaultToken(addr, roleId, secretId){
   def tokenJson = httpRequest(url: "${addr}/v1/auth/approle/login",
     method: "POST",