Fix build status and adjust Vault (#1074)

* Add logging

* Modify logging

* Modify logging

* Modify logging

* Use standard HTTP request step

* Migrate to httpRequest

* Pass through role and secret

* Simplify

* Fix bad args

* Typo

* Align test

* Create additional wrapper to avoid regression

* use generic map instead of specific args

* Revert "use generic map instead of specific args"

This reverts commit 573a41d.

* Remove specific args per review comment

* Fix bugs and call

src/test/groovy/GetVaultSecretStepTests.groovy

@@ -101,9 +101,19 @@ class GetVaultSecretStepTests extends ApmBasePipelineTest {
     assertTrue(assertMethodCallContainsPattern('error', 'getVaultSecret: Unable to get the secret.'))
   }
 
+  @Test
+  void testReadSecretWrapperWithParams() throws Exception {
+    script.readSecretWrapperWithParams(['role_id': 'dummy-role-id', 'secret_id': 'dummy-secret-id']) {
+     'dummy arg'
+    }
+    printCallStack()
+    assertTrue(assertMethodCallContainsPattern('withCredentials', '[{credentialsId=vault-addr, variable=VAULT_ADDR}, {credentialsId=dummy-role-id, variable=VAULT_ROLE_ID}, {credentialsId=dummy-secret-id, variable=VAULT_SECRET_ID}]'))
+    assertJobStatusSuccess()
+  }
+
   @Test
   void testReadSecretWrapper() throws Exception {
-    script.readSecretWrapper {
+    script.readSecretWrapper() {
       // TODO
     }
     printCallStack()

vars/getVaultSecret.groovy

@@ -24,7 +24,9 @@ import net.sf.json.JSONObject
 */
 def call(Map args = [:]){
   def secret = args.containsKey('secret') ? args.secret : error("getVaultSecret: No valid secret to looking for.")
-  return readSecret(secret)
+  def role_id = args.containsKey('role_id') ? args.role_id : 'vault-role-id'
+  def secret_id = args.containsKey('secret_id') ? args.secret_id : 'vault-secret-id'
+  return readSecret(secret, role_id, secret_id)
 }
 
 /**
@@ -39,13 +41,13 @@ def call(secret) {
     error("getVaultSecret: No valid secret to looking for.")
   }
   secret = 'secret/apm-team/ci/' + secret
-  return readSecret(secret)
+  return readSecret(secret, 'vault-role-id', 'vault-secret-id')
 }
 
-def readSecret(secret) {
+def readSecret(secret, role_id, secret_id) {
   def props = null
   log(level: 'INFO', text: 'getVaultSecret: Getting secrets')
-  readSecretWrapper() {
+  readSecretWrapperWithParams(['role_id': role_id, 'secret_id': secret_id]) {
     // When running in the CI with multiple parallel stages
     // the access could be considered as a DDOS attack. Let's sleep a bit if it fails.
     retryWithSleep(retries: 3, seconds: 5, backoff: true) {
@@ -58,6 +60,22 @@ def readSecret(secret) {
   return props
 }
 
+def readSecretWrapperWithParams(args, body) {
+  def role_id = args?.role_id
+  def secret_id = args?.secret_id
+  withCredentials([
+    string(credentialsId: 'vault-addr', variable: 'VAULT_ADDR'),
+    string(credentialsId: role_id, variable: 'VAULT_ROLE_ID'),
+    string(credentialsId: secret_id, variable: 'VAULT_SECRET_ID')]) {
+      withEnv([
+        "VAULT_AUTH_METHOD=approle", //Used by Ansible Vault modules
+        "VAULT_AUTHTYPE=approle" //Used by Ansible Vault modules
+      ]){
+        body()
+      }
+  }
+}
+
 def readSecretWrapper(body) {
   withCredentials([
     string(credentialsId: 'vault-addr', variable: 'VAULT_ADDR'),

vars/withSecretVault.groovy

@@ -30,11 +30,14 @@ def call(Map args = [:], Closure body) {
   def pass_variable = args?.pass_var_name
   def pass_key = args.containsKey('pass_key') ? args.pass_key : 'password'
 
+  def role_id = args.containsKey('role_id') ? args.role_id : 'vault-role-id'
+  def secret_id = args.containsKey('secret_id') ? args.secret_id : 'vault-secret-id'
+
   if (!secret || !user_variable || !pass_variable) {
     error "withSecretVault: Missing variables"
   }
 
-  def props = getVaultSecret(secret: secret)
+  def props = getVaultSecret(secret: secret, role_id: role_id, secret_id: secret_id)
   if(props?.errors){
     error "withSecretVault: Unable to get credentials from the vault: " + props.errors.toString()
   }