forked from docs/doc-exports
Artem Goncharov
d4de57a7f4
Enable zuul jobs Reviewed-by: OpenTelekomCloud Bot <None> Reviewed-by: Vladimir Hasko <vladimirhasko@gmail.com>
45 lines
1.3 KiB
YAML
45 lines
1.3 KiB
YAML
---
|
|
- hosts: localhost
|
|
vars:
|
|
vault_addr: "{{ zuul_vault_addr }}"
|
|
vault_secret_dest: "{{ zuul.executor.work_root }}/.approle-secret"
|
|
vault_token_dest: "{{ zuul.executor.work_root }}/.approle-token"
|
|
|
|
roles:
|
|
# Get the Vault token from prepared secret-id
|
|
- role: create-vault-approle-token
|
|
vault_role_id: "{{ zuul_vault.vault_role_id }}"
|
|
vault_wrapping_token_id: "{{ lookup('file', vault_secret_dest) }}"
|
|
|
|
- hosts: all
|
|
vars:
|
|
vault_token_dest: "{{ zuul.executor.work_root }}/.approle-token"
|
|
vault_addr: "{{ zuul_vault_addr }}"
|
|
tasks:
|
|
|
|
- name: Fetch organization tokens
|
|
no_log: true
|
|
check_mode: false
|
|
ansible.builtin.uri:
|
|
url: "{{ vault.vault_addr }}/v1/{{ vault.vault_token_path }}"
|
|
headers:
|
|
"X-Vault-Token": "{{ lookup('file', vault_token_dest) }}"
|
|
method: "POST"
|
|
body:
|
|
org_name: "opentelekomcloud-docs"
|
|
body_format: "json"
|
|
register: "org_token"
|
|
|
|
- name: Revoke GitHub token lease
|
|
check_mode: false
|
|
no_log: true
|
|
uri:
|
|
url: "{{ vault.vault_addr }}/v1/sys/leases/revoke"
|
|
headers:
|
|
"X-Vault-Token": "{{ vault.vault_token }}"
|
|
method: "PUT"
|
|
body:
|
|
lease_id: "{{ org_token.json.lease_id }}"
|
|
body_format: "json"
|
|
status_code: 204
|