Avroid/jenkins-pipelines
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4ed0e6f48ab20481896ac65a8380cc723ec8b61f
jenkins-pipelines/pipelines/Automation/DevOps/vault-policies-and-roles-update.groovy
Rustam Tagaev 2eac82a73c [DO-502] add_vault_restore_policy (!42) 
Co-authored-by: Rustam Tagaev <rustam.tagaev@avroid.tech>
Reviewed-on: https://git.avroid.tech/DevOps/jenkins-pipelines/pulls/42
Reviewed-by: Denis Patrakeev <denis.patrakeev@avroid.team>
Reviewed-by: Aleksandr Vodyanov <aleksandr.vodyanov@avroid.team>
2024-11-07 13:04:14 +03:00

78 lines
2.9 KiB
Groovy
Raw Blame History

@Library('shared-lib') _
import tech.avroid.scm.Git
import tech.avroid.jenkins.Notifications
properties([
buildDiscarder(logRotator(artifactNumToKeepStr: '10',
numToKeepStr: '10')),
disableConcurrentBuilds()
])
String recipient = "devops@avroid.team"
String ansibleRepo = 'DevOps/ansible'
List vaultType = ['policies', 'roles']
List vaultHosts = [
[env: 'avroid_prod', host: 'vault.avroid.tech'],
]
podTemplate(workspaceVolume: hostPathWorkspaceVolume(hostPath: '/data'),
yaml: getPodTemplate('pythonBuild')){
node(POD_LABEL) {
container(name: 'python-build') {
try {
stage('Get repository') {
Git git = new Git(this, "$env.JENKINS_GIT_CREDENTIALS_SSH")
git.clone([urlRepo: "${env.JENKINS_GIT_REPOSITORY_SSH_URL}/${ansibleRepo}.git",
branch: 'master'])
}
stage('Update roles policies') {
withCredentials([[$class: 'VaultTokenCredentialBinding',
credentialsId: 'vault-role',
vaultAddr: "${env.JENKINS_VAULT_URL}"]]) {
withEnv(["PATH=$PATH:/home/jenkins/.local/bin"]) {
ansiColor('xterm') {
sh 'pip install --user --pre -r requirements.txt'
sh "sed -ie 's/vault_password_file.*//' ansible.cfg"
vaultType.each { type ->
vaultHosts.each { host ->
ansiblePlaybook(
installation: 'ansible',
colorized: true,
playbook: "playbooks/cicd/vault-${type}-update.yaml",
extraVars: [
vault_host: host.host,
ansible_env: host.env
],
)
}
}
}
}
}
}
} catch (err) {
errorMessage = err.getMessage()
println 'ERROR: ' + errorMessage
currentBuild.result = 'FAILURE'
String emailSubject = "${currentBuild.currentResult}. Pipeline task: ${currentBuild.fullDisplayName}"
Notifications.email(
script: this,
subject: emailSubject,
errorString: errorMessage,
recipientProviders: [],
to: recipient
)
} finally {
cleanWs()
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink