Select Git revision
test_mc_openapi.py
gitlab-ci-python-vault.yml 1.14 KiB
# =====================================================================================================================
# === Vault template variant
# =====================================================================================================================
spec:
inputs:
vault-base-url:
description: The Vault server base API url
default: ''
vault-oidc-aud:
description: The `aud` claim for the JWT
default: $CI_SERVER_URL
---
variables:
# variabilized vault-secrets-provider image
TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest
# variables have to be explicitly declared in the YAML to be exported to the service
VAULT_ROLE_ID: "$VAULT_ROLE_ID"
VAULT_SECRET_ID: "$VAULT_SECRET_ID"
VAULT_OIDC_AUD: $[[ inputs.vault-oidc-aud ]]
VAULT_BASE_URL: $[[ inputs.vault-base-url ]]
.python-base:
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "python", "7.8.2"]
- name: "$TBC_VAULT_IMAGE"
alias: "vault-secrets-provider"
variables:
VAULT_JWT_TOKEN: "$VAULT_JWT_TOKEN"
id_tokens:
VAULT_JWT_TOKEN:
aud: "$VAULT_OIDC_AUD"