From 96e2c5df04f633b86ac9463782c37a7dd4e3a549 Mon Sep 17 00:00:00 2001
From: Pierre Smeyers <pierre.smeyers@gmail.com>
Date: Tue, 13 Dec 2022 07:45:18 +0100
Subject: [PATCH] feat(vault): configurable Vault Secrets Provider images

---
 README.md                            | 1 +
 kicker.json                          | 6 ++++++
 templates/gitlab-ci-docker-vault.yml | 4 +++-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1c18702..ca215d9 100644
--- a/README.md
+++ b/README.md
@@ -518,6 +518,7 @@ In order to be able to communicate with the Vault server, the variant requires t
 
 | Name              | Description                            | Default value     |
 | ----------------- | -------------------------------------- | ----------------- |
+| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master` |
 | `VAULT_BASE_URL`  | The Vault server base API url          | _none_ |
 | :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
 | :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** |
diff --git a/kicker.json b/kicker.json
index c9a7106..e6a8eda 100644
--- a/kicker.json
+++ b/kicker.json
@@ -206,6 +206,12 @@
       "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
       "template_path": "templates/gitlab-ci-docker-vault.yml",
       "variables": [
+        {
+          "name": "TBC_VAULT_IMAGE",
+          "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
+          "default": "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master",
+          "advanced": true
+        },
         {
           "name": "VAULT_BASE_URL",
           "description": "The Vault server base API url",
diff --git a/templates/gitlab-ci-docker-vault.yml b/templates/gitlab-ci-docker-vault.yml
index 7d4f94d..753ad78 100644
--- a/templates/gitlab-ci-docker-vault.yml
+++ b/templates/gitlab-ci-docker-vault.yml
@@ -2,6 +2,8 @@
 # === Vault template variant
 # =====================================================================================================================
 variables:
+  # variabilized vault-secrets-provider image
+  TBC_VAULT_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master"
   # variables have to be explicitly declared in the YAML to be exported to the service
   VAULT_ROLE_ID: "$VAULT_ROLE_ID"
   VAULT_SECRET_ID: "$VAULT_SECRET_ID"
@@ -10,5 +12,5 @@ variables:
   services:
     - name: "$TBC_TRACKING_IMAGE"
       command: ["--service", "docker", "3.4.0"]
-    - name: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master"
+    - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
-- 
GitLab