From 23357c584d18f2480cae9cdf34543f6e6319a417 Mon Sep 17 00:00:00 2001
From: Pierre Smeyers <pierre.smeyers@gmail.com>
Date: Tue, 13 Dec 2022 09:12:09 +0100
Subject: [PATCH] feat(vault): configurable Vault Secrets Provider image

---
 README.md                          | 1 +
 kicker.json                        | 6 ++++++
 templates/gitlab-ci-helm-vault.yml | 4 +++-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 24512e3..15ed668 100644
--- a/README.md
+++ b/README.md
@@ -326,6 +326,7 @@ In order to be able to communicate with the Vault server, the variant requires t
 
 | Name              | description                            | default value     |
 | ----------------- | -------------------------------------- | ----------------- |
+| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master` |
 | `VAULT_BASE_URL`  | The Vault server base API url          | _none_ |
 | :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
 | :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** |
diff --git a/kicker.json b/kicker.json
index f6f40a2..a15e725 100644
--- a/kicker.json
+++ b/kicker.json
@@ -382,6 +382,12 @@
       "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server",
       "template_path": "templates/gitlab-ci-helm-vault.yml",
       "variables": [
+        {
+          "name": "TBC_VAULT_IMAGE",
+          "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
+          "default": "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master",
+          "advanced": true
+        },
         {
           "name": "VAULT_BASE_URL",
           "description": "The Vault server base API url"
diff --git a/templates/gitlab-ci-helm-vault.yml b/templates/gitlab-ci-helm-vault.yml
index 3652a88..04f7ec2 100644
--- a/templates/gitlab-ci-helm-vault.yml
+++ b/templates/gitlab-ci-helm-vault.yml
@@ -2,6 +2,8 @@
 # === Vault template variant
 # =====================================================================================================================
 variables:
+  # variabilized vault-secrets-provider image
+  TBC_VAULT_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master"
   # variables have to be explicitly declared in the YAML to be exported to the service
   VAULT_ROLE_ID: "$VAULT_ROLE_ID"
   VAULT_SECRET_ID: "$VAULT_SECRET_ID"
@@ -10,5 +12,5 @@ variables:
   services:
     - name: "$TBC_TRACKING_IMAGE"
       command: ["--service", "helm", "3.1.0" ]
-    - name: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master"
+    - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
-- 
GitLab