IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-25 02:10:45 -06:00
Code Issues Packages Projects Releases Wiki Activity
f763f2085b
grafana/scripts/drone/vault.star
Dimitris Sotirakis 65104a7efa
ImagePullSecrets: Add GAR secret to image_pull_secret in .drone.yml (#80912) 
* Add GAR secret to image_pull_secret

* Fix starlark fmt
2024-01-19 19:29:49 +02:00

172 lines
5.8 KiB
Plaintext
Raw Blame History

"""
This module returns functions for generating Drone secrets fetched from Vault.
"""
gcr_pull_secret = "gcr"
gar_pull_secret = "gar"
drone_token = "drone_token"
prerelease_bucket = "prerelease_bucket"
gcp_upload_artifacts_key = "gcp_upload_artifacts_key"
gcp_grafanauploads = "gcp_grafanauploads"
gcp_grafanauploads_base64 = "gcp_grafanauploads_base64"
gcp_download_build_container_assets_key = "gcp_download_build_container_assets_key"
azure_sp_app_id = "azure_sp_app_id"
azure_sp_app_pw = "azure_sp_app_pw"
azure_tenant = "azure_tenant"
rgm_gcp_key_base64 = "gcp_key_base64"
rgm_destination = "destination"
rgm_storybook_destination = "rgm_storybook_destination"
rgm_cdn_destination = "rgm_cdn_destination"
rgm_downloads_destination = "rgm_downloads_destination"
rgm_github_token = "github_token"
rgm_dagger_token = "dagger_token"
docker_username = "docker_username"
docker_password = "docker_password"
npm_token = "npm_token"
def from_secret(secret):
return {"from_secret": secret}
def vault_secret(name, path, key):
return {
"kind": "secret",
"name": name,
"get": {
"path": path,
"name": key,
},
}
def secrets():
return [
vault_secret(gcp_grafanauploads, "infra/data/ci/grafana-release-eng/grafanauploads", "credentials.json"),
vault_secret(gcp_grafanauploads_base64, "infra/data/ci/grafana-release-eng/grafanauploads", "credentials_base64"),
vault_secret("grafana_api_key", "infra/data/ci/grafana-release-eng/grafanacom", "api_key"),
vault_secret(gcr_pull_secret, "secret/data/common/gcr", ".dockerconfigjson"),
vault_secret(gar_pull_secret, "secret/data/common/gar", ".dockerconfigjson"),
vault_secret("github_token", "infra/data/ci/github/grafanabot", "pat"),
vault_secret(drone_token, "infra/data/ci/drone", "machine-user-token"),
vault_secret(prerelease_bucket, "infra/data/ci/grafana/prerelease", "bucket"),
vault_secret(docker_username, "infra/data/ci/grafanaci-docker-hub", "username"),
vault_secret(docker_password, "infra/data/ci/grafanaci-docker-hub", "password"),
vault_secret(
gcp_upload_artifacts_key,
"infra/data/ci/grafana/releng/artifacts-uploader-service-account",
"credentials.json",
),
vault_secret(
gcp_download_build_container_assets_key,
"infra/data/ci/grafana/assets-downloader-build-container-service-account",
"credentials.json",
),
vault_secret(
azure_sp_app_id,
"infra/data/ci/datasources/cpp-azure-resourcemanager-credentials",
"application_id",
),
vault_secret(
azure_sp_app_pw,
"infra/data/ci/datasources/cpp-azure-resourcemanager-credentials",
"application_secret",
),
vault_secret(
azure_tenant,
"infra/data/ci/datasources/cpp-azure-resourcemanager-credentials",
"tenant_id",
),
vault_secret(
npm_token,
"infra/data/ci/grafana-release-eng/npm",
"token",
),
# Package publishing
vault_secret(
"packages_gpg_public_key",
"infra/data/ci/packages-publish/gpg",
"public-key-b64",
),
vault_secret(
"packages_gpg_private_key",
"infra/data/ci/packages-publish/gpg",
"private-key-b64",
),
vault_secret(
"packages_gpg_passphrase",
"infra/data/ci/packages-publish/gpg",
"passphrase",
),
vault_secret(
"packages_service_account",
"infra/data/ci/packages-publish/service-account",
"credentials.json",
),
vault_secret(
"packages_access_key_id",
"infra/data/ci/packages-publish/bucket-credentials",
"AccessID",
),
vault_secret(
"packages_secret_access_key",
"infra/data/ci/packages-publish/bucket-credentials",
"Secret",
),
vault_secret(
"static_asset_editions",
"infra/data/ci/grafana-release-eng/artifact-publishing",
"static_asset_editions",
),
vault_secret(
rgm_gcp_key_base64,
"infra/data/ci/grafana-release-eng/rgm",
"gcp_service_account_prod_base64",
),
vault_secret(
rgm_destination,
"infra/data/ci/grafana-release-eng/rgm",
"destination_prod",
),
vault_secret(
rgm_storybook_destination,
"infra/data/ci/grafana-release-eng/rgm",
"storybook_destination",
),
vault_secret(
rgm_cdn_destination,
"infra/data/ci/grafana-release-eng/rgm",
"cdn_destination",
),
vault_secret(
rgm_downloads_destination,
"infra/data/ci/grafana-release-eng/rgm",
"downloads_destination",
),
vault_secret(
rgm_dagger_token,
"infra/data/ci/grafana-release-eng/rgm",
"dagger_token",
),
# grafana-delivery-bot secrets
vault_secret(
"delivery-bot-app-id",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-id",
),
vault_secret(
"delivery-bot-app-installation-id",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-installation-id",
),
vault_secret(
"delivery-bot-app-private-key",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-private-key",
),
vault_secret(
"gcr_credentials",
"secret/data/common/gcr",
"service-account",
),
]
Reference in New Issue View Git Blame Copy Permalink