Merge branch 'configurable-tbc-namespace' into 'master'

# included templates

include:

  # Go template

  - project: "to-be-continuous/golang"

    ref: "4.7.0"

  # $TBC_NAMESPACE is a group variable; can be globally overridden

  - project: "$TBC_NAMESPACE/golang"

    ref: "4.7"

    file: "templates/gitlab-ci-golang.yml"

  # Docker template

  - project: "to-be-continuous/docker"

  - project: "$TBC_NAMESPACE/docker"

    ref: "5.7"

    file: "templates/gitlab-ci-docker.yml"

    VAULT_TOKEN: "$TEST_VAULT_TOKEN"

    VAULT_SECRET_ID: "$TEST_VAULT_SECRET_ID"

    VAULT_AUTH_METHOD: "auto"

  stage: acceptance

  stage: package-test

  script:

    - curl -s -S -f "http://vault-secrets-provider/health"

    - |

        echo "no secret to test - skip"

      fi

    # TODO: test a client error

  only:

    refs:

      - branches

    variables:

      - "$TEST_VAULT_BASE_URL"

  rules:

    - if: '$TEST_VAULT_BASE_URL == null || $TEST_VAULT_BASE_URL == ""'

      when: never

    - !reference [.test-policy, rules]

# this job tests the Docker image on a local Vault server using the Vault server image

# See: https://hub.docker.com/_/vault

  services:

    - name: "$DOCKER_SNAPSHOT_IMAGE"

      alias: "vault-secrets-provider"

    - name: "vault"

    - name: "hashicorp/vault"

      alias: "vault-server"

  variables:

    # variables have to be explicitly declared in the YAML to be exported to the service

    VAULT_TOKEN: "dev-root-token"

    # This allows the main container to connect to the services containers

    FF_NETWORK_PER_BUILD: "1"

  stage: acceptance

  stage: package-test

  script:

    # wait for a while that all services are UP and running

    - sleep 5

    #     cat resp.txt

    #     exit 1

    #   fi

  only:

    refs:

      - branches

  rules:

    - !reference [.test-policy, rules]

##### Parameters

| Name                             | description                            |

| Name                             | Description                            |

| -------------------------------- | -------------------------------------- |

| `secret_path` (_path parameter_) | this is your secret location in the Vault server |

| `field` (_query parameter_)      | parameter to access a single basic field from the secret JSON payload |

##### Parameters

| Name                             | description                            |

| Name                             | Description                            |

| -------------------------------- | -------------------------------------- |

| `secret_path` (_path parameter_) | this is your secret location in the Vault server |

##### Parameters

| Name                             | description                            |

| Name                             | Description                            |

| -------------------------------- | -------------------------------------- |

| `secret_path` (_path parameter_) | this is your secret location in the Vault server |

The tool requires the following environment variables to be set (as GitLab CI secret variables):

| Name              | description                            | default value     |

| Name              | Description                            | Default value     |

| ----------------- | -------------------------------------- | ----------------- |

| `VAULT_BASE_URL`  | The Vault server base API url, including the API version prefix (ex: `https://vault.secrets.acme.host/v1`) | _none_ |

| `VAULT_NAMESPACE` | The Vault [Namespace](https://www.vaultproject.io/api-docs#namespaces) to retrieve secrets into | _none_ |

  services:

    # add Vault Secrets Provider as a service

    # requires that VAULT_ROLE_ID and VAULT_SECRET_ID are declared as secret variables

    - name: $CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master

    - name: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master

      alias: vault-secrets-provider

  before_script:

    # retrieve some token from Vault server