adding secrets to ansible vault

Author: MarcinGinszt

ansible/inventory/group_vars/operator-pipeline.yml

@@ -33,3 +33,6 @@ operator_pipeline_exd_guild_isv_passphrase_path: ../../vaults/{{ env }}/exd-guil
 
 github_ssh_credentials_path: ../../vaults/common/github-bot-ssh
 e2e_kubeconfig_path: ../../vaults/common/kubeconfig-e2e
+
+pyxis_api_key_path: ../../vaults/{{ env }}/pyxis_api_key
+e2e_gh_account_path: ../../vaults/{{ env }}/e2e-gh-account-pat

ansible/roles/operator-pipeline/tasks/main.yml

@@ -409,5 +409,47 @@
               env: "{{ env }}"
           data:
             kubeconfig: "{{ lookup('file', e2e_kubeconfig_path, rstrip=False) | b64encode }}"
+
+  - name: Create Pyxis-API-Key secret (only stage, for sake of E2E CI pipeline)
+    no_log: yes
+    tags:
+      - secrets
+    k8s:
+      state: present
+      force: yes
+      namespace: "{{ oc_namespace }}"
+      definition:
+        apiVersion: v1
+        kind: Secret
+        type: opaque
+        metadata:
+          name: pyxis_api_key
+          labels:
+            app: operator-pipeline
+            suffix: "{{ suffix }}"
+            env: "{{ env }}"
+        data:
+          pyxis_api_key: "{{ lookup('file', pyxis_api_key_path, rstrip=False) | b64encode }}"
+
+  - name: Create Github-API-key secret (only stage, for sake of E2E CI pipeline)
+    no_log: yes
+    tags:
+      - secrets
+    k8s:
+      state: present
+      force: yes
+      namespace: "{{ oc_namespace }}"
+      definition:
+        apiVersion: v1
+        kind: Secret
+        type: opaque
+        metadata:
+          name: github_token_pr_open
+          labels:
+            app: operator-pipeline
+            suffix: "{{ suffix }}"
+            env: "{{ env }}"
+        data:
+          GITHUB_TOKEN: "{{ lookup('file', e2e_gh_account_path, rstrip=False) | b64encode }}"
   tags:
     - ci

ansible/vaults/common/e2e_test_partner_account_creds_connect

@@ -0,0 +1,13 @@
+$ANSIBLE_VAULT;1.1;AES256
+33666562623162373534366364316165363534393263393731396439663061353333323937393533
+6362376238336265316261306166613235373366343039370a336633646132633034336135376661
+32373439663066323363386564613134353433323566666234626166333863653438336435393631
+6638643464316636340a616539343363343035343035643636623534356466336364326436363534
+39626564363235366161646139363965343934666664653338333464306338613362633032313066
+30383266396132316262326231326131663036386466356165633634363066613936383334346436
+34343734396635393862383034323930393162393162363761633634383835313961613734363234
+35643333643462303237316433636533303034663862643865643265393037363631356439656430
+31663465323865376437626433376365306432643436613732653763653964663638613334613039
+30666632386230663930336165316439376339636237363532633632353961326262306132313139
+62356464383330323732613932353064643933656564393261383832613562646563303861353433
+31326261326162323630

ansible/vaults/common/e2e_test_partner_account_creds_github

@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+36383661643463633833666435383566373064353633613639346638373336303137643332333265
+6163383566326165353637316164383762316632613730310a663039326461656565393137313262
+31393932396566313535633463366339656461353731623233376162363038323732376262646363
+3331396335643336630a376565353836336236666230343463336637616332343166306533323538
+61376435323431626464333161316162316466646238616165356664646461396230363039326163
+32353939623064303237326630363464353131343234626365303032333033303837613135383764
+32393735336665366564313233623732323061393332396666343535323663643563333464633630
+63326530623536633833396538343239356439356363316533323632633239666530396435333966
+30613739323966393635643632373734336164313830386563326562626266353166383638323465
+31623964333133316130386262613462326462653039336130383230313062333534636232323666
+38343337643233663334623736373430643733636365353636383161613461663337623630366563
+30373139653434633139646131363061326264623435653566656163326264633963383239633964
+63313731393330386162363833373530656462343962666332393030316563663436

ansible/vaults/dev/e2e-gh-account-pat

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+35366463633363376630313036373532663233353433306234303264613438343761396532366561
+3362306534613263383061343566656536316236633635650a616234343137316432663562636332
+35633663666463633038353661376633343233346166313639303561333961306339303063363737
+3339383537313039340a363631323739356136666535316436666562373638343734376235636161
+3162

ansible/vaults/dev/pyxis_api_key

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+33306336643861633364613331653765366466333664396264376133616562346365333938353439
+3431333234303063376630393938363139356138343832330a346264653362326362323236653962
+36396132303934363331663934343539653233333731333261616464623235386438306531326434
+6230623033353637310a666465386262323537383861386365663061333839333661353936623661
+3032

ansible/vaults/prod/e2e-gh-account-pat

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+62383463636465616139633061356235663632653763656239656430303061313061366661333065
+3636333532663836316230396539653037353239353866620a386338306330326466656662363837
+39636166396361663165643739313533376538346134373162346661396463393361626564356531
+3639333061363538390a666134653730326265356562383134616263613634353230373031343937
+3530

ansible/vaults/prod/pyxis_api_key

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+34333630396538623431636132336337316163363963353835336339646237613766633864336633
+3332663430656262623538333535393335346130656530320a643464333030373935613938343733
+37303765396564353966343435633539386630656537323539353132393964383838616362373231
+3331336432306239300a306334336534643837656338323061616364643433346561303532373035
+6537

ansible/vaults/qa/e2e-gh-account-pat

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+61313465633865333866386464323030663430306338306331303531313535356139643935333730
+6634393132616563653030393936303961336537626161630a336530626530313339663036373233
+39326436613863643536616334653431646362616161353033653639323035363731393261326662
+6534386663633731610a336362326263356337346439663662633138383761396339313665356333
+6334

ansible/vaults/qa/pyxis_api_key

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+61613138646664336363346136346232653030303264373436393662633063323964656136643131
+3233623630396435633730393963396530363935333330610a643330323235336536623362373531
+35393032356530386537333937393964633766363931346266656631386532323937353538333130
+3337316636353336640a396338313430613338323335613866633235383436393564663232303537
+6634