From f3570aa27b27378cfcc77890c13dbf4d760d28fb Mon Sep 17 00:00:00 2001
From: Alpar Torok <torokalpar@gmail.com>
Date: Mon, 5 Aug 2019 13:46:02 +0300
Subject: [PATCH] CI specific init script updates (#45016)

- Add a vault integration so that we don't need Jenkins to do that for
us
   - This will make it easier to enable for windows too
- Move everything to a single file so we can read other secrets in the
same way
---
 .ci/build-cache.gradle |  18 -------
 .ci/init.gradle        | 120 ++++++++++++++++++++++++++++-------------
 2 files changed, 82 insertions(+), 56 deletions(-)
 delete mode 100644 .ci/build-cache.gradle

diff --git a/.ci/build-cache.gradle b/.ci/build-cache.gradle
deleted file mode 100644
index b180314b40f..00000000000
--- a/.ci/build-cache.gradle
+++ /dev/null
@@ -1,18 +0,0 @@
-if (System.getenv('GRADLE_BUILD_CACHE_URL')) {
-    gradle.settingsEvaluated { settings ->
-        settings.buildCache {
-            remote(HttpBuildCache) {
-                url = System.getenv('GRADLE_BUILD_CACHE_URL')
-                push = Boolean.valueOf(System.getenv('GRADLE_BUILD_CACHE_PUSH') ?: 'false')
-                if (System.getenv('GRADLE_BUILD_CACHE_USERNAME') && System.getenv('GRADLE_BUILD_CACHE_PASSWORD')) {
-                    credentials {
-                        username = System.getenv('GRADLE_BUILD_CACHE_USERNAME')
-                        password = System.getenv('GRADLE_BUILD_CACHE_PASSWORD')
-                    }
-                }
-            }
-        }
-    }
-} else {
-    throw new GradleException("You must supply a value for GRADLE_BUILD_CACHE_URL environment variable when applying build-cache.gradle init script")
-}
\ No newline at end of file
diff --git a/.ci/init.gradle b/.ci/init.gradle
index ec16b49bfab..9af339fc2f9 100644
--- a/.ci/init.gradle
+++ b/.ci/init.gradle
@@ -1,46 +1,90 @@
-if (System.env.ELASTIC_ARTIFACTORY_USERNAME == null || System.env.ELASTIC_ARTIFACTORY_TOKEN == null) {
-    throw new GradleException("Using init script without configuration")
-} else {
-    logger.info("Using elastic artifactory repos")
-    settingsEvaluated { settings ->
-        settings.pluginManagement {
-            repositories {
-                maven {
-                    name "artifactory-gradle-plugins"
-                    url "https://artifactory.elstc.co/artifactory/gradle-plugins"
-                    credentials {
-                        username System.env.ELASTIC_ARTIFACTORY_USERNAME
-                        password System.env.ELASTIC_ARTIFACTORY_TOKEN
-                    }
-                }
-                gradlePluginPortal()
-            }
+import com.bettercloud.vault.VaultConfig;
+import com.bettercloud.vault.Vault;
+
+initscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath 'com.bettercloud:vault-java-driver:4.1.0'
+    }
+}
+
+['VAULT_ADDR', 'VAULT_ROLE_ID', 'VAULT_SECRET_ID'].each {
+    if (System.env."$it" == null) {
+        throw new GradleException("$it must be set!")
+
+    }
+}
+
+final String vaultToken =  new Vault(
+        new VaultConfig()
+            .address(System.env.VAULT_ADDR)
+            .engineVersion(1)
+            .build()
+    )
+    .auth()
+    .loginByAppRole("approle", System.env.VAULT_ROLE_ID, System.env.VAULT_SECRET_ID)
+    .getAuthClientToken();
+
+final Vault vault = new Vault(
+     new VaultConfig()
+        .address(System.env.VAULT_ADDR)
+        .engineVersion(1)
+        .token(vaultToken)
+        .build()
+)
+
+final Map<String,String> artifactoryCredentials = vault.logical()
+        .read("secret/elasticsearch-ci/artifactory.elstc.co")
+        .getData();
+
+logger.info("Using elastic artifactory repos")
+Closure configCache = {
+    return {
+        name "artifactory-gradle-release"
+        url "https://artifactory.elstc.co/artifactory/gradle-release"
+        credentials {
+            username artifactoryCredentials.get("username")
+            password artifactoryCredentials.get("token")
         }
     }
-    projectsLoaded {
-        allprojects {
-            buildscript {
-                repositories {
-                    maven {
-                        name "artifactory-gradle-release"
-                        url "https://artifactory.elstc.co/artifactory/gradle-release/"
-                        credentials {
-                            username System.env.ELASTIC_ARTIFACTORY_USERNAME
-                            password System.env.ELASTIC_ARTIFACTORY_TOKEN
-                        }
-                    }
-                }
-            }
+}
+settingsEvaluated { settings ->
+    settings.pluginManagement {
+        repositories {
+            maven configCache()
+        }
+    }
+}
+projectsLoaded {
+    allprojects {
+        buildscript {
             repositories {
-                maven {
-                    name "artifactory-gradle-release"
-                    url "https://artifactory.elstc.co/artifactory/gradle-release/"
-                    credentials {
-                        username System.env.ELASTIC_ARTIFACTORY_USERNAME
-                        password System.env.ELASTIC_ARTIFACTORY_TOKEN
-                    }
+                maven configCache()
+            }
+        }
+        repositories {
+            maven configCache()
+        }
+    }
+}
+
+if (System.env.GRADLE_BUILD_CACHE_URL != null) {
+    final Map<String,String> buildCacheCredentials = vault.logical()
+            .read("secret/elasticsearch-ci/gradle-build-cache")
+            .getData();
+    gradle.settingsEvaluated { settings ->
+        settings.buildCache {
+            remote(HttpBuildCache) {
+                url = System.getenv('GRADLE_BUILD_CACHE_URL')
+                push = Boolean.valueOf(System.getenv('GRADLE_BUILD_CACHE_PUSH') ?: 'false')
+                credentials {
+                        username = buildCacheCredentials.get("username")
+                        password = buildCacheCredentials.get("password")
                 }
             }
         }
     }
 }
+