import com.bettercloud.vault.VaultConfig; import com.bettercloud.vault.Vault; initscript { repositories { mavenCentral() } dependencies { classpath 'com.bettercloud:vault-java-driver:4.1.0' } } boolean USE_ARTIFACTORY = false if (System.getenv('VAULT_ADDR') == null) { throw new GradleException("You must set the VAULT_ADDR environment variable to use this init script.") } if (System.getenv('VAULT_ROLE_ID') == null && System.getenv('VAULT_SECRET_ID') == null && System.getenv('VAULT_TOKEN') == null) { throw new GradleException("You must set either the VAULT_ROLE_ID and VAULT_SECRET_ID environment variables, " + "or the VAULT_TOKEN environment variable to use this init script.") } final String vaultToken = System.getenv('VAULT_TOKEN') ?: new Vault( new VaultConfig() .address(System.env.VAULT_ADDR) .engineVersion(1) .build() ) .withRetries(5, 1000) .auth() .loginByAppRole("approle", System.env.VAULT_ROLE_ID, System.env.VAULT_SECRET_ID) .getAuthClientToken(); final Vault vault = new Vault( new VaultConfig() .address(System.env.VAULT_ADDR) .engineVersion(1) .token(vaultToken) .build() ) .withRetries(5, 1000) if (USE_ARTIFACTORY) { final Map artifactoryCredentials = vault.logical() .read("secret/elasticsearch-ci/artifactory.elstc.co") .getData(); logger.info("Using elastic artifactory repos") Closure configCache = { return { name "artifactory-gradle-release" url "https://artifactory.elstc.co/artifactory/gradle-release" credentials { username artifactoryCredentials.get("username") password artifactoryCredentials.get("token") } } } settingsEvaluated { settings -> settings.pluginManagement { repositories { maven configCache() } } } projectsLoaded { allprojects { buildscript { repositories { maven configCache() } } repositories { maven configCache() } } } } final String buildCacheUrl = System.getProperty('org.elasticsearch.build.cache.url') final boolean buildCachePush = Boolean.valueOf(System.getProperty('org.elasticsearch.build.cache.push', 'false')) if (buildCacheUrl) { final Map buildCacheCredentials = vault.logical() .read("secret/elasticsearch-ci/gradle-build-cache") .getData(); gradle.settingsEvaluated { settings -> settings.buildCache { local { // Disable the local build cache in CI since we use ephemeral workers and it incurs an IO penalty enabled = false } remote(HttpBuildCache) { url = buildCacheUrl push = buildCachePush credentials { username = buildCacheCredentials.get("username") password = buildCacheCredentials.get("password") } } } } }