# services/jenkins/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: jenkins-vault
  namespace: jenkins
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "jenkins"
    objects: |
      - objectName: "jenkins-oidc__clientId"
        secretPath: "kv/data/atlas/jenkins/jenkins-oidc"
        secretKey: "clientId"
      - objectName: "jenkins-oidc__clientSecret"
        secretPath: "kv/data/atlas/jenkins/jenkins-oidc"
        secretKey: "clientSecret"
      - objectName: "jenkins-oidc__authorizationUrl"
        secretPath: "kv/data/atlas/jenkins/jenkins-oidc"
        secretKey: "authorizationUrl"
      - objectName: "jenkins-oidc__tokenUrl"
        secretPath: "kv/data/atlas/jenkins/jenkins-oidc"
        secretKey: "tokenUrl"
      - objectName: "jenkins-oidc__userInfoUrl"
        secretPath: "kv/data/atlas/jenkins/jenkins-oidc"
        secretKey: "userInfoUrl"
      - objectName: "jenkins-oidc__logoutUrl"
        secretPath: "kv/data/atlas/jenkins/jenkins-oidc"
        secretKey: "logoutUrl"
      - objectName: "harbor-robot-creds__username"
        secretPath: "kv/data/atlas/jenkins/harbor-robot-creds"
        secretKey: "username"
      - objectName: "harbor-robot-creds__password"
        secretPath: "kv/data/atlas/jenkins/harbor-robot-creds"
        secretKey: "password"
      - objectName: "gitea-pat__username"
        secretPath: "kv/data/atlas/jenkins/gitea-pat"
        secretKey: "username"
      - objectName: "gitea-pat__token"
        secretPath: "kv/data/atlas/jenkins/gitea-pat"
        secretKey: "token"
  secretObjects:
    - secretName: jenkins-oidc
      type: Opaque
      data:
        - objectName: jenkins-oidc__clientId
          key: clientId
        - objectName: jenkins-oidc__clientSecret
          key: clientSecret
        - objectName: jenkins-oidc__authorizationUrl
          key: authorizationUrl
        - objectName: jenkins-oidc__tokenUrl
          key: tokenUrl
        - objectName: jenkins-oidc__userInfoUrl
          key: userInfoUrl
        - objectName: jenkins-oidc__logoutUrl
          key: logoutUrl
    - secretName: harbor-robot-creds
      type: Opaque
      data:
        - objectName: harbor-robot-creds__username
          key: username
        - objectName: harbor-robot-creds__password
          key: password
    - secretName: gitea-pat
      type: Opaque
      data:
        - objectName: gitea-pat__username
          key: username
        - objectName: gitea-pat__token
          key: token