From 243daea5a77d085dece811f4e00d980163f68c53 Mon Sep 17 00:00:00 2001
From: Sergejs Kostjucenko <sergejs@parity.io>
Date: Fri, 5 Jan 2024 12:27:07 +0200
Subject: [PATCH] update vault auth

---
 .gitlab-ci.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 62cff2d..46f3e50 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,11 +15,14 @@ variables:
   TASK_DB_VERSION:                 v3
   DOCKERFILE:                      Dockerfile
   VAULT_ADDR:                      "https://vault.parity-mgmt-vault.parity.io"
-  VAULT_AUTH_PATH:                 "gitlab-parity-io-jwt"
-  VAULT_AUTH_ROLE:                 "gitlab_${CI_PROJECT_NAME}"
+  VAULT_AUTH_PATH:                 "gitlab-parity-io-jwt-oidc"
+  VAULT_AUTH_ROLE:                 "gitlab_oidc_${CI_PROJECT_NAME}"
   HELM_SECRETS_DRIVER:             vals
 
 default:
+  id_tokens:
+    VAULT_ID_TOKEN:
+      aud: https://gitlab.parity.io
   image: $CI_IMAGE
   tags:
     -  kubernetes-parity-build
@@ -137,7 +140,7 @@ push-docker-image-description:
     - |-
       sed -i "s/appVersion:.*/appVersion: $KUBERNETES_VERSION_TAG/" helm/Chart.yaml
     # https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/#example
-    - export VAULT_TOKEN="$(vault write -field=token auth/$VAULT_AUTH_PATH/login role=$VAULT_AUTH_ROLE jwt=$CI_JOB_JWT)"
+    - export VAULT_TOKEN="$(vault write -field=token auth/$VAULT_AUTH_PATH/login role=$VAULT_AUTH_ROLE jwt=$VAULT_ID_TOKEN)"
     - helm dependency update helm/
     - helm secrets --version
     - helm secrets upgrade