Allow requesting secrets by a different name
There are some cases, such as the artifact upload job, where the job can
take a dict parameter and where it could be advantageous to allow other
people to re-use the job but passing in their own local secret data by
supplying variables to a variant. However, currently secrets carry with
them a name, which is used as the variable name in ansible.
Make a secret in a job config be able to be given as a string or a
dict. In the dict case, the name of the secret and the name it should be
added to ansible as are required. This allows someone to have a named
secret but to pass it to a job under a different name.
Change-Id: I27a82c6ee1cf7399353509f98a0a52536ebbc19a
diff --git a/doc/source/user/config.rst b/doc/source/user/config.rst
index 7ff7106..e356d44 100644
--- a/doc/source/user/config.rst
+++ b/doc/source/user/config.rst
@@ -684,6 +684,42 @@
appear here must be defined in the same project as this job
definition.
+ Each item in the list may may be supplied either as a string,
+ in which case it references the name of a :ref:`secret` definition,
+ or as a dict. If an element in this list is given as a dict, it
+ must have the following fields.
+
+ .. attr:: name
+
+ The name to use for the Ansible variable into which the secret
+ content will be placed.
+
+ .. attr:: secret
+
+ The name to use to find the secret's definition in the configuration.
+
+ For example:
+
+ .. code-block:: yaml
+
+ - secret:
+ important-secret:
+ key: encrypted-secret-key-data
+
+ - job:
+ name: amazing-job:
+ secrets:
+ - name: ssh_key
+ secret: important-secret
+
+ will result in the following being passed as a variable to the playbooks
+ in ``amazing-job``:
+
+ .. code-block:: yaml
+
+ ssh_key:
+ key: descrypted-secret-key-data
+
.. attr:: nodes
A list of nodes which should be supplied to the job. This