void recreateVaultSecret()

in upgrade-scripts/post-upgrade/one-time/UpdateVaultSecrets.groovy [65:82]

• 18 lines of code
• 2 McCabe index (conditional complexity)

void recreateVaultSecret(String oldSecretName, String newSecretName, String authType, String vaultSecretsPath, String centralVaultToken, String tokenPrefix) {
    if (authType == "BASIC") {
        String basicAuthUser = sh(script: "set +x; curl --header \"X-Vault-Token: $centralVaultToken\" " +
                "--request GET $vaultSecretsPath/$oldSecretName | jq '.data.data.\"${tokenPrefix}.${newSecretName}.auth.secret.username\"'", returnStdout: true)
        String basicAuthPass = sh(script: "set +x; curl --header \"X-Vault-Token: $centralVaultToken\" " +
                "--request GET $vaultSecretsPath/$oldSecretName | jq '.data.data.\"${tokenPrefix}.${newSecretName}.auth.secret.password\"'", returnStdout: true)
        sh(script: "set +x; curl --header \"X-Vault-Token: $centralVaultToken\" " +
                "--request POST $vaultSecretsPath/$oldSecretName/$newSecretName " +
                "--data '{\"data\": {\"${tokenPrefix}.${newSecretName}.auth.secret.username\": $basicAuthUser, " +
                "\"${tokenPrefix}.${newSecretName}.auth.secret.password\": $basicAuthPass}}'")
    } else {
        String existingToken = sh(script: "set +x; curl --header \"X-Vault-Token: $centralVaultToken\" " +
                "--request GET $vaultSecretsPath/$oldSecretName | jq '.data.data.\"${tokenPrefix}.${newSecretName}.auth.secret.token\"'", returnStdout: true)
        sh(script: "set +x; curl --header \"X-Vault-Token: $centralVaultToken\" " +
                "--request POST $vaultSecretsPath/$oldSecretName/$newSecretName " +
                "--data '{\"data\": {\"${tokenPrefix}.${newSecretName}.auth.secret.token\": $existingToken}}'")
    }
}