Merge branch '241130-vault-secrets-make-auth-path-configurable' into 'master'

Specify custom path for Vault auth method

Closes #241130

See merge request gitlab-org/gitlab!40366

ee/app/models/ee/ci/build.rb

@@ -148,8 +148,8 @@ module EE
         variable_value('VAULT_SERVER_URL').present?
       end
 
-      def variable_value(key)
-        variables_hash[key]
+      def variable_value(key, default = nil)
+        variables_hash.fetch(key, default)
       end
 
       private

ee/app/presenters/ee/ci/build_runner_presenter.rb

@@ -19,7 +19,7 @@ module EE
           'url' => variable_value('VAULT_SERVER_URL'),
           'auth' => {
             'name' => 'jwt',
-            'path' => 'jwt',
+            'path' => variable_value('VAULT_AUTH_PATH', 'jwt'),
             'data' => {
               'jwt' => '${CI_JOB_JWT}',
               'role' => variable_value('VAULT_AUTH_ROLE')

ee/spec/presenters/ci/build_runner_presenter_spec.rb

@@ -63,6 +63,24 @@ RSpec.describe Ci::BuildRunnerPresenter do
           end
         end
       end
+
+      context 'Vault auth path' do
+        let(:vault_auth) { presenter.secrets_configuration.dig('DATABASE_PASSWORD', 'vault', 'server', 'auth') }
+
+        context 'VAULT_AUTH_PATH CI variable is present' do
+          it 'contains user defined auth path' do
+            create(:ci_variable, project: ci_build.project, key: 'VAULT_AUTH_PATH', value: 'custom/path')
+
+            expect(vault_auth.fetch('path')).to eq('custom/path')
+          end
+        end
+
+        context 'VAULT_AUTH_PATH CI variable is not present' do
+          it 'contains the default auth path' do
+            expect(vault_auth.fetch('path')).to eq('jwt')
+          end
+        end
+      end
     end
   end
 end