From 1f4010a97e3dbc27c822cd5498c4c518ca130830 Mon Sep 17 00:00:00 2001 From: Jordi van Liempt <35920075+jliempt@users.noreply.github.com> Date: Tue, 7 May 2024 15:43:07 +0200 Subject: [PATCH] feat(events): Retrieve OIDC token in gcpPublishEvent (#4917) Co-authored-by: jliempt <> --- cmd/gcpPublishEvent.go | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/cmd/gcpPublishEvent.go b/cmd/gcpPublishEvent.go index 1f8a52e78c..3ae5eb5b39 100644 --- a/cmd/gcpPublishEvent.go +++ b/cmd/gcpPublishEvent.go @@ -1,11 +1,13 @@ package cmd import ( + piperConfig "github.com/SAP/jenkins-library/pkg/config" "github.com/SAP/jenkins-library/pkg/events" "github.com/SAP/jenkins-library/pkg/gcp" "github.com/SAP/jenkins-library/pkg/log" "github.com/SAP/jenkins-library/pkg/orchestrator" "github.com/SAP/jenkins-library/pkg/telemetry" + "github.com/SAP/jenkins-library/pkg/vault" "github.com/pkg/errors" ) @@ -19,6 +21,7 @@ type gcpPublishEventUtils interface { type gcpPublishEventUtilsBundle struct { config *gcpPublishEventOptions + *vault.Client } func (g gcpPublishEventUtilsBundle) GetConfig() *gcpPublishEventOptions { @@ -33,17 +36,34 @@ func (g gcpPublishEventUtilsBundle) Publish(projectNumber string, topic string, return gcp.Publish(projectNumber, topic, token, key, data) } -// to be implemented through another PR! -func (g gcpPublishEventUtilsBundle) GetOIDCTokenByValidation(roleID string) (string, error) { - return "testToken", nil -} - func gcpPublishEvent(config gcpPublishEventOptions, telemetryData *telemetry.CustomData) { + vaultCreds := piperConfig.VaultCredentials{ + AppRoleID: GeneralConfig.VaultRoleID, + AppRoleSecretID: GeneralConfig.VaultRoleSecretID, + VaultToken: GeneralConfig.VaultToken, + } + vaultConfig := map[string]interface{}{ + "vaultNamespace": config.VaultNamespace, + "vaultServerUrl": config.VaultServerURL, + } + + client, err := piperConfig.GetVaultClientFromConfig(vaultConfig, vaultCreds) + if err != nil { + log.Entry().WithError(err).Warnf("could not create Vault client") + } + defer client.MustRevokeToken() + + vaultClient, ok := client.(vault.Client) + if !ok { + log.Entry().WithError(err).Warnf("could not create Vault client") + } + utils := gcpPublishEventUtilsBundle{ config: &config, + Client: &vaultClient, } - err := runGcpPublishEvent(utils) + err = runGcpPublishEvent(utils) if err != nil { // do not fail the step log.Entry().WithError(err).Warnf("step execution failed") @@ -66,10 +86,7 @@ func runGcpPublishEvent(utils gcpPublishEventUtils) error { return errors.Wrap(err, "failed to create event data") } - // this is currently returning a mock token. function will be implemented through another PR! - // roleID will come from GeneralConfig.HookConfig.OIDCConfig.RoleID - roleID := "test" - oidcToken, err := utils.GetOIDCTokenByValidation(roleID) + oidcToken, err := utils.GetOIDCTokenByValidation(GeneralConfig.HookConfig.OIDCConfig.RoleID) if err != nil { return errors.Wrap(err, "failed to get OIDC token") }