Merge branch 'master' into 1084565-infra-doc

.mockery.yaml

@@ -13,3 +13,8 @@ packages:
       dir: pkg/influx/mocks
     interfaces:
       WriteAPIBlocking:
+  github.com/SAP/jenkins-library/pkg/config:
+    config:
+      dir: pkg/config/mocks
+    interfaces:
+      VaultClient:

cmd/gcpPublishEvent.go

@@ -1,11 +1,13 @@
 package cmd
 
 import (
+	piperConfig "github.com/SAP/jenkins-library/pkg/config"
 	"github.com/SAP/jenkins-library/pkg/events"
 	"github.com/SAP/jenkins-library/pkg/gcp"
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/orchestrator"
 	"github.com/SAP/jenkins-library/pkg/telemetry"
+	"github.com/SAP/jenkins-library/pkg/vault"
 
 	"github.com/pkg/errors"
 )
@@ -19,6 +21,7 @@ type gcpPublishEventUtils interface {
 
 type gcpPublishEventUtilsBundle struct {
 	config *gcpPublishEventOptions
+	*vault.Client
 }
 
 func (g gcpPublishEventUtilsBundle) GetConfig() *gcpPublishEventOptions {
@@ -33,17 +36,34 @@ func (g gcpPublishEventUtilsBundle) Publish(projectNumber string, topic string,
 	return gcp.Publish(projectNumber, topic, token, key, data)
 }
 
-// to be implemented through another PR!
-func (g gcpPublishEventUtilsBundle) GetOIDCTokenByValidation(roleID string) (string, error) {
-	return "testToken", nil
-}
-
 func gcpPublishEvent(config gcpPublishEventOptions, telemetryData *telemetry.CustomData) {
+	vaultCreds := piperConfig.VaultCredentials{
+		AppRoleID:       GeneralConfig.VaultRoleID,
+		AppRoleSecretID: GeneralConfig.VaultRoleSecretID,
+		VaultToken:      GeneralConfig.VaultToken,
+	}
+	vaultConfig := map[string]interface{}{
+		"vaultNamespace": config.VaultNamespace,
+		"vaultServerUrl": config.VaultServerURL,
+	}
+
+	client, err := piperConfig.GetVaultClientFromConfig(vaultConfig, vaultCreds)
+	if err != nil {
+		log.Entry().WithError(err).Warnf("could not create Vault client")
+	}
+	defer client.MustRevokeToken()
+
+	vaultClient, ok := client.(vault.Client)
+	if !ok {
+		log.Entry().WithError(err).Warnf("could not create Vault client")
+	}
+
 	utils := gcpPublishEventUtilsBundle{
 		config: &config,
+		Client: &vaultClient,
 	}
 
-	err := runGcpPublishEvent(utils)
+	err = runGcpPublishEvent(utils)
 	if err != nil {
 		// do not fail the step
 		log.Entry().WithError(err).Warnf("step execution failed")
@@ -66,10 +86,7 @@ func runGcpPublishEvent(utils gcpPublishEventUtils) error {
 		return errors.Wrap(err, "failed to create event data")
 	}
 
-	// this is currently returning a mock token. function will be implemented through another PR!
-	// roleID will come from GeneralConfig.HookConfig.OIDCConfig.RoleID
-	roleID := "test"
-	oidcToken, err := utils.GetOIDCTokenByValidation(roleID)
+	oidcToken, err := utils.GetOIDCTokenByValidation(GeneralConfig.HookConfig.OIDCConfig.RoleID)
 	if err != nil {
 		return errors.Wrap(err, "failed to get OIDC token")
 	}

cmd/piper.go

@@ -54,6 +54,7 @@ type HookConfiguration struct {
 	SentryConfig SentryConfiguration `json:"sentry,omitempty"`
 	SplunkConfig SplunkConfiguration `json:"splunk,omitempty"`
 	PendoConfig  PendoConfiguration  `json:"pendo,omitempty"`
+	OIDCConfig   OIDCConfiguration   `json:"oidc,omitempty"`
 }
 
 // SentryConfiguration defines the configuration options for the Sentry logging system
@@ -76,6 +77,11 @@ type PendoConfiguration struct {
 	Token string `json:"token,omitempty"`
 }
 
+// OIDCConfiguration defines the configuration options for the OpenID Connect authentication system
+type OIDCConfiguration struct {
+	RoleID string `json:",roleID,omitempty"`
+}
+
 var rootCmd = &cobra.Command{
 	Use:   "piper",
 	Short: "Executes CI/CD steps from project 'Piper' ",

pkg/config/config.go

@@ -257,7 +257,7 @@ func (c *Config) GetStepConfig(flagValues map[string]interface{}, paramJSON stri
 	// check whether vault should be skipped
 	if skip, ok := stepConfig.Config["skipVault"].(bool); !ok || !skip {
 		// fetch secrets from vault
-		vaultClient, err := getVaultClientFromConfig(stepConfig, c.vaultCredentials)
+		vaultClient, err := GetVaultClientFromConfig(stepConfig.Config, c.vaultCredentials)
 		if err != nil {
 			return StepConfig{}, err
 		}