jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-01-28 05:47:08 +02:00
Code Issues Releases Activity

feat(events): Retrieve OIDC token in gcpPublishEvent (#4917)

Browse Source 
Co-authored-by: jliempt <>
This commit is contained in:
Jordi van Liempt 2024-05-07 15:43:07 +02:00 committed by GitHub
parent f5fbb7e9d9
commit 1f4010a97e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 29 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
cmd/gcpPublishEvent.go
View File

@ -1,11 +1,13 @@
package cmd
import (
piperConfig "github.com/SAP/jenkins-library/pkg/config"
"github.com/SAP/jenkins-library/pkg/events"
"github.com/SAP/jenkins-library/pkg/gcp"
"github.com/SAP/jenkins-library/pkg/log"
"github.com/SAP/jenkins-library/pkg/orchestrator"
"github.com/SAP/jenkins-library/pkg/telemetry"
"github.com/SAP/jenkins-library/pkg/vault"
"github.com/pkg/errors"
)
@ -19,6 +21,7 @@ type gcpPublishEventUtils interface {
type gcpPublishEventUtilsBundle struct {
config *gcpPublishEventOptions
*vault.Client
}
func (g gcpPublishEventUtilsBundle) GetConfig() *gcpPublishEventOptions {
@ -33,17 +36,34 @@ func (g gcpPublishEventUtilsBundle) Publish(projectNumber string, topic string,
return gcp.Publish(projectNumber, topic, token, key, data)
}
// to be implemented through another PR!
func (g gcpPublishEventUtilsBundle) GetOIDCTokenByValidation(roleID string) (string, error) {
return "testToken", nil
}
func gcpPublishEvent(config gcpPublishEventOptions, telemetryData *telemetry.CustomData) {
utils := gcpPublishEventUtilsBundle{
config: &config,
vaultCreds := piperConfig.VaultCredentials{
AppRoleID: GeneralConfig.VaultRoleID,
AppRoleSecretID: GeneralConfig.VaultRoleSecretID,
VaultToken: GeneralConfig.VaultToken,
}
vaultConfig := map[string]interface{}{
"vaultNamespace": config.VaultNamespace,
"vaultServerUrl": config.VaultServerURL,
}
err := runGcpPublishEvent(utils)
client, err := piperConfig.GetVaultClientFromConfig(vaultConfig, vaultCreds)
if err != nil {
log.Entry().WithError(err).Warnf("could not create Vault client")
}
defer client.MustRevokeToken()
vaultClient, ok := client.(vault.Client)
if !ok {
log.Entry().WithError(err).Warnf("could not create Vault client")
}
utils := gcpPublishEventUtilsBundle{
config: &config,
Client: &vaultClient,
}
err = runGcpPublishEvent(utils)
if err != nil {
// do not fail the step
log.Entry().WithError(err).Warnf("step execution failed")
@ -66,10 +86,7 @@ func runGcpPublishEvent(utils gcpPublishEventUtils) error {
return errors.Wrap(err, "failed to create event data")
}
// this is currently returning a mock token. function will be implemented through another PR!
// roleID will come from GeneralConfig.HookConfig.OIDCConfig.RoleID
roleID := "test"
oidcToken, err := utils.GetOIDCTokenByValidation(roleID)
oidcToken, err := utils.GetOIDCTokenByValidation(GeneralConfig.HookConfig.OIDCConfig.RoleID)
if err != nil {
return errors.Wrap(err, "failed to get OIDC token")
}