feat(events): Retrieve OIDC token in gcpPublishEvent (#4917)

Co-authored-by: jliempt <>

cmd/gcpPublishEvent.go

@@ -1,11 +1,13 @@
 package cmd
 
 import (
+	piperConfig "github.com/SAP/jenkins-library/pkg/config"
 	"github.com/SAP/jenkins-library/pkg/events"
 	"github.com/SAP/jenkins-library/pkg/gcp"
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/orchestrator"
 	"github.com/SAP/jenkins-library/pkg/telemetry"
+	"github.com/SAP/jenkins-library/pkg/vault"
 
 	"github.com/pkg/errors"
 )
@@ -19,6 +21,7 @@ type gcpPublishEventUtils interface {
 
 type gcpPublishEventUtilsBundle struct {
 	config *gcpPublishEventOptions
+	*vault.Client
 }
 
 func (g gcpPublishEventUtilsBundle) GetConfig() *gcpPublishEventOptions {
@@ -33,17 +36,34 @@ func (g gcpPublishEventUtilsBundle) Publish(projectNumber string, topic string,
 	return gcp.Publish(projectNumber, topic, token, key, data)
 }
 
-// to be implemented through another PR!
-func (g gcpPublishEventUtilsBundle) GetOIDCTokenByValidation(roleID string) (string, error) {
-	return "testToken", nil
-}
-
 func gcpPublishEvent(config gcpPublishEventOptions, telemetryData *telemetry.CustomData) {
-	utils := gcpPublishEventUtilsBundle{
+	vaultCreds := piperConfig.VaultCredentials{
-		config: &config,
+		AppRoleID:       GeneralConfig.VaultRoleID,
+		AppRoleSecretID: GeneralConfig.VaultRoleSecretID,
+		VaultToken:      GeneralConfig.VaultToken,
+	}
+	vaultConfig := map[string]interface{}{
+		"vaultNamespace": config.VaultNamespace,
+		"vaultServerUrl": config.VaultServerURL,
 	}
 
-	err := runGcpPublishEvent(utils)
+	client, err := piperConfig.GetVaultClientFromConfig(vaultConfig, vaultCreds)
+	if err != nil {
+		log.Entry().WithError(err).Warnf("could not create Vault client")
+	}
+	defer client.MustRevokeToken()
+
+	vaultClient, ok := client.(vault.Client)
+	if !ok {
+		log.Entry().WithError(err).Warnf("could not create Vault client")
+	}
+
+	utils := gcpPublishEventUtilsBundle{
+		config: &config,
+		Client: &vaultClient,
+	}
+
+	err = runGcpPublishEvent(utils)
 	if err != nil {
 		// do not fail the step
 		log.Entry().WithError(err).Warnf("step execution failed")
@@ -66,10 +86,7 @@ func runGcpPublishEvent(utils gcpPublishEventUtils) error {
 		return errors.Wrap(err, "failed to create event data")
 	}
 
-	// this is currently returning a mock token. function will be implemented through another PR!
+	oidcToken, err := utils.GetOIDCTokenByValidation(GeneralConfig.HookConfig.OIDCConfig.RoleID)
-	// roleID will come from GeneralConfig.HookConfig.OIDCConfig.RoleID
-	roleID := "test"
-	oidcToken, err := utils.GetOIDCTokenByValidation(roleID)
 	if err != nil {
 		return errors.Wrap(err, "failed to get OIDC token")
 	}