cvbarros · fatmcgav · Oct 29, 2020 · Oct 30, 2020 · Oct 30, 2020 · Oct 30, 2020
diff --git a/Makefile b/Makefile
@@ -42,6 +42,7 @@ ci: test ## Run all the CI targets
 start-docker: ## Starts up docker container running TeamCity Server
  @test -d $(TEAMCITY_DATA_DIR) || bsdtar xfz $(INTEGRATION_TEST_DIR)/teamcity_data.tar.gz -C $(INTEGRATION_TEST_DIR)
  @curl -sL https://download.octopusdeploy.com/octopus-teamcity/4.42.1/Octopus.TeamCity.zip -o $(TEAMCITY_DATA_DIR)/plugins/Octopus.TeamCity.zip
+ @curl -sL "https://plugins.jetbrains.com/plugin/download?rel=true&updateId=100790" -o ${TEAMCITY_DATA_DIR}/plugins/teamcity-hashicorp-vault-plugin.zip
  @test -n "$$(docker ps -q -f name=$(CONTAINER_NAME))" || docker run --rm -d \
  --name $(CONTAINER_NAME) \
  -v $(PWD)/$(TEAMCITY_DATA_DIR):/data/teamcity_server/datadir \

diff --git a/teamcity/locator.go b/teamcity/locator.go
@@ -1,6 +1,9 @@
 package teamcity
 
-import "net/url"
+import (
+ "fmt"
+ "net/url"
+)
 
 //Locator represents a arbitraty locator to be used when querying resources, such as id:, type:, or key:
 //These are used in GET requests within the URL so must be properly escaped
@@ -26,6 +29,12 @@ func LocatorType(id string) Locator {
  return Locator(url.QueryEscape("type:") + id)
 }
 
+//LocatorTypeProvider creates a locator for a Project Feature by Type and Provider
+func LocatorTypeProvider(featureType string, featureProvider string) Locator {
+ queryString := fmt.Sprintf("type:%s,property(name:providerType,value:%s)", featureType, featureProvider)
+ return Locator(url.QueryEscape(queryString))
+}
+
 func (l Locator) String() string {
  return string(l)
 }
diff --git a/teamcity/locator_test.go b/teamcity/locator_test.go
@@ -19,3 +19,12 @@ func Test_LocatorId(t *testing.T) {
 
  assert.Equal(t, "id%3A_Root", actual)
 }
+
+func Test_LocatorTypeProvider(t *testing.T) {
+ sut := LocatorTypeProvider("OAuthProvider", "teamcity-vault")
+ actual := sut.String()
+
+ expected := "type%3AOAuthProvider%2Cproperty%28name%3AproviderType%2Cvalue%3Ateamcity-vault%29"
+
+ assert.Equal(t, expected, actual)
+}
diff --git a/teamcity/project_feature.go b/teamcity/project_feature.go
@@ -52,7 +52,7 @@ func (s *ProjectFeatureService) Create(feature ProjectFeature) (ProjectFeature,
  return nil, fmt.Errorf("feature is nil")
  }
  if feature.ProjectID() != s.ProjectID {
- return nil, fmt.Errorf("given ProjectFeature for project %q to ProjectFeatureService for project %q.", feature.ProjectID(), s.ProjectID)
+ return nil, fmt.Errorf("given ProjectFeature for project %q to ProjectFeatureService for project %q", feature.ProjectID(), s.ProjectID)
  }
 
  requestBody := &projectFeatureJSON{
@@ -114,7 +114,7 @@ func (s *ProjectFeatureService) GetByID(id string) (ProjectFeature, error) {
  return s.parseProjectFeatureJSONResponse(out)
 }
 
-// GetByType returns a single ProjectFeature for the current project by it's typw.
+// GetByType returns a single ProjectFeature for the current project by it's type.
 func (s *ProjectFeatureService) GetByType(id string) (ProjectFeature, error) {
  var out projectFeatureJSON
 
@@ -127,6 +127,20 @@ func (s *ProjectFeatureService) GetByType(id string) (ProjectFeature, error) {
  return s.parseProjectFeatureJSONResponse(out)
 }
 
+// GetByTypeAndProvider returns any matching ProjectFeature's for the current project
+// that match the supplied Type and Provider
+func (s *ProjectFeatureService) GetByTypeAndProvider(featureType string, featureProvider string) (ProjectFeature, error) {
+ var out projectFeatureJSON
+
+ loc := LocatorTypeProvider(featureType, featureProvider)
+ url := fmt.Sprintf("projects/%s/projectFeatures/%s", s.ProjectID, loc)
+ if err := s.restHelper.get(url, &out, "projectFeature"); err != nil {
+ return nil, err
+ }
+
+ return s.parseProjectFeatureJSONResponse(out)
+}
+
 // Update updated an existing a ProjectFeature under the current project.
 func (s *ProjectFeatureService) Update(feature ProjectFeature) (ProjectFeature, error) {
  if feature == nil {
@@ -152,6 +166,8 @@ func (s *ProjectFeatureService) Update(feature ProjectFeature) (ProjectFeature,
 
 func (s *ProjectFeatureService) parseProjectFeatureJSONResponse(feature projectFeatureJSON) (ProjectFeature, error) {
  switch feature.Type {
+ case "OAuthProvider":
+ return loadConnectionProviderVault(s.ProjectID, feature)
  case "versionedSettings":
  return loadProjectFeatureVersionedSettings(s.ProjectID, feature)
  default:

diff --git a/teamcity/project_feature_connection.go b/teamcity/project_feature_connection.go
@@ -0,0 +1,161 @@
+package teamcity
+
+import (
+ "fmt"
+ "strconv"
+)
+
+// ConnectionType represents the TeamCity connection type
+type ConnectionType string
+
+const (
+ // ConnectionTypeOAuthProvider resprents an OAuth Provider connection type
+ ConnectionTypeOAuthProvider ConnectionType = "OAuthProvider"
+)
+
+// ConnectionProviderType represents the OAuth provider type
+type ConnectionProviderType string
+
+const (
+ // ConnectionProviderTypeVault represents an Hashicorp Vault provider type
+ ConnectionProviderTypeVault ConnectionProviderType = "teamcity-vault"
+)
+
+// ConnectionProviderVaultAuthMethod represents the Vault auth method
+type ConnectionProviderVaultAuthMethod string
+
+const (
+ // ConnectionProviderVaultAuthMethodIAM represents the IAM auth method
+ ConnectionProviderVaultAuthMethodIAM ConnectionProviderVaultAuthMethod = "iam"
+ // ConnectionProviderVaultAuthMethodApprole represents the approle auth method
+ ConnectionProviderVaultAuthMethodApprole ConnectionProviderVaultAuthMethod = "approle"
+)
+
+// ConnectionProviderVaultOptions is the required options for the Vault OAuth provider
+type ConnectionProviderVaultOptions struct {
+ AuthMethod ConnectionProviderVaultAuthMethod
+ DisplayName string
+ Endpoint string
+ FailOnError bool
+ Namespace string
+ ProviderType ConnectionProviderType
+ RoleID string
+ SecretID string
+ URL string
+ VaultNamespace string
+}
+
+// ConnectionProviderVault defines the Vault Connection details
+type ConnectionProviderVault struct {
+ id string
+ projectID string
+
+ Options ConnectionProviderVaultOptions
+}
+
+// NewProjectConnectionVault creates a new Vault OAuth Provider connection feature
+func NewProjectConnectionVault(projectID string, options ConnectionProviderVaultOptions) *ConnectionProviderVault {
+ return &ConnectionProviderVault{
+ projectID: projectID,
+ Options: options,
+ }
+}
+
+// ID returns the ID of this project feature
+func (f *ConnectionProviderVault) ID() string {
+ return f.id
+}
+
+// SetID sets the ID of this project feature
+func (f *ConnectionProviderVault) SetID(value string) {
+ f.id = value
+}
+
+// Type represents the type of this project feature as a string
+func (f *ConnectionProviderVault) Type() string {
+ return "OAuthProvider"
+}
+
+// ProjectID represents the ID of the project the project feature is assigned to.
+func (f *ConnectionProviderVault) ProjectID() string {
+ return f.projectID
+}
+
+// SetProjectID sets the ID of the project the project feature is assigned to.
+func (f *ConnectionProviderVault) SetProjectID(value string) {
+ f.projectID = value
+}
+
+// Properties returns all properties for the Vault OAuth Provider project feature
+func (f *ConnectionProviderVault) Properties() *Properties {
+ return NewProperties(
+ NewProperty("auth-method", string(f.Options.AuthMethod)),
+ NewProperty("displayName", string(f.Options.DisplayName)),
+ NewProperty("endpoint", string(f.Options.Endpoint)),
+ NewProperty("fail-on-error", fmt.Sprintf("%t", f.Options.FailOnError)),
+ NewProperty("namespace", string(f.Options.Namespace)),
+ NewProperty("providerType", string(ConnectionProviderTypeVault)),
+ NewProperty("role-id", string(f.Options.RoleID)),
+ NewProperty("secure:secret-id", string(f.Options.SecretID)),
+ NewProperty("url", string(f.Options.URL)),
+ NewProperty("vault-namespace", string(f.Options.VaultNamespace)),
+ )
+}
+
+func loadConnectionProviderVault(projectID string, feature projectFeatureJSON) (ProjectFeature, error) {
+ settings := &ConnectionProviderVault{
+ id: feature.ID,
+ projectID: projectID,
+ Options: ConnectionProviderVaultOptions{},
+ }
+
+ // stringProperties := []string{"displayName", "endpoint", "namespace", "role-id", "url", "vault-namespace"}
+ // for _, property := range stringProperties {
+ // if encodedValue, ok := feature.Properties.GetOk("displayName"); ok {
+ // settings.Options.DisplayName = encodedValue
+ // }
+ // }
+
+ if encodedValue, ok := feature.Properties.GetOk("displayName"); ok {
+ settings.Options.DisplayName = encodedValue
+ }
+
+ if encodedValue, ok := feature.Properties.GetOk("endpoint"); ok {
+ settings.Options.Endpoint = encodedValue
+ }
+
+ if encodedValue, ok := feature.Properties.GetOk("namespace"); ok {
+ settings.Options.Namespace = encodedValue
+ }
+
+ if encodedValue, ok := feature.Properties.GetOk("role-id"); ok {
+ settings.Options.RoleID = encodedValue
+ }
+
+ if encodedValue, ok := feature.Properties.GetOk("url"); ok {
+ settings.Options.URL = encodedValue
+ }
+
+ if encodedValue, ok := feature.Properties.GetOk("vault-namespace"); ok {
+ settings.Options.VaultNamespace = encodedValue
+ }
+
+ if encodedValue, ok := feature.Properties.GetOk("fail-on-error"); ok {
+ v, err := strconv.ParseBool(encodedValue)
+ if err != nil {
+ return nil, err
+ }
+
+ settings.Options.FailOnError = v
+ }
+
+ if encodedValue, ok := feature.Properties.GetOk("auth-method"); ok {
+ settings.Options.AuthMethod = ConnectionProviderVaultAuthMethod(encodedValue)
+ }
+
+ if encodedValue, ok := feature.Properties.GetOk("providerType"); ok {
+ settings.Options.ProviderType = ConnectionProviderType(encodedValue)
+ }
+
+ return settings, nil
+}