feat: Add generic oidc account (#288)

* feat: Add generic oidc account * chore: Add generic oidc account to account type * chore: remove subject keys which are not required * fix: add AccountTypeGenericOIDCAccount to account resource creation
OctopusDeploy · Dec 4, 2024 · 94ae598 · 94ae598
1 parent d53c52f
commit 94ae598
Show file tree

Hide file tree

Showing 7 changed files with 134 additions and 2 deletions.
diff --git a/pkg/accounts/account.go b/pkg/accounts/account.go
@@ -31,7 +31,7 @@ type IAccount interface {
 
 // account is the embedded struct used for all accounts.
 type account struct {
-	AccountType            AccountType                 `json:"AccountType" validate:"required,oneof=None UsernamePassword SshKeyPair AzureSubscription AzureServicePrincipal AzureOidc AmazonWebServicesAccount AmazonWebServicesOidcAccount AmazonWebServicesRoleAccount GoogleCloudAccount Token"`
+	AccountType            AccountType                 `json:"AccountType" validate:"required,oneof=None UsernamePassword SshKeyPair AzureSubscription AzureServicePrincipal AzureOidc AmazonWebServicesAccount AmazonWebServicesOidcAccount AmazonWebServicesRoleAccount GoogleCloudAccount GenericOidcAccount Token"`
 	Description            string                      `json:"Description,omitempty"`
 	EnvironmentIDs         []string                    `json:"EnvironmentIds,omitempty"`
 	Name                   string                      `json:"Name" validate:"required,notblank,notall"`

diff --git a/pkg/accounts/account_resource.go b/pkg/accounts/account_resource.go
@@ -12,7 +12,7 @@ import (
 // username/password, tokens, Azure and AWS credentials, and SSH key pairs.
 type AccountResource struct {
 	AccessKey               string                      `json:"AccessKey,omitempty"`
-	AccountType             AccountType                 `json:"AccountType" validate:"required,oneof=None UsernamePassword SshKeyPair AzureSubscription AzureServicePrincipal AzureOidc AmazonWebServicesAccount AmazonWebServicesRoleAccount AmazonWebServicesOidcAccount GoogleCloudAccount Token"`
+	AccountType             AccountType                 `json:"AccountType" validate:"required,oneof=None UsernamePassword SshKeyPair AzureSubscription AzureServicePrincipal AzureOidc AmazonWebServicesAccount AmazonWebServicesRoleAccount AmazonWebServicesOidcAccount GoogleCloudAccount GenericOidcAccount Token"`
 	ApplicationID           *uuid.UUID                  `json:"ClientId,omitempty"`
 	ApplicationPassword     *core.SensitiveValue        `json:"Password,omitempty"`
 	AuthenticationEndpoint  string                      `json:"ActiveDirectoryEndpointBaseUri,omitempty"`

diff --git a/pkg/accounts/account_types.go b/pkg/accounts/account_types.go
@@ -9,6 +9,7 @@ const (
 	AccountTypeAzureOIDC                  = AccountType("AzureOidc")
 	AccountTypeAwsOIDC                    = AccountType("AmazonWebServicesOidcAccount")
 	AccountTypeAzureSubscription          = AccountType("AzureSubscription")
+	AccountTypeGenericOIDCAccount         = AccountType("GenericOidcAccount")
 	AccountTypeGoogleCloudPlatformAccount = AccountType("GoogleCloudAccount")
 	AccountTypeSSHKeyPair                 = AccountType("SshKeyPair")
 	AccountTypeToken                      = AccountType("Token")

diff --git a/pkg/accounts/account_utilities.go b/pkg/accounts/account_utilities.go
@@ -69,6 +69,14 @@ func ToAccount(accountResource *AccountResource) (IAccount, error) {
 		azureSubscriptionAccount.ManagementEndpoint = accountResource.ManagementEndpoint
 		azureSubscriptionAccount.StorageEndpointSuffix = accountResource.StorageEndpointSuffix
 		account = azureSubscriptionAccount
+	case AccountTypeGenericOIDCAccount:
+		genericOIDCAccount, err := NewGenericOIDCAccount(accountResource.GetName())
+		if err != nil {
+			return nil, err
+		}
+		genericOIDCAccount.Audience = accountResource.Audience
+		genericOIDCAccount.DeploymentSubjectKeys = accountResource.DeploymentSubjectKeys
+		account = genericOIDCAccount
 	case AccountTypeGoogleCloudPlatformAccount:
 		googleCloudPlatformAccount, err := NewGoogleCloudPlatformAccount(accountResource.GetName(), accountResource.JsonKey)
 		if err != nil {
@@ -175,6 +183,10 @@ func ToAccountResource(account IAccount) (*AccountResource, error) {
 		accountResource.ManagementEndpoint = azureSubscriptionAccount.ManagementEndpoint
 		accountResource.StorageEndpointSuffix = azureSubscriptionAccount.StorageEndpointSuffix
 		accountResource.SubscriptionID = azureSubscriptionAccount.SubscriptionID
+	case AccountTypeGenericOIDCAccount:
+		genericOidcAccount := account.(*GenericOIDCAccount)
+		accountResource.DeploymentSubjectKeys = genericOidcAccount.DeploymentSubjectKeys
+		accountResource.Audience = genericOidcAccount.Audience
 	case AccountTypeGoogleCloudPlatformAccount:
 		googleCloudPlatformAccount := account.(*GoogleCloudPlatformAccount)
 		accountResource.JsonKey = googleCloudPlatformAccount.JsonKey

diff --git a/pkg/accounts/accounts.go b/pkg/accounts/accounts.go
@@ -106,6 +106,13 @@ func (a *Accounts) UnmarshalJSON(b []byte) error {
 					return err
 				}
 				a.Items = append(a.Items, azureSubscriptionAccount)
+			case AccountTypeGenericOIDCAccount:
+				var genericOIDCAccount *GenericOIDCAccount
+				err := json.Unmarshal(*account, &genericOIDCAccount)
+				if err != nil {
+					return err
+				}
+				a.Items = append(a.Items, genericOIDCAccount)
 			case AccountTypeGoogleCloudPlatformAccount:
 				var googleCloudAccount *GoogleCloudPlatformAccount
 				err := json.Unmarshal(*account, &googleCloudAccount)

diff --git a/pkg/accounts/generic_oidc_account.go b/pkg/accounts/generic_oidc_account.go
@@ -0,0 +1,49 @@
+package accounts
+
+import (
+	"github.com/OctopusDeploy/go-octopusdeploy/v2/internal"
+	"github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/validation"
+	"github.com/go-playground/validator/v10"
+	"github.com/go-playground/validator/v10/non-standard/validators"
+)
+
+// GenericOIDCAccount represents a Generic OIDC account.
+type GenericOIDCAccount struct {
+	Audience              string   `json:"Audience,omitempty"`
+	DeploymentSubjectKeys []string `json:"DeploymentSubjectKeys,omitempty" validate:"omitempty,dive,oneof=space environment project tenant runbook account type'"`
+
+	account
+}
+
+// NewGenericOIDCAccount creates and initializes a Generic OIDC account.
+func NewGenericOIDCAccount(name string) (*GenericOIDCAccount, error) {
+	if internal.IsEmpty(name) {
+		return nil, internal.CreateRequiredParameterIsEmptyOrNilError("name")
+	}
+
+	account := GenericOIDCAccount{
+		account: *newAccount(name, AccountTypeGenericOIDCAccount),
+	}
+
+	// validate to ensure that all expectations are met
+	err := account.Validate()
+	if err != nil {
+		return nil, err
+	}
+
+	return &account, nil
+}
+
+// Validate checks the state of this account and returns an error if invalid.
+func (a *GenericOIDCAccount) Validate() error {
+	v := validator.New()
+	err := v.RegisterValidation("notblank", validators.NotBlank)
+	if err != nil {
+		return err
+	}
+	err = v.RegisterValidation("notall", validation.NotAll)
+	if err != nil {
+		return err
+	}
+	return v.Struct(a)
+}
diff --git a/pkg/accounts/generic_oidc_account_test.go b/pkg/accounts/generic_oidc_account_test.go
@@ -0,0 +1,63 @@
+package accounts
+
+import (
+	"github.com/OctopusDeploy/go-octopusdeploy/v2/internal"
+	"github.com/stretchr/testify/require"
+	"testing"
+)
+
+func TestGenericOIDCAccount(t *testing.T) {
+	name := internal.GetRandomName()
+	audience := "api://default"
+	deploymentSubjectKeys := []string{"space", "project", "tenant", "environment"}
+	invalidDeploymentSubjectKeys := []string{"space", "target"}
+
+	testCases := []struct {
+		TestName              string
+		IsError               bool
+		Name                  string
+		Audience              string
+		DeploymentSubjectKeys []string
+	}{
+		{"Valid", false, name, audience, deploymentSubjectKeys},
+		{"EmptyName", true, "", audience, deploymentSubjectKeys},
+		{"NilSubjectKeys", false, name, "", nil},
+		{"InvalidDeploymentSubjectKeys", true, name, "", invalidDeploymentSubjectKeys},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.TestName, func(t *testing.T) {
+			genericOIDCAccount := &GenericOIDCAccount{
+				Audience:              tc.Audience,
+				DeploymentSubjectKeys: tc.DeploymentSubjectKeys,
+			}
+			genericOIDCAccount.AccountType = AccountTypeGenericOIDCAccount
+			genericOIDCAccount.Name = tc.Name
+			if tc.IsError {
+				require.Error(t, genericOIDCAccount.Validate())
+			} else {
+				require.NoError(t, genericOIDCAccount.Validate())
+
+				require.Equal(t, AccountTypeGenericOIDCAccount, genericOIDCAccount.GetAccountType())
+				require.Equal(t, tc.Name, genericOIDCAccount.GetName())
+			}
+			genericOIDCAccount.SetName(tc.Name)
+			if tc.IsError {
+				require.Error(t, genericOIDCAccount.Validate())
+			} else {
+				require.NoError(t, genericOIDCAccount.Validate())
+				require.Equal(t, tc.Name, genericOIDCAccount.GetName())
+			}
+		})
+	}
+}
+
+func TestGenericOIDCAccountNew(t *testing.T) {
+	name := internal.GetRandomName()
+
+	account, err := NewGenericOIDCAccount(name)
+
+	require.NotNil(t, account)
+	require.NoError(t, err)
+	require.NoError(t, account.Validate())
+}