more

OctopusDeploy · Nov 14, 2023 · e7cf08d · e7cf08d
1 parent 6b43dda
commit e7cf08d
Show file tree

Hide file tree

Showing 8 changed files with 88 additions and 11 deletions.
diff --git a/pkg/accounts/account_resource.go b/pkg/accounts/account_resource.go
@@ -38,6 +38,10 @@ type AccountResource struct {
 	TenantTags              []string                    `json:"TenantTags,omitempty"`
 	Token                   *core.SensitiveValue        `json:"Token,omitempty"`
 	Username                string                      `json:"Username,omitempty"`
+	Audience                string                      `json:"Audience,omitempty"`
+	DeploymentSubjectKeys   []string                    `json:"DeploymentSubjectKeys,omitempty"`
+	HealthCheckSubjectKeys  []string                    `json:"HealthCheckSubjectKeys,omitempty"`
+	AccountTestSubjectKeys  []string                    `json:"AccountTestSubjectKeys,omitempty"`
 
 	resources.Resource
 }

diff --git a/pkg/accounts/account_service_test.go b/pkg/accounts/account_service_test.go
@@ -121,6 +121,10 @@ func TestAccountServiceUpdateWithEmptyAccount(t *testing.T) {
 	require.Error(t, err)
 	require.Nil(t, account)
 
+	account, err = service.Update(&AzureOIDCAccount{})
+	require.Error(t, err)
+	require.Nil(t, account)
+
 	account, err = service.Update(&AzureSubscriptionAccount{})
 	require.Error(t, err)
 	require.Nil(t, account)

diff --git a/pkg/accounts/account_utilities.go b/pkg/accounts/account_utilities.go
@@ -33,6 +33,19 @@ func ToAccount(accountResource *AccountResource) (IAccount, error) {
 		azureServicePrincipalAccount.AzureEnvironment = accountResource.AzureEnvironment
 		azureServicePrincipalAccount.ResourceManagerEndpoint = accountResource.ResourceManagerEndpoint
 		account = azureServicePrincipalAccount
+	case AccountTypeAzureOIDC:
+		azureOIDCAccount, err := NewAzureOIDCAccount(accountResource.GetName(), *accountResource.SubscriptionID, *accountResource.TenantID, *accountResource.ApplicationID)
+		if err != nil {
+			return nil, err
+		}
+		azureOIDCAccount.AuthenticationEndpoint = accountResource.AuthenticationEndpoint
+		azureOIDCAccount.AzureEnvironment = accountResource.AzureEnvironment
+		azureOIDCAccount.ResourceManagerEndpoint = accountResource.ResourceManagerEndpoint
+		azureOIDCAccount.Audience = accountResource.Audience
+		azureOIDCAccount.DeploymentSubjectKeys = accountResource.DeploymentSubjectKeys
+		azureOIDCAccount.AccountTestSubjectKeys = accountResource.AccountTestSubjectKeys
+		azureOIDCAccount.HealthCheckSubjectKeys = accountResource.HealthCheckSubjectKeys
+		account = azureOIDCAccount
 	case AccountTypeAzureSubscription:
 		azureSubscriptionAccount, err := NewAzureSubscriptionAccount(accountResource.GetName(), *accountResource.SubscriptionID)
 		if err != nil {
@@ -122,6 +135,18 @@ func ToAccountResource(account IAccount) (*AccountResource, error) {
 		accountResource.ResourceManagerEndpoint = azureServicePrincipalAccount.ResourceManagerEndpoint
 		accountResource.SubscriptionID = azureServicePrincipalAccount.SubscriptionID
 		accountResource.TenantID = azureServicePrincipalAccount.TenantID
+	case AccountTypeAzureOIDC:
+		azureOIDCAccount := account.(*AzureOIDCAccount)
+		accountResource.ApplicationID = azureOIDCAccount.ApplicationID
+		accountResource.AuthenticationEndpoint = azureOIDCAccount.AuthenticationEndpoint
+		accountResource.AzureEnvironment = azureOIDCAccount.AzureEnvironment
+		accountResource.ResourceManagerEndpoint = azureOIDCAccount.ResourceManagerEndpoint
+		accountResource.SubscriptionID = azureOIDCAccount.SubscriptionID
+		accountResource.TenantID = azureOIDCAccount.TenantID
+		accountResource.Audience = azureOIDCAccount.Audience
+		accountResource.DeploymentSubjectKeys = azureOIDCAccount.DeploymentSubjectKeys
+		accountResource.AccountTestSubjectKeys = azureOIDCAccount.AccountTestSubjectKeys
+		accountResource.HealthCheckSubjectKeys = azureOIDCAccount.HealthCheckSubjectKeys
 	case AccountTypeAzureSubscription:
 		azureSubscriptionAccount := account.(*AzureSubscriptionAccount)
 		accountResource.AzureEnvironment = azureSubscriptionAccount.AzureEnvironment

diff --git a/pkg/accounts/accounts.go b/pkg/accounts/accounts.go
@@ -85,20 +85,20 @@ func (a *Accounts) UnmarshalJSON(b []byte) error {
 					return err
 				}
 				a.Items = append(a.Items, azureServicePrincipalAccount)
-			case AccountTypeAzureSubscription:
-				var azureSubscriptionAccount *AzureSubscriptionAccount
-				err := json.Unmarshal(*account, &azureSubscriptionAccount)
-				if err != nil {
-					return err
-				}
-				a.Items = append(a.Items, azureSubscriptionAccount)
 			case AccountTypeAzureOIDC:
 				var azureOIDCAccount *AzureOIDCAccount
 				err := json.Unmarshal(*account, &azureOIDCAccount)
 				if err != nil {
 					return err
 				}
 				a.Items = append(a.Items, azureOIDCAccount)
+			case AccountTypeAzureSubscription:
+				var azureSubscriptionAccount *AzureSubscriptionAccount
+				err := json.Unmarshal(*account, &azureSubscriptionAccount)
+				if err != nil {
+					return err
+				}
+				a.Items = append(a.Items, azureSubscriptionAccount)
 			case AccountTypeGoogleCloudPlatformAccount:
 				var googleCloudAccount *GoogleCloudPlatformAccount
 				err := json.Unmarshal(*account, &googleCloudAccount)

diff --git a/pkg/accounts/azure/azurewebapp.go b/pkg/accounts/azure/azurewebapp.go
@@ -2,11 +2,12 @@ package azure
 
 import (
 	"fmt"
+	"strings"
+
 	"github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/accounts"
 	"github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/client"
 	"github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/constants"
 	"github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/services/api"
-	"strings"
 )
 
 type AzureWebApp struct {
@@ -22,7 +23,7 @@ type AzureWebAppSlot struct {
 	ResourceGroup string `json:"ResourceGroup,omitempty"`
 }
 
-func GetWebSites(client client.Client, account *accounts.AzureServicePrincipalAccount) ([]*AzureWebApp, error) {
+func GetWebSites(client client.Client, account accounts.IAccount) ([]*AzureWebApp, error) {
 	path := account.GetLinks()[constants.LinkWebSites]
 	if path == "" {
 		return nil, fmt.Errorf("cannot get websites for account '%s' (%s)", account.GetName(), account.GetID())
@@ -38,7 +39,7 @@ func GetWebSites(client client.Client, account *accounts.AzureServicePrincipalAc
 	return items, nil
 }
 
-func GetWebSiteSlots(client client.Client, spAccount *accounts.AzureServicePrincipalAccount, app *AzureWebApp) ([]*AzureWebAppSlot, error) {
+func GetWebSiteSlots(client client.Client, spAccount accounts.IAccount, app *AzureWebApp) ([]*AzureWebAppSlot, error) {
 	path := spAccount.GetLinks()[constants.LinkWebSiteSlots]
 	if path == "" {
 		return nil, fmt.Errorf("cannot get websites for account '%s' (%s)", spAccount.GetName(), spAccount.GetID())

diff --git a/pkg/accounts/azure_oidc_account.go b/pkg/accounts/azure_oidc_account.go
@@ -24,7 +24,7 @@ type AzureOIDCAccount struct {
 	account
 }
 
-// NewAzureOIDCAccount creates and initializes an Azure service principal account.
+// NewAzureOIDCAccount creates and initializes an Azure OIDC account.
 func NewAzureOIDCAccount(name string, subscriptionID uuid.UUID, tenantID uuid.UUID, applicationID uuid.UUID) (*AzureOIDCAccount, error) {
 	if internal.IsEmpty(name) {
 		return nil, internal.CreateRequiredParameterIsEmptyOrNilError("name")

diff --git a/pkg/accounts/is_nil.go b/pkg/accounts/is_nil.go
@@ -8,6 +8,8 @@ func IsNil(i interface{}) bool {
 		return v == nil
 	case *AzureServicePrincipalAccount:
 		return v == nil
+	case *AzureOIDCAccount:
+		return v == nil
 	case *AzureSubscriptionAccount:
 		return v == nil
 	case *GoogleCloudPlatformAccount:

diff --git a/test/e2e/account_service_test.go b/test/e2e/account_service_test.go
@@ -75,6 +75,43 @@ func CreateTestAzureServicePrincipalAccount(t *testing.T, client *client.Client)
 	return createdAccount
 }
 
+func CreateTestAzureOIDCAccount(t *testing.T, client *client.Client) accounts.IAccount {
+	if client == nil {
+		client = getOctopusClient()
+	}
+	require.NotNil(t, client)
+
+	applicationID := uuid.New()
+	azureEnvironment := getRandomAzureEnvironment()
+	name := internal.GetRandomName()
+	subscriptionID := uuid.New()
+	tenantID := uuid.New()
+
+	account, err := accounts.NewAzureOIDCAccount(name, subscriptionID, tenantID, applicationID)
+
+	require.NotNil(t, account)
+	require.NoError(t, err)
+	require.NoError(t, account.Validate())
+
+	// set Azure environment fields
+	if !internal.IsEmpty(azureEnvironment.Name) {
+		account.AzureEnvironment = azureEnvironment.Name
+		account.AuthenticationEndpoint = azureEnvironment.AuthenticationEndpoint
+		account.ResourceManagerEndpoint = azureEnvironment.ResourceManagerEndpoint
+	}
+
+	require.NoError(t, account.Validate())
+
+	createdAccount, err := client.Accounts.Add(account)
+	require.NoError(t, err)
+	require.NotNil(t, createdAccount)
+	require.NotEmpty(t, createdAccount.GetID())
+	require.Equal(t, accounts.AccountTypeAzureServicePrincipal, createdAccount.GetAccountType())
+	require.Equal(t, name, createdAccount.GetName())
+
+	return createdAccount
+}
+
 func CreateTestAzureSubscriptionAccount(t *testing.T, client *client.Client) accounts.IAccount {
 	if client == nil {
 		client = getOctopusClient()
@@ -316,6 +353,10 @@ func TestAccountServiceAddGetDelete(t *testing.T) {
 	ValidateAccount(t, azureServicePrincipalAccount)
 	defer DeleteTestAccount(t, client, azureServicePrincipalAccount)
 
+	azureOIDCAccount := CreateTestAzureOIDCAccount(t, client)
+	ValidateAccount(t, azureOIDCAccount)
+	defer DeleteTestAccount(t, client, azureOIDCAccount)
+
 	azureSubscriptionAccount := CreateTestAzureSubscriptionAccount(t, client)
 	ValidateAccount(t, azureSubscriptionAccount)
 	defer DeleteTestAccount(t, client, azureSubscriptionAccount)