如何让 Vault 使用 NAnt 的 Windows 身份验证?

发布于 2024-07-18 20:08:53 字数 1022 浏览 14 评论 0 原文

我想使用 NAnt (V0.86.3317.0) 在 SourceGear Vault (V4.1.4) 中执行多项任务。

有什么方法可以让 Vault 使用 NAnt 的 Windows 身份验证来创建连接吗?

我用来初始化 Vault 连接的 NAnt 块是:

<target name="InitialiseVaultSettings">
<echo>InitialiseVaultSettings</echo>
<vaultsetloginoptions user="${vault.Username}" password="${vault.Password}" URL="${vault.Host}" repository="${vault.Repository}" />
<vaultsetworkingfolder repositoryFolderPath="${vault.Folder}" diskPath="${vault.WorkingDirectory}" createDiskPath="true" />

由于我正在与其他开发人员一起开发该项目,因此将用户名和密码硬编码到 NAnt 构建文件中并不是一个好主意。 usernamepassword 都是 vaultsetloginoptions 命令中的必需选项。

其他替代方案(均带有陷阱)包括:

(a) 将“管理员”帐户硬编码到 NAnt 属性中,并使用该帐户进行日志保管库。 这不太好,因为我们随后失去了谁负责 NAnt 脚本执行的签入/签出操作的审计跟踪。 当解决方案检出文件时,它也会导致问题(脚本的一部分确保在 Vault 中生成标签之前将所有文件检回到源代码管理中)。

(b) 使用 NAnt 代码中的 C# 脚本动态设置用户名和密码的属性...但我们仍然遇到从用户获取密码的问题

(c) 从 Vault 读取存储的配置文件信息客户端并使用它进行连接(除非我不确定它存储在哪里)。

I am wanting to perform a number of tasks in SourceGear Vault (V4.1.4) with NAnt (V0.86.3317.0).

Is there any way we can get Vault to use Windows Authentication from NAnt to create the connection?

The NAnt block I am using to initialise the vault connect is:

<target name="InitialiseVaultSettings">
<echo>InitialiseVaultSettings</echo>
<vaultsetloginoptions user="${vault.Username}" password="${vault.Password}" URL="${vault.Host}" repository="${vault.Repository}" />
<vaultsetworkingfolder repositoryFolderPath="${vault.Folder}" diskPath="${vault.WorkingDirectory}" createDiskPath="true" />

As I am working on the project with other developers, hard coding user names and passwords into the NAnt build file is not a good idea. Both username and password are required options in the vaultsetloginoptions command.

Other alternatives (all with catches) include:

(a) Hardcode the 'Admin' account into the NAnt properties and log vault in using that. This isn't so great, as we then loose an audit trail of who is responsible for the check-in / check-out operations the NAnt script performs. It also causes problems when the solution has files checked out (part of the script ensures all files are checked back into source control prior to generating a label in Vault).

(b) Use a C# script from the NAnt code to set the properties of username and password dynamically... except we've then got a problem of getting the password from the user still

(c) Read the stored profile information from the Vault client and connect using that (except I'm not sure where it is stored).

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

末蓝 2024-07-25 20:08:53

我对 Vault 不熟悉,所以请原谅这个答案可能含糊不清。 我经常使用 NAnt,任何执行的内容(任务、执行程序等)都具有在集成身份验证模式下运行的固有潜力。

最后,身份验证会传递给恰好运行父 NAnt 进程的用户。 话虽这么说,这可能表明 Vault 的 NAnt 任务不支持集成身份验证? 这意味着,如果vaultsetloginoptions任务需要用户和密码参数,那么就没有好的方法来传递凭据(正如您所指出的)。

如果 Vault 的 NAnt 任务中的潜在缺陷没有解决方法,则可以使用 > 任务来调用其客户端工具的命令行版本(甚至不确定他们是否有一个) 。 如果这是一个选项,只要运行 NAnt 进程的用户与需要连接到 Vault 的用户相同,集成身份验证就会自动启动。

我们必须在构建过程中集成一些东西来这样做。 我们要么执行命令行版本,要么通过扩展 NAnt 框架编写我们自己的任务。 不管怎样,这应该是可能的。

更新

在 Vault 论坛上进行了一些查看,似乎 AD 集成只是 Vault 客户端提示用户并传递到服务器的一种方式。 来自论坛

Vault 客户端将始终提示
对于用户名/密码。 我们的广告
集成仅限于服务器
验证输入的密码
与 Active 中的密码匹配
目录。

因此,客户端没有真正的方式以内置方式传递 Windows 身份验证信息。 Vault客户端程序在AD模式下运行时需要输入用户名和密码。 遗憾的是,如果不存储用户名/密码,NAnt 无缝集成的可能性就很小了。

I'm unfamiliar with Vault so please forgive the potential vagueness of this answer. I've worked with NAnt a lot and anything that gets executed (tasks, execs, etc) have the inherent potential to be running in integrated authenticated mode.

In the end, authentication gets passed along to whichever user happens to be running the parent NAnt process. That being said, this could be a sign that Vault's NAnt tasks don't support integrated authentication? Meaning, if the vaultsetloginoptions task requires the user and password arguments, then there is no good way to pass along credentials (as you pointed out).

If there happens to be no workarounds for the potential lacking in Vault's NAnt tasks it might be possible to use the <exec> task to call a command line version of their client side tool (not even sure if they have one). If this is an option, integrated authentication will automatically kick in as long as the user running the NAnt process is the same as the one needing to connect to Vault.

We've had to do this for a few things we integrate with in our build process. We've either exec'd out to the command line version or have written our own Task(s) by extending the NAnt framework. Either way, this should be possible.

Update

Did some looking around on the Vault forums and it seems that the AD integration is merely a way to have Vault Client prompt the user and pass along to server. From the forum:

The Vault client will always prompt
for the username/password. Our AD
integration is limited to the server
verifying that the password entered
matches the password in Active
Directory.

Therefore, there is no true way for the client to pass along windows authentication information in a built-in way. The Vault client program requires one to input the username and password when running in AD mode. Sadly, it would seem without storing the username/password, the chances of seamless NAnt integration is a far shot.

何时共饮酒 2024-07-25 20:08:53

我已经成功地实现了原型来解决这个问题。

下面描述的解决方法的完整源代码和二进制文件可以在这里找到:

Vault 登录扩展

我创建了一些自定义 NAnt 任务和功能。

检查 Windows 注册表中先前存储的用户名和密码信息。 如果未找到,它会通过登录窗口提示用户。 它将条目存储在两个函数中并清除注册表(如果登录失败 - 请参阅下面的 ):

${VaultLoginFunctions::UserName()}
${VaultLoginFunctions::Password()}

然后 任务能够使用函数:

<vaultsetloginoptions user="${VaultLoginFunctions::UserName()}" password="${VaultLoginFunctions::Password()}" URL="${vault.Host}" repository="${vault.Repository}" />

调用 任务后,我们调用 任务,该任务将用户名和密码值写回注册表。 这可确保仅存储成功的身份验证详细信息(因为如果用户名和密码不正确,则脚本将在任务中失败。

这是放在一起的代码块:

  <target name="InitialiseVaultSettings">
<echo>InitialiseVaultSettings</echo>

<loadtasks assembly="CompassHealth.NAntExtensions.Tasks.dll" />

<VaultLoginGet />
<echo message="UserName = ${VaultLoginFunctions::UserName()}" />

<vaultsetloginoptions user="${VaultLoginFunctions::UserName()}" password="${VaultLoginFunctions::Password()}" URL="${vault.Host}" repository="${vault.Repository}" />

<vaultsetworkingfolder repositoryFolderPath="${vault.Folder}" diskPath="${vault.WorkingDirectory}" createDiskPath="true" />


<!-- need to save the login here, as it is cleared once VaultLoginGet is called, this ensures that only correct username and password are stored -->
<VaultLoginSave />    

更新:链接到二进制文件和解决方法的源代码现在位于帖子顶部。

I have implemented with success the prototype to work-around this problem.

Full Source and Binaries for the workaround described below can be found here :

Vault Login Extensions

I have created some custom NAnt tasks and functions.

<VaultLogin> checks the Windows Registry for username and password information previously stored. If not found it prompts the user with a Login window. It stores the entries in two functions and clears the registry (in case the login fails - see <SaveVaultLogin> below) :

${VaultLoginFunctions::UserName()}
${VaultLoginFunctions::Password()}

The <vaultsetloginoptions> task is then able to use the functions :

<vaultsetloginoptions user="${VaultLoginFunctions::UserName()}" password="${VaultLoginFunctions::Password()}" URL="${vault.Host}" repository="${vault.Repository}" />

After calling the <vaultsetloginoptions> task, we then call the <SaveVaultLogin> task which writes the username and password values back to the registry. This ensures that only successful authentication details are stored (as the script fails at the task if the username and password are incorrect.

This is the code block put together :

  <target name="InitialiseVaultSettings">
<echo>InitialiseVaultSettings</echo>

<loadtasks assembly="CompassHealth.NAntExtensions.Tasks.dll" />

<VaultLoginGet />
<echo message="UserName = ${VaultLoginFunctions::UserName()}" />

<vaultsetloginoptions user="${VaultLoginFunctions::UserName()}" password="${VaultLoginFunctions::Password()}" URL="${vault.Host}" repository="${vault.Repository}" />

<vaultsetworkingfolder repositoryFolderPath="${vault.Folder}" diskPath="${vault.WorkingDirectory}" createDiskPath="true" />


<!-- need to save the login here, as it is cleared once VaultLoginGet is called, this ensures that only correct username and password are stored -->
<VaultLoginSave />    

Update : link to binaries and source for work-around now at top of post.

够运 2024-07-25 20:08:53

在查看了 Scott Saad 的建议后,不幸的是,命令行工具中似乎没有选项可以使用 Windows 身份验证来调用它。

我目前的想法符合上面的(b)。

我将创建一个可以从 Nant 脚本调用的库,询问当前 Windows 用户的 Vault 用户名和密码。

该库将在 resigstry 条目中查找之前输入的 Vault 用户名和该 Windows 用户的登录信息。 如果存在,它将被传递到脚本而无需任何用户交互。

如果此用户名/密码无法登录 Vault,或者不存在,则库将提供一个对话框供用户输入当前的 Vault 用户名和密码。

用户的条目将存储在注册表中(加密),这意味着每次 Vault 用户名和密码更改时只需输入一次。

这不是一个理想的解决方案,但应该相对简单并且是一个足够可接受的解决方案。

你怎么认为?

After looking at Scott Saad's suggestion, unfortunately there appears to be no option in the command line tool either to call it using Windows Authentication.

My current thinking is in line with (b) above.

I'll create a library that can be called from the Nant script, asking for the current windows user's Vault username and password.

The library will look in a resigstry entry for a previously entered Vault username and login for this windows user. If it exists, it will be passed to the script without any user interaction.

If this username / password fails the vault login, or if it doesn't exist then the library will provide a dialog for the user to enter the current vault username and password.

The user's entry will be stored in the registry (encrypted) meaning this should only have to be entered once each time the Vault username and password change.

Not an ideal solution, but should be relatively straight-forward and an acceptable enough work around.

What do you think?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文