windows-authenticationnantintegrated-securitysourcegear-vault

How can I get Vault to use Windows Authentication from NAnt?


I am wanting to perform a number of tasks in SourceGear Vault (V4.1.4) with NAnt (V0.86.3317.0).

Is there any way we can get Vault to use Windows Authentication from NAnt to create the connection?

The NAnt block I am using to initialise the vault connect is:

<target name="InitialiseVaultSettings">
<echo>InitialiseVaultSettings</echo>
<vaultsetloginoptions user="${vault.Username}" password="${vault.Password}" URL="${vault.Host}" repository="${vault.Repository}" />
<vaultsetworkingfolder repositoryFolderPath="${vault.Folder}" diskPath="${vault.WorkingDirectory}" createDiskPath="true" />

As I am working on the project with other developers, hard coding user names and passwords into the NAnt build file is not a good idea. Both username and password are required options in the vaultsetloginoptions command.

Other alternatives (all with catches) include:

(a) Hardcode the 'Admin' account into the NAnt properties and log vault in using that. This isn't so great, as we then loose an audit trail of who is responsible for the check-in / check-out operations the NAnt script performs. It also causes problems when the solution has files checked out (part of the script ensures all files are checked back into source control prior to generating a label in Vault).

(b) Use a C# script from the NAnt code to set the properties of username and password dynamically... except we've then got a problem of getting the password from the user still

(c) Read the stored profile information from the Vault client and connect using that (except I'm not sure where it is stored).


Solution

  • I have implemented with success the prototype to work-around this problem.

    Full Source and Binaries for the workaround described below can be found here :

    Vault Login Extensions

    I have created some custom NAnt tasks and functions.

    <VaultLogin> checks the Windows Registry for username and password information previously stored. If not found it prompts the user with a Login window. It stores the entries in two functions and clears the registry (in case the login fails - see <SaveVaultLogin> below) :

    ${VaultLoginFunctions::UserName()}
    ${VaultLoginFunctions::Password()}
    

    The <vaultsetloginoptions> task is then able to use the functions :

    <vaultsetloginoptions user="${VaultLoginFunctions::UserName()}" password="${VaultLoginFunctions::Password()}" URL="${vault.Host}" repository="${vault.Repository}" />
    

    After calling the <vaultsetloginoptions> task, we then call the <SaveVaultLogin> task which writes the username and password values back to the registry. This ensures that only successful authentication details are stored (as the script fails at the task if the username and password are incorrect.

    This is the code block put together :

      <target name="InitialiseVaultSettings">
    <echo>InitialiseVaultSettings</echo>
    
    <loadtasks assembly="CompassHealth.NAntExtensions.Tasks.dll" />
    
    <VaultLoginGet />
    <echo message="UserName = ${VaultLoginFunctions::UserName()}" />
    
    <vaultsetloginoptions user="${VaultLoginFunctions::UserName()}" password="${VaultLoginFunctions::Password()}" URL="${vault.Host}" repository="${vault.Repository}" />
    
    <vaultsetworkingfolder repositoryFolderPath="${vault.Folder}" diskPath="${vault.WorkingDirectory}" createDiskPath="true" />
    
    
    <!-- need to save the login here, as it is cleared once VaultLoginGet is called, this ensures that only correct username and password are stored -->
    <VaultLoginSave />    
    

    Update : link to binaries and source for work-around now at top of post.