Validate Cloudsmith OIDC configurations

Author: mbg

lib/start-proxy-action.js

@@ -8,6 +8,7 @@ import sinon from "sinon";
 import * as apiClient from "./api-client";
 import * as defaults from "./defaults.json";
 import { setUpFeatureFlagTests } from "./feature-flags/testing-util";
+import { UnvalidatedObject, validateSchema } from "./json";
 import { makeFromSchema } from "./json/testing-util";
 import { BuiltInLanguage } from "./languages";
 import { getRunnerLogger, Logger } from "./logging";
@@ -472,12 +473,20 @@ test("getCredentials accepts OIDC configurations", (t) => {
     toEncodedJSON(oidcConfigurations),
     BuiltInLanguage.csharp,
   );
-  t.is(credentials.length, 3);
+  t.is(credentials.length, startProxyExports.oidcSchemas.length);
 
   t.assert(credentials.every((c) => c.type === "nuget_feed"));
-  t.assert(credentials.some((c) => startProxyExports.isAzureConfig(c)));
-  t.assert(credentials.some((c) => startProxyExports.isAWSConfig(c)));
-  t.assert(credentials.some((c) => startProxyExports.isJFrogConfig(c)));
+
+  for (const oidcSchemaInfo of startProxyExports.oidcSchemas) {
+    t.assert(
+      credentials.some((c) =>
+        validateSchema(
+          oidcSchemaInfo.schema,
+          c as unknown as UnvalidatedObject<any>,
+        ),
+      ),
+    );
+  }
 });
 
 const getCredentialsMacro = test.macro({

src/start-proxy.test.ts

@@ -1,5 +1,6 @@
 import test from "ava";
 
+import { makeFromSchema } from "../json/testing-util";
 import { setupTests } from "../testing-utils";
 
 import * as types from "./types";
@@ -107,6 +108,24 @@ test("credentialToStr - pretty-prints valid JFrog OIDC configurations", (t) => {
   );
 });
 
+test("credentialToStr - pretty-prints valid Cloudsmith OIDC configurations", (t) => {
+  const credential: types.Credential = {
+    type: "maven_credential",
+    url: "https://localhost",
+    ...(makeFromSchema(
+      true,
+      types.cloudsmithConfigSchema,
+    ) as types.CloudsmithConfig),
+  };
+
+  const str = types.credentialToStr(credential);
+
+  t.is(
+    "Type: maven_credential; Url: https://localhost; Cloudsmith Namespace: value-for-namespace; Cloudsmith Service Slug: value-for-service-slug; Cloudsmith API Host: value-for-api-host;",
+    str,
+  );
+});
+
 test("credentialToStr - hides passwords", (t) => {
   const secret = "password123";
   const credential = {

src/start-proxy/types.test.ts

@@ -118,15 +118,33 @@ export function isJFrogConfig(
   return json.validateSchema(jfrogConfigSchema, config);
 }
 
+/** A schema for Cloudsmith OIDC configurations. */
+export const cloudsmithConfigSchema = {
+  namespace: json.string,
+  "service-slug": json.string,
+  "api-host": json.string,
+} as const satisfies json.Schema;
+
+/** Configuration for Cloudsmith OIDC. */
+export type CloudsmithConfig = json.FromSchema<typeof cloudsmithConfigSchema>;
+
+/** Decides whether `config` is a Cloudsmith OIDC configuration. */
+export function isCloudsmithConfig(
+  config: UnvalidatedObject<AuthConfig>,
+): config is CloudsmithConfig {
+  return json.validateSchema(cloudsmithConfigSchema, config);
+}
+
 /** An array of all OIDC configuration schemas along with output-friendly names. */
 export const oidcSchemas = [
   { schema: azureConfigSchema, name: "Azure" },
   { schema: awsConfigSchema, name: "AWS" },
   { schema: jfrogConfigSchema, name: "JFrog" },
+  { schema: cloudsmithConfigSchema, name: "Cloudsmith" },
 ];
 
 /** Represents all supported OIDC configurations. */
-export type OIDC = AzureConfig | AWSConfig | JFrogConfig;
+export type OIDC = AzureConfig | AWSConfig | JFrogConfig | CloudsmithConfig;
 
 /** All authentication-related fields. */
 export type AuthConfig = UsernamePassword | Token | OIDC;
@@ -185,6 +203,10 @@ export function credentialToStr(credential: Credential): string {
       credential["identity-mapping-name"],
     );
     appendIfDefined("JFrog Audience", credential.audience);
+  } else if (isCloudsmithConfig(credential)) {
+    appendIfDefined("Cloudsmith Namespace", credential.namespace);
+    appendIfDefined("Cloudsmith Service Slug", credential["service-slug"]);
+    appendIfDefined("Cloudsmith API Host", credential["api-host"]);
   }
 
   return result;