<?xml version="1.0" encoding="UTF-8"?> <dsl-extension kind="projectFeature" type="OAuthProvider" generateDslJar="true" applicable="params['providerType'] == 'teamcity-vault'"> <class name="HashiCorpVaultConnection"> <description> Stores information and configuration for the access to a HashiCorp Vault. </description> </class> <init> <param name="providerType" value="teamcity-vault" /> </init> <function name="hashiCorpVaultConnection"> <description> @see HashiCorpVaultConnection </description> </function> <params> <param name="displayName" dslName="name"> <description> HashiCorp Vault connection display name </description> </param> <param name="namespace" dslName="vaultId" type="string"> <description> Vault ID. Should be provided in case of multiple vault connections </description> <deprecated replaceWith="id" strict="false"> Use `id` property instead </deprecated> </param> <param name="namespace" dslName="namespace" type="string" deprecated="true"> <description> Vault ID. Should be provided in case of multiple vault connections </description> <deprecated replaceWith="vaultId"> Use `id` property instead </deprecated> </param> <param name="vault-namespace" dslName="vaultNamespace" type="string"> <description> HashiCorp Vault namespace that the auth method and secrets engines are housed under. </description> </param> <param name="url" dslName="url" type="string"> <description> Vault URL </description> </param> <param name="auth-method" dslName="authMethod" type="compound"> <description> The way how to obtain credentials (just provide the keys, assume IAM role or other) </description> <option name="appRole" value="approle"> <param name="endpoint" dslName="endpointPath" type="string"> <description> AppRole auth endpoint path </description> </param> <param name="role-id" dslName="roleId" type="string" mandatory="true"> <description> AppRole Role ID </description> </param> <param name="secure:secret-id" dslName="secretId" type="string" mandatory="true"> <description> AppRole Secret ID </description> </param> </option> <option name="ldap" value="ldap"> <param name="path" dslName="path" type="string" mandatory="true"> <description> Path of the ldap authentication backend mount </description> </param> <param name="username" dslName="username" type="string" mandatory="true"> <description> LDAP Username </description> </param> <param name="secure:password" dslName="password" type="string" mandatory="true"> <description> LDAP Password </description> </param> </option> <option name="gcpIam" value="gcp-iam"> <param name="gcp-role" dslName="gcpVaultRole" type="string" mandatory="true"> <description> Vault GCP IAM Role </description> </param> <param name="gcp-service-account" dslName="gcpServiceAccount" type="string" mandatory="false"> <description> GCP Service Account </description> </param> <param name="gcp-endpoint-path" dslName="gcpEndpointPath" type="string" mandatory="false"> <description> Vault GCP mount path, defaults to 'gcp' </description> </param> </option> </param> <param name="fail-on-error" dslName="failOnError" type="boolean" trueValue="true" falseValue="false"> <deprecated strict="false"> Failing on errors can lead to builds working unexpectedly without the parameters and is not advisable for secure parameters. </deprecated> <description> Whether to fail builds in case of parameter resolving error </description> </param> </params> <examples> <example> <description> Adds a new Connection that allows TeamCity to connect to a HashiCorpVault using AppRole </description> <code> hashiCorpVaultConnection { id = "PROJECT_ID" name = "HashiCorp Vault" authMethod = appRole { endpointPath = "approle" roleId = "id" secretId = "credentialsJSON:ee2362ab-33fb-40bd-b49b-e77c4a45e978" } } </code> </example> <example> <description> Adds a new Connection that allows TeamCity to connect to a HashiCorpVault using AppRole. It defines it own parameter namespace and a respective vault namespace. </description> <code> hashiCorpVaultConnection { id = "PROJECT_ID" name = "HashiCorp Vault" vaultId = "other-namespace" vaultNamespace = "other" authMethod = appRole { endpointPath = "approle" roleId = "id" secretId = "credentialsJSON:ee2362ab-33fb-40bd-b49b-e77c4a45e978" } } </code> </example> <example> <description> Adds a new Connection that allows TeamCity to connect to a HashiCorpVault using LDAP </description> <code> hashiCorpVaultConnection { id = "PROJECT_ID" name = "HashiCorp Vault" authMethod = ldap { path = "path" username = "username" password = "credentialsJSON:636e34b4-d02e-4f27-9d12-141f75e8832b" } } </code> </example> <example> <description> Adds a new Connection that allows TeamCity to connect to a HashiCorpVault using GCP IAM, relying on default GCP credentials and the default Vault path </description> <code> hashiCorpVaultConnection { id = "PROJECT_ID" name = "HashiCorp Vault" authMethod = gcpIam { gcpVaultRole = "role" } } </code> </example> <example> <description> Adds a new Connection that allows TeamCity to connect to a HashiCorpVault using GCP IAM, using a service account and a custom mount path </description> <code> hashiCorpVaultConnection { id = "PROJECT_ID" name = "HashiCorp Vault" authMethod = gcpIam { gcpVaultRole = "role" gcpServiceAccount = "gcpSericeAccount" gcpEndpointPath = "customVaultMountPath" } } </code> </example> </examples> </dsl-extension>