// NewIdentityUserMapper returns a UserIdentityMapper that does the following:
// 1. Returns an existing user if the identity exists and is associated with an existing user
// 2. Returns an error if the identity exists and is not associated with a user (or is associated with a missing user)
// 3. Handles new identities according to the requested method
func NewIdentityUserMapper(identities identityregistry.Registry, users userregistry.Registry, method MappingMethodType) (authapi.UserIdentityMapper, error) {
// initUser initializes fields in a User API object from its associated Identity
// called when adding the first Identity to a User (during create or update of a User)
initUser := user.NewDefaultUserInitStrategy()
switch method {
case MappingMethodLookup:
mappingStorage := mappingregistry.NewREST(users, identities)
mappingRegistry := mappingregistry.NewRegistry(mappingStorage)
return &lookupIdentityMapper{mappingRegistry, users}, nil
case MappingMethodClaim:
return &provisioningIdentityMapper{identities, users, NewStrategyClaim(users, initUser)}, nil
case MappingMethodAdd:
return &provisioningIdentityMapper{identities, users, NewStrategyAdd(users, initUser)}, nil
case MappingMethodGenerate:
return &provisioningIdentityMapper{identities, users, NewStrategyGenerate(users, initUser)}, nil
default:
return nil, fmt.Errorf("unsupported mapping method %q", method)
}
}
// NewAlwaysCreateUserIdentityToUserMapper returns an IdentityMapper that does the following:
// 1. Returns an existing user if the identity exists and is associated with an existing user
// 2. Returns an error if the identity exists and is not associated with a user
// 3. Creates the identity and creates and returns a new user with a unique username if the identity does not yet exist
func NewAlwaysCreateUserIdentityToUserMapper(identityRegistry identityregistry.Registry, userRegistry userregistry.Registry) authapi.UserIdentityMapper {
return &provisioningIdentityMapper{identityRegistry, userRegistry, DefaultGenerator, user.NewDefaultUserInitStrategy()}
}