func ValidateIdentityProvider(identityProvider api.IdentityProvider, fldPath *field.Path) ValidationResults {
validationResults := ValidationResults{}
if len(identityProvider.Name) == 0 {
validationResults.AddErrors(field.Required(fldPath.Child("name"), ""))
}
if reasons := validation.ValidateIdentityProviderName(identityProvider.Name); len(reasons) != 0 {
validationResults.AddErrors(field.Invalid(fldPath.Child("name"), identityProvider.Name, strings.Join(reasons, ", ")))
}
if len(identityProvider.MappingMethod) == 0 {
validationResults.AddErrors(field.Required(fldPath.Child("mappingMethod"), ""))
} else if !validMappingMethods.Has(identityProvider.MappingMethod) {
validationResults.AddErrors(field.NotSupported(fldPath.Child("mappingMethod"), identityProvider.MappingMethod, validMappingMethods.List()))
}
providerPath := fldPath.Child("provider")
if !api.IsIdentityProviderType(identityProvider.Provider) {
validationResults.AddErrors(field.Invalid(fldPath.Child("provider"), identityProvider.Provider, fmt.Sprintf("%v is invalid in this context", identityProvider.Provider)))
} else {
switch provider := identityProvider.Provider.(type) {
case (*api.RequestHeaderIdentityProvider):
validationResults.Append(ValidateRequestHeaderIdentityProvider(provider, identityProvider, fldPath))
case (*api.BasicAuthPasswordIdentityProvider):
validationResults.AddErrors(ValidateRemoteConnectionInfo(provider.RemoteConnectionInfo, providerPath)...)
case (*api.HTPasswdPasswordIdentityProvider):
validationResults.AddErrors(ValidateFile(provider.File, providerPath.Child("file"))...)
case (*api.LDAPPasswordIdentityProvider):
validationResults.Append(ValidateLDAPIdentityProvider(provider, providerPath))
case (*api.KeystonePasswordIdentityProvider):
validationResults.Append(ValidateKeystoneIdentityProvider(provider, identityProvider, providerPath))
case (*api.GitHubIdentityProvider):
validationResults.AddErrors(ValidateGitHubIdentityProvider(provider, identityProvider.UseAsChallenger, fldPath)...)
case (*api.GitLabIdentityProvider):
validationResults.AddErrors(ValidateGitLabIdentityProvider(provider, fldPath)...)
case (*api.GoogleIdentityProvider):
validationResults.AddErrors(ValidateGoogleIdentityProvider(provider, identityProvider.UseAsChallenger, fldPath)...)
case (*api.OpenIDIdentityProvider):
validationResults.AddErrors(ValidateOpenIDIdentityProvider(provider, identityProvider, fldPath)...)
}
}
return validationResults
}
func ValidateIdentityProvider(identityProvider api.IdentityProvider) ValidationResults {
validationResults := ValidationResults{}
if len(identityProvider.Name) == 0 {
validationResults.AddErrors(fielderrors.NewFieldRequired("name"))
}
if ok, err := validation.ValidateIdentityProviderName(identityProvider.Name); !ok {
validationResults.AddErrors(fielderrors.NewFieldInvalid("name", identityProvider.Name, err))
}
if len(identityProvider.MappingMethod) == 0 {
validationResults.AddErrors(fielderrors.NewFieldRequired("mappingMethod"))
} else if !validMappingMethods.Has(identityProvider.MappingMethod) {
validationResults.AddErrors(fielderrors.NewFieldValueNotSupported("mappingMethod", identityProvider.MappingMethod, validMappingMethods.List()))
}
if !api.IsIdentityProviderType(identityProvider.Provider) {
validationResults.AddErrors(fielderrors.NewFieldInvalid("provider", identityProvider.Provider, fmt.Sprintf("%v is invalid in this context", identityProvider.Provider)))
} else {
switch provider := identityProvider.Provider.Object.(type) {
case (*api.RequestHeaderIdentityProvider):
validationResults.Append(ValidateRequestHeaderIdentityProvider(provider, identityProvider))
case (*api.BasicAuthPasswordIdentityProvider):
validationResults.AddErrors(ValidateRemoteConnectionInfo(provider.RemoteConnectionInfo).Prefix("provider")...)
case (*api.HTPasswdPasswordIdentityProvider):
validationResults.AddErrors(ValidateFile(provider.File, "provider.file")...)
case (*api.LDAPPasswordIdentityProvider):
validationResults.Append(ValidateLDAPIdentityProvider(provider))
case (*api.KeystonePasswordIdentityProvider):
validationResults.Append(ValidateKeystoneIdentityProvider(provider, identityProvider).Prefix("provider"))
case (*api.GitHubIdentityProvider):
validationResults.AddErrors(ValidateOAuthIdentityProvider(provider.ClientID, provider.ClientSecret, identityProvider.UseAsChallenger)...)
case (*api.GoogleIdentityProvider):
validationResults.AddErrors(ValidateOAuthIdentityProvider(provider.ClientID, provider.ClientSecret, identityProvider.UseAsChallenger)...)
case (*api.OpenIDIdentityProvider):
validationResults.AddErrors(ValidateOpenIDIdentityProvider(provider, identityProvider)...)
}
}
return validationResults
}
func ValidateIdentityProvider(identityProvider api.IdentityProvider) fielderrors.ValidationErrorList {
allErrs := fielderrors.ValidationErrorList{}
if len(identityProvider.Name) == 0 {
allErrs = append(allErrs, fielderrors.NewFieldRequired("name"))
}
if ok, err := validation.ValidateIdentityProviderName(identityProvider.Name); !ok {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("name", identityProvider.Name, err))
}
if !api.IsIdentityProviderType(identityProvider.Provider) {
allErrs = append(allErrs, fielderrors.NewFieldInvalid("provider", identityProvider.Provider, fmt.Sprintf("%v is invalid in this context", identityProvider.Provider)))
} else {
switch provider := identityProvider.Provider.Object.(type) {
case (*api.RequestHeaderIdentityProvider):
allErrs = append(allErrs, ValidateRequestHeaderIdentityProvider(provider, identityProvider)...)
case (*api.BasicAuthPasswordIdentityProvider):
allErrs = append(allErrs, ValidateRemoteConnectionInfo(provider.RemoteConnectionInfo).Prefix("provider")...)
case (*api.HTPasswdPasswordIdentityProvider):
allErrs = append(allErrs, ValidateFile(provider.File, "provider.file")...)
case (*api.GitHubIdentityProvider):
allErrs = append(allErrs, ValidateOAuthIdentityProvider(provider.ClientID, provider.ClientSecret, identityProvider.UseAsChallenger)...)
case (*api.GoogleIdentityProvider):
allErrs = append(allErrs, ValidateOAuthIdentityProvider(provider.ClientID, provider.ClientSecret, identityProvider.UseAsChallenger)...)
case (*api.OpenIDIdentityProvider):
allErrs = append(allErrs, ValidateOpenIDIdentityProvider(provider, identityProvider)...)
}
}
return allErrs
}