# accounts.
PAMDefaultEmailDomain: ""
- # Login endpoint to use by clients such as Workbench for obtaining
- # a user token.
- #
- # Valid values are: 'login' or 'authenticate'.
- #
- # The former 'login' endpoint should be used when using SSO server,
- # or Google authentication, and the 'authenticate' option is needed when
- # using username/password authentication services such as PAM.
- Endpoint: login
-
# The cluster ID to delegate the user database. When set,
# logins on this cluster will be redirected to the login cluster
# (login cluster must appear in RemoteClusters with Proxy: true)
# accounts.
PAMDefaultEmailDomain: ""
- # Login endpoint to use by clients such as Workbench for obtaining
- # a user token.
- #
- # Valid values are: 'login' or 'authenticate'.
- #
- # The former 'login' endpoint should be used when using SSO server,
- # or Google authentication, and the 'authenticate' option is needed when
- # using username/password authentication services such as PAM.
- Endpoint: login
-
# The cluster ID to delegate the user database. When set,
# logins on this cluster will be redirected to the login cluster
# (login cluster must appear in RemoteClusters with Proxy: true)
}
}
- // Check for known mistakes
for id, cc := range cfg.Clusters {
+ ldr.Logger.Infof(">>>>> Cluster %s", id)
+ if id == "xxxxx" {
+ continue
+ }
+ // Check for known mistakes
for _, err = range []error{
checkKeyConflict(fmt.Sprintf("Clusters.%s.PostgreSQL.Connection", id), cc.PostgreSQL.Connection),
+ checkMutuallyExclusiveConfigs(
+ fmt.Sprintf("Clusters.%s configuration problem: exactly one of Login.GoogleClientID, Login.ProviderAppID, or Login.PAM must be configured", id),
+ []bool{cc.Login.PAM, cc.Login.GoogleClientID != "", cc.Login.ProviderAppID != ""}),
ldr.checkEmptyKeepstores(cc),
ldr.checkUnlistedKeepstores(cc),
} {
return nil, err
}
}
+ // Compute derived configs
+ if cc.Login.PAM {
+ cc.Login.Endpoint = "authenticate"
+ } else {
+ cc.Login.Endpoint = "login"
+ }
}
return &cfg, nil
}
return nil
}
+func checkMutuallyExclusiveConfigs(msg string, cfgs []bool) error {
+ activeCfgs := 0
+ for _, isActive := range cfgs {
+ if isActive {
+ activeCfgs++
+ }
+ }
+ if activeCfgs != 1 {
+ return fmt.Errorf("%s: %d", msg, activeCfgs)
+ }
+ return nil
+}
+
func removeSampleKeys(m map[string]interface{}) {
delete(m, "SAMPLE")
for _, v := range m {