16212: Tombstone commit - this branch won't be needed.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index ad8df0363947e34e3819091d4cf7b5925627904d..d4870919eaad2bb0fdb7c1695bf7d28028b38236 100644 (file)
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -573,16 +573,6 @@ Clusters:
       # accounts.
       PAMDefaultEmailDomain: ""
 
-      # Login endpoint to use by clients such as Workbench for obtaining
-      # a user token.
-      #
-      # Valid values are: 'login' or 'authenticate'.
-      #
-      # The former 'login' endpoint should be used when using SSO server,
-      # or Google authentication, and the 'authenticate' option is needed when
-      # using username/password authentication services such as PAM.
-      Endpoint: login
-
       # The cluster ID to delegate the user database.  When set,
       # logins on this cluster will be redirected to the login cluster
       # (login cluster must appear in RemoteClusters with Proxy: true)

diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index ffdd1a404ccf4c072a3f98bcc12f2a8ad7b59db1..42707396dddc0558d8a901d3ab6e39d79e36e03d 100644 (file)
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -579,16 +579,6 @@ Clusters:
       # accounts.
       PAMDefaultEmailDomain: ""
 
-      # Login endpoint to use by clients such as Workbench for obtaining
-      # a user token.
-      #
-      # Valid values are: 'login' or 'authenticate'.
-      #
-      # The former 'login' endpoint should be used when using SSO server,
-      # or Google authentication, and the 'authenticate' option is needed when
-      # using username/password authentication services such as PAM.
-      Endpoint: login
-
       # The cluster ID to delegate the user database.  When set,
       # logins on this cluster will be redirected to the login cluster
       # (login cluster must appear in RemoteClusters with Proxy: true)

diff --git a/lib/config/load.go b/lib/config/load.go
index 86a8f7df6d2cd4ccfdb68beec66f71dd7204f4cc..c4a9483e99ed58ea5d92edca757e0242a4e29fbe 100644 (file)
--- a/lib/config/load.go
+++ b/lib/config/load.go
@@ -265,10 +265,17 @@ func (ldr *Loader) Load() (*arvados.Config, error) {
                }
        }
 
-       // Check for known mistakes
        for id, cc := range cfg.Clusters {
+               ldr.Logger.Infof(">>>>> Cluster %s", id)
+               if id == "xxxxx" {
+                       continue
+               }
+               // Check for known mistakes
                for _, err = range []error{
                        checkKeyConflict(fmt.Sprintf("Clusters.%s.PostgreSQL.Connection", id), cc.PostgreSQL.Connection),
+                       checkMutuallyExclusiveConfigs(
+                               fmt.Sprintf("Clusters.%s configuration problem: exactly one of Login.GoogleClientID, Login.ProviderAppID, or Login.PAM must be configured", id),
+                               []bool{cc.Login.PAM, cc.Login.GoogleClientID != "", cc.Login.ProviderAppID != ""}),
                        ldr.checkEmptyKeepstores(cc),
                        ldr.checkUnlistedKeepstores(cc),
                } {
@@ -276,6 +283,12 @@ func (ldr *Loader) Load() (*arvados.Config, error) {
                                return nil, err
                        }
                }
+               // Compute derived configs
+               if cc.Login.PAM {
+                       cc.Login.Endpoint = "authenticate"
+               } else {
+                       cc.Login.Endpoint = "login"
+               }
        }
        return &cfg, nil
 }
@@ -292,6 +305,19 @@ func checkKeyConflict(label string, m map[string]string) error {
        return nil
 }
 
+func checkMutuallyExclusiveConfigs(msg string, cfgs []bool) error {
+       activeCfgs := 0
+       for _, isActive := range cfgs {
+               if isActive {
+                       activeCfgs++
+               }
+       }
+       if activeCfgs != 1 {
+               return fmt.Errorf("%s: %d", msg, activeCfgs)
+       }
+       return nil
+}
+
 func removeSampleKeys(m map[string]interface{}) {
        delete(m, "SAMPLE")
        for _, v := range m {