From 8bf8c9c62a53012de2847c07b38460d57824c559 Mon Sep 17 00:00:00 2001 From: Lucas Di Pentima Date: Wed, 29 Apr 2020 17:19:39 -0300 Subject: [PATCH] 16212: Tombstone commit - this branch won't be needed. Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima --- lib/config/config.default.yml | 10 ---------- lib/config/generated_config.go | 10 ---------- lib/config/load.go | 28 +++++++++++++++++++++++++++- 3 files changed, 27 insertions(+), 21 deletions(-) diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml index ad8df03639..d4870919ea 100644 --- a/lib/config/config.default.yml +++ b/lib/config/config.default.yml @@ -573,16 +573,6 @@ Clusters: # accounts. PAMDefaultEmailDomain: "" - # Login endpoint to use by clients such as Workbench for obtaining - # a user token. - # - # Valid values are: 'login' or 'authenticate'. - # - # The former 'login' endpoint should be used when using SSO server, - # or Google authentication, and the 'authenticate' option is needed when - # using username/password authentication services such as PAM. - Endpoint: login - # The cluster ID to delegate the user database. When set, # logins on this cluster will be redirected to the login cluster # (login cluster must appear in RemoteClusters with Proxy: true) diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go index ffdd1a404c..42707396dd 100644 --- a/lib/config/generated_config.go +++ b/lib/config/generated_config.go @@ -579,16 +579,6 @@ Clusters: # accounts. PAMDefaultEmailDomain: "" - # Login endpoint to use by clients such as Workbench for obtaining - # a user token. - # - # Valid values are: 'login' or 'authenticate'. - # - # The former 'login' endpoint should be used when using SSO server, - # or Google authentication, and the 'authenticate' option is needed when - # using username/password authentication services such as PAM. - Endpoint: login - # The cluster ID to delegate the user database. When set, # logins on this cluster will be redirected to the login cluster # (login cluster must appear in RemoteClusters with Proxy: true) diff --git a/lib/config/load.go b/lib/config/load.go index 86a8f7df6d..c4a9483e99 100644 --- a/lib/config/load.go +++ b/lib/config/load.go @@ -265,10 +265,17 @@ func (ldr *Loader) Load() (*arvados.Config, error) { } } - // Check for known mistakes for id, cc := range cfg.Clusters { + ldr.Logger.Infof(">>>>> Cluster %s", id) + if id == "xxxxx" { + continue + } + // Check for known mistakes for _, err = range []error{ checkKeyConflict(fmt.Sprintf("Clusters.%s.PostgreSQL.Connection", id), cc.PostgreSQL.Connection), + checkMutuallyExclusiveConfigs( + fmt.Sprintf("Clusters.%s configuration problem: exactly one of Login.GoogleClientID, Login.ProviderAppID, or Login.PAM must be configured", id), + []bool{cc.Login.PAM, cc.Login.GoogleClientID != "", cc.Login.ProviderAppID != ""}), ldr.checkEmptyKeepstores(cc), ldr.checkUnlistedKeepstores(cc), } { @@ -276,6 +283,12 @@ func (ldr *Loader) Load() (*arvados.Config, error) { return nil, err } } + // Compute derived configs + if cc.Login.PAM { + cc.Login.Endpoint = "authenticate" + } else { + cc.Login.Endpoint = "login" + } } return &cfg, nil } @@ -292,6 +305,19 @@ func checkKeyConflict(label string, m map[string]string) error { return nil } +func checkMutuallyExclusiveConfigs(msg string, cfgs []bool) error { + activeCfgs := 0 + for _, isActive := range cfgs { + if isActive { + activeCfgs++ + } + } + if activeCfgs != 1 { + return fmt.Errorf("%s: %d", msg, activeCfgs) + } + return nil +} + func removeSampleKeys(m map[string]interface{}) { delete(m, "SAMPLE") for _, v := range m { -- 2.30.2