/* Copyright 2020 The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package config import ( "fmt" "os" ) // AuthInfoOptions holds all configurable options for // authentication information or credential type AuthInfoOptions struct { Name string ClientCertificate string ClientKey string Token string Username string Password string EmbedCertData bool } // ContextOptions holds all configurable options for context type ContextOptions struct { Name string ClusterType string CurrentContext bool Cluster string AuthInfo string Manifest string Namespace string Current bool } // ClusterOptions holds all configurable options for cluster configuration type ClusterOptions struct { Name string ClusterType string Server string InsecureSkipTLSVerify bool CertificateAuthority string EmbedCAData bool } // TODO(howell): The following functions are tightly coupled with flags passed // on the command line. We should find a way to remove this coupling, since it // is possible to create (and validate) these objects without using the command // line. // TODO(howell): strongly type the errors in this file // Validate checks for the possible authentication values and returns // Error when invalid value or incompatible choice of values given func (o *AuthInfoOptions) Validate() error { // TODO(howell): This prevents a user of airshipctl from creating a // credential with both a bearer-token and a user/password, but it does // not prevent a user from adding a bearer-token to a credential which // already had a user/pass and visa-versa. This could create bugs if a // user at first chooses one method, but later switches to another. if o.Token != "" && (o.Username != "" || o.Password != "") { return ErrConflictingAuthOptions{} } if !o.EmbedCertData { return nil } if err := checkExists("client-certificate", o.ClientCertificate); err != nil { return err } if err := checkExists("client-key", o.ClientKey); err != nil { return err } return nil } // Validate checks for the possible context option values and returns // Error when invalid value or incompatible choice of values given func (o *ContextOptions) Validate() error { if !o.Current && o.Name == "" { return ErrEmptyContextName{} } if o.Current && o.Name != "" { return ErrConflictingContextOptions{} } // If the user simply wants to change the current context, no further validation is needed if o.CurrentContext { return nil } // If the cluster-type was specified, verify that it's valid if o.ClusterType != "" { if err := ValidClusterType(o.ClusterType); err != nil { return err } } // TODO Manifest, Cluster could be validated against the existing config maps return nil } // Validate checks for the possible cluster option values and returns // Error when invalid value or incompatible choice of values given func (o *ClusterOptions) Validate() error { if o.Name == "" { return ErrEmptyClusterName{} } err := ValidClusterType(o.ClusterType) if err != nil { return err } if o.InsecureSkipTLSVerify && o.CertificateAuthority != "" { return ErrConflictingClusterOptions{} } if !o.EmbedCAData { return nil } if err := checkExists("certificate-authority", o.CertificateAuthority); err != nil { return err } return nil } func checkExists(flagName, path string) error { if path == "" { return fmt.Errorf("you must specify a --%s to embed", flagName) } if _, err := os.Stat(path); err != nil { return fmt.Errorf("could not read %s data from '%s': %v", flagName, path, err) } return nil }