validateAuthInfo looks for conflicts and errors in the auth info
(authInfoName string, authInfo clientcmdapi.AuthInfo)
| 196 | |
| 197 | // validateAuthInfo looks for conflicts and errors in the auth info |
| 198 | func validateAuthInfo(authInfoName string, authInfo clientcmdapi.AuthInfo) []error { |
| 199 | validationErrors := make([]error, 0) |
| 200 | |
| 201 | usingAuthPath := false |
| 202 | methods := make([]string, 0, 3) |
| 203 | if len(authInfo.Token) != 0 { |
| 204 | methods = append(methods, "token") |
| 205 | } |
| 206 | if len(authInfo.Username) != 0 || len(authInfo.Password) != 0 { |
| 207 | methods = append(methods, "basicAuth") |
| 208 | } |
| 209 | |
| 210 | if len(authInfo.ClientCertificate) != 0 || len(authInfo.ClientCertificateData) != 0 { |
| 211 | // Make sure cert data and file aren't both specified |
| 212 | if len(authInfo.ClientCertificate) != 0 && len(authInfo.ClientCertificateData) != 0 { |
| 213 | validationErrors = append(validationErrors, fmt.Errorf("client-cert-data and client-cert are both specified for %v. client-cert-data will override.", authInfoName)) |
| 214 | } |
| 215 | // Make sure key data and file aren't both specified |
| 216 | if len(authInfo.ClientKey) != 0 && len(authInfo.ClientKeyData) != 0 { |
| 217 | validationErrors = append(validationErrors, fmt.Errorf("client-key-data and client-key are both specified for %v; client-key-data will override", authInfoName)) |
| 218 | } |
| 219 | // Make sure a key is specified |
| 220 | if len(authInfo.ClientKey) == 0 && len(authInfo.ClientKeyData) == 0 { |
| 221 | validationErrors = append(validationErrors, fmt.Errorf("client-key-data or client-key must be specified for %v to use the clientCert authentication method.", authInfoName)) |
| 222 | } |
| 223 | |
| 224 | if len(authInfo.ClientCertificate) != 0 { |
| 225 | clientCertFile, err := os.Open(authInfo.ClientCertificate) |
| 226 | defer clientCertFile.Close() |
| 227 | if err != nil { |
| 228 | validationErrors = append(validationErrors, fmt.Errorf("unable to read client-cert %v for %v due to %v", authInfo.ClientCertificate, authInfoName, err)) |
| 229 | } |
| 230 | } |
| 231 | if len(authInfo.ClientKey) != 0 { |
| 232 | clientKeyFile, err := os.Open(authInfo.ClientKey) |
| 233 | defer clientKeyFile.Close() |
| 234 | if err != nil { |
| 235 | validationErrors = append(validationErrors, fmt.Errorf("unable to read client-key %v for %v due to %v", authInfo.ClientKey, authInfoName, err)) |
| 236 | } |
| 237 | } |
| 238 | } |
| 239 | |
| 240 | if authInfo.Exec != nil { |
| 241 | if authInfo.AuthProvider != nil { |
| 242 | validationErrors = append(validationErrors, fmt.Errorf("authProvider cannot be provided in combination with an exec plugin for %s", authInfoName)) |
| 243 | } |
| 244 | if len(authInfo.Exec.Command) == 0 { |
| 245 | validationErrors = append(validationErrors, fmt.Errorf("command must be specified for %v to use exec authentication plugin", authInfoName)) |
| 246 | } |
| 247 | if len(authInfo.Exec.APIVersion) == 0 { |
| 248 | validationErrors = append(validationErrors, fmt.Errorf("apiVersion must be specified for %v to use exec authentication plugin", authInfoName)) |
| 249 | } |
| 250 | for _, v := range authInfo.Exec.Env { |
| 251 | if len(v.Name) == 0 { |
| 252 | validationErrors = append(validationErrors, fmt.Errorf("env variable name must be specified for %v to use exec authentication plugin", authInfoName)) |
| 253 | } else if len(v.Value) == 0 { |
| 254 | validationErrors = append(validationErrors, fmt.Errorf("env variable %s value must be specified for %v to use exec authentication plugin", v.Name, authInfoName)) |
| 255 | } |