diff --git a/assets/cla/consent.yaml b/assets/cla/consent.yaml index 2fef2d0..141491f 100644 --- a/assets/cla/consent.yaml +++ b/assets/cla/consent.yaml @@ -45,4 +45,6 @@ email: oss-cla@oettig.de - name: Phil Porada email: philporada@gmail.com +- name: Matthias Stone + email: matthias@bellstone.ca diff --git a/config.go b/config.go index cb0ac4d..99faf60 100644 --- a/config.go +++ b/config.go @@ -112,6 +112,10 @@ func (cfg *Config) AddAuthorizationPolicy(p *authz.PolicyConfig) error { // Validate validates Config. func (cfg *Config) Validate() error { + if cfg == nil { + return fmt.Errorf("config is nil") + } + if len(cfg.AuthenticationPortals) < 1 && len(cfg.AuthorizationPolicies) < 1 { return fmt.Errorf("no portals and gatekeepers found") } diff --git a/config_test.go b/config_test.go index 7e1d4d0..233160a 100644 --- a/config_test.go +++ b/config_test.go @@ -299,6 +299,41 @@ func TestNewConfig(t *testing.T) { }, }, }, + { + name: "test valid config whan multiple portals have same realm from different identity stores", + identityStores: []*ids.IdentityStoreConfig{ + { + Name: "localdb1", + Kind: "local", + Params: map[string]interface{}{ + "realm": "local", + "path": filepath.Join(path.Dir(dbPath), "user_db1.json"), + }, + }, + { + Name: "localdb2", + Kind: "local", + Params: map[string]interface{}{ + "realm": "local", + "path": filepath.Join(path.Dir(dbPath), "user_db2.json"), + }, + }, + }, + portals: []*authn.PortalConfig{ + { + Name: "myportal1", + IdentityStores: []string{ + "localdb1", + }, + }, + { + Name: "myportal2", + IdentityStores: []string{ + "localdb2", + }, + }, + }, + }, } for _, tc := range testcases { @@ -361,3 +396,9 @@ func TestNewConfig(t *testing.T) { }) } } + +func TestValidateNilConfig(t *testing.T) { + var cfg *Config + err := cfg.Validate() + tests.EvalErrWithLog(t, err, "Validate", true, fmt.Errorf("config is nil"), nil) +} diff --git a/server.go b/server.go index 8b7c484..467ebc2 100644 --- a/server.go +++ b/server.go @@ -48,7 +48,6 @@ type Server struct { ssoProviders []sso.SingleSignOnProvider userRegistries []registry.UserRegistry nameRefs refMap - realmRefs refMap logger *zap.Logger } @@ -74,7 +73,6 @@ func NewServer(config *Config, logger *zap.Logger) (*Server, error) { config: config, logger: logger, nameRefs: newRefMap(), - realmRefs: newRefMap(), } for _, cfg := range config.IdentityProviders { @@ -85,14 +83,10 @@ func NewServer(config *Config, logger *zap.Logger) (*Server, error) { if _, exists := srv.nameRefs.identityProviders[provider.GetName()]; exists { return nil, errors.ErrNewServer.WithArgs("duplicate identity provider name", provider.GetName()) } - if _, exists := srv.realmRefs.identityProviders[provider.GetRealm()]; exists { - return nil, errors.ErrNewServer.WithArgs("duplicate identity provider realm", provider.GetRealm()) - } if err := provider.Configure(); err != nil { return nil, errors.ErrNewServer.WithArgs("failed configuring identity provider", err) } srv.nameRefs.identityProviders[provider.GetName()] = provider - srv.realmRefs.identityProviders[provider.GetRealm()] = provider srv.identityProviders = append(srv.identityProviders, provider) } @@ -104,14 +98,10 @@ func NewServer(config *Config, logger *zap.Logger) (*Server, error) { if _, exists := srv.nameRefs.identityStores[store.GetName()]; exists { return nil, errors.ErrNewServer.WithArgs("duplicate identity store name", store.GetName()) } - if _, exists := srv.realmRefs.identityStores[store.GetRealm()]; exists { - return nil, errors.ErrNewServer.WithArgs("duplicate identity store realm", store.GetRealm()) - } if err := store.Configure(); err != nil { return nil, errors.ErrNewServer.WithArgs("failed configuring identity store", err) } srv.nameRefs.identityStores[store.GetName()] = store - srv.realmRefs.identityStores[store.GetRealm()] = store srv.identityStores = append(srv.identityStores, store) }