/
validations.go
95 lines (81 loc) · 2.01 KB
/
validations.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package common
import (
"errors"
"fmt"
"io/ioutil"
"os"
"strconv"
"github.com/cyberark/conjur-authn-k8s-client/pkg/log"
)
// ReadFileFunc defines the interface for reading an SSL Certificate from the env
type ReadFileFunc func(filename string) ([]byte, error)
func validTimeout(key, timeoutStr string) error {
_, err := durationFromString(key, timeoutStr)
return err
}
func validInt(key, value string) error {
_, err := strconv.Atoi(value)
if err != nil {
return fmt.Errorf(log.CAKC060, key, value)
}
return nil
}
func validUsername(key, value string) error {
if len(value) == 0 {
return nil
}
_, err := NewUsername(value)
return err
}
func validConjurVersion(key, version string) error {
// Only versions '4' & '5' are allowed, with '5' being used as the default
switch version {
case "4":
break
case "5":
break
default:
return fmt.Errorf(log.CAKC060, key, version)
}
return nil
}
func ValidateSetting(key string, value string) error {
switch key {
case "CONJUR_AUTHN_LOGIN":
return validUsername(key, value)
case "CONJUR_CLIENT_CERT_RETRY_COUNT_LIMIT":
return validInt(key, value)
case "CONJUR_TOKEN_TIMEOUT":
return validTimeout(key, value)
case "CONJUR_VERSION":
return validConjurVersion(key, value)
case "JWT_TOKEN_PATH":
return validatePath(value)
default:
return nil
}
}
func ReadSSLCert(settings map[string]string, readFile ReadFileFunc) ([]byte, error) {
SSLCert := settings["CONJUR_SSL_CERTIFICATE"]
SSLCertPath := settings["CONJUR_CERT_FILE"]
if SSLCert == "" && SSLCertPath == "" {
return nil, errors.New(log.CAKC007)
}
if SSLCert != "" {
return []byte(SSLCert), nil
}
return readFile(SSLCertPath)
}
func validatePath(path string) error {
// Check if file already exists
if _, err := os.Stat(path); err == nil {
return nil
}
// Attempt to create the file and delete it right after
var emptyData []byte
if err := ioutil.WriteFile(path, emptyData, 0644); err == nil {
os.Remove(path) // And delete it
return nil
}
return fmt.Errorf(log.CAKC065, path)
}