OCM-6375 | fix: error out if cluster is enabled with external auth

Signed-off-by: Maggie Chen <magchen@redhat.com>
openshift · Mar 27, 2024 · d8a39ce · d8a39ce
1 parent 4a3534f
commit d8a39ce
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 1 deletion.
diff --git a/cmd/create/admin/cmd.go b/cmd/create/admin/cmd.go
@@ -76,10 +76,16 @@ func run(_ *cobra.Command, _ []string) {
 		os.Exit(1)
 	}
 
+	if cluster.ExternalAuthConfig().Enabled() {
+		r.Reporter.Errorf("Creating the 'cluster-admin' user is not supported for clusters with external authentication configured.")
+		os.Exit(1)
+	}
+
 	adminUser, err := r.OCMClient.GetUser(cluster.ID(), ClusterAdminGroupname, ClusterAdminUsername)
 	if err != nil {
 		r.Reporter.Errorf("Failed to get user '%s' in 'cluster-admins' group for cluster '%s'",
 			ClusterAdminUsername, clusterKey)
+		os.Exit(1)
 	}
 	if adminUser != nil {
 		r.Reporter.Errorf("Cluster '%s' already has '%s' user", clusterKey, ClusterAdminUsername)

diff --git a/cmd/create/idp/cmd.go b/cmd/create/idp/cmd.go
@@ -334,6 +334,11 @@ func run(cmd *cobra.Command, _ []string) {
 		os.Exit(1)
 	}
 
+	if cluster.ExternalAuthConfig().Enabled() {
+		r.Reporter.Errorf("Adding IDP is not supported for clusters with external authentication configured.")
+		os.Exit(1)
+	}
+
 	// Grab all the IDP information interactively if necessary
 	idpType := args.idpType
 	if idpType == "" {

diff --git a/cmd/dlt/admin/cmd.go b/cmd/dlt/admin/cmd.go
@@ -108,6 +108,11 @@ func run(_ *cobra.Command, _ []string) {
 		os.Exit(1)
 	}
 
+	if cluster.ExternalAuthConfig().Enabled() {
+		r.Reporter.Errorf("Deleting the 'cluster-admin' user is not supported for clusters with external authentication configured.")
+		os.Exit(1)
+	}
+
 	// Try to find the htpasswd identity provider:
 	clusterID := cluster.ID()
 	clusterAdminIDP, _, err := cadmin.FindIDPWithAdmin(cluster, r)

diff --git a/cmd/dlt/idp/cmd.go b/cmd/dlt/idp/cmd.go
@@ -58,8 +58,13 @@ func run(_ *cobra.Command, argv []string) {
 	idpName := argv[0]
 
 	clusterKey := r.GetClusterKey()
-
 	cluster := r.FetchCluster()
+
+	if cluster.ExternalAuthConfig().Enabled() {
+		r.Reporter.Errorf("Deleting IDP is not supported for clusters with external authentication configured.")
+		os.Exit(1)
+	}
+
 	// Try to find the identity provider:
 	r.Reporter.Debugf("Loading identity provider '%s'", idpName)
 	idps, err := r.OCMClient.GetIdentityProviders(cluster.ID())

diff --git a/cmd/list/idp/cmd.go b/cmd/list/idp/cmd.go
@@ -58,6 +58,11 @@ func run(_ *cobra.Command, _ []string) {
 		os.Exit(1)
 	}
 
+	if cluster.ExternalAuthConfig().Enabled() {
+		r.Reporter.Errorf("Listing identity providers is not supported for clusters with external authentication configured.")
+		os.Exit(1)
+	}
+
 	// Load any existing IDPs for this cluster
 	r.Reporter.Debugf("Loading identity providers for cluster '%s'", clusterKey)
 	idps, err := r.OCMClient.GetIdentityProviders(cluster.ID())

diff --git a/cmd/list/user/cmd.go b/cmd/list/user/cmd.go
@@ -61,6 +61,11 @@ func run(_ *cobra.Command, _ []string) {
 		os.Exit(1)
 	}
 
+	if cluster.ExternalAuthConfig().Enabled() {
+		r.Reporter.Errorf("Listing cluster users is not supported for clusters with external authentication configured.")
+		os.Exit(1)
+	}
+
 	var clusterAdmins []*cmv1.User
 	var err error
 	r.Reporter.Debugf("Loading users for cluster '%s'", clusterKey)