From d8a39cedbec0b371142eae2fcf3d7f49d8fa912c Mon Sep 17 00:00:00 2001 From: Maggie Chen Date: Wed, 27 Mar 2024 10:51:17 -0400 Subject: [PATCH] OCM-6375 | fix: error out if cluster is enabled with external auth Signed-off-by: Maggie Chen --- cmd/create/admin/cmd.go | 6 ++++++ cmd/create/idp/cmd.go | 5 +++++ cmd/dlt/admin/cmd.go | 5 +++++ cmd/dlt/idp/cmd.go | 7 ++++++- cmd/list/idp/cmd.go | 5 +++++ cmd/list/user/cmd.go | 5 +++++ 6 files changed, 32 insertions(+), 1 deletion(-) diff --git a/cmd/create/admin/cmd.go b/cmd/create/admin/cmd.go index 7536c85d36..6e7e8c30a3 100644 --- a/cmd/create/admin/cmd.go +++ b/cmd/create/admin/cmd.go @@ -76,10 +76,16 @@ func run(_ *cobra.Command, _ []string) { os.Exit(1) } + if cluster.ExternalAuthConfig().Enabled() { + r.Reporter.Errorf("Creating the 'cluster-admin' user is not supported for clusters with external authentication configured.") + os.Exit(1) + } + adminUser, err := r.OCMClient.GetUser(cluster.ID(), ClusterAdminGroupname, ClusterAdminUsername) if err != nil { r.Reporter.Errorf("Failed to get user '%s' in 'cluster-admins' group for cluster '%s'", ClusterAdminUsername, clusterKey) + os.Exit(1) } if adminUser != nil { r.Reporter.Errorf("Cluster '%s' already has '%s' user", clusterKey, ClusterAdminUsername) diff --git a/cmd/create/idp/cmd.go b/cmd/create/idp/cmd.go index a44484f152..33241b183e 100644 --- a/cmd/create/idp/cmd.go +++ b/cmd/create/idp/cmd.go @@ -334,6 +334,11 @@ func run(cmd *cobra.Command, _ []string) { os.Exit(1) } + if cluster.ExternalAuthConfig().Enabled() { + r.Reporter.Errorf("Adding IDP is not supported for clusters with external authentication configured.") + os.Exit(1) + } + // Grab all the IDP information interactively if necessary idpType := args.idpType if idpType == "" { diff --git a/cmd/dlt/admin/cmd.go b/cmd/dlt/admin/cmd.go index c42e7bff1d..31ad3bfb8f 100644 --- a/cmd/dlt/admin/cmd.go +++ b/cmd/dlt/admin/cmd.go @@ -108,6 +108,11 @@ func run(_ *cobra.Command, _ []string) { os.Exit(1) } + if cluster.ExternalAuthConfig().Enabled() { + r.Reporter.Errorf("Deleting the 'cluster-admin' user is not supported for clusters with external authentication configured.") + os.Exit(1) + } + // Try to find the htpasswd identity provider: clusterID := cluster.ID() clusterAdminIDP, _, err := cadmin.FindIDPWithAdmin(cluster, r) diff --git a/cmd/dlt/idp/cmd.go b/cmd/dlt/idp/cmd.go index 1b2ea35531..b5ce35c95e 100644 --- a/cmd/dlt/idp/cmd.go +++ b/cmd/dlt/idp/cmd.go @@ -58,8 +58,13 @@ func run(_ *cobra.Command, argv []string) { idpName := argv[0] clusterKey := r.GetClusterKey() - cluster := r.FetchCluster() + + if cluster.ExternalAuthConfig().Enabled() { + r.Reporter.Errorf("Deleting IDP is not supported for clusters with external authentication configured.") + os.Exit(1) + } + // Try to find the identity provider: r.Reporter.Debugf("Loading identity provider '%s'", idpName) idps, err := r.OCMClient.GetIdentityProviders(cluster.ID()) diff --git a/cmd/list/idp/cmd.go b/cmd/list/idp/cmd.go index 0af840b754..76d8bdac48 100644 --- a/cmd/list/idp/cmd.go +++ b/cmd/list/idp/cmd.go @@ -58,6 +58,11 @@ func run(_ *cobra.Command, _ []string) { os.Exit(1) } + if cluster.ExternalAuthConfig().Enabled() { + r.Reporter.Errorf("Listing identity providers is not supported for clusters with external authentication configured.") + os.Exit(1) + } + // Load any existing IDPs for this cluster r.Reporter.Debugf("Loading identity providers for cluster '%s'", clusterKey) idps, err := r.OCMClient.GetIdentityProviders(cluster.ID()) diff --git a/cmd/list/user/cmd.go b/cmd/list/user/cmd.go index a84a235ad7..399ea60ac9 100644 --- a/cmd/list/user/cmd.go +++ b/cmd/list/user/cmd.go @@ -61,6 +61,11 @@ func run(_ *cobra.Command, _ []string) { os.Exit(1) } + if cluster.ExternalAuthConfig().Enabled() { + r.Reporter.Errorf("Listing cluster users is not supported for clusters with external authentication configured.") + os.Exit(1) + } + var clusterAdmins []*cmv1.User var err error r.Reporter.Debugf("Loading users for cluster '%s'", clusterKey)