1515package authcrunch
1616
1717import (
18+ "fmt"
1819 "github.com/greenpau/go-authcrunch/pkg/authn"
1920 "github.com/greenpau/go-authcrunch/pkg/authz"
2021 "github.com/greenpau/go-authcrunch/pkg/credentials"
22+ "github.com/greenpau/go-authcrunch/pkg/idp"
23+ "github.com/greenpau/go-authcrunch/pkg/ids"
2124 "github.com/greenpau/go-authcrunch/pkg/messaging"
2225)
2326
2427// Config is a configuration of Server.
2528type Config struct {
26- Credentials * credentials.Config `json:"credentials,omitempty" xml:"credentials,omitempty" yaml:"credentials,omitempty"`
27- Portals []* authn.PortalConfig `json:"auth_portal_configs,omitempty" xml:"auth_portal_configs,omitempty" yaml:"auth_portal_configs,omitempty"`
28- Policies []* authz.PolicyConfig `json:"authz_policy_configs,omitempty" xml:"authz_policy_configs,omitempty" yaml:"authz_policy_configs,omitempty"`
29- Messaging * messaging.Config `json:"messaging,omitempty" xml:"messaging,omitempty" yaml:"messaging,omitempty"`
29+ Credentials * credentials.Config `json:"credentials,omitempty" xml:"credentials,omitempty" yaml:"credentials,omitempty"`
30+ AuthenticationPortals []* authn.PortalConfig `json:"authentication_portals,omitempty" xml:"authentication_portals,omitempty" yaml:"authentication_portals,omitempty"`
31+ AuthorizationPolicies []* authz.PolicyConfig `json:"authorization_policies,omitempty" xml:"authorization_policies,omitempty" yaml:"authorization_policies,omitempty"`
32+ Messaging * messaging.Config `json:"messaging,omitempty" xml:"messaging,omitempty" yaml:"messaging,omitempty"`
33+ IdentityStores []* ids.IdentityStoreConfig `json:"identity_stores,omitempty" xml:"identity_stores,omitempty" yaml:"identity_stores,omitempty"`
34+ IdentityProviders []* idp.IdentityProviderConfig `json:"identity_providers,omitempty" xml:"identity_providers,omitempty" yaml:"identity_providers,omitempty"`
3035}
3136
3237// NewConfig returns an instance of Config.
@@ -50,12 +55,32 @@ func (cfg *Config) AddMessagingProvider(p messaging.Provider) error {
5055 return cfg .Messaging .Add (p )
5156}
5257
58+ // AddIdentityStore adds an identity store configuration.
59+ func (cfg * Config ) AddIdentityStore (name , kind string , data map [string ]interface {}) error {
60+ store , err := ids .NewIdentityStoreConfig (name , kind , data )
61+ if err != nil {
62+ return err
63+ }
64+ cfg .IdentityStores = append (cfg .IdentityStores , store )
65+ return nil
66+ }
67+
68+ // AddIdentityProvider adds an identity provider configuration.
69+ func (cfg * Config ) AddIdentityProvider (name , kind string , data map [string ]interface {}) error {
70+ provider , err := idp .NewIdentityProviderConfig (name , kind , data )
71+ if err != nil {
72+ return err
73+ }
74+ cfg .IdentityProviders = append (cfg .IdentityProviders , provider )
75+ return nil
76+ }
77+
5378// AddAuthenticationPortal adds an authentication portal configuration.
5479func (cfg * Config ) AddAuthenticationPortal (p * authn.PortalConfig ) error {
5580 if err := p .Validate (); err != nil {
5681 return err
5782 }
58- cfg .Portals = append (cfg .Portals , p )
83+ cfg .AuthenticationPortals = append (cfg .AuthenticationPortals , p )
5984 return nil
6085}
6186
@@ -64,25 +89,76 @@ func (cfg *Config) AddAuthorizationPolicy(p *authz.PolicyConfig) error {
6489 if err := p .Validate (); err != nil {
6590 return err
6691 }
67- cfg .Policies = append (cfg .Policies , p )
92+ cfg .AuthorizationPolicies = append (cfg .AuthorizationPolicies , p )
6893 return nil
6994}
7095
7196// Validate validates Config.
7297func (cfg * Config ) Validate () error {
73- for _ , portal := range cfg .Portals {
74- portal .SetCredentials (cfg .Credentials )
75- portal .SetMessaging (cfg .Messaging )
76- if err := portal .Validate (); err != nil {
98+ if len (cfg .AuthenticationPortals ) < 1 && len (cfg .AuthorizationPolicies ) < 1 {
99+ return fmt .Errorf ("no portals and gatekeepers found" )
100+ }
101+
102+ for _ , portalCfg := range cfg .AuthenticationPortals {
103+ portalCfg .SetCredentials (cfg .Credentials )
104+ portalCfg .SetMessaging (cfg .Messaging )
105+ if err := portalCfg .ValidateCredentials (); err != nil {
77106 return err
78107 }
79- if err := portal .ValidateCredentials (); err != nil {
80- return err
108+
109+ // Vealidate that there are no duplicate or overlapping identity store and providers.
110+ authByRealm := make (map [string ]string )
111+
112+ for _ , storeName := range portalCfg .IdentityStores {
113+ var storeConfig * ids.IdentityStoreConfig
114+ for _ , entry := range cfg .IdentityStores {
115+ storeConfig = entry
116+ if entry .Name == storeName {
117+ break
118+ }
119+ }
120+ if storeConfig == nil {
121+ continue
122+ }
123+ if storeConfig .Params == nil {
124+ continue
125+ }
126+ if v , exists := storeConfig .Params ["realm" ]; exists {
127+ realmName := v .(string )
128+ if prevStoreName , exists := authByRealm [realmName ]; exists {
129+ return fmt .Errorf (
130+ "identity provider %q has the same %q realm as %q" ,
131+ storeName , realmName , prevStoreName ,
132+ )
133+ }
134+ authByRealm [realmName ] = storeName
135+ }
81136 }
82- }
83- for _ , policy := range cfg .Policies {
84- if err := policy .Validate (); err != nil {
85- return err
137+
138+ for _ , providerName := range portalCfg .IdentityProviders {
139+ var providerConfig * idp.IdentityProviderConfig
140+ for _ , entry := range cfg .IdentityProviders {
141+ providerConfig = entry
142+ if entry .Name == providerName {
143+ break
144+ }
145+ }
146+ if providerConfig == nil {
147+ continue
148+ }
149+ if providerConfig .Params == nil {
150+ continue
151+ }
152+ if v , exists := providerConfig .Params ["realm" ]; exists {
153+ realmName := v .(string )
154+ if prevProviderName , exists := authByRealm [realmName ]; exists {
155+ return fmt .Errorf (
156+ "identity provider %q has the same %q realm as %q" ,
157+ providerName , realmName , prevProviderName ,
158+ )
159+ }
160+ authByRealm [realmName ] = providerName
161+ }
86162 }
87163 }
88164
0 commit comments