func checkServiceRoles()

in lib/dam/dam_integrity.go [450:501]

• 52 lines of code
• 17 McCabe index (conditional complexity)

func checkServiceRoles(roles map[string]*pb.ServiceRole, templateName, serviceName string, cfg *pb.DamConfig, vopts ValidateCfgOpts) (string, error) {
	if len(roles) == 0 {
		return httputils.StatusPath(cfgServiceTemplates, templateName, "roles"), fmt.Errorf("no roles provided")
	}
	desc := vopts.Services.Descriptors[serviceName]
	for rname, role := range roles {
		if err := checkName(rname); err != nil {
			return httputils.StatusPath(cfgServiceTemplates, templateName, "roles", rname), fmt.Errorf("role has invalid name %q: %v", rname, err)
		}
		if len(role.DamRoleCategories) == 0 {
			return httputils.StatusPath(cfgServiceTemplates, templateName, "roles", rname, "damRoleCategories"), fmt.Errorf("role %q does not provide a DAM role category", rname)
		}
		for i, pt := range role.DamRoleCategories {
			if _, ok := vopts.RoleCategories[pt]; !ok {
				return httputils.StatusPath(
						cfgServiceTemplates, templateName, "roles", rname, "damRoleCategories", strconv.Itoa(i)),
					fmt.Errorf("role %q DAM role category %q is not defined (valid types are: %s)", rname, pt,
						strings.Join(roleCategorySet(vopts.RoleCategories), ", "))
			}
		}
		for vname, def := range desc.ServiceVariables {
			arg, ok := role.ServiceArgs[vname]
			if !ok {
				if def.Optional {
					continue
				}
				return httputils.StatusPath(cfgServiceTemplates, templateName, "roles", rname, "serviceArgs", vname), fmt.Errorf("missing required service argument %q", vname)
			}
			re, err := regexp.Compile(def.Regexp)
			if err != nil {
				return httputils.StatusPath("services", templateName, "serviceArgs", vname), fmt.Errorf("variable format regexp %q is not a valid regular expression", def.Regexp)
			}
			for ival, val := range arg.Values {
				if len(val) == 0 {
					return httputils.StatusPath(cfgServiceTemplates, templateName, "roles", rname, "serviceArgs", vname, "values", strconv.Itoa(ival)), fmt.Errorf("service argument value %d is empty", ival)
				}
				if !re.MatchString(val) {
					return httputils.StatusPath(cfgServiceTemplates, templateName, "roles", rname, "serviceArgs", vname, "values", strconv.Itoa(ival)), fmt.Errorf("service argument value %q is not valid", val)
				}
			}
		}
		for aname := range role.ServiceArgs {
			if _, ok := desc.ServiceVariables[aname]; !ok {
				return httputils.StatusPath(cfgServiceTemplates, templateName, "roles", rname, "serviceArgs", aname), fmt.Errorf("service argument name %q is not a known input for service %q", aname, serviceName)
			}
		}
		if path, err := check.CheckUI(role.Ui, true); err != nil {
			return httputils.StatusPath(cfgServiceTemplates, templateName, "roles", rname, path), fmt.Errorf("role %q: %v", rname, err)
		}
	}
	return "", nil
}