func()

in pkg/cmd/serviceaccount/auth/provider.go [160:216]

• 51 lines of code
• 21 McCabe index (conditional complexity)

func (a *authArgs) Validate() error {
	var err error

	if a.authMethod == "" {
		return errors.New("--auth-method is a required parameter")
	}
	if a.authMethod == cliAuthMethod && a.rawClientID != "" && a.clientSecret != "" {
		a.authMethod = clientSecretAuthMethod
	}
	if a.authMethod == clientSecretAuthMethod || a.authMethod == clientCertificateAuthMethod {
		if a.clientID, err = uuid.Parse(a.rawClientID); err != nil {
			return errors.Wrap(err, "parsing --client-id")
		}
		if a.authMethod == clientSecretAuthMethod {
			if a.clientSecret == "" {
				return errors.New(`--client-secret must be specified when --auth-method="client_secret"`)
			}
		} else if a.authMethod == clientCertificateAuthMethod {
			if a.certificatePath == "" || a.privateKeyPath == "" {
				return errors.New(`--certificate-path and --private-key-path must be specified when --auth-method="client_certificate"`)
			}
		}
	}

	a.subscriptionID, _ = uuid.Parse(a.rawSubscriptionID)
	if a.subscriptionID.String() == "00000000-0000-0000-0000-000000000000" {
		var subID uuid.UUID
		subID, err = getSubFromAzDir(filepath.Join(getHomeDir(), ".azure"))
		if err != nil || subID.String() == "00000000-0000-0000-0000-000000000000" {
			return errors.New("--subscription-id is required (and must be a valid UUID)")
		}
		mlog.Info("No subscription provided, using selected subscription from Azure CLI", "subscriptionID", subID.String())
		a.subscriptionID = subID
	}

	env, err := azure.EnvironmentFromName(a.rawAzureEnvironment)
	if err != nil {
		return errors.Wrap(err, "failed to parse --azure-env as a valid target Azure cloud environment")
	}

	if a.tenantID, err = cloud.GetTenantID(a.subscriptionID.String(), a.client); err != nil {
		return err
	}

	switch a.authMethod {
	case cliAuthMethod:
		a.azureClient, err = cloud.NewAzureClientWithCLI(env, a.subscriptionID.String(), a.client)
	case clientSecretAuthMethod:
		a.azureClient, err = cloud.NewAzureClientWithClientSecret(env, a.subscriptionID.String(), a.clientID.String(), a.clientSecret, a.tenantID, a.client)
	case clientCertificateAuthMethod:
		a.azureClient, err = cloud.NewAzureClientWithClientCertificateFile(env, a.subscriptionID.String(), a.clientID.String(), a.tenantID, a.certificatePath, a.privateKeyPath, a.client)
	default:
		err = errors.Errorf("--auth-method: ERROR: method unsupported. method=%q", a.authMethod)
	}

	return err
}