func validateConfig()

in pkg/auth/impl/basic/manager.go [192:275]

• 68 lines of code
• 21 McCabe index (conditional complexity)

func validateConfig(config *authConfig) error {
	roleConfigs := make(map[string]*roleConfig)
	// check if rules are valid
	for _, roleConfig := range config.Roles {
		for _, acceptRule := range roleConfig.Accept {
			if err := validateRule(acceptRule); err != nil {
				return err
			}
		}
		for _, rejectRule := range roleConfig.Reject {
			if err := validateRule(rejectRule); err != nil {
				return err
			}
		}

		if _, ok := roleConfigs[roleConfig.Role]; ok {
			return yarpcerrors.InvalidArgumentErrorf(
				"same Role defined more than once. Role:%s",
				roleConfig.Role,
			)
		}
		roleConfigs[roleConfig.Role] = roleConfig
	}

	var defaultUserCount int
	userConfigs := make(map[string]*userConfig)
	for _, userConfig := range config.Users {
		if len(userConfig.Role) == 0 {
			return yarpcerrors.InvalidArgumentErrorf("no Role specified for user")
		}

		// check if user has a Role that is defined in Roles
		if _, ok := roleConfigs[userConfig.Role]; !ok {
			return yarpcerrors.InvalidArgumentErrorf(
				"user: %s has undefined Role: %s",
				userConfig.Username,
				userConfig.Role,
			)
		}

		if len(userConfig.Password) != 0 && len(userConfig.Username) == 0 {
			return yarpcerrors.InvalidArgumentErrorf("no Username specified for user")
		}

		if len(userConfig.Password) == 0 && len(userConfig.Username) != 0 {
			return yarpcerrors.InvalidArgumentErrorf("no Password specified for user")
		}

		if len(userConfig.Password) == 0 && len(userConfig.Username) == 0 {
			defaultUserCount++
		}

		// only one user can be default user
		if defaultUserCount > 1 {
			return yarpcerrors.InvalidArgumentErrorf("more than one default user specified")
		}

		if _, ok := userConfigs[userConfig.Username]; ok {
			return yarpcerrors.InvalidArgumentErrorf(
				"same user defined more than once. user:%s",
				userConfig.Username,
			)
		}
		userConfigs[userConfig.Username] = userConfig
	}

	// validate internal user configs
	internalUserConfig, ok := userConfigs[config.InternalUser]
	if !ok {
		return yarpcerrors.InvalidArgumentErrorf("undefined internal user")
	}

	internalUserRoleConfig, ok := roleConfigs[internalUserConfig.Role]
	if !ok {
		return yarpcerrors.InvalidArgumentErrorf("undefined role for internal user")
	}

	if !isRootRole(internalUserRoleConfig) {
		return yarpcerrors.InvalidArgumentErrorf(
			"role for internal user must accept * and reject no method")
	}

	return nil
}