1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-01-24 05:26:55 +02:00

47 lines
1.3 KiB
Go
Raw Normal View History

2020-07-23 10:47:31 +01:00
package validation
import (
"encoding/base64"
"fmt"
"os"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
)
2020-10-24 07:17:01 +01:00
const multipleValuesForSecretSource = "multiple values specified for secret source: specify either value, fromEnv of fromFile"
2020-07-23 10:47:31 +01:00
func validateSecretSource(source options.SecretSource) string {
switch {
case len(source.Value) > 0 && source.FromEnv == "" && source.FromFile == "":
return validateSecretSourceValue(source.Value)
case len(source.Value) == 0 && source.FromEnv != "" && source.FromFile == "":
return validateSecretSourceEnv(source.FromEnv)
case len(source.Value) == 0 && source.FromEnv == "" && source.FromFile != "":
return validateSecretSourceFile(source.FromFile)
default:
2020-10-24 07:17:01 +01:00
return multipleValuesForSecretSource
2020-07-23 10:47:31 +01:00
}
}
func validateSecretSourceValue(value []byte) string {
dst := make([]byte, len(value))
if _, err := base64.StdEncoding.Decode(dst, value); err != nil {
return fmt.Sprintf("error decoding secret value: %v", err)
}
return ""
}
func validateSecretSourceEnv(key string) string {
if value := os.Getenv(key); value == "" {
return fmt.Sprintf("error loading secret from environent: no value for for key %q", key)
}
return ""
}
func validateSecretSourceFile(path string) string {
if _, err := os.Stat(path); err != nil {
return fmt.Sprintf("error loadig secret from file: %v", err)
}
return ""
}