Adds suggested validations.

Signed-off-by: JU4N98 <juanpablocabana2@gmail.com>
JU4N98 · Nov 17, 2023 · f47a3c0 · f47a3c0
1 parent 49dd74d
commit f47a3c0
Showing 2 changed files with 34 additions and 28 deletions.
diff --git a/pkg/sidecar/config.go b/pkg/sidecar/config.go
@@ -120,20 +120,18 @@ func ValidateConfig(c *Config) error {
 		c.RenewSignal = c.RenewSignalDeprecated
 	}
 
-	if c.SvidFileName == "" && c.JWTSvidFilename == "" && c.JWTBundleFilename == "" {
-		return errors.New("svid_file_name, jwt_svid_file_name or jwt_bundle_file_name is required")
+	X509EmptyCount := countEmpty(c.SvidFileName, c.SvidBundleFileName, c.SvidKeyFileName)
+	JWTEmptyCount := countEmpty(c.JWTSvidFilename, c.JWTBundleFilename, c.JWTAudience)
+	if X509EmptyCount == 3 && JWTEmptyCount == 3 {
+		return errors.New("at least one of the sets ('svid_file_name', 'svid_key_file_name', 'svid_bundle_file_name') or ('jwt_file_name', 'jwt_bundle_file_name', 'jwt_audience') must be fully specified")
 	}
 
-	if c.SvidFileName != "" && c.SvidKeyFileName == "" {
-		return errors.New("svid_key_file_name is required when using svid_file_name")
+	if X509EmptyCount != 0 && X509EmptyCount != 3 {
+		return errors.New("all or none of 'svid_file_name', 'svid_key_file_name', 'svid_bundle_file_name' must be specified")
 	}
 
-	if c.SvidFileName != "" && c.SvidBundleFileName == "" {
-		return errors.New("svid_bundle_file_name is required when using svid_file_name")
-	}
-
-	if c.JWTSvidFilename != "" && c.JWTAudience == "" {
-		return errors.New("jwt_audience is required when using jwt_svid_file_name")
+	if JWTEmptyCount != 0 && JWTEmptyCount != 3 {
+		return errors.New("all or none of 'jwt_file_name', 'jwt_bundle_file_name', 'jwt_audience' must be specified")
 	}
 
 	return nil
@@ -142,3 +140,13 @@ func ValidateConfig(c *Config) error {
 func getWarning(s1 string, s2 string) string {
 	return s1 + " will be deprecated, should be used as " + s2
 }
+
+func countEmpty(configs ...string) int {
+	cnt := 0
+	for _, config := range configs {
+		if config == "" {
+			cnt++
+		}
+	}
+	return cnt
+}
diff --git a/pkg/sidecar/config_test.go b/pkg/sidecar/config_test.go
@@ -57,38 +57,36 @@ func TestValidateConfig(t *testing.T) {
 			},
 		},
 		{
-			name: "no SVID or bundle",
+			name: "no error",
 			config: &Config{
-				AgentAddress: "path",
+				AgentAddress:      "path",
+				JWTAudience:       "your-audience",
+				JWTSvidFilename:   "jwt.token",
+				JWTBundleFilename: "bundle.json",
 			},
-			expectError: "svid_file_name, jwt_svid_file_name or jwt_bundle_file_name is required",
 		},
 		{
-			name: "no key file",
+			name: "no set specified",
 			config: &Config{
 				AgentAddress: "path",
-				SvidFileName: "cert.pem",
 			},
-			expectError: "svid_key_file_name is required when using svid_file_name",
+			expectError: "at least one of the sets ('svid_file_name', 'svid_key_file_name', 'svid_bundle_file_name') or ('jwt_file_name', 'jwt_bundle_file_name', 'jwt_audience') must be fully specified",
 		},
 		{
-			name: "no bundle file",
+			name: "missing svid config",
 			config: &Config{
-				AgentAddress:    "path",
-				SvidFileName:    "cert.pem",
-				SvidKeyFileName: "key.pem",
+				AgentAddress: "path",
+				SvidFileName: "cert.pem",
 			},
-			expectError: "svid_bundle_file_name is required when using svid_file_name",
+			expectError: "all or none of 'svid_file_name', 'svid_key_file_name', 'svid_bundle_file_name' must be specified",
 		},
 		{
-			name: "no audience",
+			name: "missing jwt config",
 			config: &Config{
 				AgentAddress:    "path",
-				SvidFileName:    "cert.pem",
-				SvidKeyFileName: "key.pem",
-				JWTSvidFilename: "jwt.token",
+				JWTSvidFilename: "cert.pem",
 			},
-			expectError: "jwt_svid_bundle_file_name is required when using jwt_svid_file_name",
+			expectError: "all or none of 'jwt_file_name', 'jwt_bundle_file_name', 'jwt_audience' must be specified",
 		},
 		// Duplicated field error:
 		{
@@ -100,7 +98,7 @@ func TestValidateConfig(t *testing.T) {
 				SvidKeyFileName:        "key.pem",
 				SvidBundleFileName:     "bundle.pem",
 			},
-			expectError: "use of agent_address and AgentAddress found, use only agent_address",
+			expectError: "use of agent_address and agentAddress found, use only agent_address",
 		},
 		{
 			name: "Both cmd_args & cmdArgs in use",
@@ -287,7 +285,7 @@ func TestValidateConfig(t *testing.T) {
 			require.ElementsMatch(t, tt.expectLogs, getShortEntries(hook.AllEntries()))
 
 			if tt.expectError != "" {
-				require.Error(t, err, tt.expectError)
+				require.EqualError(t, err, tt.expectError)
 				return
 			}