refactor: bring identity interface inline with discovery interface

Author: richardcase

internal/commands/use/use.go

@@ -220,9 +220,6 @@ func addConfig(cs config.ConfigurationSet, registration *registry.DiscoveryPlugi
 	if _, err := cs.Bool("set-current", true, "Sets the current context in the kubeconfig to the selected cluster"); err != nil {
 		return fmt.Errorf("adding set-current config: %w", err)
 	}
-	if err := common.AddCommonIdentityConfig(cs); err != nil {
-		return fmt.Errorf("adding common identity config items: %w", err)
-	}
 	if err := common.AddCommonClusterConfig(cs); err != nil {
 		return fmt.Errorf("adding common cluster config items: %w", err)
 	}

pkg/app/to.go

@@ -213,9 +213,6 @@ func (a *App) buildConnectToConfig(configFile string, discoveryProvider string,
 	if err := cs.AddSet(discoCfg); err != nil {
 		return nil, fmt.Errorf("adding cluster provider config items: %w", err)
 	}
-	if err := common.AddCommonIdentityConfig(cs); err != nil {
-		return nil, fmt.Errorf("adding common identity config items: %w", err)
-	}
 	if err := common.AddCommonClusterConfig(cs); err != nil {
 		return nil, fmt.Errorf("adding common cluster config items: %w", err)
 	}

pkg/app/use.go

@@ -70,10 +70,23 @@ func (a *App) Use(ctx context.Context, input *UseInput) error {
 		return fmt.Errorf("using identity provider %s: %w", input.IdentityProvider, ErrUnsuportedIdpProtocol)
 	}
 
+	err = identityProvider.CheckPreReqs()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "\033[33m%s\033[0m\n", err.Error())
+		return fmt.Errorf("checking identity provider pre-reqs: %w", err)
+	}
+
 	err = clusterProvider.CheckPreReqs()
 	if err != nil {
-		//TODO: how to report this???
 		fmt.Fprintf(os.Stderr, "\033[33m%s\033[0m\n", err.Error())
+		return fmt.Errorf("checking discovery provider pre-reqs: %w", err)
+	}
+
+	if err := identityProvider.Resolve(input.ConfigSet, nil); err != nil {
+		return fmt.Errorf("resolving identity config items: %w", err)
+	}
+	if err := identityProvider.Validate(input.ConfigSet); err != nil {
+		return fmt.Errorf("validating identity config items: %w", err)
 	}
 
 	authOutput, err := identityProvider.Authenticate(ctx, &identity.AuthenticateInput{
@@ -84,7 +97,10 @@ func (a *App) Use(ctx context.Context, input *UseInput) error {
 	}
 
 	if err := clusterProvider.Resolve(input.ConfigSet, authOutput.Identity); err != nil {
-		return fmt.Errorf("resolving config items: %w", err)
+		return fmt.Errorf("resolving discovery config items: %w", err)
+	}
+	if err := clusterProvider.Validate(input.ConfigSet); err != nil {
+		return fmt.Errorf("validating discovery config items: %w", err)
 	}
 
 	if !input.IgnoreAlias {
@@ -153,7 +169,7 @@ func (a *App) Use(ctx context.Context, input *UseInput) error {
 	return nil
 }
 
-func (a *App) discoverCluster(ctx context.Context, clusterProvider discovery.Provider, identity identity.Identity, params *UseInput) (*discovery.Cluster, error) {
+func (a *App) discoverCluster(ctx context.Context, clusterProvider discovery.Provider, identity provider.Identity, params *UseInput) (*discovery.Cluster, error) {
 	a.logger.Infow("discovering clusters", "provider", params.DiscoveryProvider)
 
 	discoverOutput, err := clusterProvider.Discover(ctx, &discovery.DiscoverInput{
@@ -177,7 +193,7 @@ func (a *App) discoverCluster(ctx context.Context, clusterProvider discovery.Pro
 	return cluster, nil
 }
 
-func (a *App) getCluster(ctx context.Context, clusterProvider discovery.Provider, identity identity.Identity, params *UseInput) (*discovery.Cluster, error) {
+func (a *App) getCluster(ctx context.Context, clusterProvider discovery.Provider, identity provider.Identity, params *UseInput) (*discovery.Cluster, error) {
 	a.logger.Infow("getting cluster details", "id", *params.ClusterID, "provider", params.DiscoveryProvider)
 
 	output, err := clusterProvider.GetCluster(ctx, &discovery.GetClusterInput{

pkg/aws/store.go

@@ -21,11 +21,11 @@ import (
 
 	"github.com/versent/saml2aws/pkg/awsconfig"
 
-	"github.com/fidelity/kconnect/pkg/provider/identity"
+	"github.com/fidelity/kconnect/pkg/provider"
 )
 
 // NewIdentityStore will create a new AWS identity store
-func NewIdentityStore(profile, idProviderName string) (identity.Store, error) {
+func NewIdentityStore(profile, idProviderName string) (provider.Store, error) {
 	return &awsIdentityStore{
 		configProvider: awsconfig.NewSharedCredentials(profile),
 		idProviderName: idProviderName,
@@ -41,7 +41,7 @@ func (s *awsIdentityStore) CredsExists() (bool, error) {
 	return s.configProvider.CredsExists()
 }
 
-func (s *awsIdentityStore) Save(userID identity.Identity) error {
+func (s *awsIdentityStore) Save(userID provider.Identity) error {
 	awsIdentity, ok := userID.(*Identity)
 	if !ok {
 		return fmt.Errorf("expected AWSIdentity but got a %T: %w", userID, ErrUnexpectedIdentity)
@@ -51,7 +51,7 @@ func (s *awsIdentityStore) Save(userID identity.Identity) error {
 	return s.configProvider.Save(awsCreds)
 }
 
-func (s *awsIdentityStore) Load() (identity.Identity, error) {
+func (s *awsIdentityStore) Load() (provider.Identity, error) {
 	creds, err := s.configProvider.Load()
 	if err != nil {
 		return nil, fmt.Errorf("loading credentials: %w", err)

pkg/config/validate.go

@@ -0,0 +1,42 @@
+/*
+Copyright 2021 The kconnect Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	"fmt"
+
+	kerrs "github.com/fidelity/kconnect/pkg/errors"
+)
+
+const (
+	requiredFormat = "%s is required"
+)
+
+// ValidateRequired will perform a required field validation on the config set
+func ValidateRequired(cfg ConfigurationSet) error {
+	validationErrs := []string{}
+	for _, item := range cfg.GetAll() {
+		if item.Required && !item.HasValue() {
+			validationErrs = append(validationErrs, fmt.Sprintf(requiredFormat, item.Name))
+		}
+	}
+	if len(validationErrs) > 0 {
+		return kerrs.New(validationErrs)
+	}
+
+	return nil
+}

pkg/errors/validation.go

@@ -21,6 +21,12 @@ import (
 	"strings"
 )
 
+func New(errors []string) *ValidationFailed {
+	return &ValidationFailed{
+		validationErrors: errors,
+	}
+}
+
 type ValidationFailed struct {
 	validationErrors []string
 }

pkg/plugins/discovery/aws/provider.go

@@ -27,7 +27,6 @@ import (
 	"github.com/fidelity/kconnect/pkg/provider"
 	"github.com/fidelity/kconnect/pkg/provider/common"
 	"github.com/fidelity/kconnect/pkg/provider/discovery"
-	"github.com/fidelity/kconnect/pkg/provider/identity"
 	"github.com/fidelity/kconnect/pkg/provider/registry"
 	"github.com/fidelity/kconnect/pkg/utils"
 )
@@ -91,7 +90,7 @@ func (p *eksClusterProvider) Name() string {
 	return ProviderName
 }
 
-func (p *eksClusterProvider) setup(cs config.ConfigurationSet, userID identity.Identity) error {
+func (p *eksClusterProvider) setup(cs config.ConfigurationSet, userID provider.Identity) error {
 	cfg := &eksClusteProviderConfig{}
 	if err := config.Unmarshall(cs, cfg); err != nil {
 		return fmt.Errorf("unmarshalling config items into eksClusteProviderConfig: %w", err)

pkg/plugins/discovery/aws/resolver.go

@@ -19,9 +19,10 @@ package aws
 import (
 	"fmt"
 
+	kaws "github.com/fidelity/kconnect/pkg/aws"
 	"github.com/fidelity/kconnect/pkg/config"
 	kerrors "github.com/fidelity/kconnect/pkg/errors"
-	"github.com/fidelity/kconnect/pkg/provider/identity"
+	"github.com/fidelity/kconnect/pkg/provider"
 )
 
 func (p *eksClusterProvider) Validate(cfg config.ConfigurationSet) error {
@@ -42,6 +43,12 @@ func (p *eksClusterProvider) Validate(cfg config.ConfigurationSet) error {
 
 // Resolve will resolve the values for the AWS specific flags that have no value. It will
 // query AWS and interactively ask the user for selections.
-func (p *eksClusterProvider) Resolve(config config.ConfigurationSet, userID identity.Identity) error {
+func (p *eksClusterProvider) Resolve(cfg config.ConfigurationSet, userID provider.Identity) error {
+	if err := kaws.ResolvePartition(cfg); err != nil {
+		return fmt.Errorf("resolving partition: %w", err)
+	}
+	if err := kaws.ResolveRegion(cfg); err != nil {
+		return fmt.Errorf("resolving region: %w", err)
+	}
 	return nil
 }

pkg/plugins/discovery/azure/config.go

@@ -29,8 +29,8 @@ import (
 	azclient "github.com/fidelity/kconnect/pkg/azure/client"
 	"github.com/fidelity/kconnect/pkg/azure/id"
 	azid "github.com/fidelity/kconnect/pkg/azure/identity"
+	"github.com/fidelity/kconnect/pkg/provider"
 	"github.com/fidelity/kconnect/pkg/provider/discovery"
-	"github.com/fidelity/kconnect/pkg/provider/identity"
 )
 
 const (
@@ -110,7 +110,7 @@ func (p *aksClusterProvider) addKubelogin(cfg *api.Config) {
 	}
 }
 
-func (p *aksClusterProvider) addTokenToAuthProvider(cfg *api.Config, userID identity.Identity) error {
+func (p *aksClusterProvider) addTokenToAuthProvider(cfg *api.Config, userID provider.Identity) error {
 	id, ok := userID.(*azid.ActiveDirectoryIdentity)
 	if !ok {
 		return ErrTokenNeedsAD

pkg/plugins/discovery/azure/provider.go

@@ -22,15 +22,13 @@ import (
 	"go.uber.org/zap"
 
 	"github.com/Azure/go-autorest/autorest"
-	"github.com/go-playground/validator/v10"
 
 	azid "github.com/fidelity/kconnect/pkg/azure/identity"
 	"github.com/fidelity/kconnect/pkg/config"
 	khttp "github.com/fidelity/kconnect/pkg/http"
 	"github.com/fidelity/kconnect/pkg/provider"
 	"github.com/fidelity/kconnect/pkg/provider/common"
 	"github.com/fidelity/kconnect/pkg/provider/discovery"
-	"github.com/fidelity/kconnect/pkg/provider/identity"
 	"github.com/fidelity/kconnect/pkg/provider/registry"
 	"github.com/fidelity/kconnect/pkg/utils"
 )
@@ -101,16 +99,11 @@ func (p *aksClusterProvider) Name() string {
 	return ProviderName
 }
 
-func (p *aksClusterProvider) setup(cs config.ConfigurationSet, userID identity.Identity) error {
+func (p *aksClusterProvider) setup(cs config.ConfigurationSet, userID provider.Identity) error {
 	cfg := &aksClusterProviderConfig{}
 	if err := config.Unmarshall(cs, cfg); err != nil {
 		return fmt.Errorf("unmarshalling config items into eksClusteProviderConfig: %w", err)
 	}
-	validate := validator.New()
-	if err := validate.Struct(cfg); err != nil {
-		return fmt.Errorf("validating config struct: %w", err)
-	}
-
 	p.config = cfg
 
 	// TODO: should we just return a AuthorizerIdentity from the aad provider?

pkg/plugins/discovery/azure/resolver.go

@@ -24,7 +24,7 @@ import (
 	"github.com/fidelity/kconnect/pkg/config"
 	kerrors "github.com/fidelity/kconnect/pkg/errors"
 	"github.com/fidelity/kconnect/pkg/prompt"
-	"github.com/fidelity/kconnect/pkg/provider/identity"
+	"github.com/fidelity/kconnect/pkg/provider"
 )
 
 func (p *aksClusterProvider) Validate(cfg config.ConfigurationSet) error {
@@ -45,7 +45,7 @@ func (p *aksClusterProvider) Validate(cfg config.ConfigurationSet) error {
 
 // Resolve will resolve the values for the AWS specific flags that have no value. It will
 // query AWS and interactively ask the user for selections.
-func (p *aksClusterProvider) Resolve(cfg config.ConfigurationSet, userID identity.Identity) error {
+func (p *aksClusterProvider) Resolve(cfg config.ConfigurationSet, userID provider.Identity) error {
 	if err := p.setup(cfg, userID); err != nil {
 		return fmt.Errorf("setting up aks provider: %w", err)
 	}

pkg/plugins/discovery/rancher/provider.go

@@ -86,7 +86,7 @@ func (p *rancherClusterProvider) Name() string {
 	return ProviderName
 }
 
-func (p *rancherClusterProvider) setup(cs config.ConfigurationSet, userID identity.Identity) error {
+func (p *rancherClusterProvider) setup(cs config.ConfigurationSet, userID provider.Identity) error {
 	cfg := &rancherClusterProviderConfig{}
 	if err := config.Unmarshall(cs, cfg); err != nil {
 		return fmt.Errorf("unmarshalling config items into rancherClusterProviderConfig: %w", err)

pkg/plugins/discovery/rancher/resolver.go

@@ -21,7 +21,7 @@ import (
 
 	"github.com/fidelity/kconnect/pkg/config"
 	kerrors "github.com/fidelity/kconnect/pkg/errors"
-	"github.com/fidelity/kconnect/pkg/provider/identity"
+	"github.com/fidelity/kconnect/pkg/provider"
 	rshared "github.com/fidelity/kconnect/pkg/rancher"
 )
 
@@ -43,7 +43,7 @@ func (p *rancherClusterProvider) Validate(cfg config.ConfigurationSet) error {
 
 // Resolve will resolve the values for the AWS specific flags that have no value. It will
 // query AWS and interactively ask the user for selections.
-func (p *rancherClusterProvider) Resolve(cfg config.ConfigurationSet, identity identity.Identity) error {
+func (p *rancherClusterProvider) Resolve(cfg config.ConfigurationSet, identity provider.Identity) error {
 	if err := p.setup(cfg, identity); err != nil {
 		return fmt.Errorf("setting up rancher provider: %w", err)
 	}

pkg/plugins/identity/aws/iam/provider.go

@@ -85,10 +85,6 @@ func (p *iamIdentityProvider) Authenticate(ctx context.Context, input *identity.
 		return nil, fmt.Errorf("unmarshalling config into providerConfig: %w", err)
 	}
 
-	if err := p.validateConfig(cfg); err != nil {
-		return nil, err
-	}
-
 	sess, err := kaws.NewSession(cfg.Region, cfg.Profile, cfg.AccessKey, cfg.SecretKey, cfg.SessionToken)
 	if err != nil {
 		return nil, fmt.Errorf("creating aws session: %w", err)
@@ -113,23 +109,42 @@ func (p *iamIdentityProvider) Authenticate(ctx context.Context, input *identity.
 	}, nil
 }
 
-func (p *iamIdentityProvider) validateConfig(cfg *providerConfig) error {
-	if cfg.Profile != "" && cfg.AccessKey != "" {
+// Validate is used to validate the config items and return any errors
+func (p *iamIdentityProvider) Validate(cfg config.ConfigurationSet) error {
+	hasProfile := cfg.ExistsWithValue(kaws.ProfileConfigItem)
+	hasAccessKey := cfg.ExistsWithValue(kaws.AccessKeyConfigItem)
+	hasSecretKey := cfg.ExistsWithValue(kaws.SecretKeyConfigItem)
+
+	if hasProfile && hasAccessKey {
 		return ErrProfileWithAccessKey
 	}
-	if cfg.Profile != "" && cfg.SecretKey != "" {
+	if hasProfile && hasSecretKey {
 		return ErrProfileWithSecretKey
 	}
-	if cfg.AccessKey != "" && cfg.SecretKey == "" {
+	if hasAccessKey && !hasSecretKey {
 		return ErrAccessAndSecretRequired
 	}
-	if cfg.AccessKey == "" && cfg.SecretKey != "" {
+	if !hasAccessKey && hasSecretKey {
 		return ErrAccessAndSecretRequired
 	}
 
 	return nil
 }
 
+// Resolve will resolve the values for the supplied config items. It will interactively
+// resolve the values by asking the user for selections.
+func (p *iamIdentityProvider) Resolve(config config.ConfigurationSet, identity provider.Identity) error {
+	return nil
+}
+
+func (p *iamIdentityProvider) ListPreReqs() []*provider.PreReq {
+	return []*provider.PreReq{}
+}
+
+func (p *iamIdentityProvider) CheckPreReqs() error {
+	return nil
+}
+
 // ConfigurationItems will return the configuration items for the intentity plugin based
 // of the cluster provider that its being used in conjunction with
 func ConfigurationItems(scopeTo string) (config.ConfigurationSet, error) {