[ARVADOS] updated: 1.3.0-2517-g8bf8c9c62

[Git user]

Summary of changes:
 lib/config/config.default.yml  | 10 ----------
 lib/config/generated_config.go | 10 ----------
 lib/config/load.go             | 28 +++++++++++++++++++++++++++-
 3 files changed, 27 insertions(+), 21 deletions(-)

       via  8bf8c9c62a53012de2847c07b38460d57824c559 (commit)
      from  4d3cc2eb8f4c6e3eaecbcd3a7c0625dcbd10ffa0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 8bf8c9c62a53012de2847c07b38460d57824c559
Author: Lucas Di Pentima <lucas at di-pentima.com.ar>
Date:   Wed Apr 29 17:19:39 2020 -0300

    16212: Tombstone commit - this branch won't be needed.
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas at di-pentima.com.ar>

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index ad8df0363..d4870919e 100644
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -573,16 +573,6 @@ Clusters:
       # accounts.
       PAMDefaultEmailDomain: ""
 
-      # Login endpoint to use by clients such as Workbench for obtaining
-      # a user token.
-      #
-      # Valid values are: 'login' or 'authenticate'.
-      #
-      # The former 'login' endpoint should be used when using SSO server,
-      # or Google authentication, and the 'authenticate' option is needed when
-      # using username/password authentication services such as PAM.
-      Endpoint: login
-
       # The cluster ID to delegate the user database.  When set,
       # logins on this cluster will be redirected to the login cluster
       # (login cluster must appear in RemoteClusters with Proxy: true)
diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index ffdd1a404..42707396d 100644
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -579,16 +579,6 @@ Clusters:
       # accounts.
       PAMDefaultEmailDomain: ""
 
-      # Login endpoint to use by clients such as Workbench for obtaining
-      # a user token.
-      #
-      # Valid values are: 'login' or 'authenticate'.
-      #
-      # The former 'login' endpoint should be used when using SSO server,
-      # or Google authentication, and the 'authenticate' option is needed when
-      # using username/password authentication services such as PAM.
-      Endpoint: login
-
       # The cluster ID to delegate the user database.  When set,
       # logins on this cluster will be redirected to the login cluster
       # (login cluster must appear in RemoteClusters with Proxy: true)
diff --git a/lib/config/load.go b/lib/config/load.go
index 86a8f7df6..c4a9483e9 100644
--- a/lib/config/load.go
+++ b/lib/config/load.go
@@ -265,10 +265,17 @@ func (ldr *Loader) Load() (*arvados.Config, error) {
 		}
 	}
 
-	// Check for known mistakes
 	for id, cc := range cfg.Clusters {
+		ldr.Logger.Infof(">>>>> Cluster %s", id)
+		if id == "xxxxx" {
+			continue
+		}
+		// Check for known mistakes
 		for _, err = range []error{
 			checkKeyConflict(fmt.Sprintf("Clusters.%s.PostgreSQL.Connection", id), cc.PostgreSQL.Connection),
+			checkMutuallyExclusiveConfigs(
+				fmt.Sprintf("Clusters.%s configuration problem: exactly one of Login.GoogleClientID, Login.ProviderAppID, or Login.PAM must be configured", id),
+				[]bool{cc.Login.PAM, cc.Login.GoogleClientID != "", cc.Login.ProviderAppID != ""}),
 			ldr.checkEmptyKeepstores(cc),
 			ldr.checkUnlistedKeepstores(cc),
 		} {
@@ -276,6 +283,12 @@ func (ldr *Loader) Load() (*arvados.Config, error) {
 				return nil, err
 			}
 		}
+		// Compute derived configs
+		if cc.Login.PAM {
+			cc.Login.Endpoint = "authenticate"
+		} else {
+			cc.Login.Endpoint = "login"
+		}
 	}
 	return &cfg, nil
 }
@@ -292,6 +305,19 @@ func checkKeyConflict(label string, m map[string]string) error {
 	return nil
 }
 
+func checkMutuallyExclusiveConfigs(msg string, cfgs []bool) error {
+	activeCfgs := 0
+	for _, isActive := range cfgs {
+		if isActive {
+			activeCfgs++
+		}
+	}
+	if activeCfgs != 1 {
+		return fmt.Errorf("%s: %d", msg, activeCfgs)
+	}
+	return nil
+}
+
 func removeSampleKeys(m map[string]interface{}) {
 	delete(m, "SAMPLE")
 	for _, v := range m {

-----------------------------------------------------------------------


hooks/post-receive
--