44 lines
1.2 KiB
C#
44 lines
1.2 KiB
C#
using StellaOps.Auth.Abstractions;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using static StellaOps.Localization.T;
|
|
|
|
namespace StellaOps.Configuration;
|
|
|
|
public sealed partial class AuthorityTenantRoleOptions
|
|
{
|
|
private static readonly HashSet<string> _allowedAttributeKeys = new(new[]
|
|
{
|
|
"env",
|
|
"owner",
|
|
"business_tier"
|
|
}, StringComparer.OrdinalIgnoreCase);
|
|
|
|
internal void Validate(string tenantId, string roleName)
|
|
{
|
|
if (Scopes.Count == 0)
|
|
{
|
|
throw new InvalidOperationException(_t("config.tenant.role_scope_required", tenantId, roleName));
|
|
}
|
|
|
|
foreach (var scope in Scopes)
|
|
{
|
|
if (!StellaOpsScopes.IsKnown(scope))
|
|
{
|
|
throw new InvalidOperationException(_t("config.tenant.role_unknown_scope", tenantId, roleName, scope));
|
|
}
|
|
}
|
|
|
|
if (Attributes.Count > 0)
|
|
{
|
|
foreach (var attributeName in Attributes.Keys)
|
|
{
|
|
if (!_allowedAttributeKeys.Contains(attributeName))
|
|
{
|
|
throw new InvalidOperationException(_t("config.tenant.role_unsupported_attribute", tenantId, roleName, attributeName));
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|