Fix config validation

99designs · Mar 1, 2023 · 1ca5051 · 1ca5051
1 parent 624fb04
commit 1ca5051
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/vault/config.go b/vault/config.go
@@ -660,6 +660,10 @@ func (c *Config) HasRole() bool {
 	return c.RoleARN != ""
 }
 
+func (c *Config) HasSSOSession() bool {
+	return c.SSOSession != ""
+}
+
 func (c *Config) HasSSOStartURL() bool {
 	return c.SSOStartURL != ""
 }
@@ -707,6 +711,10 @@ func (c *Config) GetSessionTokenDuration() time.Duration {
 }
 
 func (c *Config) Validate() error {
+	if c.HasSSOSession() && !c.HasSSOStartURL() {
+		return fmt.Errorf("profile '%s' has sso_session but no sso_start_url", c.ProfileName)
+	}
+
 	n := 0
 	if c.HasSSOStartURL() {
 		n++
@@ -720,6 +728,9 @@ func (c *Config) Validate() error {
 	if c.HasRole() {
 		n++
 	}
+	if c.HasSourceProfile() {
+		n++
+	}
 
 	if n > 1 {
 		return fmt.Errorf("profile '%s' has more than one source of credentials", c.ProfileName)