From f457d2bb53bed7d5b8d28db263d36789873a06a0 Mon Sep 17 00:00:00 2001 From: flyinghermit Date: Tue, 17 Dec 2024 15:07:05 -0500 Subject: [PATCH] check if plugin type is 'PluginTypeAWSIdentityCenter' and 'PluginAWSICSettings' before saml app and oidc integration deletion --- lib/services/local/integrations.go | 8 +++++--- lib/services/local/saml_idp_service_provider.go | 10 +++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/lib/services/local/integrations.go b/lib/services/local/integrations.go index 3b9842ee79690..8137b3fbbbb77 100644 --- a/lib/services/local/integrations.go +++ b/lib/services/local/integrations.go @@ -212,9 +212,11 @@ func integrationReferencedByAWSICPlugin(ctx context.Context, bk backend.Backend, if !ok { continue } - - if pluginV1.GetType() == types.PluginType(types.PluginTypeAWSIdentityCenter) { - switch pluginV1.Spec.GetAwsIc().IntegrationName { + if pluginV1.GetType() != types.PluginType(types.PluginTypeAWSIdentityCenter) { + continue + } + if awsIC := pluginV1.Spec.GetAwsIc(); awsIC != nil { + switch awsIC.IntegrationName { case name: return nil, trace.BadParameter("cannot delete AWS OIDC integration currently referenced by AWS Identity Center integration %q", pluginV1.GetName()) default: diff --git a/lib/services/local/saml_idp_service_provider.go b/lib/services/local/saml_idp_service_provider.go index da99ef05d8ad0..6b08cf084afd9 100644 --- a/lib/services/local/saml_idp_service_provider.go +++ b/lib/services/local/saml_idp_service_provider.go @@ -419,9 +419,13 @@ func spReferencedByAWSICPlugin(ctx context.Context, bk backend.Backend, serviceP if !ok { continue } - - if pluginV1.Spec.GetAwsIc().SamlIdpServiceProviderName == serviceProviderName { - return trace.BadParameter("cannot delete SAML service provider currently referenced by AWS Identity Center integration %q", pluginV1.GetName()) + if pluginV1.GetType() != types.PluginType(types.PluginTypeAWSIdentityCenter) { + continue + } + if awsIC := pluginV1.Spec.GetAwsIc(); awsIC != nil { + if awsIC.SamlIdpServiceProviderName == serviceProviderName { + return trace.BadParameter("cannot delete SAML service provider currently referenced by AWS Identity Center integration %q", pluginV1.GetName()) + } } }