redhat-ai-tools
diff --git a/‎go.mod
Lines changed: 14 additions & 13 deletions b/‎go.mod
Lines changed: 14 additions & 13 deletions
diff --git a/‎go.sum
Lines changed: 55 additions & 35 deletions b/‎go.sum
Lines changed: 55 additions & 35 deletions
diff --git a/‎pkg/htpasswd/validation.go
Lines changed: 145 additions & 0 deletions b/‎pkg/htpasswd/validation.go
Lines changed: 145 additions & 0 deletions
@@ -4,8 +4,9 @@ go 1.24.4
 
 require (
 	github.com/BurntSushi/toml v1.5.0
-	github.com/golang/glog v1.0.0
+	github.com/golang/glog v1.2.0
 	github.com/mark3labs/mcp-go v0.37.0
+	github.com/openshift-online/ocm-common v0.0.25
 	github.com/openshift-online/ocm-sdk-go v0.1.473
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
@@ -18,36 +19,36 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/invopop/jsonschema v0.13.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/microcosm-cc/bluemonday v1.0.18 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect
+	github.com/microcosm-cc/bluemonday v1.0.23 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/openshift-online/ocm-api-model/clientapi v0.0.426 // indirect
 	github.com/openshift-online/ocm-api-model/model v0.0.426 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.12.1 // indirect
+	github.com/prometheus/client_golang v1.13.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/spf13/cast v1.7.1 // indirect
 	github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
 	github.com/yosida95/uritemplate/v3 v3.0.2 // indirect
-	golang.org/x/net v0.21.0 // indirect
-	golang.org/x/oauth2 v0.15.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/oauth2 v0.19.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/protobuf v1.34.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
@@ -0,0 +1,145 @@
+package htpasswd
+
+import (
+	"encoding/base64"
+	"fmt"
+	"regexp"
+	"strings"
+
+	passwordValidator "github.com/openshift-online/ocm-common/pkg/idp/validations"
+)
+
+const ClusterAdminUsername = "cluster-admin"
+
+var idRE = regexp.MustCompile(`(?i)^[0-9a-z]+([-_][0-9a-z]+)*$`)
+
+// UsernameValidator - copied from rosa/cmd/create/idp/htpasswd.go:259
+func UsernameValidator(val interface{}) error {
+	if username, ok := val.(string); ok {
+		if strings.ContainsAny(username, "/:%") {
+			return fmt.Errorf("invalid username '%s': "+
+				"username must not contain /, :, or %%", username)
+		}
+		return nil
+	}
+	return fmt.Errorf("can only validate strings, got '%v'", val)
+}
+
+// clusterAdminValidator - copied from rosa/cmd/create/idp/htpasswd.go:270
+func clusterAdminValidator(val interface{}) error {
+	if username, ok := val.(string); ok {
+		if username == ClusterAdminUsername {
+			return fmt.Errorf("username '%s' is not allowed. It is preserved for cluster admin creation", username)
+		}
+		return nil
+	}
+	return fmt.Errorf("can only validate strings, got '%v'", val)
+}
+
+// ValidateIdpName - copied from rosa/cmd/create/idp/cmd.go:448
+func ValidateIdpName(idpName interface{}) error {
+	name, ok := idpName.(string)
+	if !ok {
+		return fmt.Errorf("Invalid type for identity provider name. Expected a string, got %T", idpName)
+	}
+
+	if !idRE.MatchString(name) {
+		return fmt.Errorf("Invalid identifier '%s' for 'name'", idpName)
+	}
+
+	if strings.EqualFold(name, "cluster-admin") {
+		return fmt.Errorf("The name \"cluster-admin\" is reserved for admin user IDP")
+	}
+	return nil
+}
+
+// validateHtUsernameAndPassword - copied from rosa/cmd/create/idp/htpasswd.go:318
+func validateHtUsernameAndPassword(username, password string) error {
+	err := UsernameValidator(username)
+	if err != nil {
+		return err
+	}
+	err = clusterAdminValidator(username)
+	if err != nil {
+		return err
+	}
+	err = passwordValidator.PasswordValidator(password)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// parseHtpasswordFile - copied from rosa/cmd/create/idp/htpasswd.go:281
+func parseHtpasswordFile(usersList *map[string]string, fileContent string) error {
+	lines := strings.Split(fileContent, "\n")
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+		if line == "" {
+			continue
+		}
+
+		// split "user:password" at colon
+		username, password, found := strings.Cut(line, ":")
+		if !found || username == "" || password == "" {
+			return fmt.Errorf("Malformed line, Expected: validUsername:validPassword, Got: %s", line)
+		}
+
+		(*usersList)[username] = password
+	}
+	return nil
+}
+
+// ProcessUserInput - processes MCP tool parameters using ROSA CLI patterns
+func ProcessUserInput(userInput map[string]interface{}) (map[string]string, bool, error) {
+	userList := make(map[string]string)
+	isHashedPassword := false
+
+	// Option 1: users array (comma-separated list like ROSA CLI)
+	if users, ok := userInput["users"].([]interface{}); ok && len(users) > 0 {
+		for _, user := range users {
+			userStr, ok := user.(string)
+			if !ok {
+				return nil, false, fmt.Errorf("invalid user format, expected string")
+			}
+			username, password, found := strings.Cut(userStr, ":")
+			if !found {
+				return nil, false, fmt.Errorf("users should be provided in format username:password")
+			}
+			userList[username] = password
+		}
+		return userList, false, nil
+	}
+
+	// Option 2: single username/password (ROSA CLI backward compatibility)
+	if username, hasUsername := userInput["username"].(string); hasUsername {
+		if password, hasPassword := userInput["password"].(string); hasPassword {
+			userList[username] = password
+			return userList, false, nil
+		}
+		return nil, false, fmt.Errorf("password required when username is provided")
+	}
+
+	// Option 3: htpasswd file content
+	if fileContent, ok := userInput["htpasswd_file_content"].(string); ok && fileContent != "" {
+		// Decode base64 content
+		decoded, err := base64.StdEncoding.DecodeString(fileContent)
+		if err != nil {
+			return nil, false, fmt.Errorf("failed to decode htpasswd file content: %w", err)
+		}
+
+		// Use ROSA CLI parsing function
+		if err := parseHtpasswordFile(&userList, string(decoded)); err != nil {
+			return nil, false, fmt.Errorf("failed to parse htpasswd file: %w", err)
+		}
+		isHashedPassword = true // htpasswd files contain pre-hashed passwords
+		return userList, isHashedPassword, nil
+	}
+
+	return nil, false, fmt.Errorf("no user input provided: specify 'users', 'username'+'password', or 'htpasswd_file_content'")
+}
+
+// ValidateUserCredentials - validates username and password using ROSA CLI validation
+func ValidateUserCredentials(username, password string) error {
+	return validateHtUsernameAndPassword(username, password)
+}