(ctx context.Context, instance *store.InstanceMessage, dataSource *storepb.DataSource)
| 412 | } |
| 413 | |
| 414 | func (s *InstanceService) checkDataSource(ctx context.Context, instance *store.InstanceMessage, dataSource *storepb.DataSource) error { |
| 415 | if dataSource.GetId() == "" { |
| 416 | return connect.NewError(connect.CodeInvalidArgument, errors.New("data source id is required")) |
| 417 | } |
| 418 | |
| 419 | // Validate IAM credential restrictions in SaaS mode |
| 420 | if err := s.validateIAMCredentialForSaaS(dataSource); err != nil { |
| 421 | return err |
| 422 | } |
| 423 | |
| 424 | // Validate external secret restrictions in SaaS mode |
| 425 | if err := s.validateExternalSecretForSaaS(dataSource); err != nil { |
| 426 | return err |
| 427 | } |
| 428 | |
| 429 | if err := s.licenseService.IsFeatureEnabledForInstance(ctx, common.GetWorkspaceIDFromContext(ctx), v1pb.PlanFeature_FEATURE_EXTERNAL_SECRET_MANAGER, instance); err != nil { |
| 430 | missingFeatureError := connect.NewError(connect.CodePermissionDenied, err) |
| 431 | if dataSource.GetExternalSecret() != nil { |
| 432 | return missingFeatureError |
| 433 | } |
| 434 | return nil |
| 435 | } |
| 436 | |
| 437 | // Validate extra connection parameters for MySQL-compatible engines |
| 438 | if err := validateExtraConnectionParameters(instance.Metadata.GetEngine(), dataSource.GetExtraConnectionParameters()); err != nil { |
| 439 | return connect.NewError(connect.CodeInvalidArgument, err) |
| 440 | } |
| 441 | |
| 442 | return nil |
| 443 | } |
| 444 | |
| 445 | func (s *InstanceService) validateIAMCredentialForSaaS(dataSource *storepb.DataSource) error { |
| 446 | if !s.profile.SaaS { |
no test coverage detected