Provide validation for identityId with Azure pod identity in TriggerAuthentication

[tomkerkhove]

Provide validation for identityId with Azure pod identity in TriggerAuthentication.

I've seen a scenario where an empty application ID was specified and it was not blocked, most probably because we see it as the default?

[JorTurFer]

Empty value is the default value, so we don't have any good way to difference between empty by error or just not provided.
Which is the scenario that you want to avoid? I mean, if a user provides an empty clientID, the default clientID will be used. We could validate the input checking if it's a GUID or not, but I'm not sure if that's useful either

[tomkerkhove]

Can we distinguish empty from nil? Imagine someone wants to use identityId but the automation/configuration contains a bug and causes to pass an empty ID instead it will pas (ie tokenization failure, etc).

[JorTurFer]

I'm not totally sure if we can, because an empty string isn't nil, is "". I'd need to check if we are using a pointer here. I'll review it later on

[tomkerkhove]

I'm not totally sure if we can, because an empty string isn't nil, is ""

Well that is my question actually, can we use nil as the default value instead of ""? Because if we can, that means we can provide validation and block creation of resources where "" was specified.

[JorTurFer]

Currently, the default value is "" and not nil. We'd need to modify the code to use pointers as part of the validation process changes

[tomkerkhove]

That sounds like a viable thing to do allowing us to validate the input, what do you think?

It's just an idea, I don't want to push this though :)

[JorTurFer]

I think that we can give a try

[tomkerkhove]

Let's see if I can do this :)

[tomkerkhove]

@SpiritZhou is working on this

[tomkerkhove]

Thanks @SpiritZhou !