Add Validation for External OAuth Config

pkg/cmd/server/apis/config/validation/master.go

@@ -25,6 +25,7 @@ import (
 	configapi "github.com/openshift/origin/pkg/cmd/server/apis/config"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
 	"github.com/openshift/origin/pkg/cmd/server/cm"
+	oauthutil "github.com/openshift/origin/pkg/oauth/util"
 	"github.com/openshift/origin/pkg/security/mcs"
 	"github.com/openshift/origin/pkg/security/uid"
 	"github.com/openshift/origin/pkg/util/labelselector"
@@ -144,6 +145,15 @@ func ValidateMasterConfig(config *configapi.MasterConfig, fldPath *field.Path) V
 	if config.OAuthConfig != nil {
 		validationResults.Append(ValidateOAuthConfig(config.OAuthConfig, fldPath.Child("oauthConfig")))
 	}
+	if config.ExternalOAuthConfig != nil {
+		if config.OAuthConfig != nil {
+			validationResults.AddErrors(field.Invalid(fldPath.Child("externalOAuthConfig"), config.ExternalOAuthConfig, "Cannot specify External OAuth Config when the internal Oauth Server is configured"))
+		}
+		_, err := oauthutil.DecodeOAuthMetadataFile(config.ExternalOAuthConfig.MetadataFile)
+		if err != nil {
+			validationResults.AddErrors(field.Invalid(fldPath.Child("externalOAuthConfig", "metadataFile"), config.ExternalOAuthConfig.MetadataFile, fmt.Sprintf("Metadata validation failed: %v", err)))
+		}
+	}
 
 	validationResults.Append(ValidateServiceAccountConfig(config.ServiceAccountConfig, builtInKubernetes, fldPath.Child("serviceAccountConfig")))