move error handling to api

bakito · May 13, 2023 · 6cf43c0 · 6cf43c0
1 parent 5b888fe
commit 6cf43c0
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 5 deletions.
diff --git a/pkg/handler/index.go b/pkg/handler/index.go
@@ -13,6 +13,7 @@ type Handler struct {
 	sealer    seal.Sealer
 	indexHTML string
 	filter    *config.FieldFilter
+	cfg       *config.Config
 }
 
 func New(indexHTML string, sealer seal.Sealer, cfg *config.Config) *Handler {

diff --git a/pkg/handler/validate.go b/pkg/handler/validate.go
@@ -1,14 +1,21 @@
 package handler
 
 import (
+	"fmt"
 	"log"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
 )
 
 func (h *Handler) Validate(c *gin.Context) {
+	if h.cfg.SealedSecrets.CertURL != "" {
+		configError := fmt.Errorf("validate can't be used with CertURL (%s)", h.cfg.SealedSecrets.CertURL)
+		c.Data(http.StatusConflict, "text/plain", []byte(configError.Error()))
+		return
+	}
 	err := h.sealer.Validate(c, c.Request.Body)
+
 	if err != nil {
 		log.Printf("Error in %s: %v\n", Sanitize(c.Request.URL.Path), err)
 		c.Data(http.StatusBadRequest, "text/plain", []byte(err.Error()))

diff --git a/pkg/handler/validate_test.go b/pkg/handler/validate_test.go
@@ -58,5 +58,16 @@ var _ = Describe("Handler ", func() {
 			Ω(recorder.Body.String()).Should(Equal("Validation failed"))
 			Ω(recorder.Header().Get("Content-Type")).Should(Equal("text/plain"))
 		})
+
+		It("should return an error if certURL is used", func() {
+			c.Request, _ = http.NewRequest("POST", "/v1/validate", bytes.NewReader([]byte(stringDataAsYAML)))
+			c.Request.Header.Set("Content-Type", "application/x-yaml")
+
+			sealer.EXPECT().Validate(gomock.Any(), gomock.Any()).Return(errors.New("Validation failed"))
+
+			Ω(recorder.Code).Should(Equal(http.StatusBadRequest))
+			Ω(recorder.Body.String()).Should(Equal("Validation failed"))
+			Ω(recorder.Header().Get("Content-Type")).Should(Equal("text/plain"))
+		})
 	})
 })
diff --git a/pkg/seal/seal.go b/pkg/seal/seal.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"context"
 	"crypto/rsa"
-	"fmt"
 	"io"
 	"log"
 	"os"
@@ -103,10 +102,6 @@ func (a *apiSealer) Raw(data Raw) ([]byte, error) {
 }
 
 func (a *apiSealer) Validate(ctx context.Context, secret io.Reader) error {
-	if a.ss.CertURL != "" {
-		return fmt.Errorf("Validate can't be used with CertURL (%s)\n", a.ss.CertURL)
-	}
-
 	return kubeseal.ValidateSealedSecret(
 		ctx,
 		a.clientConfig,