Implement validation

main.go

@@ -95,6 +95,7 @@ func setupRouter(coreClient corev1.CoreV1Interface, ssClient ssClient.BitnamiV1a
 	api.GET("/certificate", h.Certificate)
 	api.POST("/kubeseal", h.KubeSeal)
 	api.POST("/dencode", h.Dencode)
+	api.POST("/validate", h.Validate)
 
 	api.GET("/secret/:namespace/:name", sHandler.Secret)
 	api.GET("/secrets", sHandler.AllSecrets)

pkg/handler/validate.go

@@ -0,0 +1,18 @@
+package handler
+
+import (
+	"log"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+func (h *Handler) Validate(c *gin.Context) {
+	err := h.sealer.Validate(c.Request.Body)
+	if err != nil {
+		log.Printf("Error in %s: %v\n", Sanitize(c.Request.URL.Path), err)
+		c.Data(http.StatusBadRequest, "text/plain", []byte(err.Error()))
+	} else {
+		c.Data(http.StatusOK, "text/plain", []byte("OK"))
+	}
+}

pkg/seal/seal.go

@@ -19,6 +19,7 @@ type Sealer interface {
 	Raw(data Raw) ([]byte, error)
 	Certificate() ([]byte, error)
 	Seal(outputFormat string, secret io.Reader) ([]byte, error)
+	Validate(secret io.Reader) error
 }
 
 var _ Sealer = &apiSealer{}
@@ -100,6 +101,19 @@ func (a *apiSealer) Raw(data Raw) ([]byte, error) {
 	return buf.Bytes(), nil
 }
 
+func (a *apiSealer) Validate(secret io.Reader) error {
+	if err := kubeseal.ValidateSealedSecret(
+		context.TODO(),
+		a.clientConfig,
+		a.ss.Namespace,
+		a.ss.Service,
+		secret,
+	); err != nil {
+		return err
+	}
+	return nil
+}
+
 type Raw struct {
 	Value     string `json:"value"`
 	Name      string `json:"name"`

templates/index.html

@@ -22,6 +22,7 @@
         <v-btn @click="dencode" text>Encode / Decode</v-btn>
         {{ if eq .DisableLoadSecrets false}}<v-btn @click="loadSecrets" text>Secrets</v-btn>{{end}}
         <v-btn @click="seal" text>Seal</v-btn>
+        <v-btn @click="validate" text>Validate</v-btn>
       </v-app-bar>
 
       <v-main>
@@ -71,10 +72,11 @@
         </v-card>
       </v-dialog>
 
-      <v-snackbar :bottom="true" :multi-line="true" :right="true" :timeout="5000" v-model="snackbar" color="error">
-          {{"{{error}}"}}
-        <v-btn @click="error = ''" dark text>Close</v-btn>
+      <v-snackbar :bottom="true" :multi-line="true" :right="true" :timeout="5000" v-model="snackbar" :color="messageType">
+          {{"{{message}}"}}
+        <v-btn @click="message = ''" dark text>Close</v-btn>
       </v-snackbar>
+    </v-snackbar>
       <v-footer color="primary" padless >
           <v-col class="primary py-1 text-center white--text text-caption" cols="12" >
             Sealed Secrets Web ({{.Version}})
@@ -100,7 +102,10 @@
         return {
           secrets: Object,
           dialogVisible: false,
-          error: '',
+          message: '',
+          messageType: '',
+          successMessage: '',
+          showSuccess: false,
           editor1: Object,
           editor2: Object,
           editor1Content: INITIAL_SECRET,
@@ -130,11 +135,11 @@
       computed: {
         snackbar: {
           get() {
-            return this.error !== ''
+            return this.message !== ''
           },
           set(newValue) {
             if (newValue === false) {
-              this.error = ''
+              this.message = ''
             }
           }
         },
@@ -177,15 +182,17 @@
             this.editor2Content = res.data
             this.editor2.setValue(this.editor2Content, 1)
           }).catch(err => {
-            this.error = err.response.data
+            this.messageType = 'error'
+            this.message = err.response.data
           });
         },
         loadSecrets() {
           axios.get('{{.WebContext}}api/secrets').then(res => {
             this.secrets = res.data.secrets
             this.dialogVisible = true
           }).catch(err => {
-            this.error = err.response.data
+            this.messageType = 'error'
+            this.message = err.response.data
           });
         },
         loadSecret(namespace, name) {
@@ -198,7 +205,8 @@
             this.editor1.setValue(this.editor1Content, 1)
             this.dialogVisible = false
           }).catch(err => {
-            this.error = err.response.data
+            this.messageType = 'error'
+            this.message = err.response.data
           });
         },
         dencode() {
@@ -211,7 +219,8 @@
             this.editor1Content = res.data
             this.editor1.setValue(this.editor1Content, 1)
           }).catch(err => {
-            this.error = err.response
+            this.messageType = 'error'
+            this.message = err.response
           });
         },
         changeSecretFormat(selected) {
@@ -224,7 +233,8 @@
             }
             this.editor1.setValue(this.editor1Content, 1)
           } catch (err) {
-            this.error = err
+            this.messageType = 'error'
+            this.message = err
           }
         },
         changeSealedSecretFormat(selected) {
@@ -237,14 +247,30 @@
             }
             this.editor2.setValue(this.editor2Content, 1)
           } catch (err) {
-            this.error = err
+            this.messageType = 'error'
+            this.message = err
           }
         },
         contentType(c) {
           if (c === "json") {
             return 'application/json'
           }
           return 'application/x-yaml'
+        },
+        validate() {
+          axios.post('{{.WebContext}}api/validate', this.editor2Content, {
+            headers: {
+                'Content-Type': this.contentType(this.secretFormat),
+                'Accept': 'text/plain'
+            },
+            transformResponse: (r) => r
+          }).then(res => {
+            this.messageType = 'success'
+            this.message = 'Sealed secret is valid'
+          }).catch(err => {
+            this.messageType = 'error'
+            this.message = err.response.data
+          });
         }
       }
     })