switch from application/x-yaml to application/yaml (#251)

* switch from application/x-yaml to application/yaml as it is supported now by gin and deprecated in RFC 9512

* use new gin constant

* use binding constant

* overwrite faulty func

.golangci.yaml

@@ -19,7 +19,6 @@ linters:
   - govet
   - importas
   - ineffassign
-  - megacheck
   - misspell
   - nakedret
   - nolintlint

README.md

@@ -78,7 +78,7 @@ curl --request GET 'https://<SEALED_SECRETS_WEB_BASE_URL>/api/certificate'
 
 ```bash
 curl --request POST 'https://<SEALED_SECRETS_WEB_BASE_URL>/api/kubeseal' \
-  --header 'Accept: application/x-yaml' \
+  --header 'Accept: application/yaml' \
   --data-binary '@stringData.yaml'
 ```
 
@@ -105,7 +105,7 @@ curl -request POST 'https://<SEALED_SECRETS_WEB_BASE_URL>/api/raw' \
 
 ```bash
 curl --request POST 'https://<SEALED_SECRETS_WEB_BASE_URL>/api/validate' \
-  --header 'Accept: application/x-yaml' \
+  --header 'Accept: application/yaml' \
   --data-binary '@stringData.yaml'
 ```
 
@@ -163,4 +163,4 @@ sealedSecrets:
 
 webLogs: true
 webContext: /seal
-```
+```

go.mod

@@ -1,6 +1,6 @@
 module github.com/bakito/sealed-secrets-web
 
-go 1.22.2
+go 1.22.3
 
 require (
 	github.com/bitnami-labs/sealed-secrets v0.26.2

pkg/handler/dencode_test.go

@@ -45,23 +45,23 @@ var _ = Describe("Handler ", func() {
 		})
 		It("should encode input as yaml and output as yaml", func() {
 			c.Request, _ = http.NewRequest("POST", "/v1/dencode", bytes.NewReader([]byte(stringDataAsYAML)))
-			c.Request.Header.Set("Content-Type", "application/x-yaml")
-			c.Request.Header.Set("Accept", "application/x-yaml")
+			c.Request.Header.Set("Content-Type", "application/yaml")
+			c.Request.Header.Set("Accept", "application/yaml")
 			h.Dencode(c)
 
 			Ω(recorder.Code).Should(Equal(http.StatusOK))
 			Ω(recorder.Body.String()).Should(Equal(dataAsYAML))
-			Ω(recorder.Header().Get("Content-Type")).Should(Equal("application/x-yaml"))
+			Ω(recorder.Header().Get("Content-Type")).Should(Equal("application/yaml"))
 		})
 		It("should decode input as yaml and output as yaml", func() {
 			c.Request, _ = http.NewRequest("POST", "/v1/dencode", bytes.NewReader([]byte(dataAsYAML)))
-			c.Request.Header.Set("Content-Type", "application/x-yaml")
-			c.Request.Header.Set("Accept", "application/x-yaml")
+			c.Request.Header.Set("Content-Type", "application/yaml")
+			c.Request.Header.Set("Accept", "application/yaml")
 			h.Dencode(c)
 
 			Ω(recorder.Code).Should(Equal(http.StatusOK))
 			Ω(recorder.Body.String()).Should(Equal(stringDataAsYAML))
-			Ω(recorder.Header().Get("Content-Type")).Should(Equal("application/x-yaml"))
+			Ω(recorder.Header().Get("Content-Type")).Should(Equal("application/yaml"))
 		})
 		It("should encode input as json and output as text not acceptable", func() {
 			c.Request, _ = http.NewRequest("POST", "/v1/dencode", bytes.NewReader([]byte(dataAsJSON)))

pkg/handler/kubeseal.go

@@ -1,10 +1,12 @@
 package handler
 
 import (
+	"errors"
 	"log"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"github.com/gin-gonic/gin/binding"
 	"k8s.io/apimachinery/pkg/runtime"
 )
 
@@ -17,16 +19,46 @@ func (h *Handler) KubeSeal(c *gin.Context) {
 	ss, err := h.sealer.Seal(outputFormat, c.Request.Body)
 	if err != nil {
 		log.Printf("Error in %s: %v\n", Sanitize(c.Request.URL.Path), err)
-		c.Negotiate(http.StatusInternalServerError, gin.Negotiate{
-			Offered: []string{gin.MIMEJSON, gin.MIMEYAML},
+		contextNegotiate(c, http.StatusInternalServerError, gin.Negotiate{
+			Offered: []string{outputContentType},
 			Data:    gin.H{"error": err.Error()},
 		})
+		c.Data(http.StatusInternalServerError, outputContentType, ss)
 		return
 	}
 
 	c.Data(http.StatusOK, outputContentType, ss)
 }
 
+// fox for gin 1.10 incomplete yaml handling https://github.com/gin-gonic/gin/issues/3965
+func contextNegotiate(c *gin.Context, code int, config gin.Negotiate) {
+	switch c.NegotiateFormat(config.Offered...) {
+	case binding.MIMEJSON:
+		data := config.Data
+		c.JSON(code, data)
+
+	case binding.MIMEHTML:
+		data := config.Data
+		c.HTML(code, config.HTMLName, data)
+
+	case binding.MIMEXML:
+		data := config.Data
+		c.XML(code, data)
+
+	case binding.MIMEYAML:
+	case binding.MIMEYAML2:
+		data := config.Data
+		c.YAML(code, data)
+
+	case binding.MIMETOML:
+		data := config.Data
+		c.TOML(code, data)
+
+	default:
+		c.AbortWithError(http.StatusNotAcceptable, errors.New("the accepted formats are not offered by the server")) //nolint: errcheck
+	}
+}
+
 func NegotiateFormat(c *gin.Context) (string, string, bool) {
 	contentType := c.NegotiateFormat(gin.MIMEJSON, gin.MIMEYAML, runtime.ContentTypeYAML)
 	var outputFormat string

pkg/handler/kubeseal_test.go

@@ -49,30 +49,30 @@ var _ = Describe("Handler ", func() {
 
 		It("should kubeseal input as yaml and output as yaml", func() {
 			c.Request, _ = http.NewRequest("POST", "/v1/kubeseal", bytes.NewReader([]byte(stringDataAsYAML)))
-			c.Request.Header.Set("Content-Type", "application/x-yaml")
-			c.Request.Header.Set("Accept", "application/x-yaml")
+			c.Request.Header.Set("Content-Type", "application/yaml")
+			c.Request.Header.Set("Accept", "application/yaml")
 
 			sealer.EXPECT().Seal("yaml", gomock.Any()).Return([]byte(sealedAsYAML), nil)
 
 			h.KubeSeal(c)
 
 			Ω(recorder.Code).Should(Equal(http.StatusOK))
 			Ω(recorder.Body.String()).Should(Equal(sealedAsYAML))
-			Ω(recorder.Header().Get("Content-Type")).Should(Equal("application/x-yaml"))
+			Ω(recorder.Header().Get("Content-Type")).Should(Equal("application/yaml"))
 		})
 
 		It("should return an error if seal is not successful", func() {
 			c.Request, _ = http.NewRequest("POST", "/v1/kubeseal", bytes.NewReader([]byte(stringDataAsYAML)))
-			c.Request.Header.Set("Content-Type", "application/x-yaml")
-			c.Request.Header.Set("Accept", "application/x-yaml")
+			c.Request.Header.Set("Content-Type", "application/yaml")
+			c.Request.Header.Set("Accept", "application/yaml")
 
 			sealer.EXPECT().Seal(gomock.Any(), gomock.Any()).Return(nil, errors.New("error sealing"))
 
 			h.KubeSeal(c)
 
 			Ω(recorder.Code).Should(Equal(http.StatusInternalServerError))
 			Ω(recorder.Body.String()).Should(Equal("error: error sealing\n"))
-			Ω(recorder.Header().Get("Content-Type")).Should(Equal("application/x-yaml; charset=utf-8"))
+			Ω(recorder.Header().Get("Content-Type")).Should(Equal("application/yaml; charset=utf-8"))
 		})
 	})
 })

pkg/handler/validate_test.go

@@ -39,7 +39,7 @@ var _ = Describe("Handler ", func() {
 
 		It("should return success if validation succeeds", func() {
 			c.Request, _ = http.NewRequest("POST", "/v1/validate", bytes.NewReader([]byte(stringDataAsYAML)))
-			c.Request.Header.Set("Content-Type", "application/x-yaml")
+			c.Request.Header.Set("Content-Type", "application/yaml")
 
 			sealer.EXPECT().Validate(gomock.Any(), gomock.Any()).Return(nil)
 
@@ -52,7 +52,7 @@ var _ = Describe("Handler ", func() {
 
 		It("should return an error if validation fails", func() {
 			c.Request, _ = http.NewRequest("POST", "/v1/validate", bytes.NewReader([]byte(stringDataAsYAML)))
-			c.Request.Header.Set("Content-Type", "application/x-yaml")
+			c.Request.Header.Set("Content-Type", "application/yaml")
 
 			sealer.EXPECT().Validate(gomock.Any(), gomock.Any()).Return(errors.New("Validation failed"))
 
@@ -66,7 +66,7 @@ var _ = Describe("Handler ", func() {
 		It("should return an error if certURL is used", func() {
 			cfg.SealedSecrets.CertURL = "http://sealed-secrets/v1/cert.pem"
 			c.Request, _ = http.NewRequest("POST", "/v1/validate", bytes.NewReader([]byte(stringDataAsYAML)))
-			c.Request.Header.Set("Content-Type", "application/x-yaml")
+			c.Request.Header.Set("Content-Type", "application/yaml")
 
 			h.Validate(c)
 

templates/index.html

@@ -256,7 +256,7 @@
           if (c === "json") {
             return 'application/json'
           }
-          return 'application/x-yaml'
+          return 'application/yaml'
         },
         validate() {
           axios.post('{{.WebContext}}api/validate', this.editor2Content, {

testdata/e2e/runTestDencode.sh

@@ -3,29 +3,29 @@ set -e
 
 echo "Test /api/dencode should b64 encode secret springData having yaml input and yaml output"
 curl --silent --show-error --request POST 'http://localhost/ssw/api/dencode' \
-  --header 'Content-Type: application/x-yaml' \
-  --header 'Accept: application/x-yaml' \
+  --header 'Content-Type: application/yaml' \
+  --header 'Accept: application/yaml' \
   --data-binary '@stringData.yaml' \
   | diff --strip-trailing-cr --ignore-blank-lines data.yaml -
 
 echo "Test /api/dencode should b64 decode secret data having yaml input and yaml output"
 curl --silent --show-error --request POST 'http://localhost/ssw/api/dencode' \
-  --header 'Content-Type: application/x-yaml' \
-  --header 'Accept: application/x-yaml' \
+  --header 'Content-Type: application/yaml' \
+  --header 'Accept: application/yaml' \
   --data-binary '@data.yaml' \
   | yq --prettyPrint | diff --strip-trailing-cr --ignore-blank-lines stringData.yaml -
 
 echo "Test /api/dencode should b64 encode secret springData having yaml input and json output"
 curl --silent --show-error --request POST 'http://localhost/ssw/api/dencode' \
-  --header 'Content-Type: application/x-yaml' \
+  --header 'Content-Type: application/yaml' \
   --header 'Accept: application/json' \
   --data-binary '@stringData.yaml' \
   | jq --sort-keys . \
   | diff <(jq --sort-keys . data.json)  -
 
 echo "Test /api/dencode should b64 decode secret data having yaml input and json output"
 curl --silent --show-error --request POST 'http://localhost/ssw/api/dencode' \
-  --header 'Content-Type: application/x-yaml' \
+  --header 'Content-Type: application/yaml' \
   --header 'Accept: application/json' \
   --data-binary '@data.yaml' \
   | jq --sort-keys . \
@@ -51,13 +51,13 @@ curl --silent --show-error --request POST 'http://localhost/ssw/api/dencode' \
 echo "Test /api/dencode should b64 encode secret springData having json input and yaml output"
 curl --silent --show-error --request POST 'http://localhost/ssw/api/dencode' \
   --header 'Content-Type: application/json' \
-  --header 'Accept: application/x-yaml' \
+  --header 'Accept: application/yaml' \
   --data-binary '@stringData.json' \
   | diff --strip-trailing-cr --ignore-blank-lines data.yaml -
 
 echo "Test /api/dencode should b64 decode secret data having json input and yaml output"
 curl --silent --show-error --request POST 'http://localhost/ssw/api/dencode' \
   --header 'Content-Type: application/json' \
-  --header 'Accept: application/x-yaml' \
+  --header 'Accept: application/yaml' \
   --data-binary '@data.json' \
   | yq --prettyPrint | diff --strip-trailing-cr --ignore-blank-lines stringData.yaml -

testdata/e2e/runTestKubeseal.sh

@@ -4,7 +4,7 @@ set -e
 echo "Test /api/kubeseal should seal secret having yaml input and yaml output"
 
 SEALED_SECRET=$(curl --silent --show-error --request POST 'http://localhost/ssw/api/kubeseal' \
-  --header 'Accept: application/x-yaml' \
+  --header 'Accept: application/yaml' \
   --data-binary '@stringData.yaml')
 
 echo "$SEALED_SECRET" | yq -r .apiVersion | grep --quiet "bitnami.com/v1alpha1"
@@ -15,7 +15,7 @@ echo "$SEALED_SECRET" | yq -r .metadata.namespace | grep --quiet "mysecretnamesp
 echo "Test /api/kubeseal should seal secret having json input and yaml output"
 
 SEALED_SECRET=$(curl --silent --show-error --request POST 'http://localhost/ssw/api/kubeseal' \
-  --header 'Accept: application/x-yaml' \
+  --header 'Accept: application/yaml' \
   --data-binary '@stringData.json')
 
 echo "$SEALED_SECRET" | yq -r .apiVersion | grep --quiet "bitnami.com/v1alpha1"

testdata/e2e/runTestValidate.sh

@@ -4,7 +4,7 @@ set -e
 echo "Test /api/validate should respond 200 if sealed secret is valid"
 
 SEALED_SECRET=$(curl --silent --show-error --request POST 'http://localhost/ssw/api/kubeseal' \
-  --header 'Accept: application/x-yaml' \
+  --header 'Accept: application/yaml' \
   --data-binary '@stringData.yaml')
 
 echo "$SEALED_SECRET" | yq -r .apiVersion | grep --quiet "bitnami.com/v1alpha1"
@@ -22,7 +22,7 @@ echo "$RESPONSE" | grep --quiet 200
 echo "Test /api/validate should respond 400 if sealed secret is invalid"
 
 INVALID_SECRET=$(curl --silent --show-error --request POST 'http://localhost/ssw/api/kubeseal' \
-  --header 'Accept: application/x-yaml' \
+  --header 'Accept: application/yaml' \
   --data-binary '@stringData.yaml' | yq '.metadata.name = "wrongname"')
 
 echo "$INVALID_SECRET" | yq -r .apiVersion | grep --quiet "bitnami.com/v1alpha1"