Skip to content

Commit 2104319

Browse files
jsiebensjsiebens
committed
add some validation
1 parent eb76186 commit 2104319

File tree

2 files changed

+41
-1
lines changed

2 files changed

+41
-1
lines changed

internal/cmd/rotate.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,17 @@ func checkCommand() *coral.Command {
3030
ctx := cmd.Context()
3131

3232
logger := sakeyrotator.NewLogger(logLevel, stdout, stderr)
33+
34+
if expiryInDays < 2 {
35+
logger.Fatal("days cannot be smaller than 2")
36+
}
37+
if renewalWindowInDays < 1 {
38+
logger.Fatal("window cannot be smaller than 1")
39+
}
40+
if renewalWindowInDays >= expiryInDays {
41+
logger.Fatal("window should be smaller than days")
42+
}
43+
3344
rotator, err := sakeyrotator.NewRotator(ctx, logger)
3445
if err != nil {
3546
logger.Fatal("error creating the rotator", "service_account", serviceAccountEmail, "err", err)

internal/cmd/server.go

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import (
77
"io/ioutil"
88
"net/http"
99
"os"
10+
"strings"
1011
)
1112

1213
func serverCommand() *coral.Command {
@@ -56,6 +57,34 @@ func NewHandler(rotator *sakeyrotator.Rotator, logger *sakeyrotator.Logger) func
5657
return
5758
}
5859

60+
var valid = true
61+
62+
if strings.TrimSpace(m.ServiceAccountEmail) == "" {
63+
logger.Warn("invalid request, service_account field is missing")
64+
valid = false
65+
}
66+
if strings.TrimSpace(m.BucketName) == "" {
67+
logger.Warn("invalid request, bucket field is missing")
68+
valid = false
69+
}
70+
if m.Days < 2 {
71+
logger.Warn("invalid request, days cannot be smaller than 2")
72+
valid = false
73+
}
74+
if m.RenewalWindow < 1 {
75+
logger.Warn("invalid request, renewal_window cannot be smaller than 1")
76+
valid = false
77+
}
78+
if m.RenewalWindow >= m.Days {
79+
logger.Warn("invalid request, renewal_window should be smaller than days")
80+
valid = false
81+
}
82+
83+
if !valid {
84+
http.Error(w, "Bad Request (body)", http.StatusBadRequest)
85+
return
86+
}
87+
5988
if err := rotator.Rotate(r.Context(), m.ServiceAccountEmail, sakeyrotator.DefaultName, m.BucketName, m.Days, m.RenewalWindow); err != nil {
6089
logger.Error("error rotating service account key",
6190
"service_account", m.ServiceAccountEmail,
@@ -69,7 +98,7 @@ func NewHandler(rotator *sakeyrotator.Rotator, logger *sakeyrotator.Logger) func
6998

7099
type Message struct {
71100
ServiceAccountEmail string `json:"service_account"`
72-
BucketName string `json:"bucket_name"`
101+
BucketName string `json:"bucket"`
73102
Days int `json:"days"`
74103
RenewalWindow int `json:"renewal_window"`
75104
}

0 commit comments

Comments
 (0)