fix: validate request when handling the request (#35)

abcxyz · Jun 7, 2023 · 178b529 · 178b529
1 parent 0af2e66
commit 178b529
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/pkg/cli/iam_handle.go b/pkg/cli/iam_handle.go
@@ -128,6 +128,10 @@ func (c *IAMHandleCommand) handleIAM(ctx context.Context) error {
 		return fmt.Errorf("failed to read %T: %w", req, err)
 	}
 
+	if err := v1alpha1.ValidateIAMRequest(req); err != nil {
+		return fmt.Errorf("failed to validate %T: %w", req, err)
+	}
+
 	var h iamHandler
 	if c.testHandler != nil {
 		// Use testHandler if it is for testing.

diff --git a/pkg/cli/iam_handle_test.go b/pkg/cli/iam_handle_test.go
@@ -56,6 +56,15 @@ policies:
     - members:
       - user:test-project-user@example.com
       role: roles/bigquery.dataViewer
+`,
+		"invalid-request.yaml": `
+policies:
+- resource: organizations/foo
+  bindings:
+  - members:
+    - group:test-org-group@example.com
+    - user:test-org-userB@example.com
+    role: roles/cloudkms.cryptoOperator
 `,
 		"invalid.yaml": `bananas`,
 	}
@@ -191,6 +200,12 @@ policies:
 				StartTime:  st,
 			},
 		},
+		{
+			name:    "invalid_request",
+			args:    []string{"-path", filepath.Join(dir, "invalid-request.yaml"), "-duration", "2h", "-start-time", st.Format(time.RFC3339)},
+			handler: &fakeIAMHandler{},
+			expErr:  "failed to validate *v1alpha1.IAMRequest",
+		},
 	}
 
 	for _, tc := range cases {