From 178b529cc45ca0121a5ab52d29cda10252ca077b Mon Sep 17 00:00:00 2001
From: Suhong Qin <51539171+sqin2019@users.noreply.github.com>
Date: Wed, 7 Jun 2023 14:28:44 -0700
Subject: [PATCH] fix: validate request when handling the request (#35)

---
 pkg/cli/iam_handle.go      |  4 ++++
 pkg/cli/iam_handle_test.go | 15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/pkg/cli/iam_handle.go b/pkg/cli/iam_handle.go
index 1ca7dbf..5f76929 100644
--- a/pkg/cli/iam_handle.go
+++ b/pkg/cli/iam_handle.go
@@ -128,6 +128,10 @@ func (c *IAMHandleCommand) handleIAM(ctx context.Context) error {
 		return fmt.Errorf("failed to read %T: %w", req, err)
 	}
 
+	if err := v1alpha1.ValidateIAMRequest(req); err != nil {
+		return fmt.Errorf("failed to validate %T: %w", req, err)
+	}
+
 	var h iamHandler
 	if c.testHandler != nil {
 		// Use testHandler if it is for testing.
diff --git a/pkg/cli/iam_handle_test.go b/pkg/cli/iam_handle_test.go
index 5cd8bab..9dcff35 100644
--- a/pkg/cli/iam_handle_test.go
+++ b/pkg/cli/iam_handle_test.go
@@ -56,6 +56,15 @@ policies:
     - members:
       - user:test-project-user@example.com
       role: roles/bigquery.dataViewer
+`,
+		"invalid-request.yaml": `
+policies:
+- resource: organizations/foo
+  bindings:
+  - members:
+    - group:test-org-group@example.com
+    - user:test-org-userB@example.com
+    role: roles/cloudkms.cryptoOperator
 `,
 		"invalid.yaml": `bananas`,
 	}
@@ -191,6 +200,12 @@ policies:
 				StartTime:  st,
 			},
 		},
+		{
+			name:    "invalid_request",
+			args:    []string{"-path", filepath.Join(dir, "invalid-request.yaml"), "-duration", "2h", "-start-time", st.Format(time.RFC3339)},
+			handler: &fakeIAMHandler{},
+			expErr:  "failed to validate *v1alpha1.IAMRequest",
+		},
 	}
 
 	for _, tc := range cases {