public_git
/
orchard
mirror of https://github.com/cirruslabs/orchard.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

API: update service account fields on PUT (#198) 

* API: update service account fields on PUT

* Disable G115 integer overflow linter of gosec
This commit is contained in:
Nikolay Edigaryev 2024-08-21 20:03:52 +04:00 committed by GitHub
parent 1bb00534f5
commit cd9794197b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.golangci.yml
View File

@ -8,6 +8,10 @@ linters-settings:
exhaustive:
default-signifies-exhaustive: true
gosec:
excludes:
- G115
linters:
enable:
- asciicheck

22
internal/controller/api_service_accounts.go
View File

@ -23,6 +23,7 @@ func (controller *Controller) createServiceAccount(ctx *gin.Context) responder.R
return responder.JSON(http.StatusBadRequest, NewErrorResponse("invalid JSON was provided"))
}
// Validate service account name
if serviceAccount.Name == "" {
return responder.JSON(http.StatusPreconditionFailed,
NewErrorResponse("service account name is empty"))
@ -31,7 +32,7 @@ func (controller *Controller) createServiceAccount(ctx *gin.Context) responder.R
NewErrorResponse("service account %v", err))
}
// validate roles
// Validate roles
for _, role := range serviceAccount.Roles {
_, err := v1.NewServiceAccountRole(string(role))
if err != nil {
@ -80,8 +81,22 @@ func (controller *Controller) updateServiceAccount(ctx *gin.Context) responder.R
return responder.JSON(http.StatusBadRequest, NewErrorResponse("invalid JSON was provided"))
}
// Validate service account name
if userServiceAccount.Name == "" {
return responder.JSON(http.StatusPreconditionFailed, NewErrorResponse("service account name is empty"))
return responder.JSON(http.StatusPreconditionFailed,
NewErrorResponse("service account name is empty"))
} else if err := simplename.Validate(userServiceAccount.Name); err != nil {
return responder.JSON(http.StatusPreconditionFailed,
NewErrorResponse("service account %v", err))
}
// Validate roles
for _, role := range userServiceAccount.Roles {
_, err := v1.NewServiceAccountRole(string(role))
if err != nil {
return responder.JSON(http.StatusPreconditionFailed,
NewErrorResponse("unsupported role \"%s\"", role))
}
}
if userServiceAccount.Token == "" {
@ -94,6 +109,9 @@ func (controller *Controller) updateServiceAccount(ctx *gin.Context) responder.R
return responder.Error(err)
}
dbServiceAccount.Token = userServiceAccount.Token
dbServiceAccount.Roles = userServiceAccount.Roles
if err := txn.SetServiceAccount(dbServiceAccount); err != nil {
controller.logger.Errorf("failed to update service account in the DB: %v", err)