fix: Add NPE protections to the operator with proper validation messsages

wtrocki · wtrocki · commit cc4304132376 · 2021-04-01T12:04:36.000+01:00
diff --git a/source/rhoas/README.md b/source/rhoas/README.md
@@ -4,7 +4,6 @@ This operator creates and manages custom resources used by the RHOAS Kafka Servi
 # Prerequesites
  * Java 11+
  * Maven
- * A service-api token from cloud.redhat.com (Talk to Pete)
  * Access to a RHOAS services .
 
 # Building and Running
diff --git a/source/rhoas/src/main/java/com/openshift/cloud/controllers/AbstractCloudServicesController.java b/source/rhoas/src/main/java/com/openshift/cloud/controllers/AbstractCloudServicesController.java
@@ -29,8 +29,7 @@ public abstract class AbstractCloudServicesController<T extends CustomResource>
    * @param resource
    * @param context
    */
-  abstract void doCreateOrUpdateResource(T resource, Context<T> context)
-      throws ConditionAwareException;
+  abstract void doCreateOrUpdateResource(T resource, Context<T> context) throws Throwable;
 
   @Override
   /** This method is overriden by the proxies, but should not be overriden by you, the developer. */
diff --git a/source/rhoas/src/main/java/com/openshift/cloud/controllers/CloudServiceAccountRequestController.java b/source/rhoas/src/main/java/com/openshift/cloud/controllers/CloudServiceAccountRequestController.java
@@ -3,6 +3,7 @@
 import com.openshift.cloud.beans.AccessTokenSecretTool;
 import com.openshift.cloud.beans.KafkaApiClient;
 import com.openshift.cloud.beans.KafkaK8sClients;
+import com.openshift.cloud.utils.InvalidUserInputException;
 import com.openshift.cloud.v1alpha.models.CloudServiceAccountRequest;
 import io.javaoperatorsdk.operator.api.*;
 import java.time.Instant;
@@ -22,8 +23,9 @@ public class CloudServiceAccountRequestController
   @Override
   void doCreateOrUpdateResource(
       CloudServiceAccountRequest resource, Context<CloudServiceAccountRequest> context)
-      throws ConditionAwareException {
+      throws ConditionAwareException, InvalidUserInputException {
 
+    validateResource(resource);
     var accessTokenSecretName = resource.getSpec().getAccessTokenSecretName();
     var namespace = resource.getMetadata().getNamespace();
 
@@ -42,4 +44,15 @@ void doCreateOrUpdateResource(
 
     resource.setStatus(status);
   }
+
+  void validateResource(CloudServiceAccountRequest resource) throws InvalidUserInputException {
+    ConditionUtil.assertNotNull(resource.getSpec(), "spec");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getAccessTokenSecretName(), "spec.accessTokenSecretName");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getServiceAccountName(), "spec.serviceAccountName");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getServiceAccountSecretName(), "spec.serviceAccountSecretName");
+    ConditionUtil.assertNotNull(resource.getMetadata().getNamespace(), "metadata.namespace");
+  }
 }
diff --git a/source/rhoas/src/main/java/com/openshift/cloud/controllers/CloudServicesRequestController.java b/source/rhoas/src/main/java/com/openshift/cloud/controllers/CloudServicesRequestController.java
@@ -3,6 +3,7 @@
 import com.openshift.cloud.beans.AccessTokenSecretTool;
 import com.openshift.cloud.beans.KafkaApiClient;
 import com.openshift.cloud.beans.KafkaK8sClients;
+import com.openshift.cloud.utils.InvalidUserInputException;
 import com.openshift.cloud.v1alpha.models.CloudServicesRequest;
 import com.openshift.cloud.v1alpha.models.UserKafka;
 import io.javaoperatorsdk.operator.api.*;
@@ -26,11 +27,7 @@ public class CloudServicesRequestController
 
   public CloudServicesRequestController() {}
 
-  /**
-   * @param resource the resource to check for new kafkas
-   * @return true if there were changes, false otherwise
-   * @throws ApiException if something goes wrong connecting to services
-   */
+  /** @return true if there were changes, false otherwise */
   @Override
   public void init(EventSourceManager eventSourceManager) {
     LOG.info("Init! This is where we would add watches for child resources");
@@ -39,9 +36,10 @@ public void init(EventSourceManager eventSourceManager) {
   @Override
   void doCreateOrUpdateResource(
       CloudServicesRequest resource, Context<CloudServicesRequest> context)
-      throws ConditionAwareException {
+      throws ConditionAwareException, InvalidUserInputException {
     var accessTokenSecretName = resource.getSpec().getAccessTokenSecretName();
     var namespace = resource.getMetadata().getNamespace();
+    validateResource(resource);
     String accessToken = null;
     accessToken = accessTokenSecretTool.getAccessToken(accessTokenSecretName, namespace);
 
@@ -69,4 +67,11 @@ void doCreateOrUpdateResource(
 
     resource.getStatus().setUserKafkas(userKafkas);
   }
+
+  void validateResource(CloudServicesRequest resource) throws InvalidUserInputException {
+    ConditionUtil.assertNotNull(resource.getSpec(), "spec");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getAccessTokenSecretName(), "spec.accessTokenSecretName");
+    ConditionUtil.assertNotNull(resource.getMetadata().getNamespace(), "metadata.namespace");
+  }
 }
diff --git a/source/rhoas/src/main/java/com/openshift/cloud/controllers/ConditionUtil.java b/source/rhoas/src/main/java/com/openshift/cloud/controllers/ConditionUtil.java
@@ -4,6 +4,7 @@
 import static com.openshift.cloud.v1alpha.models.KafkaCondition.Status.True;
 
 import com.openshift.cloud.ApiException;
+import com.openshift.cloud.utils.InvalidUserInputException;
 import com.openshift.cloud.v1alpha.models.*;
 import com.openshift.cloud.v1alpha.models.KafkaCondition.Status;
 import java.time.ZoneOffset;
@@ -268,4 +269,12 @@ public static String getStandarizedErrorMessage(int statusCode) {
         return String.format("Http Error Code %d", statusCode);
     }
   }
+
+  /** Assert value and throw exception if that is not used */
+  public static void assertNotNull(Object value, String key) throws InvalidUserInputException {
+    if (value == null) {
+      var message = String.format("%s should not be null", key);
+      throw new InvalidUserInputException(key, message);
+    }
+  }
 }
diff --git a/source/rhoas/src/main/java/com/openshift/cloud/controllers/KafkaConnectionController.java b/source/rhoas/src/main/java/com/openshift/cloud/controllers/KafkaConnectionController.java
@@ -3,6 +3,7 @@
 import com.openshift.cloud.beans.AccessTokenSecretTool;
 import com.openshift.cloud.beans.KafkaApiClient;
 import com.openshift.cloud.utils.ConnectionResourcesMetadata;
+import com.openshift.cloud.utils.InvalidUserInputException;
 import com.openshift.cloud.v1alpha.models.KafkaConnection;
 import io.javaoperatorsdk.operator.api.*;
 import java.time.Instant;
@@ -20,9 +21,11 @@ public class KafkaConnectionController extends AbstractCloudServicesController<K
 
   @Override
   void doCreateOrUpdateResource(KafkaConnection resource, Context<KafkaConnection> context)
-      throws ConditionAwareException {
+      throws ConditionAwareException, InvalidUserInputException {
     LOG.info(String.format("Creating or Updating resource %s", resource.getMetadata().getName()));
 
+    validateResource(resource);
+
     var kafkaId = resource.getSpec().getKafkaId();
     var accessTokenSecretName = resource.getSpec().getAccessTokenSecretName();
     var serviceAccountSecretName =
@@ -42,4 +45,16 @@ void doCreateOrUpdateResource(KafkaConnection resource, Context<KafkaConnection>
     status.setServiceAccountSecretName(serviceAccountSecretName);
     status.setMetadata(ConnectionResourcesMetadata.buildKafkaMetadata(kafkaId));
   }
+
+  void validateResource(KafkaConnection resource) throws InvalidUserInputException {
+    ConditionUtil.assertNotNull(resource.getSpec(), "spec");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getAccessTokenSecretName(), "spec.accessTokenSecretName");
+    ConditionUtil.assertNotNull(resource.getSpec().getCredentials(), "spec.credentials");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getCredentials().getServiceAccountSecretName(),
+        "spec.credentials.serviceAccountSecretName");
+    ConditionUtil.assertNotNull(resource.getSpec().getKafkaId(), "spec.kafkaId");
+    ConditionUtil.assertNotNull(resource.getMetadata().getNamespace(), "metadata.namespace");
+  }
 }
diff --git a/source/rhoas/src/main/java/com/openshift/cloud/utils/InvalidUserInputException.java b/source/rhoas/src/main/java/com/openshift/cloud/utils/InvalidUserInputException.java
@@ -0,0 +1,15 @@
+package com.openshift.cloud.utils;
+
+/** Exception raised when there is problem with validation of the CR */
+public class InvalidUserInputException extends Exception {
+
+  /**
+   * Constructs a new exception with the specified detail message. The cause is not initialized, and
+   * may subsequently be initialized by a call to {@link #initCause}.
+   *
+   * @param field field that was invalid/undefined/not meeting
+   */
+  public InvalidUserInputException(String field, String additionalMessage) {
+    super(String.format("Missing argument %s in CR, %s", field, additionalMessage));
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`import static com.openshift.cloud.v1alpha.models.KafkaCondition.Status.True;`
`5`	`5`
`6`	`6`	`import com.openshift.cloud.ApiException;`
	`7`	`+import com.openshift.cloud.utils.InvalidUserInputException;`
`7`	`8`	`import com.openshift.cloud.v1alpha.models.*;`
`8`	`9`	`import com.openshift.cloud.v1alpha.models.KafkaCondition.Status;`
`9`	`10`	`import java.time.ZoneOffset;`
`@@ -268,4 +269,12 @@ public static String getStandarizedErrorMessage(int statusCode) {`
`268`	`269`	`return String.format("Http Error Code %d", statusCode);`
`269`	`270`	`}`
`270`	`271`	`}`
	`272`	`+`
	`273`	`+ /** Assert value and throw exception if that is not used */`
	`274`	`+ public static void assertNotNull(Object value, String key) throws InvalidUserInputException {`
	`275`	`+ if (value == null) {`
	`276`	`+ var message = String.format("%s should not be null", key);`
	`277`	`+ throw new InvalidUserInputException(key, message);`
	`278`	`+ }`
	`279`	`+ }`
`271`	`280`	`}`