fix: Add NPE protections to the operator with proper validation messsages

Author: wtrocki

source/rhoas/README.md

@@ -4,7 +4,6 @@ This operator creates and manages custom resources used by the RHOAS Kafka Servi
 # Prerequesites
  * Java 11+
  * Maven
- * A service-api token from cloud.redhat.com (Talk to Pete)
  * Access to a RHOAS services .
 
 # Building and Running

source/rhoas/src/main/java/com/openshift/cloud/controllers/AbstractCloudServicesController.java

@@ -29,8 +29,7 @@ public abstract class AbstractCloudServicesController<T extends CustomResource>
    * @param resource
    * @param context
    */
-  abstract void doCreateOrUpdateResource(T resource, Context<T> context)
-      throws ConditionAwareException;
+  abstract void doCreateOrUpdateResource(T resource, Context<T> context) throws Throwable;
 
   @Override
   /** This method is overriden by the proxies, but should not be overriden by you, the developer. */

source/rhoas/src/main/java/com/openshift/cloud/controllers/CloudServiceAccountRequestController.java

@@ -3,6 +3,7 @@
 import com.openshift.cloud.beans.AccessTokenSecretTool;
 import com.openshift.cloud.beans.KafkaApiClient;
 import com.openshift.cloud.beans.KafkaK8sClients;
+import com.openshift.cloud.utils.InvalidUserInputException;
 import com.openshift.cloud.v1alpha.models.CloudServiceAccountRequest;
 import io.javaoperatorsdk.operator.api.*;
 import java.time.Instant;
@@ -22,8 +23,9 @@ public class CloudServiceAccountRequestController
   @Override
   void doCreateOrUpdateResource(
       CloudServiceAccountRequest resource, Context<CloudServiceAccountRequest> context)
-      throws ConditionAwareException {
+      throws ConditionAwareException, InvalidUserInputException {
 
+    validateResource(resource);
     var accessTokenSecretName = resource.getSpec().getAccessTokenSecretName();
     var namespace = resource.getMetadata().getNamespace();
 
@@ -42,4 +44,15 @@ void doCreateOrUpdateResource(
 
     resource.setStatus(status);
   }
+
+  void validateResource(CloudServiceAccountRequest resource) throws InvalidUserInputException {
+    ConditionUtil.assertNotNull(resource.getSpec(), "spec");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getAccessTokenSecretName(), "spec.accessTokenSecretName");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getServiceAccountName(), "spec.serviceAccountName");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getServiceAccountSecretName(), "spec.serviceAccountSecretName");
+    ConditionUtil.assertNotNull(resource.getMetadata().getNamespace(), "metadata.namespace");
+  }
 }

source/rhoas/src/main/java/com/openshift/cloud/controllers/CloudServicesRequestController.java

@@ -3,6 +3,7 @@
 import com.openshift.cloud.beans.AccessTokenSecretTool;
 import com.openshift.cloud.beans.KafkaApiClient;
 import com.openshift.cloud.beans.KafkaK8sClients;
+import com.openshift.cloud.utils.InvalidUserInputException;
 import com.openshift.cloud.v1alpha.models.CloudServicesRequest;
 import com.openshift.cloud.v1alpha.models.UserKafka;
 import io.javaoperatorsdk.operator.api.*;
@@ -26,11 +27,7 @@ public class CloudServicesRequestController
 
   public CloudServicesRequestController() {}
 
-  /**
-   * @param resource the resource to check for new kafkas
-   * @return true if there were changes, false otherwise
-   * @throws ApiException if something goes wrong connecting to services
-   */
+  /** @return true if there were changes, false otherwise */
   @Override
   public void init(EventSourceManager eventSourceManager) {
     LOG.info("Init! This is where we would add watches for child resources");
@@ -39,9 +36,10 @@ public void init(EventSourceManager eventSourceManager) {
   @Override
   void doCreateOrUpdateResource(
       CloudServicesRequest resource, Context<CloudServicesRequest> context)
-      throws ConditionAwareException {
+      throws ConditionAwareException, InvalidUserInputException {
     var accessTokenSecretName = resource.getSpec().getAccessTokenSecretName();
     var namespace = resource.getMetadata().getNamespace();
+    validateResource(resource);
     String accessToken = null;
     accessToken = accessTokenSecretTool.getAccessToken(accessTokenSecretName, namespace);
 
@@ -69,4 +67,11 @@ void doCreateOrUpdateResource(
 
     resource.getStatus().setUserKafkas(userKafkas);
   }
+
+  void validateResource(CloudServicesRequest resource) throws InvalidUserInputException {
+    ConditionUtil.assertNotNull(resource.getSpec(), "spec");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getAccessTokenSecretName(), "spec.accessTokenSecretName");
+    ConditionUtil.assertNotNull(resource.getMetadata().getNamespace(), "metadata.namespace");
+  }
 }

source/rhoas/src/main/java/com/openshift/cloud/controllers/ConditionUtil.java

@@ -4,6 +4,7 @@
 import static com.openshift.cloud.v1alpha.models.KafkaCondition.Status.True;
 
 import com.openshift.cloud.ApiException;
+import com.openshift.cloud.utils.InvalidUserInputException;
 import com.openshift.cloud.v1alpha.models.*;
 import com.openshift.cloud.v1alpha.models.KafkaCondition.Status;
 import java.time.ZoneOffset;
@@ -268,4 +269,12 @@ public static String getStandarizedErrorMessage(int statusCode) {
         return String.format("Http Error Code %d", statusCode);
     }
   }
+
+  /** Assert value and throw exception if that is not used */
+  public static void assertNotNull(Object value, String key) throws InvalidUserInputException {
+    if (value == null) {
+      var message = String.format("%s should not be null", key);
+      throw new InvalidUserInputException(key, message);
+    }
+  }
 }

source/rhoas/src/main/java/com/openshift/cloud/controllers/KafkaConnectionController.java

@@ -3,6 +3,7 @@
 import com.openshift.cloud.beans.AccessTokenSecretTool;
 import com.openshift.cloud.beans.KafkaApiClient;
 import com.openshift.cloud.utils.ConnectionResourcesMetadata;
+import com.openshift.cloud.utils.InvalidUserInputException;
 import com.openshift.cloud.v1alpha.models.KafkaConnection;
 import io.javaoperatorsdk.operator.api.*;
 import java.time.Instant;
@@ -20,9 +21,11 @@ public class KafkaConnectionController extends AbstractCloudServicesController<K
 
   @Override
   void doCreateOrUpdateResource(KafkaConnection resource, Context<KafkaConnection> context)
-      throws ConditionAwareException {
+      throws ConditionAwareException, InvalidUserInputException {
     LOG.info(String.format("Creating or Updating resource %s", resource.getMetadata().getName()));
 
+    validateResource(resource);
+
     var kafkaId = resource.getSpec().getKafkaId();
     var accessTokenSecretName = resource.getSpec().getAccessTokenSecretName();
     var serviceAccountSecretName =
@@ -42,4 +45,16 @@ void doCreateOrUpdateResource(KafkaConnection resource, Context<KafkaConnection>
     status.setServiceAccountSecretName(serviceAccountSecretName);
     status.setMetadata(ConnectionResourcesMetadata.buildKafkaMetadata(kafkaId));
   }
+
+  void validateResource(KafkaConnection resource) throws InvalidUserInputException {
+    ConditionUtil.assertNotNull(resource.getSpec(), "spec");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getAccessTokenSecretName(), "spec.accessTokenSecretName");
+    ConditionUtil.assertNotNull(resource.getSpec().getCredentials(), "spec.credentials");
+    ConditionUtil.assertNotNull(
+        resource.getSpec().getCredentials().getServiceAccountSecretName(),
+        "spec.credentials.serviceAccountSecretName");
+    ConditionUtil.assertNotNull(resource.getSpec().getKafkaId(), "spec.kafkaId");
+    ConditionUtil.assertNotNull(resource.getMetadata().getNamespace(), "metadata.namespace");
+  }
 }

source/rhoas/src/main/java/com/openshift/cloud/utils/InvalidUserInputException.java

@@ -0,0 +1,15 @@
+package com.openshift.cloud.utils;
+
+/** Exception raised when there is problem with validation of the CR */
+public class InvalidUserInputException extends Exception {
+
+  /**
+   * Constructs a new exception with the specified detail message. The cause is not initialized, and
+   * may subsequently be initialized by a call to {@link #initCause}.
+   *
+   * @param field field that was invalid/undefined/not meeting
+   */
+  public InvalidUserInputException(String field, String additionalMessage) {
+    super(String.format("Missing argument %s in CR, %s", field, additionalMessage));
+  }
+}