Add auth action validation

get-bridge · Dec 21, 2020 · 7969554 · 7969554
1 parent a2c5cda
commit 7969554
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 7 deletions.
diff --git a/pulsar/resource_pulsar_namespace.go b/pulsar/resource_pulsar_namespace.go
@@ -214,9 +214,8 @@ func resourcePulsarNamespace() *schema.Resource {
 							Required: true,
 							MinItems: 1,
 							Elem: &schema.Schema{
-								Type: schema.TypeString,
-								// TODO: validation
-								// ValidateFunc: validation.StringInSlice(pulsar.ValidAuthActions, false),
+								Type:         schema.TypeString,
+								ValidateFunc: validateAuthAction,
 							},
 						},
 					},
@@ -381,9 +380,9 @@ func resourcePulsarNamespaceRead(d *schema.ResourceData, meta interface{}) error
 		}
 
 		permissionGrants := []interface{}{}
-		for role := range grants {
+		for role, roleActions := range grants {
 			actions := []string{}
-			for _, action := range grants[role] {
+			for _, action := range roleActions {
 				actions = append(actions, action.String())
 			}
 			sort.Strings(actions)
@@ -495,7 +494,6 @@ func resourcePulsarNamespaceUpdate(d *schema.ResourceData, meta interface{}) err
 			errs = multierror.Append(errs, fmt.Errorf("unmarshalPermissionGrants: %w", err))
 		} else {
 			for _, grant := range permissionGrants {
-				// TODO: revisit interaction w/ error cases above
 				if err = client.GrantNamespacePermission(*nsName, grant.Role, grant.Actions); err != nil {
 					errs = multierror.Append(errs, fmt.Errorf("GrantNamespacePermission: %w", err))
 				}
@@ -753,7 +751,7 @@ func unmarshalPermissionGrants(v []interface{}) ([]*types.PermissionGrant, error
 		for _, action := range data["actions"].(*schema.Set).List() {
 			authAction, err := common.ParseAuthAction(action.(string))
 			if err != nil {
-				return permissionGrants, fmt.Errorf("ERROR_INVALID_AUTH_ACTION: %w", err)
+				return nil, fmt.Errorf("ERROR_INVALID_AUTH_ACTION: %w", err)
 			}
 			actions = append(actions, authAction)
 		}

diff --git a/pulsar/validate_helpers.go b/pulsar/validate_helpers.go
@@ -5,6 +5,7 @@ import (
 	"net/url"
 	"strings"
 
+	"github.com/streamnative/pulsarctl/pkg/pulsar/common"
 	"github.com/streamnative/pulsarctl/pkg/pulsar/utils"
 )
 
@@ -41,3 +42,12 @@ func validateTopicType(val interface{}, key string) (warns []string, errs []erro
 	}
 	return
 }
+
+func validateAuthAction(val interface{}, key string) (warns []string, errs []error) {
+	v := val.(string)
+	_, err := common.ParseAuthAction(v)
+	if err != nil {
+		errs = append(errs, fmt.Errorf("%q must be a valid auth action (got: %s): %w", key, v, err))
+	}
+	return
+}