fix: api responses (#6789)

* fix: API token generation api responses refactoring

* fix: register custom validation against tag for api token name validations

* fix: register custom validation against tag for api token name validations

* Revert "fix: register custom validation against tag for api token name validations"

This reverts commit 7593c27.

* fix: remove `required` validation from Description and expiryAtInMs

* fix: adding resource conflict api response in WriteJsonResp utility

* fix: path params int validation updated to whole numbers only

* fix: handled resource not found response for update and delete api, token

* fix: validation for SSO config name field

* fix: enhanced query param validation for commit metadata for pipeline material

* fix: disable updating clsutername and api name in update clsuter api

* fix: enhanced api response in query param validation failure reeors in ge default deployment template

* fix: disable modifying cluster nae and env name in update env api

* fix: resolving review comments

* fix: resolving review comments

Author: SATYAsasini

api/auth/sso/SsoLoginHandler.go

@@ -70,7 +70,12 @@ func (handler SsoLoginRestHandlerImpl) CreateSSOLoginConfig(w http.ResponseWrite
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}
-
+	err = handler.validator.Struct(dto)
+	if err != nil {
+		handler.logger.Errorw("validation err in CreateSSOLoginConfig", "err", err, "payload", dto)
+		common.HandleValidationErrors(w, r, err)
+		return
+	}
 	token := r.Header.Get("token")
 	if ok := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*"); !ok {
 		common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
@@ -103,7 +108,12 @@ func (handler SsoLoginRestHandlerImpl) UpdateSSOLoginConfig(w http.ResponseWrite
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}
-
+	err = handler.validator.Struct(dto)
+	if err != nil {
+		handler.logger.Errorw("validation err in CreateSSOLoginConfig", "err", err, "payload", dto)
+		common.HandleValidationErrors(w, r, err)
+		return
+	}
 	token := r.Header.Get("token")
 	if ok := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionUpdate, "*"); !ok {
 		common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)

api/cluster/ClusterRestHandler.go

@@ -462,6 +462,20 @@ func (impl ClusterRestHandlerImpl) Update(w http.ResponseWriter, r *http.Request
 	if util2.IsBaseStack() {
 		ctx = context.WithValue(ctx, "token", token)
 	}
+
+	// checkImmutable fields - cluster name
+	modifiedCluster, err := impl.clusterService.FindByIdWithoutConfig(bean.Id)
+	if err != nil {
+		impl.logger.Errorw("err finding cluster name", "error", err, "clusterId", bean.Id)
+		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+		return
+	}
+
+	if bean.ClusterName != modifiedCluster.ClusterName {
+		common.WriteJsonResp(w, errors.New("cluster name cannot be changed"), nil, http.StatusConflict)
+		return
+	}
+
 	_, err = impl.clusterService.Update(ctx, &bean, userId)
 	if err != nil {
 		impl.logger.Errorw("service err, Update", "error", err, "payload", bean)
@@ -703,12 +717,11 @@ func (impl ClusterRestHandlerImpl) HandleRbacForClusterNamespace(userId int32, t
 
 func (impl ClusterRestHandlerImpl) GetClusterNamespaces(w http.ResponseWriter, r *http.Request) {
 	//token := r.Header.Get("token")
-	vars := mux.Vars(r)
-	clusterIdString := vars["clusterId"]
+	//vars := mux.Vars(r)
 
 	userId, err := impl.userService.GetLoggedInUser(r)
 	if userId == 0 || err != nil {
-		impl.logger.Errorw("user not authorized", "error", err, "userId", userId)
+		impl.logger.Errorw("user not authorized", "userId", userId, "error", err)
 		common.HandleUnauthorized(w, r)
 		return
 	}
@@ -717,10 +730,10 @@ func (impl ClusterRestHandlerImpl) GetClusterNamespaces(w http.ResponseWriter, r
 	if ok := impl.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionGet, "*"); ok {
 		isActionUserSuperAdmin = true
 	}
-	clusterId, err := strconv.Atoi(clusterIdString)
+	// extract cluster and handle response on error
+	clusterId, err := common.ExtractIntPathParamWithContext(w, r, "clusterId", "cluster")
 	if err != nil {
-		impl.logger.Errorw("failed to extract clusterId from param", "error", err, "clusterId", clusterIdString)
-		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		impl.logger.Error("error in parsing clusterId", "clusterId", clusterId, "err", err)
 		return
 	}
 

api/cluster/EnvironmentRestHandler.go

@@ -293,6 +293,16 @@ func (impl EnvironmentRestHandlerImpl) Update(w http.ResponseWriter, r *http.Req
 	}
 	//RBAC enforcer Ends
 
+	// checkImmutable fields
+	if modifiedEnvironment.Environment != bean.Environment {
+		common.WriteJsonResp(w, errors.New("environment name cannot be changed"), nil, http.StatusConflict)
+		return
+	}
+	if modifiedEnvironment.Namespace != bean.Namespace {
+		common.WriteJsonResp(w, errors.New("namespace cannot be changed"), nil, http.StatusConflict)
+		return
+	}
+
 	res, err := impl.environmentClusterMappingsService.Update(&bean, userId)
 	if err != nil {
 		impl.logger.Errorw("service err, Update", "err", err, "payload", bean)

api/restHandler/app/pipeline/configure/BuildPipelineRestHandler.go

@@ -1664,9 +1664,11 @@ func (handler *PipelineConfigRestHandlerImpl) GetCommitMetadataForPipelineMateri
 		return
 	}
 	vars := mux.Vars(r)
-	ciPipelineMaterialId, err := strconv.Atoi(vars["ciPipelineMaterialId"])
+	ciPipelineMaterialIdString := vars["ciPipelineMaterialId"]
+	ciPipelineMaterialId, err := strconv.Atoi(ciPipelineMaterialIdString)
 	if err != nil {
-		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		handler.Logger.Errorw("failed to extract ciPipelineMaterialId from param must be integer", "error", err, "ciPipelineMaterialId", ciPipelineMaterialIdString)
+		common.HandleParameterError(w, r, "ciPipelineMaterialId", ciPipelineMaterialIdString)
 		return
 	}
 

api/restHandler/app/pipeline/configure/DeploymentPipelineRestHandler.go

@@ -987,13 +987,13 @@ func (handler *PipelineConfigRestHandlerImpl) GetDefaultDeploymentTemplate(w htt
 	appId, err := strconv.Atoi(vars["appId"])
 	if err != nil {
 		handler.Logger.Error("error in getting appId path param, GetDefaultDeploymentTemplate", "err", err)
-		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		common.HandleParameterError(w, r, "appId", vars["appId"])
 		return
 	}
 	chartRefId, err := strconv.Atoi(vars["chartRefId"])
 	if err != nil {
 		handler.Logger.Error("error in getting chartRefId path param, GetDefaultDeploymentTemplate", "err", err)
-		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		common.HandleParameterError(w, r, "chartRefId", vars["chartRefId"])
 		return
 	}
 	token := r.Header.Get("token")

api/restHandler/common/EnhancedErrorResponse.go

@@ -253,7 +253,12 @@ func validationMessage(fe validator.FieldError) string {
 			"%s must start and end with a lowercase letter or digit; may only contain lowercase letters, digits, '_' or '-' (no spaces or commas)",
 			fe.Field(),
 		)
-
+		// validation tag for sso config name
+	case "validate-sso-config-name":
+		return fmt.Sprintf(
+			"%s must be one of [google, github, gitlab, microsoft, ldap, oidc, openshift]",
+			fe.Field(),
+		)
 	// if a certain validator tag is not included in switch case then,
 	// we will parse the error as generic validator error,
 	// and further divide them on basis of parametric and non-parametric validation tags

internal/util/ValidateUtil.go

@@ -108,6 +108,13 @@ func IntValidator() (*validator.Validate, error) {
 		return v, err
 	}
 	err = v.RegisterValidation("validate-api-token-name", validateApiTokenName)
+	if err != nil {
+		return v, err
+	}
+	err = v.RegisterValidation("validate-sso-config-name", validateSSOConfigName)
+	if err != nil {
+		return v, err
+	}
 	return v, err
 }
 
@@ -147,3 +154,23 @@ func validateApiTokenName(fl validator.FieldLevel) bool {
 	hostnameRegexRFC952 := regexp.MustCompile(hostnameRegexString)
 	return hostnameRegexRFC952.MatchString(fl.Field().String())
 }
+
+func validateSSOConfigName(fl validator.FieldLevel) bool {
+	allowedSSOConfigNames := []string{
+		"google",
+		"github",
+		"gitlab",
+		"microsoft",
+		"ldap",
+		"oidc",
+		"openshift",
+	}
+	value := fl.Field().String()
+	for _, v := range allowedSSOConfigNames {
+		if value == v {
+			return true
+		}
+	}
+	return false
+}
+

pkg/auth/user/bean/UserRequest.go

@@ -112,7 +112,7 @@ type RoleData struct {
 
 type SSOLoginDto struct {
 	Id     int32           `json:"id"`
-	Name   string          `json:"name,omitempty"`
+	Name   string          `json:"name,omitempty," validate:"validate-sso-config-name"`
 	Label  string          `json:"label,omitempty"`
 	Url    string          `json:"url,omitempty"`
 	Config json.RawMessage `json:"config,omitempty"`