From 665698ebc3514e21cdbe534f3c7e36b927d4999d Mon Sep 17 00:00:00 2001
From: Øyvind Grønnesby <oyving@verizonmedia.com>
Date: Mon, 8 Mar 2021 13:00:52 +0100
Subject: Validate AWS settings in parameter store

---
 .../com/yahoo/jdisc/cloud/aws/AwsParameterStore.java     | 16 +++++++++++-----
 .../cloud/aws/AwsParameterStoreValidationHandler.java    |  8 +++++++-
 2 files changed, 18 insertions(+), 6 deletions(-)

(limited to 'jdisc-cloud-aws')

diff --git a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStore.java b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStore.java
index 61e0051022d..f2cac68c030 100644
--- a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStore.java
+++ b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStore.java
@@ -96,11 +96,11 @@ public class AwsParameterStore extends AbstractComponent implements SecretStore
         String region;
 
         AwsSettings(String name, String role, String awsId, String externalId, String region) {
-            this.name = name;
-            this.role = role;
-            this.awsId = awsId;
-            this.externalId = externalId;
-            this.region = region;
+            this.name = validate(name, "name");
+            this.role = validate(role, "role");
+            this.awsId = validate(awsId, "awsId");
+            this.externalId = validate(externalId, "externalId");
+            this.region = validate(region, "region");
         }
 
 
@@ -142,5 +142,11 @@ public class AwsParameterStore extends AbstractComponent implements SecretStore
             slime.setString("externalId", "*****");
             slime.setString("region", region);
         }
+
+        static String validate(String value, String name) {
+            if (value == null || value.isBlank())
+                throw new IllegalArgumentException("Config parameter '" + name + "' was blank or empty");
+            return value;
+        }
     }
 }
diff --git a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java
index d813f04512a..665e55c8f24 100644
--- a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java
+++ b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java
@@ -49,7 +49,13 @@ public class AwsParameterStoreValidationHandler extends LoggingRequestHandler {
 
     private HttpResponse handlePOST(HttpRequest request) {
         var json = toSlime(request.getData());
-        var settings = AwsSettings.fromSlime(json);
+        AwsSettings settings;
+
+        try {
+            settings = AwsSettings.fromSlime(json);
+        } catch (IllegalArgumentException e) {
+            return ErrorResponse.badRequest(Exceptions.toMessageString(e));
+        }
 
         var response = new Slime();
         var root = response.setObject();
-- 
cgit v1.2.3