Merge pull request #1726 from snyk/fix/terraform-auth-CC-751

fix: Error messages when Terraform validation fails due to bad credentials
snyk · Mar 16, 2021 · 5ed097d · 5ed097d
2 parents 4ef4701 + ecb74d6
commit 5ed097d
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 8 deletions.
diff --git a/src/lib/iac/iac-parser.ts b/src/lib/iac/iac-parser.ts
@@ -1,7 +1,12 @@
 //TODO(orka): take out into a new lib
 import * as YAML from 'js-yaml';
 import * as debugLib from 'debug';
-import { IllegalIacFileErrorMsg, NotSupportedIacFileErrorMsg } from '../errors';
+import {
+  IllegalIacFileErrorMsg,
+  InternalServerError,
+  MissingApiTokenError,
+  NotSupportedIacFileErrorMsg,
+} from '../errors';
 import request = require('../request');
 import { api as getApiToken } from '../api-token';
 import * as config from './../config';
@@ -92,7 +97,7 @@ export function validateK8sFile(
 export async function makeValidateTerraformRequest(
   terraformFileContent: string,
 ): Promise<IacValidationResponse> {
-  const response = (await request({
+  const response = await request({
     body: {
       contentBase64: Buffer.from(terraformFileContent).toString('base64'),
     },
@@ -102,9 +107,24 @@ export async function makeValidateTerraformRequest(
     headers: {
       Authorization: `token ${getApiToken()}`,
     },
-  })) as IacValidateTerraformResponse;
+  });
+
+  // Token may have expired, so we need to ask the client to re-auth.
+  if (response.res.statusCode === 401) {
+    throw new MissingApiTokenError();
+  }
+
+  if (
+    !response.res.statusCode ||
+    (response.res.statusCode < 200 && response.res.statusCode >= 300)
+  ) {
+    debug(`internal server error - ${response.body}`);
+    throw new InternalServerError('Error occurred validating terraform file');
+  }
+
+  const { body } = response as IacValidateTerraformResponse;
   return {
-    isValidFile: !!response.body?.isValidTerraformFile,
-    reason: response.body?.reason || '',
+    isValidFile: body?.isValidTerraformFile ?? false,
+    reason: body?.reason ?? '',
   };
 }
diff --git a/src/lib/request/index.ts b/src/lib/request/index.ts
@@ -4,10 +4,17 @@ import { MetricsCollector } from '../metrics';
 import * as needle from 'needle';
 
 // A hybrid async function: both returns a promise and takes a callback
-export = async (
+async function requestWrapper(
+  payload: any,
+): Promise<{ res: needle.NeedleResponse; body: any }>;
+async function requestWrapper(
+  payload: any,
+  callback: (err: Error | null, res?, body?) => void,
+): Promise<void>;
+async function requestWrapper(
   payload: any,
   callback?: (err: Error | null, res?, body?) => void,
-): Promise<void | { res: needle.NeedleResponse; body: any }> => {
+): Promise<void | { res: needle.NeedleResponse; body: any }> {
   const totalNetworkTimeTimer = MetricsCollector.NETWORK_TIME.createInstance();
   totalNetworkTimeTimer.start();
   try {
@@ -28,4 +35,6 @@ export = async (
   } finally {
     totalNetworkTimeTimer.stop();
   }
-};
+}
+
+export = requestWrapper;