HMS-2837 fix: middleware validation error response

[cryptomilk]

We should not return a plaintext error response as the error won't be displayed in this case. By returning a new HTTP error the default error handler of the echo server will take care of it creating the error response in the correct format. As this is a REST API, the error will be returned in json format.

Pair-Programmed-With: Alejandro Visiedo

Steps to reproduce to check the errors:

$ make compose-down clean build compose-up run
...

$ ./test/scripts/local-domains-token.sh             
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Rh-Insights-Request-Id: test_52c262bd78e14daa835e
X-Xss-Protection: 1; mode=block
Date: Fri, 20 Oct 2023 11:15:10 GMT
Content-Length: 175

{"domain_id":"d4120943-fc98-5194-9d37-ac58dac9e199","domain_token":"F4_THf6XZy4.HJ_HIKZOtCupizBX8kQqIZiBaYKKwKP-xc9ydRvqoWI","domain_type":"rhel-idm","expiration":1697807710}


$ TOKEN="F4_THf6XZy4.HJ_HIKZOtCupizBX8kQqIZiBaYKKwKP-xc9ydRvqoWI"
$ UUID="d4120943-fc98-5194-9d37-ac58dac9e199"

$ ./test/scripts/local-domains-register.sh "$TOKEN" 
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Rh-Insights-Request-Id: test_acee9b7c694f48c68a2f
X-Xss-Protection: 1; mode=block
Date: Fri, 20 Oct 2023 11:16:00 GMT
Transfer-Encoding: chunked

{"auto_enrollment_enabled":true,"description":"","domain_id":"d4120943-fc98-5194-9d37-ac58dac9e199","domain_name":"mydomain.example","domain_type":"rhel-idm","rhel-idm":{"ca_certs":[{"issuer":"CN=Certificate Authority, O=MYDOMAIN.EXAMPLE","nickname":"MYDOMAIN.EXAMPLE IPA CA","not_after":"2023-01-31T13:23:36Z","not_before":"2023-01-31T13:23:36Z","pem":"-----BEGIN CERTIFICATE-----\nMIIElzCCAv+gAwIBAgIBATANBgkqhkiG9w0BAQsFADA6MRgwFgYDVQQKDA9ITVNJ\nRE0tREVWLlRFU1QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0y\nMzA2MTIwNjEyMThaFw00MzA2MTIwNjEyMThaMDoxGDAWBgNVBAoMD0hNU0lETS1E\nRVYuVEVTVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBojANBgkq\nhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA/F+63FGVUElkycJ2I5/rOIQ8331bfqp+\nraVuft2wezXj9O60X4DsEXltjMM+Lb3vPpInI6Fjdr74RWiz7YeWRYT8y4AgiZ7O\nrbe1ivvmutZwdA3S3KVoQhfqLUzYKksL7IpLQFuXsOm85GMQsw2SNz0NIlM3Ixjv\nKFyARcFSLzBAlIUHdZwq2e8PKvIcLGjHRGczfBqSviCBKxTTO3S2vRRHFEw8lsmJ\nyqIb8gLLOSRi4GqZfp6RRnr88z7z/xqZc7ffDko3ngjUn1Cynm715Xqftlj3o297\naVQ/Oxgw/ODiQSZl+HnOgrrH4XbM+hVUfxBXydVgPrN8mTrTcY0X03cLqMWCFO6E\n8XAJFkY+1SLOdruHTfdhbmRcp/vvyZ3rcSP9qk75jFPr3iKU5vnbAtbZfGtzk6te\nsG/Y8tRjdLvcKKM9PBa93VA56nN0+RLtOn24/UfiYjYsYQeq1wJnfJUlcrER9X6t\nbX1umBXcwT9FeofJENCZqP3YfU0EH76nAgMBAAGjgacwgaQwHwYDVR0jBBgwFoAU\ntQw3tdMW/Sz+VLsOZaefg4Vnrm0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E\nBAMCAcYwHQYDVR0OBBYEFLUMN7XTFv0s/lS7DmWnn4OFZ65tMEEGCCsGAQUFBwEB\nBDUwMzAxBggrBgEFBQcwAYYlaHR0cDovL2lwYS1jYS5obXNpZG0tZGV2LnRlc3Qv\nY2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAYEA6JDiMHd8aWSlyIQ8tg/mEH7mIvSz\niXWfygMcyXP5sGRvrE0yo2lbNfr8y3KnOGkNYMqrKJ28VBXAPjx5zLrooHynLYua\nLEsHw6XzvQWiWvcstSkKhcVOGdDqTMhl2XEGvx+LHZYBWKlb7i+L/0fDl0EUestS\ne4Shh63DLJ+7RaMFqoI/CHO/Jer5R4+dIMR8KSTTBhjEGLwN6rsRNI7D7vsyqDV8\ntZmhMHNEo9jtrPR8+tAzp6BaumioukI75nkAXrKiB0GRXI/jRp94VqEZstWcQPqc\nxzRRyR2Htet4AVbUWnSq2TRWIyeIecgPVmHXgDPpFWrwi/hpysXqT9sN/QOsCa3a\n2IpyGeuieProOeXb5lG4pbwePz5dRRlY3WRvhWdQm+dRGRErJt42KC7JAfiYoSmV\nDfJjQL2S11oYZt048ZQFIsUpiSJTmsCLXURIEuccrKT+WXR7D+WNkYm8aJ/4s8Ub\n+B8Vv5GjCTO5LrjgVWGZtxOttN/uJ1ecgZpW\n-----END CERTIFICATE-----\n","serial_number":"1","subject":"CN=My Domain, O=MYDOMAIN.EXAMPLE"}],"locations":[{"description":"Boston data center","name":"boston"},{"name":"europe"}],"realm_domains":["mydomain.example"],"realm_name":"MYDOMAIN.EXAMPLE","servers":[{"ca_server":true,"fqdn":"ipaserver.mydomain.example","hcc_enrollment_server":true,"hcc_update_server":true,"location":"boston","pkinit_server":true,"subscription_manager_id":"6f324116-b3d2-11ed-8a37-482ae3863d30"},{"ca_server":false,"fqdn":"server2.mydomain.example","hcc_enrollment_server":false,"hcc_update_server":false,"pkinit_server":false,"subscription_manager_id":"6f324116-b3d2-11ed-8a37-482ae3863d30"}]},"title":"mydomain.example"}

$ make db-cli                                 
podman exec --interactive --tty --env POSTGRES_DB=idmsvc-db --env POSTGRES_USER=idmsvc-user --env POSTGRES_PASSWORD=idmsvc-secret idmsvc_database_1 psql sslmode=disable dbname=idmsvc-db user=idmsvc-user host=localhost port=5432 password=idmsvc-secret
psql (13.9 (Debian 13.9-1.pgdg110+1))
Type "help" for help.

idmsvc-db=# UPDATE domains set title=E'my title\n';     
UPDATE 1
idmsvc-db=# \q
exit code: 0

Current main branch:

./test/scripts/local-domains-read.sh "$UUID"
HTTP/1.1 500 Internal Server Error
Content-Type: text/plain
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Rh-Insights-Request-Id: test_09578e93515741dba19b
X-Xss-Protection: 1; mode=block
Date: Fri, 20 Oct 2023 11:28:20 GMT
Content-Length: 117

With the commit from this PR:

./test/scripts/local-domains-read.sh "$UUID"
HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Rh-Insights-Request-Id: test_9b103faea1404b6db74d
X-Xss-Protection: 1; mode=block
Date: Fri, 20 Oct 2023 11:27:37 GMT
Content-Length: 134

{"message":"response body doesn't match schema #/components/schemas/DomainResponse: Error at \"/title\": invalid code point: U+000A"}

[app-sre-bot]

Can one of the admins verify this patch?

[frasertweedale]

reviewing this today!

[frasertweedale]

I think the server should respond 500 for response validation failure. Besides that this PR is good! Thank you.

[frasertweedale]

@cryptomilk thank you for the update. Merging.