TrueCloudLab/certificates
16
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Add conditional defaults to policy protobuf request bodies

Browse source
This commit is contained in:
Herman Slatman 2022-04-19 12:09:45 +02:00
parent 6532c93303
commit f2f9cb899e
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
3 changed files with 88 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
authority/admin/api/policy.go
View file

@ -2,7 +2,6 @@ package api
import ( import (
"errors" "errors"
"fmt"
"net/http" "net/http"
"go.step.sm/linkedca" "go.step.sm/linkedca"
@ -87,9 +86,7 @@ func (par *PolicyAdminResponder) CreateAuthorityPolicy(w http.ResponseWriter, r
return return
} }
fmt.Println("before: ", newPolicy) applyConditionalDefaults(newPolicy)
applyDefaults(newPolicy)
fmt.Println("after: ", newPolicy)
adm := linkedca.AdminFromContext(ctx) adm := linkedca.AdminFromContext(ctx)
@ -107,7 +104,7 @@ func (par *PolicyAdminResponder) CreateAuthorityPolicy(w http.ResponseWriter, r
return return
} }
render.JSONStatus(w, createdPolicy, http.StatusCreated) render.ProtoJSONStatus(w, createdPolicy, http.StatusCreated)
} }
// UpdateAuthorityPolicy handles the PUT /admin/authority/policy request // UpdateAuthorityPolicy handles the PUT /admin/authority/policy request
@ -208,7 +205,7 @@ func (par *PolicyAdminResponder) CreateProvisionerPolicy(w http.ResponseWriter,
return return
} }
applyDefaults(newPolicy) applyConditionalDefaults(newPolicy)
prov.Policy = newPolicy prov.Policy = newPolicy
@ -375,12 +372,13 @@ func (par *PolicyAdminResponder) DeleteACMEAccountPolicy(w http.ResponseWriter,
render.JSONStatus(w, DeleteResponse{Status: "ok"}, http.StatusOK) render.JSONStatus(w, DeleteResponse{Status: "ok"}, http.StatusOK)
} }
func applyDefaults(p *linkedca.Policy) { // applyConditionalDefaults applies default settings in case they're not provided
// in the request body.
func applyConditionalDefaults(p *linkedca.Policy) {
if p.GetX509() == nil { if p.GetX509() == nil {
return return
} }
if p.GetX509().VerifySubjectCommonName == nil { if p.GetX509().VerifySubjectCommonName == nil {
p.X509.VerifySubjectCommonName = &wrapperspb.BoolValue{Value: true} p.X509.VerifySubjectCommonName = &wrapperspb.BoolValue{Value: true}
} }
return
} }

81
authority/admin/api/policy_test.go
View file

@ -12,6 +12,7 @@ import (
"testing" "testing"
"google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/wrapperspb"
"go.step.sm/linkedca" "go.step.sm/linkedca"
@ -1920,3 +1921,83 @@ func TestPolicyAdminResponder_DeleteACMEAccountPolicy(t *testing.T) {
}) })
} }
} }
func Test_applyConditionalDefaults(t *testing.T) {
tests := []struct {
name string
policy *linkedca.Policy
expected *linkedca.Policy
}{
{
name: "no-x509",
policy: &linkedca.Policy{
Ssh: &linkedca.SSHPolicy{},
},
expected: &linkedca.Policy{
Ssh: &linkedca.SSHPolicy{},
},
},
{
name: "with-x509-verify-subject-common-name",
policy: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
},
},
expected: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
},
},
},
{
name: "without-x509-verify-subject-common-name",
policy: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: false},
},
},
expected: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: false},
},
},
},
{
name: "no-x509-verify-subject-common-name",
policy: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
},
},
expected: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
applyConditionalDefaults(tt.policy)
assert.Equals(t, tt.expected, tt.policy)
})
}
}

2
go.mod
View file

@ -20,7 +20,7 @@ require (
github.com/go-kit/kit v0.10.0 // indirect github.com/go-kit/kit v0.10.0 // indirect
github.com/go-piv/piv-go v1.7.0 github.com/go-piv/piv-go v1.7.0
github.com/golang/mock v1.6.0 github.com/golang/mock v1.6.0
github.com/golang/protobuf v1.5.2 github.com/golang/protobuf v1.5.2 // indirect
github.com/google/go-cmp v0.5.7 github.com/google/go-cmp v0.5.7
github.com/google/uuid v1.3.0 github.com/google/uuid v1.3.0
github.com/googleapis/gax-go/v2 v2.1.1 github.com/googleapis/gax-go/v2 v2.1.1