Add conditional defaults to policy protobuf request bodies

This commit is contained in:
Herman Slatman 2022-04-19 12:09:45 +02:00
parent 6532c93303
commit f2f9cb899e
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
3 changed files with 88 additions and 9 deletions

View file

@ -2,7 +2,6 @@ package api
import (
"errors"
"fmt"
"net/http"
"go.step.sm/linkedca"
@ -87,9 +86,7 @@ func (par *PolicyAdminResponder) CreateAuthorityPolicy(w http.ResponseWriter, r
return
}
fmt.Println("before: ", newPolicy)
applyDefaults(newPolicy)
fmt.Println("after: ", newPolicy)
applyConditionalDefaults(newPolicy)
adm := linkedca.AdminFromContext(ctx)
@ -107,7 +104,7 @@ func (par *PolicyAdminResponder) CreateAuthorityPolicy(w http.ResponseWriter, r
return
}
render.JSONStatus(w, createdPolicy, http.StatusCreated)
render.ProtoJSONStatus(w, createdPolicy, http.StatusCreated)
}
// UpdateAuthorityPolicy handles the PUT /admin/authority/policy request
@ -208,7 +205,7 @@ func (par *PolicyAdminResponder) CreateProvisionerPolicy(w http.ResponseWriter,
return
}
applyDefaults(newPolicy)
applyConditionalDefaults(newPolicy)
prov.Policy = newPolicy
@ -375,12 +372,13 @@ func (par *PolicyAdminResponder) DeleteACMEAccountPolicy(w http.ResponseWriter,
render.JSONStatus(w, DeleteResponse{Status: "ok"}, http.StatusOK)
}
func applyDefaults(p *linkedca.Policy) {
// applyConditionalDefaults applies default settings in case they're not provided
// in the request body.
func applyConditionalDefaults(p *linkedca.Policy) {
if p.GetX509() == nil {
return
}
if p.GetX509().VerifySubjectCommonName == nil {
p.X509.VerifySubjectCommonName = &wrapperspb.BoolValue{Value: true}
}
return
}

View file

@ -12,6 +12,7 @@ import (
"testing"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/wrapperspb"
"go.step.sm/linkedca"
@ -1920,3 +1921,83 @@ func TestPolicyAdminResponder_DeleteACMEAccountPolicy(t *testing.T) {
})
}
}
func Test_applyConditionalDefaults(t *testing.T) {
tests := []struct {
name string
policy *linkedca.Policy
expected *linkedca.Policy
}{
{
name: "no-x509",
policy: &linkedca.Policy{
Ssh: &linkedca.SSHPolicy{},
},
expected: &linkedca.Policy{
Ssh: &linkedca.SSHPolicy{},
},
},
{
name: "with-x509-verify-subject-common-name",
policy: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
},
},
expected: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
},
},
},
{
name: "without-x509-verify-subject-common-name",
policy: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: false},
},
},
expected: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: false},
},
},
},
{
name: "no-x509-verify-subject-common-name",
policy: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
},
},
expected: &linkedca.Policy{
X509: &linkedca.X509Policy{
Allow: &linkedca.X509Names{
Dns: []string{"*.local"},
},
VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
applyConditionalDefaults(tt.policy)
assert.Equals(t, tt.expected, tt.policy)
})
}
}

2
go.mod
View file

@ -20,7 +20,7 @@ require (
github.com/go-kit/kit v0.10.0 // indirect
github.com/go-piv/piv-go v1.7.0
github.com/golang/mock v1.6.0
github.com/golang/protobuf v1.5.2
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/go-cmp v0.5.7
github.com/google/uuid v1.3.0
github.com/googleapis/gax-go/v2 v2.1.1