Add conditional defaults to policy protobuf request bodies

2 years ago · f2f9cb899e
parent 6532c93303
commit f2f9cb899e
3 changed files with 88 additions and 9 deletions
--- a/authority/admin/api/policy.go
+++ b/authority/admin/api/policy.go
@ -2,7 +2,6 @@ package api

 import (
 	"errors"
-	"fmt"
 	"net/http"

 	"go.step.sm/linkedca"
@ -87,9 +86,7 @@ func (par *PolicyAdminResponder) CreateAuthorityPolicy(w http.ResponseWriter, r
 		return
 	}

-	fmt.Println("before: ", newPolicy)
-	applyDefaults(newPolicy)
-	fmt.Println("after: ", newPolicy)
+	applyConditionalDefaults(newPolicy)

 	adm := linkedca.AdminFromContext(ctx)

@ -107,7 +104,7 @@ func (par *PolicyAdminResponder) CreateAuthorityPolicy(w http.ResponseWriter, r
 		return
 	}

-	render.JSONStatus(w, createdPolicy, http.StatusCreated)
+	render.ProtoJSONStatus(w, createdPolicy, http.StatusCreated)
 }

 // UpdateAuthorityPolicy handles the PUT /admin/authority/policy request
@ -208,7 +205,7 @@ func (par *PolicyAdminResponder) CreateProvisionerPolicy(w http.ResponseWriter,
 		return
 	}

-	applyDefaults(newPolicy)
+	applyConditionalDefaults(newPolicy)

 	prov.Policy = newPolicy

@ -375,12 +372,13 @@ func (par *PolicyAdminResponder) DeleteACMEAccountPolicy(w http.ResponseWriter,
 	render.JSONStatus(w, DeleteResponse{Status: "ok"}, http.StatusOK)
 }

-func applyDefaults(p *linkedca.Policy) {
+// applyConditionalDefaults applies default settings in case they're not provided
+// in the request body.
+func applyConditionalDefaults(p *linkedca.Policy) {
 	if p.GetX509() == nil {
 		return
 	}
 	if p.GetX509().VerifySubjectCommonName == nil {
 		p.X509.VerifySubjectCommonName = &wrapperspb.BoolValue{Value: true}
 	}
-	return
 }
--- a/authority/admin/api/policy_test.go
+++ b/authority/admin/api/policy_test.go
@ -12,6 +12,7 @@ import (
 	"testing"

 	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/types/known/wrapperspb"

 	"go.step.sm/linkedca"

@ -1920,3 +1921,83 @@ func TestPolicyAdminResponder_DeleteACMEAccountPolicy(t *testing.T) {
 		})
 	}
 }
+
+func Test_applyConditionalDefaults(t *testing.T) {
+	tests := []struct {
+		name     string
+		policy   *linkedca.Policy
+		expected *linkedca.Policy
+	}{
+		{
+			name: "no-x509",
+			policy: &linkedca.Policy{
+				Ssh: &linkedca.SSHPolicy{},
+			},
+			expected: &linkedca.Policy{
+				Ssh: &linkedca.SSHPolicy{},
+			},
+		},
+		{
+			name: "with-x509-verify-subject-common-name",
+			policy: &linkedca.Policy{
+				X509: &linkedca.X509Policy{
+					Allow: &linkedca.X509Names{
+						Dns: []string{"*.local"},
+					},
+					VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
+				},
+			},
+			expected: &linkedca.Policy{
+				X509: &linkedca.X509Policy{
+					Allow: &linkedca.X509Names{
+						Dns: []string{"*.local"},
+					},
+					VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
+				},
+			},
+		},
+		{
+			name: "without-x509-verify-subject-common-name",
+			policy: &linkedca.Policy{
+				X509: &linkedca.X509Policy{
+					Allow: &linkedca.X509Names{
+						Dns: []string{"*.local"},
+					},
+					VerifySubjectCommonName: &wrapperspb.BoolValue{Value: false},
+				},
+			},
+			expected: &linkedca.Policy{
+				X509: &linkedca.X509Policy{
+					Allow: &linkedca.X509Names{
+						Dns: []string{"*.local"},
+					},
+					VerifySubjectCommonName: &wrapperspb.BoolValue{Value: false},
+				},
+			},
+		},
+		{
+			name: "no-x509-verify-subject-common-name",
+			policy: &linkedca.Policy{
+				X509: &linkedca.X509Policy{
+					Allow: &linkedca.X509Names{
+						Dns: []string{"*.local"},
+					},
+				},
+			},
+			expected: &linkedca.Policy{
+				X509: &linkedca.X509Policy{
+					Allow: &linkedca.X509Names{
+						Dns: []string{"*.local"},
+					},
+					VerifySubjectCommonName: &wrapperspb.BoolValue{Value: true},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			applyConditionalDefaults(tt.policy)
+			assert.Equals(t, tt.expected, tt.policy)
+		})
+	}
+}
--- a/go.mod
+++ b/go.mod
@ -20,7 +20,7 @@ require (
 	github.com/go-kit/kit v0.10.0 // indirect
 	github.com/go-piv/piv-go v1.7.0
 	github.com/golang/mock v1.6.0
-	github.com/golang/protobuf v1.5.2
+	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-cmp v0.5.7
 	github.com/google/uuid v1.3.0
 	github.com/googleapis/gax-go/v2 v2.1.1