From adb2f0499e49a222ebf2ae66c7924847318bbba8 Mon Sep 17 00:00:00 2001 From: Alex Holland Date: Thu, 7 Mar 2024 17:15:04 -0500 Subject: [PATCH] AUTH-5959 add support for access mutual tls hostname settings --- .changelog/1516.txt | 3 + access_mutual_tls_certificates.go | 65 +++++++++++++ access_mutual_tls_certificates_test.go | 127 +++++++++++++++++++++++++ 3 files changed, 195 insertions(+) create mode 100644 .changelog/1516.txt diff --git a/.changelog/1516.txt b/.changelog/1516.txt new file mode 100644 index 000000000..87346e8ca --- /dev/null +++ b/.changelog/1516.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +access_mutual_tls_certificates: add support for mutual tls hostname settings +``` \ No newline at end of file diff --git a/access_mutual_tls_certificates.go b/access_mutual_tls_certificates.go index 393476c42..9dbb81bb9 100644 --- a/access_mutual_tls_certificates.go +++ b/access_mutual_tls_certificates.go @@ -58,6 +58,21 @@ type UpdateAccessMutualTLSCertificateParams struct { AssociatedHostnames []string `json:"associated_hostnames,omitempty"` } +type AccessMutualTLSHostnameSettings struct { + ChinaNetwork *bool `json:"china_network,omitempty"` + ClientCertificateForwarding *bool `json:"client_certificate_forwarding,omitempty"` + Hostname string `json:"hostname,omitempty"` +} + +type ListAccessMutualTLSHostnameSettingsResponse struct { + Response + Result []AccessMutualTLSHostnameSettings `json:"result"` +} + +type UpdateAccessMutualTLSHostnameSettingsParams struct { + Settings []AccessMutualTLSHostnameSettings `json:"settings,omitempty"` +} + // ListAccessMutualTLSCertificates returns all Access TLS certificates // // Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-list-mtls-certificates @@ -212,3 +227,53 @@ func (api *API) DeleteAccessMutualTLSCertificate(ctx context.Context, rc *Resour return nil } + +// ListAccessMutualTLSHostnameSettings returns all Access mTLS hostname settings. +// +// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate-settings +// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-list-mtls-certificates-hostname-settings +func (api *API) ListAccessMutualTLSHostnameSettings(ctx context.Context, rc *ResourceContainer) ([]AccessMutualTLSHostnameSettings, error) { + uri := fmt.Sprintf( + "/%s/%s/access/certificates/settings", + rc.Level, + rc.Identifier, + ) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errMakeRequestError, err) + } + + var accessMutualTLSHostnameSettingsResponse ListAccessMutualTLSHostnameSettingsResponse + err = json.Unmarshal(res, &accessMutualTLSHostnameSettingsResponse) + if err != nil { + return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return accessMutualTLSHostnameSettingsResponse.Result, nil +} + +// UpdateAccessMutualTLSHostnameSettings updates Access mTLS certificate hostname settings. +// +// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate-settings +// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-update-an-mtls-certificate-settings +func (api *API) UpdateAccessMutualTLSHostnameSettings(ctx context.Context, rc *ResourceContainer, params UpdateAccessMutualTLSHostnameSettingsParams) ([]AccessMutualTLSHostnameSettings, error) { + uri := fmt.Sprintf( + "/%s/%s/access/certificates/settings", + rc.Level, + rc.Identifier, + ) + + res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params) + if err != nil { + return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errMakeRequestError, err) + } + + var accessMutualTLSHostnameSettingsResponse ListAccessMutualTLSHostnameSettingsResponse + err = json.Unmarshal(res, &accessMutualTLSHostnameSettingsResponse) + if err != nil { + return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return accessMutualTLSHostnameSettingsResponse.Result, nil +} diff --git a/access_mutual_tls_certificates_test.go b/access_mutual_tls_certificates_test.go index 235f02134..353946f95 100644 --- a/access_mutual_tls_certificates_test.go +++ b/access_mutual_tls_certificates_test.go @@ -276,3 +276,130 @@ func TestDeleteAccessMutualTLSCertificate(t *testing.T) { assert.NoError(t, err) } + +func TestListAccessMutualTLSHostnameSettings(t *testing.T) { + setup() + defer teardown() + + handler := func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method) + w.Header().Set("content-type", "application/json") + fmt.Fprintf(w, `{ + "success": true, + "errors": [], + "messages": [], + "result": [ + { + "china_network": false, + "client_certificate_forwarding": true, + "hostname": "admin.example.com" + }, + { + "china_network": true, + "client_certificate_forwarding": false, + "hostname": "foobar.example.com" + } + ] + }`) + } + + want := []AccessMutualTLSHostnameSettings{ + { + ChinaNetwork: BoolPtr(false), + ClientCertificateForwarding: BoolPtr(true), + Hostname: "admin.example.com", + }, + { + ChinaNetwork: BoolPtr(true), + ClientCertificateForwarding: BoolPtr(false), + Hostname: "foobar.example.com", + }, + } + + mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/settings", handler) + + actual, err := client.ListAccessMutualTLSHostnameSettings(context.Background(), testAccountRC) + + if assert.NoError(t, err) { + assert.Equal(t, want, actual) + } + + mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/settings", handler) + + actual, err = client.ListAccessMutualTLSHostnameSettings(context.Background(), testZoneRC) + + if assert.NoError(t, err) { + assert.Equal(t, want, actual) + } +} + +func TestUpdateAccessMutualTLSHostnameSettings(t *testing.T) { + setup() + defer teardown() + + handler := func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method) + w.Header().Set("content-type", "application/json") + fmt.Fprintf(w, `{ + "success": true, + "errors": [], + "messages": [], + "result": [ + { + "china_network": false, + "client_certificate_forwarding": true, + "hostname": "admin.example.com" + }, + { + "china_network": true, + "client_certificate_forwarding": false, + "hostname": "foobar.example.com" + } + ] + }`) + } + + certificateSettings := UpdateAccessMutualTLSHostnameSettingsParams{ + Settings: []AccessMutualTLSHostnameSettings{ + { + ChinaNetwork: BoolPtr(false), + ClientCertificateForwarding: BoolPtr(true), + Hostname: "admin.example.com", + }, + { + ChinaNetwork: BoolPtr(true), + ClientCertificateForwarding: BoolPtr(false), + Hostname: "foobar.example.com", + }, + }, + } + + want := []AccessMutualTLSHostnameSettings{ + { + ChinaNetwork: BoolPtr(false), + ClientCertificateForwarding: BoolPtr(true), + Hostname: "admin.example.com", + }, + { + ChinaNetwork: BoolPtr(true), + ClientCertificateForwarding: BoolPtr(false), + Hostname: "foobar.example.com", + }, + } + + mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/settings", handler) + + actual, err := client.UpdateAccessMutualTLSHostnameSettings(context.Background(), testAccountRC, certificateSettings) + + if assert.NoError(t, err) { + assert.Equal(t, want, actual) + } + + mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/settings", handler) + + actual, err = client.UpdateAccessMutualTLSHostnameSettings(context.Background(), testZoneRC, certificateSettings) + + if assert.NoError(t, err) { + assert.Equal(t, want, actual) + } +}