Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AUTH-5959 add support for access mutual tls hostname settings #1516

Merged
merged 2 commits into from Mar 7, 2024
Merged

AUTH-5959 add support for access mutual tls hostname settings #1516

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
adb2f04
AUTH-5959 add support for access mutual tls hostname settings
ajholland Mar 7, 2024
84e7bd4
s/List/Get
jacobbednarz Mar 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/1516.txt
View file
Open in desktop
@@ -0,0 +1,3 @@
```release-note:enhancement
access_mutual_tls_certificates: add support for mutual tls hostname settings
```
65 changes: 65 additions & 0 deletions access_mutual_tls_certificates.go
View file
Open in desktop
Expand Up @@ -58,6 +58,21 @@ type UpdateAccessMutualTLSCertificateParams struct {
AssociatedHostnames []string `json:"associated_hostnames,omitempty"`
}

type AccessMutualTLSHostnameSettings struct {
ChinaNetwork *bool `json:"china_network,omitempty"`
ClientCertificateForwarding *bool `json:"client_certificate_forwarding,omitempty"`
Hostname string `json:"hostname,omitempty"`
}

type GetAccessMutualTLSHostnameSettingsResponse struct {
Response
Result []AccessMutualTLSHostnameSettings `json:"result"`
}

type UpdateAccessMutualTLSHostnameSettingsParams struct {
Settings []AccessMutualTLSHostnameSettings `json:"settings,omitempty"`
}

// ListAccessMutualTLSCertificates returns all Access TLS certificates
//
// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-list-mtls-certificates
Expand Down Expand Up @@ -212,3 +227,53 @@ func (api *API) DeleteAccessMutualTLSCertificate(ctx context.Context, rc *Resour

return nil
}

// GetAccessMutualTLSHostnameSettings returns all Access mTLS hostname settings.
//
// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate-settings
// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-list-mtls-certificates-hostname-settings
func (api *API) GetAccessMutualTLSHostnameSettings(ctx context.Context, rc *ResourceContainer) ([]AccessMutualTLSHostnameSettings, error) {
uri := fmt.Sprintf(
"/%s/%s/access/certificates/settings",
rc.Level,
rc.Identifier,
)

res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
if err != nil {
return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
}

var accessMutualTLSHostnameSettingsResponse GetAccessMutualTLSHostnameSettingsResponse
err = json.Unmarshal(res, &accessMutualTLSHostnameSettingsResponse)
if err != nil {
return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}

return accessMutualTLSHostnameSettingsResponse.Result, nil
}

// UpdateAccessMutualTLSHostnameSettings updates Access mTLS certificate hostname settings.
//
// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate-settings
// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-update-an-mtls-certificate-settings
func (api *API) UpdateAccessMutualTLSHostnameSettings(ctx context.Context, rc *ResourceContainer, params UpdateAccessMutualTLSHostnameSettingsParams) ([]AccessMutualTLSHostnameSettings, error) {
uri := fmt.Sprintf(
"/%s/%s/access/certificates/settings",
rc.Level,
rc.Identifier,
)

res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
if err != nil {
return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
}

var accessMutualTLSHostnameSettingsResponse GetAccessMutualTLSHostnameSettingsResponse
err = json.Unmarshal(res, &accessMutualTLSHostnameSettingsResponse)
if err != nil {
return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}

return accessMutualTLSHostnameSettingsResponse.Result, nil
}
127 changes: 127 additions & 0 deletions access_mutual_tls_certificates_test.go
View file
Open in desktop
Expand Up @@ -276,3 +276,130 @@ func TestDeleteAccessMutualTLSCertificate(t *testing.T) {

assert.NoError(t, err)
}

func TestGetAccessMutualTLSHostnameSettings(t *testing.T) {
setup()
defer teardown()

handler := func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
w.Header().Set("content-type", "application/json")
fmt.Fprintf(w, `{
"success": true,
"errors": [],
"messages": [],
"result": [
{
"china_network": false,
"client_certificate_forwarding": true,
"hostname": "admin.example.com"
},
{
"china_network": true,
"client_certificate_forwarding": false,
"hostname": "foobar.example.com"
}
]
}`)
}

want := []AccessMutualTLSHostnameSettings{
{
ChinaNetwork: BoolPtr(false),
ClientCertificateForwarding: BoolPtr(true),
Hostname: "admin.example.com",
},
{
ChinaNetwork: BoolPtr(true),
ClientCertificateForwarding: BoolPtr(false),
Hostname: "foobar.example.com",
},
}

mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/settings", handler)

actual, err := client.GetAccessMutualTLSHostnameSettings(context.Background(), testAccountRC)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}

mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/settings", handler)

actual, err = client.GetAccessMutualTLSHostnameSettings(context.Background(), testZoneRC)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}
}

func TestUpdateAccessMutualTLSHostnameSettings(t *testing.T) {
setup()
defer teardown()

handler := func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
w.Header().Set("content-type", "application/json")
fmt.Fprintf(w, `{
"success": true,
"errors": [],
"messages": [],
"result": [
{
"china_network": false,
"client_certificate_forwarding": true,
"hostname": "admin.example.com"
},
{
"china_network": true,
"client_certificate_forwarding": false,
"hostname": "foobar.example.com"
}
]
}`)
}

certificateSettings := UpdateAccessMutualTLSHostnameSettingsParams{
Settings: []AccessMutualTLSHostnameSettings{
{
ChinaNetwork: BoolPtr(false),
ClientCertificateForwarding: BoolPtr(true),
Hostname: "admin.example.com",
},
{
ChinaNetwork: BoolPtr(true),
ClientCertificateForwarding: BoolPtr(false),
Hostname: "foobar.example.com",
},
},
}

want := []AccessMutualTLSHostnameSettings{
{
ChinaNetwork: BoolPtr(false),
ClientCertificateForwarding: BoolPtr(true),
Hostname: "admin.example.com",
},
{
ChinaNetwork: BoolPtr(true),
ClientCertificateForwarding: BoolPtr(false),
Hostname: "foobar.example.com",
},
}

mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/settings", handler)

actual, err := client.UpdateAccessMutualTLSHostnameSettings(context.Background(), testAccountRC, certificateSettings)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}

mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/settings", handler)

actual, err = client.UpdateAccessMutualTLSHostnameSettings(context.Background(), testZoneRC, certificateSettings)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}
}