Skip to content

Commit

Permalink
Merge pull request #475 from apigee/issue474
Browse files Browse the repository at this point in the history
feat: adding tls enforce
  • Loading branch information
ssvaidyanathan authored May 29, 2024
2 parents 99b4b5e + 7930ad5 commit 10eca08
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 12 deletions.
16 changes: 10 additions & 6 deletions internal/client/targetservers/targetservers.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ type targetserver struct {

type sslInfo struct {
Enabled *bool `json:"enabled,omitempty"`
Enforce *bool `json:"enforce,omitempty"`
ClientAuthEnabled *bool `json:"clientAuthEnabled,omitempty"`
Keystore string `json:"keyStore,omitempty"`
Keyalias string `json:"keyAlias,omitempty"`
Expand All @@ -61,7 +62,7 @@ type commonName struct {
}

// Create
func Create(name string, description string, host string, port int, enable bool, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) {
func Create(name string, description string, host string, port int, enable bool, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, tlsenforce string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) {
e := new(bool)
*e = enable

Expand All @@ -70,11 +71,11 @@ func Create(name string, description string, host string, port int, enable bool,
IsEnabled: e,
}

return createOrUpdate("create", targetsvr, name, description, host, port, protocol, keyStore, keyAlias, trustStore, tlsenabled, clientAuthEnabled, ignoreValidationErrors)
return createOrUpdate("create", targetsvr, name, description, host, port, protocol, keyStore, keyAlias, trustStore, tlsenabled, tlsenforce, clientAuthEnabled, ignoreValidationErrors)
}

// Update
func Update(name string, description string, host string, port int, enable bool, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) {
func Update(name string, description string, host string, port int, enable bool, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, tlsenforce string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) {
apiclient.ClientPrintHttpResponse.Set(false)
targetRespBody, err := Get(name)
if err != nil {
Expand All @@ -89,10 +90,10 @@ func Update(name string, description string, host string, port int, enable bool,

targetsvr.IsEnabled = &enable

return createOrUpdate("update", targetsvr, name, description, host, port, protocol, keyStore, keyAlias, trustStore, tlsenabled, clientAuthEnabled, ignoreValidationErrors)
return createOrUpdate("update", targetsvr, name, description, host, port, protocol, keyStore, keyAlias, trustStore, tlsenabled, tlsenforce, clientAuthEnabled, ignoreValidationErrors)
}

func createOrUpdate(action string, targetsvr targetserver, name string, description string, host string, port int, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) {
func createOrUpdate(action string, targetsvr targetserver, name string, description string, host string, port int, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, tlsenforce string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) {
if description != "" {
targetsvr.Description = description
}
Expand All @@ -107,7 +108,7 @@ func createOrUpdate(action string, targetsvr targetserver, name string, descript
targetsvr.Protocol = protocol
}

if keyStore != "" || keyAlias != "" || trustStore != "" || tlsenabled != "" ||
if keyStore != "" || keyAlias != "" || trustStore != "" || tlsenabled != "" || tlsenforce != "" ||
clientAuthEnabled != "" || ignoreValidationErrors != "" {
if targetsvr.SslInfo == nil {
targetsvr.SslInfo = &sslInfo{}
Expand All @@ -118,6 +119,9 @@ func createOrUpdate(action string, targetsvr targetserver, name string, descript
if tlsenabled != "" {
targetsvr.SslInfo.Enabled = getBool(tlsenabled)
}
if tlsenforce != "" {
targetsvr.SslInfo.Enforce = getBool(tlsenforce)
}
if clientAuthEnabled != "" {
targetsvr.SslInfo.ClientAuthEnabled = getBool(clientAuthEnabled)
}
Expand Down
17 changes: 12 additions & 5 deletions internal/cmd/targetservers/crtts.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ var CreateCmd = &cobra.Command{
return fmt.Errorf("tlsenabled must be set to true or false")
}
}
if tlsenforce != "" {
if _, err := strconv.ParseBool(tlsenforce); err != nil {
return fmt.Errorf("tlsenforce must be set to true or false")
}
}
if clientAuthEnabled != "" {
if _, err := strconv.ParseBool(clientAuthEnabled); err != nil {
return fmt.Errorf("clientAuthEnabled must be set to true or false")
Expand All @@ -58,17 +63,17 @@ var CreateCmd = &cobra.Command{
enable,
protocol,
keyStore, keyAlias, trustStore,
tlsenabled, clientAuthEnabled,
tlsenabled, tlsenforce, clientAuthEnabled,
ignoreValidationErrors)
return err
},
}

var (
tlsenabled, clientAuthEnabled, description, host, keyStore, keyAlias string
trustStore, protocol, ignoreValidationErrors string
enable bool
port int
tlsenabled, tlsenforce, clientAuthEnabled, description, host, keyStore, keyAlias string
trustStore, protocol, ignoreValidationErrors string
enable bool
port int
)

func init() {
Expand All @@ -90,6 +95,8 @@ func init() {

CreateCmd.Flags().StringVarP(&tlsenabled, "tls", "",
"", "Enable TLS for the target server")
CreateCmd.Flags().StringVarP(&tlsenforce, "tlsenforce", "",
"", "Enforce TLS for the target server")
CreateCmd.Flags().StringVarP(&clientAuthEnabled, "client-auth", "c",
"", "Enable mTLS for the target server")
CreateCmd.Flags().StringVarP(&ignoreValidationErrors, "ignore-err", "i",
Expand Down
9 changes: 8 additions & 1 deletion internal/cmd/targetservers/updatets.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ var UpdateCmd = &cobra.Command{
return fmt.Errorf("tlsenabled must be set to true or false")
}
}
if tlsenforce != "" {
if _, err := strconv.ParseBool(tlsenforce); err != nil {
return fmt.Errorf("tlsenforce must be set to true or false")
}
}
if clientAuthEnabled != "" {
if _, err := strconv.ParseBool(clientAuthEnabled); err != nil {
return fmt.Errorf("clientAuthEnabled must be set to true or false")
Expand All @@ -58,7 +63,7 @@ var UpdateCmd = &cobra.Command{
enable,
protocol,
keyStore, keyAlias, trustStore,
tlsenabled, clientAuthEnabled,
tlsenabled, tlsenforce, clientAuthEnabled,
ignoreValidationErrors)
return err
},
Expand All @@ -83,6 +88,8 @@ func init() {

UpdateCmd.Flags().StringVarP(&tlsenabled, "tls", "",
"", "Enable TLS for the target server")
UpdateCmd.Flags().StringVarP(&tlsenforce, "tlsenforce", "",
"", "Enforce TLS for the target server")
UpdateCmd.Flags().StringVarP(&clientAuthEnabled, "client-auth", "c",
"", "Enable mTLS for the target server")
UpdateCmd.Flags().StringVarP(&ignoreValidationErrors, "ignore-err", "i",
Expand Down

0 comments on commit 10eca08

Please sign in to comment.