Skip to content

Commit

Permalink
AUTH-5959 add support for access mutual tls hostname settings
Browse files Browse the repository at this point in the history
  • Loading branch information
ajholland committed Mar 7, 2024
1 parent 639f10a commit dcdad2d
Show file tree
Hide file tree
Showing 3 changed files with 195 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .changelog/1516.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
access_mutual_tls_certificates: add support for mutual tls hostname settings
```
65 changes: 65 additions & 0 deletions access_mutual_tls_certificates.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,21 @@ type UpdateAccessMutualTLSCertificateParams struct {
AssociatedHostnames []string `json:"associated_hostnames,omitempty"`
}

type AccessMutualTLSHostnameSettings struct {
ChinaNetwork bool `json:"china_network,omitempty"`
ClientCertificateForwarding bool `json:"client_certificate_forwarding,omitempty"`
Hostname string `json:"hostname,omitempty"`
}

type ListAccessMutualTLSHostnameSettingsResponse struct {
Response
Result []AccessMutualTLSHostnameSettings `json:"result"`
}

type UpdateAccessMutualTLSHostnameSettingsParams struct {
Settings []AccessMutualTLSHostnameSettings `json:"settings,omitempty"`
}

// ListAccessMutualTLSCertificates returns all Access TLS certificates
//
// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-list-mtls-certificates
Expand Down Expand Up @@ -212,3 +227,53 @@ func (api *API) DeleteAccessMutualTLSCertificate(ctx context.Context, rc *Resour

return nil
}

// ListAccessMutualTLSHostnameSettings returns all Access mTLS hostname settings.
//
// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate-settings
// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-list-mtls-certificates-hostname-settings
func (api *API) ListAccessMutualTLSHostnameSettings(ctx context.Context, rc *ResourceContainer) ([]AccessMutualTLSHostnameSettings, error) {
uri := fmt.Sprintf(
"/%s/%s/access/certificates/settings",
rc.Level,
rc.Identifier,
)

res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
if err != nil {
return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
}

var accessMutualTLSHostnameSettingsResponse ListAccessMutualTLSHostnameSettingsResponse
err = json.Unmarshal(res, &accessMutualTLSHostnameSettingsResponse)
if err != nil {
return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}

return accessMutualTLSHostnameSettingsResponse.Result, nil
}

// UpdateAccessMutualTLSHostnameSettings updates Access mTLS certificate hostname settings.
//
// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate-settings
// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-update-an-mtls-certificate-settings
func (api *API) UpdateAccessMutualTLSHostnameSettings(ctx context.Context, rc *ResourceContainer, params UpdateAccessMutualTLSHostnameSettingsParams) ([]AccessMutualTLSHostnameSettings, error) {
uri := fmt.Sprintf(
"/%s/%s/access/certificates/settings",
rc.Level,
rc.Identifier,
)

res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
if err != nil {
return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
}

var accessMutualTLSHostnameSettingsResponse ListAccessMutualTLSHostnameSettingsResponse
err = json.Unmarshal(res, &accessMutualTLSHostnameSettingsResponse)
if err != nil {
return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}

return accessMutualTLSHostnameSettingsResponse.Result, nil
}
127 changes: 127 additions & 0 deletions access_mutual_tls_certificates_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -276,3 +276,130 @@ func TestDeleteAccessMutualTLSCertificate(t *testing.T) {

assert.NoError(t, err)
}

func TestListAccessMutualTLSHostnameSettings(t *testing.T) {
setup()
defer teardown()

handler := func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
w.Header().Set("content-type", "application/json")
fmt.Fprintf(w, `{
"success": true,
"errors": [],
"messages": [],
"result": [
{
"china_network": false,
"client_certificate_forwarding": true,
"hostname": "admin.example.com"
},
{
"china_network": true,
"client_certificate_forwarding": false,
"hostname": "foobar.example.com"
}
]
}`)
}

want := []AccessMutualTLSHostnameSettings{
{
ChinaNetwork: false,
ClientCertificateForwarding: true,
Hostname: "admin.example.com",
},
{
ChinaNetwork: true,
ClientCertificateForwarding: false,
Hostname: "foobar.example.com",
},
}

mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/settings", handler)

actual, err := client.ListAccessMutualTLSHostnameSettings(context.Background(), testAccountRC)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}

mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/settings", handler)

actual, err = client.ListAccessMutualTLSHostnameSettings(context.Background(), testZoneRC)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}
}

func TestUpdateAccessMutualTLSHostnameSettings(t *testing.T) {
setup()
defer teardown()

handler := func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
w.Header().Set("content-type", "application/json")
fmt.Fprintf(w, `{
"success": true,
"errors": [],
"messages": [],
"result": [
{
"china_network": false,
"client_certificate_forwarding": true,
"hostname": "admin.example.com"
},
{
"china_network": true,
"client_certificate_forwarding": false,
"hostname": "foobar.example.com"
}
]
}`)
}

certificateSettings := UpdateAccessMutualTLSHostnameSettingsParams{
Settings: []AccessMutualTLSHostnameSettings{
{
ChinaNetwork: false,
ClientCertificateForwarding: true,
Hostname: "admin.example.com",
},
{
ChinaNetwork: true,
ClientCertificateForwarding: false,
Hostname: "foobar.example.com",
},
},
}

want := []AccessMutualTLSHostnameSettings{
{
ChinaNetwork: false,
ClientCertificateForwarding: true,
Hostname: "admin.example.com",
},
{
ChinaNetwork: true,
ClientCertificateForwarding: false,
Hostname: "foobar.example.com",
},
}

mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/settings", handler)

actual, err := client.UpdateAccessMutualTLSHostnameSettings(context.Background(), testAccountRC, certificateSettings)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}

mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/settings", handler)

actual, err = client.UpdateAccessMutualTLSHostnameSettings(context.Background(), testZoneRC, certificateSettings)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
}
}

0 comments on commit dcdad2d

Please sign in to comment.