diff --git a/go.mod b/go.mod index 77a4f6c6a7..f31ec2c987 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/confluentinc/ccloud-sdk-go-v2/ccl v0.4.0 github.com/confluentinc/ccloud-sdk-go-v2/ccpm v0.0.1 github.com/confluentinc/ccloud-sdk-go-v2/cdx v0.0.5 - github.com/confluentinc/ccloud-sdk-go-v2/certificate-authority v0.0.2 + github.com/confluentinc/ccloud-sdk-go-v2/certificate-authority v0.0.3 github.com/confluentinc/ccloud-sdk-go-v2/cli v0.3.0 github.com/confluentinc/ccloud-sdk-go-v2/cmk v0.25.0 github.com/confluentinc/ccloud-sdk-go-v2/connect v0.7.0 diff --git a/go.sum b/go.sum index e761d8c46f..6c48dd69eb 100644 --- a/go.sum +++ b/go.sum @@ -204,8 +204,8 @@ github.com/confluentinc/ccloud-sdk-go-v2/ccpm v0.0.1 h1:q++EceNVxARLSE5J9FO3Vbp9 github.com/confluentinc/ccloud-sdk-go-v2/ccpm v0.0.1/go.mod h1:toZWg8FVpQZ/80az0XTB4Fv22E5HJtEiMXxt4rU1JoI= github.com/confluentinc/ccloud-sdk-go-v2/cdx v0.0.5 h1:w0Z2hFxg8ng8gycWKRZFdus1R+q8D/I5AmN06NZso5s= github.com/confluentinc/ccloud-sdk-go-v2/cdx v0.0.5/go.mod h1:L8U9xs2duASJnjIYkwGrSbZNpApsbh+vlxsJlZMHJPA= -github.com/confluentinc/ccloud-sdk-go-v2/certificate-authority v0.0.2 h1:stsiO1JIRX6ITdw4DCsidQ0w7uhsyKDsYXwzxvi14GI= -github.com/confluentinc/ccloud-sdk-go-v2/certificate-authority v0.0.2/go.mod h1:OU1RGuP2y5l54jX5rA++QBAKeRvSa7GmkfNgJvB9J6M= +github.com/confluentinc/ccloud-sdk-go-v2/certificate-authority v0.0.3 h1:jagGRDqY/ZYKaU7Rv9rz5ynMGxNoX7f9TQ/RsbvmJPw= +github.com/confluentinc/ccloud-sdk-go-v2/certificate-authority v0.0.3/go.mod h1:Lt0BOSolRuMvnaV+aASN8KlPpkLl6+TNQKiqJosGaws= github.com/confluentinc/ccloud-sdk-go-v2/cli v0.3.0 h1:OOFNqtZN3Spuzz4TX6K6JfDM7zNDIE6BE1TtK78jFHQ= github.com/confluentinc/ccloud-sdk-go-v2/cli v0.3.0/go.mod h1:Mv0WTsBXUfKjmF+r2t2Dv/xJzZf17shhf5J1cttU2Qo= github.com/confluentinc/ccloud-sdk-go-v2/cmk v0.25.0 h1:EdZzQZ4SI5q+f0DQPjH3lWpygz1wYz7IE0K62Mv06bY= diff --git a/internal/iam/command_certificate_authority.go b/internal/iam/command_certificate_authority.go index 31672f7856..892ff485a0 100644 --- a/internal/iam/command_certificate_authority.go +++ b/internal/iam/command_certificate_authority.go @@ -16,16 +16,17 @@ type certificateAuthorityCommand struct { } type certificateAuthorityOut struct { - Id string `human:"ID" serialized:"id"` - Name string `human:"Name" serialized:"name"` - Description string `human:"Description" serialized:"description"` - Fingerprints []string `human:"Fingerprints" serialized:"fingerprints"` - ExpirationDates []time.Time `human:"Expiration Dates" serialized:"expiration_dates"` - SerialNumbers []string `human:"Serial Numbers" serialized:"serial_numbers"` - CertificateChainFilename string `human:"Certificate Chain Filename" serialized:"certificate_chain_filename"` - CrlSource string `human:"CRL Source,omitempty" serialized:"crl_source,omitempty"` - CrlUrl string `human:"CRL URL,omitempty" serialized:"crl_url,omitempty"` - CrlUpdatedAt *time.Time `human:"CRL Updated At,omitempty" serialized:"crl_updated_at,omitempty"` + Id string `human:"ID" serialized:"id"` + Name string `human:"Name" serialized:"name"` + Description string `human:"Description" serialized:"description"` + Fingerprints []string `human:"Fingerprints" serialized:"fingerprints"` + ExpirationDates []time.Time `human:"Expiration Dates" serialized:"expiration_dates"` + SerialNumbers []string `human:"Serial Numbers" serialized:"serial_numbers"` + CertificateChainFilename string `human:"Certificate Chain Filename" serialized:"certificate_chain_filename"` + CrlSource string `human:"CRL Source,omitempty" serialized:"crl_source,omitempty"` + CrlUrl string `human:"CRL URL,omitempty" serialized:"crl_url,omitempty"` + CrlUpdatedAt *time.Time `human:"CRL Updated At,omitempty" serialized:"crl_updated_at,omitempty"` + RequireCrlOnClientCertificate bool `human:"Require Client CRL" serialized:"require_client_crl"` } func newCertificateAuthorityCommand(prerunner pcmd.PreRunner) *cobra.Command { @@ -49,16 +50,17 @@ func newCertificateAuthorityCommand(prerunner pcmd.PreRunner) *cobra.Command { func printCertificateAuthority(cmd *cobra.Command, certificateAuthority certificateauthorityv2.IamV2CertificateAuthority) error { table := output.NewTable(cmd) table.Add(&certificateAuthorityOut{ - Id: certificateAuthority.GetId(), - Name: certificateAuthority.GetDisplayName(), - Description: certificateAuthority.GetDescription(), - Fingerprints: certificateAuthority.GetFingerprints(), - ExpirationDates: certificateAuthority.GetExpirationDates(), - SerialNumbers: certificateAuthority.GetSerialNumbers(), - CertificateChainFilename: certificateAuthority.GetCertificateChainFilename(), - CrlSource: certificateAuthority.GetCrlSource(), - CrlUrl: certificateAuthority.GetCrlUrl(), - CrlUpdatedAt: certificateAuthority.CrlUpdatedAt, + Id: certificateAuthority.GetId(), + Name: certificateAuthority.GetDisplayName(), + Description: certificateAuthority.GetDescription(), + Fingerprints: certificateAuthority.GetFingerprints(), + ExpirationDates: certificateAuthority.GetExpirationDates(), + SerialNumbers: certificateAuthority.GetSerialNumbers(), + CertificateChainFilename: certificateAuthority.GetCertificateChainFilename(), + CrlSource: certificateAuthority.GetCrlSource(), + CrlUrl: certificateAuthority.GetCrlUrl(), + CrlUpdatedAt: certificateAuthority.CrlUpdatedAt, + RequireCrlOnClientCertificate: certificateAuthority.GetRequireCrlOnClientCertificate(), }) return table.Print() } diff --git a/internal/iam/command_certificate_authority_create.go b/internal/iam/command_certificate_authority_create.go index a8ac3c44be..4105a39fbe 100644 --- a/internal/iam/command_certificate_authority_create.go +++ b/internal/iam/command_certificate_authority_create.go @@ -49,6 +49,7 @@ X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== cmd.Flags().String("certificate-chain-filename", "", "The name of the certificate file.") cmd.Flags().String("crl-url", "", "The URL from which to fetch the CRL (Certificate Revocation List) for the certificate authority.") cmd.Flags().String("crl-chain", "", "A base64 encoded string containing the CRL for this certificate authority.") + cmd.Flags().Bool("require-client-crl", false, "Whether to require CRL validation on client certificates.") pcmd.AddContextFlag(cmd, c.CLICommand) pcmd.AddOutputFlag(cmd) @@ -85,13 +86,19 @@ func (c *certificateAuthorityCommand) create(cmd *cobra.Command, args []string) return err } + requireCrlOnClientCertificate, err := cmd.Flags().GetBool("require-client-crl") + if err != nil { + return err + } + certRequest := certificateauthorityv2.IamV2CreateCertRequest{ - DisplayName: certificateauthorityv2.PtrString(args[0]), - Description: certificateauthorityv2.PtrString(description), - CertificateChain: certificateauthorityv2.PtrString(certificateChain), - CertificateChainFilename: certificateauthorityv2.PtrString(certificateChainFilename), - CrlUrl: certificateauthorityv2.PtrString(crlUrl), - CrlChain: certificateauthorityv2.PtrString(crlChain), + DisplayName: certificateauthorityv2.PtrString(args[0]), + Description: certificateauthorityv2.PtrString(description), + CertificateChain: certificateauthorityv2.PtrString(certificateChain), + CertificateChainFilename: certificateauthorityv2.PtrString(certificateChainFilename), + CrlUrl: certificateauthorityv2.PtrString(crlUrl), + CrlChain: certificateauthorityv2.PtrString(crlChain), + RequireCrlOnClientCertificate: certificateauthorityv2.PtrBool(requireCrlOnClientCertificate), } certificateAuthority, err := c.V2Client.CreateCertificateAuthority(certRequest) diff --git a/internal/iam/command_certificate_authority_list.go b/internal/iam/command_certificate_authority_list.go index 9280499a02..652ff18919 100644 --- a/internal/iam/command_certificate_authority_list.go +++ b/internal/iam/command_certificate_authority_list.go @@ -30,16 +30,17 @@ func (c *certificateAuthorityCommand) list(cmd *cobra.Command, _ []string) error list := output.NewList(cmd) for _, certificateAuthority := range certificateAuthorities { list.Add(&certificateAuthorityOut{ - Id: certificateAuthority.GetId(), - Name: certificateAuthority.GetDisplayName(), - Description: certificateAuthority.GetDescription(), - Fingerprints: certificateAuthority.GetFingerprints(), - ExpirationDates: certificateAuthority.GetExpirationDates(), - SerialNumbers: certificateAuthority.GetSerialNumbers(), - CertificateChainFilename: certificateAuthority.GetCertificateChainFilename(), - CrlSource: certificateAuthority.GetCrlSource(), - CrlUrl: certificateAuthority.GetCrlUrl(), - CrlUpdatedAt: certificateAuthority.CrlUpdatedAt, + Id: certificateAuthority.GetId(), + Name: certificateAuthority.GetDisplayName(), + Description: certificateAuthority.GetDescription(), + Fingerprints: certificateAuthority.GetFingerprints(), + ExpirationDates: certificateAuthority.GetExpirationDates(), + SerialNumbers: certificateAuthority.GetSerialNumbers(), + CertificateChainFilename: certificateAuthority.GetCertificateChainFilename(), + CrlSource: certificateAuthority.GetCrlSource(), + CrlUrl: certificateAuthority.GetCrlUrl(), + CrlUpdatedAt: certificateAuthority.CrlUpdatedAt, + RequireCrlOnClientCertificate: certificateAuthority.GetRequireCrlOnClientCertificate(), }) } return list.Print() diff --git a/internal/iam/command_certificate_authority_update.go b/internal/iam/command_certificate_authority_update.go index 0b9a0d8365..03e33dfec7 100644 --- a/internal/iam/command_certificate_authority_update.go +++ b/internal/iam/command_certificate_authority_update.go @@ -30,6 +30,7 @@ func (c *certificateAuthorityCommand) newUpdateCommand() *cobra.Command { cmd.Flags().String("certificate-chain-filename", "", "The name of the certificate file.") cmd.Flags().String("crl-url", "", "The URL from which to fetch the CRL (Certificate Revocation List) for the certificate authority.") cmd.Flags().String("crl-chain", "", "A base64 encoded string containing the CRL for this certificate authority.") + cmd.Flags().Bool("require-client-crl", false, "Whether to require CRL validation on client certificates.") pcmd.AddContextFlag(cmd, c.CLICommand) pcmd.AddOutputFlag(cmd) @@ -46,11 +47,12 @@ func (c *certificateAuthorityCommand) update(cmd *cobra.Command, args []string) } update := certificateauthorityv2.IamV2UpdateCertRequest{ - Id: certificateauthorityv2.PtrString(args[0]), - DisplayName: currentCertificateAuthority.DisplayName, - Description: currentCertificateAuthority.Description, - CertificateChainFilename: currentCertificateAuthority.CertificateChainFilename, - CrlUrl: currentCertificateAuthority.CrlUrl, + Id: certificateauthorityv2.PtrString(args[0]), + DisplayName: currentCertificateAuthority.DisplayName, + Description: currentCertificateAuthority.Description, + CertificateChainFilename: currentCertificateAuthority.CertificateChainFilename, + CrlUrl: currentCertificateAuthority.CrlUrl, + RequireCrlOnClientCertificate: currentCertificateAuthority.RequireCrlOnClientCertificate, } if cmd.Flags().Changed("name") { name, err := cmd.Flags().GetString("name") @@ -93,6 +95,13 @@ func (c *certificateAuthorityCommand) update(cmd *cobra.Command, args []string) } update.CrlChain = certificateauthorityv2.PtrString(crlChain) } + if cmd.Flags().Changed("require-client-crl") { + requireCrlOnClientCertificate, err := cmd.Flags().GetBool("require-client-crl") + if err != nil { + return err + } + update.RequireCrlOnClientCertificate = certificateauthorityv2.PtrBool(requireCrlOnClientCertificate) + } certificateAuthority, err := c.V2Client.UpdateCertificateAuthority(update) if err != nil { diff --git a/test/fixtures/output/iam/certificate-authority/create-help.golden b/test/fixtures/output/iam/certificate-authority/create-help.golden index 848eb0fd11..b3a9c4943a 100644 --- a/test/fixtures/output/iam/certificate-authority/create-help.golden +++ b/test/fixtures/output/iam/certificate-authority/create-help.golden @@ -35,6 +35,7 @@ Flags: --certificate-chain-filename string REQUIRED: The name of the certificate file. --crl-url string The URL from which to fetch the CRL (Certificate Revocation List) for the certificate authority. --crl-chain string A base64 encoded string containing the CRL for this certificate authority. + --require-client-crl Whether to require CRL validation on client certificates. --context string CLI context name. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") diff --git a/test/fixtures/output/iam/certificate-authority/create-url-chain.golden b/test/fixtures/output/iam/certificate-authority/create-url-chain.golden index 2340774ae8..3833948874 100644 --- a/test/fixtures/output/iam/certificate-authority/create-url-chain.golden +++ b/test/fixtures/output/iam/certificate-authority/create-url-chain.golden @@ -8,4 +8,5 @@ | Certificate Chain Filename | certificate.pem | | CRL Source | LOCAL | | CRL Updated At | 2024-07-21 17:32:28 +0000 UTC | +| Require Client CRL | true | +----------------------------+------------------------------------------+ diff --git a/test/fixtures/output/iam/certificate-authority/create.golden b/test/fixtures/output/iam/certificate-authority/create.golden index c17b700ccf..ce29813195 100644 --- a/test/fixtures/output/iam/certificate-authority/create.golden +++ b/test/fixtures/output/iam/certificate-authority/create.golden @@ -6,4 +6,5 @@ | Expiration Dates | 2017-07-21 17:32:28 +0000 UTC | | Serial Numbers | 219C542DE8f6EC7177FA4EE8C3705797 | | Certificate Chain Filename | certificate.pem | +| Require Client CRL | true | +----------------------------+------------------------------------------+ diff --git a/test/fixtures/output/iam/certificate-authority/describe-autocomplete.golden b/test/fixtures/output/iam/certificate-authority/describe-autocomplete.golden new file mode 100644 index 0000000000..48274c5f1d --- /dev/null +++ b/test/fixtures/output/iam/certificate-authority/describe-autocomplete.golden @@ -0,0 +1,5 @@ +op-12345 my-ca +op-54321 my-ca-2 +op-67890 my-ca-3 +:4 +Completion ended with directive: ShellCompDirectiveNoFileComp diff --git a/test/fixtures/output/iam/certificate-authority/describe-json.golden b/test/fixtures/output/iam/certificate-authority/describe-json.golden index 8b2d8a6c76..c67f1caaf5 100644 --- a/test/fixtures/output/iam/certificate-authority/describe-json.golden +++ b/test/fixtures/output/iam/certificate-authority/describe-json.golden @@ -5,5 +5,6 @@ "fingerprints": ["B1BC968BD4f49D622AA89A81F2150152A41D829C"], "expiration_dates": ["2017-07-21T17:32:28Z"], "serial_numbers": ["219C542DE8f6EC7177FA4EE8C3705797"], - "certificate_chain_filename": "certificate.pem" + "certificate_chain_filename": "certificate.pem", + "require_client_crl": true } diff --git a/test/fixtures/output/iam/certificate-authority/describe.golden b/test/fixtures/output/iam/certificate-authority/describe.golden index c17b700ccf..ce29813195 100644 --- a/test/fixtures/output/iam/certificate-authority/describe.golden +++ b/test/fixtures/output/iam/certificate-authority/describe.golden @@ -6,4 +6,5 @@ | Expiration Dates | 2017-07-21 17:32:28 +0000 UTC | | Serial Numbers | 219C542DE8f6EC7177FA4EE8C3705797 | | Certificate Chain Filename | certificate.pem | +| Require Client CRL | true | +----------------------------+------------------------------------------+ diff --git a/test/fixtures/output/iam/certificate-authority/list-json.golden b/test/fixtures/output/iam/certificate-authority/list-json.golden index dd77b4ea2f..53b727df10 100644 --- a/test/fixtures/output/iam/certificate-authority/list-json.golden +++ b/test/fixtures/output/iam/certificate-authority/list-json.golden @@ -6,7 +6,8 @@ "fingerprints": ["B1BC968BD4f49D622AA89A81F2150152A41D829C"], "expiration_dates": ["2017-07-21T17:32:28Z"], "serial_numbers": ["219C542DE8f6EC7177FA4EE8C3705797"], - "certificate_chain_filename": "certificate.pem" + "certificate_chain_filename": "certificate.pem", + "require_client_crl": true }, { "id": "op-54321", @@ -17,7 +18,8 @@ "serial_numbers": ["219C542DE8f6EC7177FA4EE8C3705797"], "certificate_chain_filename": "certificate-2.pem", "crl_source": "LOCAL", - "crl_updated_at": "2024-07-21T17:32:28Z" + "crl_updated_at": "2024-07-21T17:32:28Z", + "require_client_crl": false }, { "id": "op-67890", @@ -29,6 +31,7 @@ "certificate_chain_filename": "certificate-3.pem", "crl_source": "URL", "crl_url": "example.url", - "crl_updated_at": "2024-07-21T17:32:28Z" + "crl_updated_at": "2024-07-21T17:32:28Z", + "require_client_crl": true } ] diff --git a/test/fixtures/output/iam/certificate-authority/list.golden b/test/fixtures/output/iam/certificate-authority/list.golden index 827cc9efbe..093b527f8e 100644 --- a/test/fixtures/output/iam/certificate-authority/list.golden +++ b/test/fixtures/output/iam/certificate-authority/list.golden @@ -1,5 +1,5 @@ - ID | Name | Description | Fingerprints | Expiration Dates | Serial Numbers | Certificate Chain Filename | CRL Source | CRL URL | CRL Updated At ------------+---------+--------------------------------+------------------------------------------+-------------------------------+----------------------------------+----------------------------+------------+-------------+-------------------------------- - op-12345 | my-ca | my certificate authority | B1BC968BD4f49D622AA89A81F2150152A41D829C | 2017-07-21 17:32:28 +0000 UTC | 219C542DE8f6EC7177FA4EE8C3705797 | certificate.pem | | | - op-54321 | my-ca-2 | my other certificate authority | B1BC968BD4f49D622AA89A81F2150152A41D829C | 2017-07-21 17:32:28 +0000 UTC | 219C542DE8f6EC7177FA4EE8C3705797 | certificate-2.pem | LOCAL | | 2024-07-21 17:32:28 +0000 UTC - op-67890 | my-ca-3 | my other certificate authority | B1BC968BD4f49D622AA89A81F2150152A41D829C | 2017-07-21 17:32:28 +0000 UTC | 219C542DE8f6EC7177FA4EE8C3705797 | certificate-3.pem | URL | example.url | 2024-07-21 17:32:28 +0000 UTC + ID | Name | Description | Fingerprints | Expiration Dates | Serial Numbers | Certificate Chain Filename | CRL Source | CRL URL | CRL Updated At | Require Client CRL +-----------+---------+--------------------------------+------------------------------------------+-------------------------------+----------------------------------+----------------------------+------------+-------------+-------------------------------+--------------------- + op-12345 | my-ca | my certificate authority | B1BC968BD4f49D622AA89A81F2150152A41D829C | 2017-07-21 17:32:28 +0000 UTC | 219C542DE8f6EC7177FA4EE8C3705797 | certificate.pem | | | | true + op-54321 | my-ca-2 | my other certificate authority | B1BC968BD4f49D622AA89A81F2150152A41D829C | 2017-07-21 17:32:28 +0000 UTC | 219C542DE8f6EC7177FA4EE8C3705797 | certificate-2.pem | LOCAL | | 2024-07-21 17:32:28 +0000 UTC | false + op-67890 | my-ca-3 | my other certificate authority | B1BC968BD4f49D622AA89A81F2150152A41D829C | 2017-07-21 17:32:28 +0000 UTC | 219C542DE8f6EC7177FA4EE8C3705797 | certificate-3.pem | URL | example.url | 2024-07-21 17:32:28 +0000 UTC | true diff --git a/test/fixtures/output/iam/certificate-authority/update-crl-url.golden b/test/fixtures/output/iam/certificate-authority/update-crl-url.golden index 2f077d3694..e006cabb9d 100644 --- a/test/fixtures/output/iam/certificate-authority/update-crl-url.golden +++ b/test/fixtures/output/iam/certificate-authority/update-crl-url.golden @@ -9,4 +9,5 @@ | CRL Source | URL | | CRL URL | example.url | | CRL Updated At | 2024-07-21 17:32:28 +0000 UTC | +| Require Client CRL | true | +----------------------------+------------------------------------------+ diff --git a/test/fixtures/output/iam/certificate-authority/update-fail.golden b/test/fixtures/output/iam/certificate-authority/update-fail.golden index 8f71425ad8..62c1137b39 100644 --- a/test/fixtures/output/iam/certificate-authority/update-fail.golden +++ b/test/fixtures/output/iam/certificate-authority/update-fail.golden @@ -14,6 +14,7 @@ Flags: --certificate-chain-filename string The name of the certificate file. --crl-url string The URL from which to fetch the CRL (Certificate Revocation List) for the certificate authority. --crl-chain string A base64 encoded string containing the CRL for this certificate authority. + --require-client-crl Whether to require CRL validation on client certificates. --context string CLI context name. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") diff --git a/test/fixtures/output/iam/certificate-authority/update-help.golden b/test/fixtures/output/iam/certificate-authority/update-help.golden index d0c8bc09c3..b8ca650f4c 100644 --- a/test/fixtures/output/iam/certificate-authority/update-help.golden +++ b/test/fixtures/output/iam/certificate-authority/update-help.golden @@ -15,6 +15,7 @@ Flags: --certificate-chain-filename string The name of the certificate file. --crl-url string The URL from which to fetch the CRL (Certificate Revocation List) for the certificate authority. --crl-chain string A base64 encoded string containing the CRL for this certificate authority. + --require-client-crl Whether to require CRL validation on client certificates. --context string CLI context name. -o, --output string Specify the output format as "human", "json", or "yaml". (default "human") diff --git a/test/fixtures/output/iam/certificate-authority/update-require-crl.golden b/test/fixtures/output/iam/certificate-authority/update-require-crl.golden new file mode 100644 index 0000000000..c26c576f76 --- /dev/null +++ b/test/fixtures/output/iam/certificate-authority/update-require-crl.golden @@ -0,0 +1,10 @@ ++----------------------------+------------------------------------------+ +| ID | op-12345 | +| Name | my-ca | +| Description | my certificate authority | +| Fingerprints | B1BC968BD4f49D622AA89A81F2150152A41D829C | +| Expiration Dates | 2017-07-21 17:32:28 +0000 UTC | +| Serial Numbers | 219C542DE8f6EC7177FA4EE8C3705797 | +| Certificate Chain Filename | certificate.pem | +| Require Client CRL | false | ++----------------------------+------------------------------------------+ diff --git a/test/fixtures/output/iam/certificate-authority/update.golden b/test/fixtures/output/iam/certificate-authority/update.golden index d4ad8515b4..09d72fd5e9 100644 --- a/test/fixtures/output/iam/certificate-authority/update.golden +++ b/test/fixtures/output/iam/certificate-authority/update.golden @@ -6,4 +6,5 @@ | Expiration Dates | 2017-07-21 17:32:28 +0000 UTC | | Serial Numbers | 219C542DE8f6EC7177FA4EE8C3705797 | | Certificate Chain Filename | certificate-2.pem | +| Require Client CRL | true | +----------------------------+------------------------------------------+ diff --git a/test/iam_test.go b/test/iam_test.go index 100ba69f81..92b455f7d4 100644 --- a/test/iam_test.go +++ b/test/iam_test.go @@ -317,8 +317,8 @@ func (s *CLITestSuite) TestIamPool() { func (s *CLITestSuite) TestIamCertificateAuthority() { tests := []CLITest{ - {args: `iam certificate-authority create my-ca --description "my certificate authority" --certificate-chain ABC123 --certificate-chain-filename certificate.pem`, fixture: "iam/certificate-authority/create.golden"}, - {args: `iam certificate-authority create my-ca --description "my certificate authority" --certificate-chain ABC123 --certificate-chain-filename certificate.pem --crl-chain DEF456`, fixture: "iam/certificate-authority/create-url-chain.golden"}, + {args: `iam certificate-authority create my-ca --description "my certificate authority" --certificate-chain ABC123 --certificate-chain-filename certificate.pem --require-client-crl`, fixture: "iam/certificate-authority/create.golden"}, + {args: `iam certificate-authority create my-ca --description "my certificate authority" --certificate-chain ABC123 --certificate-chain-filename certificate.pem --crl-chain DEF456 --require-client-crl`, fixture: "iam/certificate-authority/create-url-chain.golden"}, {args: "iam certificate-authority delete op-12345 --force", fixture: "iam/certificate-authority/delete.golden"}, {args: "iam certificate-authority delete op-12345 op-67890", fixture: "iam/certificate-authority/delete-multiple-fail.golden", exitCode: 1}, {args: "iam certificate-authority delete op-12345 op-54321", input: "y\n", fixture: "iam/certificate-authority/delete-multiple-success.golden"}, @@ -326,6 +326,7 @@ func (s *CLITestSuite) TestIamCertificateAuthority() { {args: "iam certificate-authority describe op-12345 -o json", fixture: "iam/certificate-authority/describe-json.golden"}, {args: `iam certificate-authority update op-12345 --name "new name" --description "new description" --certificate-chain ABC123 --certificate-chain-filename certificate-2.pem`, fixture: "iam/certificate-authority/update.golden"}, {args: `iam certificate-authority update op-12345 --name "new name" --description "new description" --certificate-chain ABC123 --certificate-chain-filename certificate-2.pem --crl-url example.url`, fixture: "iam/certificate-authority/update-crl-url.golden"}, + {args: "iam certificate-authority update op-12345 --require-client-crl=false", fixture: "iam/certificate-authority/update-require-crl.golden"}, {args: `iam certificate-authority update op-12345 --name "new name" --description "new description" --certificate-chain-filename certificate-2.pem`, fixture: "iam/certificate-authority/update-fail.golden", exitCode: 1}, {args: "iam certificate-authority list", fixture: "iam/certificate-authority/list.golden"}, {args: "iam certificate-authority list -o json", fixture: "iam/certificate-authority/list-json.golden"}, diff --git a/test/test-server/iam_handlers.go b/test/test-server/iam_handlers.go index 0c67c13560..551ecc5632 100644 --- a/test/test-server/iam_handlers.go +++ b/test/test-server/iam_handlers.go @@ -516,7 +516,7 @@ func handleIamCertificateAuthority(t *testing.T) http.HandlerFunc { } switch r.Method { case http.MethodGet: - certificateAuthority := buildIamCertificateAuthority(id, "my-ca", "my certificate authority", "certificate.pem", "", "") + certificateAuthority := buildIamCertificateAuthority(id, "my-ca", "my certificate authority", "certificate.pem", "", "", true) err := json.NewEncoder(w).Encode(certificateAuthority) require.NoError(t, err) case http.MethodDelete: @@ -525,7 +525,7 @@ func handleIamCertificateAuthority(t *testing.T) http.HandlerFunc { var req certificateauthorityv2.IamV2UpdateCertRequest err := json.NewDecoder(r.Body).Decode(&req) require.NoError(t, err) - certificateAuthority := buildIamCertificateAuthority(id, req.GetDisplayName(), req.GetDescription(), req.GetCertificateChainFilename(), req.GetCrlUrl(), req.GetCrlChain()) + certificateAuthority := buildIamCertificateAuthority(id, req.GetDisplayName(), req.GetDescription(), req.GetCertificateChainFilename(), req.GetCrlUrl(), req.GetCrlChain(), req.GetRequireCrlOnClientCertificate()) err = json.NewEncoder(w).Encode(certificateAuthority) require.NoError(t, err) } @@ -538,9 +538,9 @@ func handleIamCertificateAuthorities(t *testing.T) http.HandlerFunc { switch r.Method { case http.MethodGet: certificateAuthorityList := &certificateauthorityv2.IamV2CertificateAuthorityList{Data: []certificateauthorityv2.IamV2CertificateAuthority{ - buildIamCertificateAuthority("op-12345", "my-ca", "my certificate authority", "certificate.pem", "", ""), - buildIamCertificateAuthority("op-54321", "my-ca-2", "my other certificate authority", "certificate-2.pem", "", "DEF456"), - buildIamCertificateAuthority("op-67890", "my-ca-3", "my other certificate authority", "certificate-3.pem", "example.url", ""), + buildIamCertificateAuthority("op-12345", "my-ca", "my certificate authority", "certificate.pem", "", "", true), + buildIamCertificateAuthority("op-54321", "my-ca-2", "my other certificate authority", "certificate-2.pem", "", "DEF456", false), + buildIamCertificateAuthority("op-67890", "my-ca-3", "my other certificate authority", "certificate-3.pem", "example.url", "", true), }} setPageToken(certificateAuthorityList, &certificateAuthorityList.Metadata, r.URL) err := json.NewEncoder(w).Encode(certificateAuthorityList) @@ -549,7 +549,7 @@ func handleIamCertificateAuthorities(t *testing.T) http.HandlerFunc { var req certificateauthorityv2.IamV2CreateCertRequest err := json.NewDecoder(r.Body).Decode(&req) require.NoError(t, err) - certificateAuthority := buildIamCertificateAuthority("op-12345", req.GetDisplayName(), req.GetDescription(), req.GetCertificateChainFilename(), req.GetCrlUrl(), req.GetCrlChain()) + certificateAuthority := buildIamCertificateAuthority("op-12345", req.GetDisplayName(), req.GetDescription(), req.GetCertificateChainFilename(), req.GetCrlUrl(), req.GetCrlChain(), req.GetRequireCrlOnClientCertificate()) err = json.NewEncoder(w).Encode(certificateAuthority) require.NoError(t, err) } @@ -867,7 +867,7 @@ func buildIamPool(id, name, description, identityClaim, filter string) identityp } } -func buildIamCertificateAuthority(id, name, description, certificateChainFilename, crlUrl, crlChain string) certificateauthorityv2.IamV2CertificateAuthority { +func buildIamCertificateAuthority(id, name, description, certificateChainFilename, crlUrl, crlChain string, requireCrlOnClientCertificate bool) certificateauthorityv2.IamV2CertificateAuthority { expDate, _ := time.Parse(time.RFC3339, "2017-07-21T17:32:28Z") crlSource := "" @@ -886,16 +886,17 @@ func buildIamCertificateAuthority(id, name, description, certificateChainFilenam } return certificateauthorityv2.IamV2CertificateAuthority{ - Id: certificateauthorityv2.PtrString(id), - DisplayName: certificateauthorityv2.PtrString(name), - Description: certificateauthorityv2.PtrString(description), - Fingerprints: &[]string{"B1BC968BD4f49D622AA89A81F2150152A41D829C"}, - ExpirationDates: &[]time.Time{expDate}, - SerialNumbers: &[]string{"219C542DE8f6EC7177FA4EE8C3705797"}, - CertificateChainFilename: certificateauthorityv2.PtrString(certificateChainFilename), - CrlSource: certificateauthorityv2.PtrString(crlSource), - CrlUrl: certificateauthorityv2.PtrString(crlUrl), - CrlUpdatedAt: crlUpdatedAt, + Id: certificateauthorityv2.PtrString(id), + DisplayName: certificateauthorityv2.PtrString(name), + Description: certificateauthorityv2.PtrString(description), + Fingerprints: &[]string{"B1BC968BD4f49D622AA89A81F2150152A41D829C"}, + ExpirationDates: &[]time.Time{expDate}, + SerialNumbers: &[]string{"219C542DE8f6EC7177FA4EE8C3705797"}, + CertificateChainFilename: certificateauthorityv2.PtrString(certificateChainFilename), + CrlSource: certificateauthorityv2.PtrString(crlSource), + CrlUrl: certificateauthorityv2.PtrString(crlUrl), + CrlUpdatedAt: crlUpdatedAt, + RequireCrlOnClientCertificate: certificateauthorityv2.PtrBool(requireCrlOnClientCertificate), } }