From 7930ad51da5f2f01b9ed5544269c506606b861b4 Mon Sep 17 00:00:00 2001 From: Sai Saran Vaidyanathan Date: Wed, 29 May 2024 11:32:06 -0700 Subject: [PATCH] feat: adding tls enforce --- internal/client/targetservers/targetservers.go | 16 ++++++++++------ internal/cmd/targetservers/crtts.go | 17 ++++++++++++----- internal/cmd/targetservers/updatets.go | 9 ++++++++- 3 files changed, 30 insertions(+), 12 deletions(-) diff --git a/internal/client/targetservers/targetservers.go b/internal/client/targetservers/targetservers.go index 9ff4d5b78..6814d94fa 100644 --- a/internal/client/targetservers/targetservers.go +++ b/internal/client/targetservers/targetservers.go @@ -45,6 +45,7 @@ type targetserver struct { type sslInfo struct { Enabled *bool `json:"enabled,omitempty"` + Enforce *bool `json:"enforce,omitempty"` ClientAuthEnabled *bool `json:"clientAuthEnabled,omitempty"` Keystore string `json:"keyStore,omitempty"` Keyalias string `json:"keyAlias,omitempty"` @@ -61,7 +62,7 @@ type commonName struct { } // Create -func Create(name string, description string, host string, port int, enable bool, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) { +func Create(name string, description string, host string, port int, enable bool, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, tlsenforce string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) { e := new(bool) *e = enable @@ -70,11 +71,11 @@ func Create(name string, description string, host string, port int, enable bool, IsEnabled: e, } - return createOrUpdate("create", targetsvr, name, description, host, port, protocol, keyStore, keyAlias, trustStore, tlsenabled, clientAuthEnabled, ignoreValidationErrors) + return createOrUpdate("create", targetsvr, name, description, host, port, protocol, keyStore, keyAlias, trustStore, tlsenabled, tlsenforce, clientAuthEnabled, ignoreValidationErrors) } // Update -func Update(name string, description string, host string, port int, enable bool, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) { +func Update(name string, description string, host string, port int, enable bool, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, tlsenforce string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) { apiclient.ClientPrintHttpResponse.Set(false) targetRespBody, err := Get(name) if err != nil { @@ -89,10 +90,10 @@ func Update(name string, description string, host string, port int, enable bool, targetsvr.IsEnabled = &enable - return createOrUpdate("update", targetsvr, name, description, host, port, protocol, keyStore, keyAlias, trustStore, tlsenabled, clientAuthEnabled, ignoreValidationErrors) + return createOrUpdate("update", targetsvr, name, description, host, port, protocol, keyStore, keyAlias, trustStore, tlsenabled, tlsenforce, clientAuthEnabled, ignoreValidationErrors) } -func createOrUpdate(action string, targetsvr targetserver, name string, description string, host string, port int, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) { +func createOrUpdate(action string, targetsvr targetserver, name string, description string, host string, port int, protocol string, keyStore string, keyAlias string, trustStore string, tlsenabled string, tlsenforce string, clientAuthEnabled string, ignoreValidationErrors string) (respBody []byte, err error) { if description != "" { targetsvr.Description = description } @@ -107,7 +108,7 @@ func createOrUpdate(action string, targetsvr targetserver, name string, descript targetsvr.Protocol = protocol } - if keyStore != "" || keyAlias != "" || trustStore != "" || tlsenabled != "" || + if keyStore != "" || keyAlias != "" || trustStore != "" || tlsenabled != "" || tlsenforce != "" || clientAuthEnabled != "" || ignoreValidationErrors != "" { if targetsvr.SslInfo == nil { targetsvr.SslInfo = &sslInfo{} @@ -118,6 +119,9 @@ func createOrUpdate(action string, targetsvr targetserver, name string, descript if tlsenabled != "" { targetsvr.SslInfo.Enabled = getBool(tlsenabled) } + if tlsenforce != "" { + targetsvr.SslInfo.Enforce = getBool(tlsenforce) + } if clientAuthEnabled != "" { targetsvr.SslInfo.ClientAuthEnabled = getBool(clientAuthEnabled) } diff --git a/internal/cmd/targetservers/crtts.go b/internal/cmd/targetservers/crtts.go index 99c75c7fd..6c5a2ee4e 100644 --- a/internal/cmd/targetservers/crtts.go +++ b/internal/cmd/targetservers/crtts.go @@ -37,6 +37,11 @@ var CreateCmd = &cobra.Command{ return fmt.Errorf("tlsenabled must be set to true or false") } } + if tlsenforce != "" { + if _, err := strconv.ParseBool(tlsenforce); err != nil { + return fmt.Errorf("tlsenforce must be set to true or false") + } + } if clientAuthEnabled != "" { if _, err := strconv.ParseBool(clientAuthEnabled); err != nil { return fmt.Errorf("clientAuthEnabled must be set to true or false") @@ -58,17 +63,17 @@ var CreateCmd = &cobra.Command{ enable, protocol, keyStore, keyAlias, trustStore, - tlsenabled, clientAuthEnabled, + tlsenabled, tlsenforce, clientAuthEnabled, ignoreValidationErrors) return err }, } var ( - tlsenabled, clientAuthEnabled, description, host, keyStore, keyAlias string - trustStore, protocol, ignoreValidationErrors string - enable bool - port int + tlsenabled, tlsenforce, clientAuthEnabled, description, host, keyStore, keyAlias string + trustStore, protocol, ignoreValidationErrors string + enable bool + port int ) func init() { @@ -90,6 +95,8 @@ func init() { CreateCmd.Flags().StringVarP(&tlsenabled, "tls", "", "", "Enable TLS for the target server") + CreateCmd.Flags().StringVarP(&tlsenforce, "tlsenforce", "", + "", "Enforce TLS for the target server") CreateCmd.Flags().StringVarP(&clientAuthEnabled, "client-auth", "c", "", "Enable mTLS for the target server") CreateCmd.Flags().StringVarP(&ignoreValidationErrors, "ignore-err", "i", diff --git a/internal/cmd/targetservers/updatets.go b/internal/cmd/targetservers/updatets.go index 3d2aef9b2..0c3759d93 100644 --- a/internal/cmd/targetservers/updatets.go +++ b/internal/cmd/targetservers/updatets.go @@ -37,6 +37,11 @@ var UpdateCmd = &cobra.Command{ return fmt.Errorf("tlsenabled must be set to true or false") } } + if tlsenforce != "" { + if _, err := strconv.ParseBool(tlsenforce); err != nil { + return fmt.Errorf("tlsenforce must be set to true or false") + } + } if clientAuthEnabled != "" { if _, err := strconv.ParseBool(clientAuthEnabled); err != nil { return fmt.Errorf("clientAuthEnabled must be set to true or false") @@ -58,7 +63,7 @@ var UpdateCmd = &cobra.Command{ enable, protocol, keyStore, keyAlias, trustStore, - tlsenabled, clientAuthEnabled, + tlsenabled, tlsenforce, clientAuthEnabled, ignoreValidationErrors) return err }, @@ -83,6 +88,8 @@ func init() { UpdateCmd.Flags().StringVarP(&tlsenabled, "tls", "", "", "Enable TLS for the target server") + UpdateCmd.Flags().StringVarP(&tlsenforce, "tlsenforce", "", + "", "Enforce TLS for the target server") UpdateCmd.Flags().StringVarP(&clientAuthEnabled, "client-auth", "c", "", "Enable mTLS for the target server") UpdateCmd.Flags().StringVarP(&ignoreValidationErrors, "ignore-err", "i",