feat(validation) add validation for mtls-auth

Kong · Mar 4, 2021 · 60c106a · 60c106a
1 parent 038c811
commit 60c106a
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/internal/admission/validator.go b/internal/admission/validator.go
@@ -108,6 +108,7 @@ var (
 	basicAuthFields = []string{"username", "password"}
 	hmacAuthFields  = []string{"username", "secret"}
 	jwtAuthFields   = []string{"algorithm", "rsa_public_key", "key", "secret"}
+	mtlsAuthFields  = []string{"subject_name"}
 
 	// TODO dynamically fetch these from Kong
 	credTypeToFields = map[string][]string{
@@ -121,6 +122,7 @@ var (
 		"jwt_secret":           jwtAuthFields,
 		"oauth2":               {"name", "client_id", "client_secret", "redirect_uris"},
 		"acl":                  {"group"},
+		"mtls-auth":            mtlsAuthFields,
 	}
 )
 

diff --git a/internal/admission/validator_test.go b/internal/admission/validator_test.go
@@ -92,6 +92,33 @@ func TestKongHTTPValidator_ValidateCredential(t *testing.T) {
 			wantMessage: "missing required field(s): key",
 			wantErr:     false,
 		},
+		{
+			name: "valid mtls-auth credential",
+			args: args{
+				secret: corev1.Secret{
+					Data: map[string][]byte{
+						"subject_name": []byte("foo"),
+						"kongCredType": []byte("mtls-auth"),
+					},
+				},
+			},
+			wantOK:      true,
+			wantMessage: "",
+			wantErr:     false,
+		},
+		{
+			name: "invalid mtls-auth credential",
+			args: args{
+				secret: corev1.Secret{
+					Data: map[string][]byte{
+						"kongCredType": []byte("mtls-auth"),
+					},
+				},
+			},
+			wantOK:      false,
+			wantMessage: "missing required field(s): subject_name",
+			wantErr:     false,
+		},
 		{
 			name: "invalid credential type",
 			args: args{