From 86dc66cf017ca910c76d9432b6ba58a69fa56ed2 Mon Sep 17 00:00:00 2001 From: BLasan Date: Thu, 6 Jul 2023 14:34:11 +0530 Subject: [PATCH] Fix: Authentication validation for MTLS --- .../operator/apis/dp/v1alpha1/authentication_webhook.go | 7 +++---- developer/tryout/samples/sample-auth.yaml | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/adapter/internal/operator/apis/dp/v1alpha1/authentication_webhook.go b/adapter/internal/operator/apis/dp/v1alpha1/authentication_webhook.go index d52d8cc6fc..59f69f50a4 100644 --- a/adapter/internal/operator/apis/dp/v1alpha1/authentication_webhook.go +++ b/adapter/internal/operator/apis/dp/v1alpha1/authentication_webhook.go @@ -83,16 +83,15 @@ func (r *Authentication) validateAuthentication() error { const mltsMandatory = "mandatory" mtlsOverride := r.Spec.Override.MutualSSL mtlsDefault := r.Spec.Default.MutualSSL - fmt.Println("mtlsOverride", mtlsOverride) - if mtlsOverride != "" && mtlsDefault != "" { + if mtlsOverride == "" && mtlsDefault == "" { allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("mutualSSL"), r.Spec.Default.MutualSSL, "mutualSSL cannot be empty in both default and override")) } - if mtlsOverride != "" && (!strings.EqualFold(mtlsDefault, mltsMandatory) || !strings.EqualFold(mtlsDefault, mltsOptional)) { + if mtlsOverride != "" && (!strings.EqualFold(mtlsOverride, mltsMandatory) && !strings.EqualFold(mtlsOverride, mltsOptional)) { allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("override").Child("mutualSSL"), r.Spec.Override.MutualSSL, "invalid value for mutualSSL")) } - if mtlsDefault != "" && (!strings.EqualFold(mtlsDefault, mltsMandatory) || !strings.EqualFold(mtlsDefault, mltsOptional)) { + if mtlsDefault != "" && (!strings.EqualFold(mtlsDefault, mltsMandatory) && !strings.EqualFold(mtlsDefault, mltsOptional)) { allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("default").Child("mutualSSL"), r.Spec.Default.MutualSSL, "invalid value for mutualSSL")) } diff --git a/developer/tryout/samples/sample-auth.yaml b/developer/tryout/samples/sample-auth.yaml index 9818f75032..1e958ac916 100644 --- a/developer/tryout/samples/sample-auth.yaml +++ b/developer/tryout/samples/sample-auth.yaml @@ -4,7 +4,7 @@ metadata: name: sand-http-bin-authentication spec: override: - mutualSSL: abc + mutualSSL: optional type: ext ext: disabled: false @@ -18,7 +18,7 @@ spec: - in: Header name: x-api-key default: - mutualSSL: optional + mutualSSL: "" type: ext ext: serviceRef: