diff --git a/pkg/corerp/api/v20220315privatepreview/gateway_conversion.go b/pkg/corerp/api/v20220315privatepreview/gateway_conversion.go index e0fa386df6..3d29041144 100644 --- a/pkg/corerp/api/v20220315privatepreview/gateway_conversion.go +++ b/pkg/corerp/api/v20220315privatepreview/gateway_conversion.go @@ -25,7 +25,6 @@ import ( // ConvertTo converts from the versioned Gateway resource to version-agnostic datamodel. func (src *GatewayResource) ConvertTo() (v1.DataModelInterface, error) { - tls := &datamodel.GatewayPropertiesTLS{} if src.Properties.TLS == nil { tls = nil @@ -149,13 +148,17 @@ func (dst *GatewayResource) ConvertFrom(src v1.DataModelInterface) error { } func toTLSMinVersionDataModel(tlsMinVersion *TLSMinVersion) datamodel.MinimumTLSProtocolVersion { + if tlsMinVersion == nil { + return datamodel.DefaultTLSMinVersion + } + switch *tlsMinVersion { case TLSMinVersionOne2: return datamodel.TLSMinVersion12 case TLSMinVersionOne3: return datamodel.TLSMinVersion13 default: - return datamodel.TLSMinVersion12 + return datamodel.DefaultTLSMinVersion } } diff --git a/pkg/corerp/api/v20220315privatepreview/gateway_conversion_test.go b/pkg/corerp/api/v20220315privatepreview/gateway_conversion_test.go index f18fc2e1df..0512e53451 100644 --- a/pkg/corerp/api/v20220315privatepreview/gateway_conversion_test.go +++ b/pkg/corerp/api/v20220315privatepreview/gateway_conversion_test.go @@ -163,7 +163,7 @@ func TestGatewayTLSTerminationConvertVersionedToDataModel(t *testing.T) { require.Equal(t, []rpv1.OutputResource(nil), gw.Properties.Status.OutputResources) require.Equal(t, "2022-03-15-privatepreview", gw.InternalMetadata.UpdatedAPIVersion) require.Equal(t, "secretname", gw.Properties.TLS.CertificateFrom) - require.Equal(t, datamodel.TLSMinVersion12, gw.Properties.TLS.MinimumProtocolVersion) + require.Equal(t, datamodel.TLSMinVersion13, gw.Properties.TLS.MinimumProtocolVersion) } func TestGatewayTLSTerminationConvertDataModelToVersioned(t *testing.T) { @@ -177,6 +177,64 @@ func TestGatewayTLSTerminationConvertDataModelToVersioned(t *testing.T) { versioned := &GatewayResource{} err = versioned.ConvertFrom(r) + // assert + require.NoError(t, err) + require.Equal(t, "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/radius-test-rg/providers/Applications.Core/gateways/gateway0", *versioned.ID) + require.Equal(t, "gateway0", *versioned.Name) + require.Equal(t, "Applications.Core/gateways", *versioned.Type) + require.Equal(t, "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testGroup/providers/Applications.Core/applications/app0", *versioned.Properties.Application) + require.Equal(t, "myapp.mydomain.com", *versioned.Properties.Hostname.FullyQualifiedHostname) + require.Equal(t, "myprefix", *versioned.Properties.Hostname.Prefix) + require.Equal(t, "myreplaceprefix", *versioned.Properties.Routes[0].ReplacePrefix) + require.Equal(t, "mypath", *versioned.Properties.Routes[0].Path) + require.Equal(t, "myreplaceprefix", *versioned.Properties.Routes[0].ReplacePrefix) + require.Equal(t, "http://myprefix.myapp.mydomain.com", *versioned.Properties.URL) + require.Equal(t, "Deployment", versioned.Properties.Status.OutputResources[0]["LocalID"]) + require.Equal(t, "kubernetes", versioned.Properties.Status.OutputResources[0]["Provider"]) + require.Equal(t, "secretname", *versioned.Properties.TLS.CertificateFrom) + require.Equal(t, TLSMinVersionOne3, *versioned.Properties.TLS.MinimumProtocolVersion) +} + +func TestGatewayTLSTerminationConvertVersionedToDataModel_NoMinProtocolVersion(t *testing.T) { + // arrange + rawPayload := testutil.ReadFixture("gatewayresource-with-tlstermination-nominprotocolversion.json") + r := &GatewayResource{} + err := json.Unmarshal(rawPayload, r) + require.NoError(t, err) + + // act + dm, err := r.ConvertTo() + + // assert + require.NoError(t, err) + gw := dm.(*datamodel.Gateway) + require.Equal(t, "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/radius-test-rg/providers/Applications.Core/gateways/gateway0", gw.ID) + require.Equal(t, "gateway0", gw.Name) + require.Equal(t, "Applications.Core/gateways", gw.Type) + require.Equal(t, "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testGroup/providers/Applications.Core/applications/app0", gw.Properties.Application) + require.Equal(t, "myapp.mydomain.com", gw.Properties.Hostname.FullyQualifiedHostname) + require.Equal(t, "myprefix", gw.Properties.Hostname.Prefix) + require.Equal(t, "mydestination", gw.Properties.Routes[0].Destination) + require.Equal(t, "mypath", gw.Properties.Routes[0].Path) + require.Equal(t, "myreplaceprefix", gw.Properties.Routes[0].ReplacePrefix) + require.Equal(t, "http://myprefix.myapp.mydomain.com", gw.Properties.URL) + require.Equal(t, []rpv1.OutputResource(nil), gw.Properties.Status.OutputResources) + require.Equal(t, "2022-03-15-privatepreview", gw.InternalMetadata.UpdatedAPIVersion) + require.Equal(t, "secretname", gw.Properties.TLS.CertificateFrom) + require.Equal(t, datamodel.DefaultTLSMinVersion, gw.Properties.TLS.MinimumProtocolVersion) +} + +func TestGatewayTLSTerminationConvertDataModelToVersioned_NoMinProtocolVersion(t *testing.T) { + // arrange + rawPayload := testutil.ReadFixture("gatewayresourcedatamodel-with-tlstermination-nominprotocolversion.json") + r := &datamodel.Gateway{} + err := json.Unmarshal(rawPayload, r) + require.NoError(t, err) + + // act + versioned := &GatewayResource{} + err = versioned.ConvertFrom(r) + // assert require.NoError(t, err) require.Equal(t, "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/radius-test-rg/providers/Applications.Core/gateways/gateway0", *versioned.ID) diff --git a/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresource-with-tlstermination-nominprotocolversion.json b/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresource-with-tlstermination-nominprotocolversion.json new file mode 100644 index 0000000000..d02b2dbc45 --- /dev/null +++ b/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresource-with-tlstermination-nominprotocolversion.json @@ -0,0 +1,34 @@ +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/radius-test-rg/providers/Applications.Core/gateways/gateway0", + "name": "gateway0", + "type": "Applications.Core/gateways", + "properties": { + "status": { + "outputResources": [ + { + "LocalID": "Deployment", + "ResourceType": { + "Type": "Gateway", + "Provider": "kubernetes" + } + } + ] + }, + "application": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testGroup/providers/Applications.Core/applications/app0", + "hostname": { + "fullyQualifiedHostname": "myapp.mydomain.com", + "prefix": "myprefix" + }, + "routes": [ + { + "destination": "mydestination", + "path": "mypath", + "replacePrefix": "myreplaceprefix" + } + ], + "tls": { + "certificateFrom": "secretname" + }, + "url": "http://myprefix.myapp.mydomain.com" + } +} \ No newline at end of file diff --git a/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresource-with-tlstermination.json b/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresource-with-tlstermination.json index c74905a18c..21d404e567 100644 --- a/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresource-with-tlstermination.json +++ b/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresource-with-tlstermination.json @@ -28,7 +28,7 @@ ], "tls": { "certificateFrom": "secretname", - "minimumProtocolVersion": "1.2" + "minimumProtocolVersion": "1.3" }, "url": "http://myprefix.myapp.mydomain.com" } diff --git a/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresourcedatamodel-with-tlstermination-nominprotocolversion.json b/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresourcedatamodel-with-tlstermination-nominprotocolversion.json new file mode 100644 index 0000000000..cc611a6ad2 --- /dev/null +++ b/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresourcedatamodel-with-tlstermination-nominprotocolversion.json @@ -0,0 +1,45 @@ +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/radius-test-rg/providers/Applications.Core/gateways/gateway0", + "name": "gateway0", + "type": "Applications.Core/gateways", + "systemData": { + "createdBy": "fakeid@live.com", + "createdByType": "User", + "createdAt": "2021-09-24T19:09:54.2403864Z", + "lastModifiedBy": "fakeid@live.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-09-24T20:09:54.2403864Z" + }, + "tags": { + "env": "dev" + }, + "properties": { + "status": { + "outputResources": [ + { + "LocalID": "Deployment", + "ResourceType": { + "Type": "Gateway", + "Provider": "kubernetes" + } + } + ] + }, + "application": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testGroup/providers/Applications.Core/applications/app0", + "hostname": { + "fullyQualifiedHostname": "myapp.mydomain.com", + "prefix": "myprefix" + }, + "routes": [ + { + "destination": "mydestination", + "path": "mypath", + "replacePrefix": "myreplaceprefix" + } + ], + "tls": { + "certificateFrom": "secretname" + }, + "url": "http://myprefix.myapp.mydomain.com" + } +} \ No newline at end of file diff --git a/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresourcedatamodel-with-tlstermination.json b/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresourcedatamodel-with-tlstermination.json index f1e6b8b7e5..f7c8b5d431 100644 --- a/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresourcedatamodel-with-tlstermination.json +++ b/pkg/corerp/api/v20220315privatepreview/testdata/gatewayresourcedatamodel-with-tlstermination.json @@ -39,7 +39,7 @@ ], "tls": { "certificateFrom": "secretname", - "minimumProtocolVersion": "1.2" + "minimumProtocolVersion": "1.3" }, "url": "http://myprefix.myapp.mydomain.com" } diff --git a/pkg/corerp/datamodel/gateway.go b/pkg/corerp/datamodel/gateway.go index afc6fa62ff..3661ac0011 100644 --- a/pkg/corerp/datamodel/gateway.go +++ b/pkg/corerp/datamodel/gateway.go @@ -113,6 +113,8 @@ const ( TLSMinVersion12 MinimumTLSProtocolVersion = "1.2" // TLS 1.3 TLSMinVersion13 MinimumTLSProtocolVersion = "1.3" + // Default is TLS 1.2 + DefaultTLSMinVersion MinimumTLSProtocolVersion = TLSMinVersion12 ) // ValidMinimumTLSProtocolVersions returns a list of valid MinimumTLSProtocolVersions. diff --git a/test/functional/corerp/resources/testdata/corerp-resources-gateway-tlstermination.bicep b/test/functional/corerp/resources/testdata/corerp-resources-gateway-tlstermination.bicep index c87d15d2f1..525de19777 100644 --- a/test/functional/corerp/resources/testdata/corerp-resources-gateway-tlstermination.bicep +++ b/test/functional/corerp/resources/testdata/corerp-resources-gateway-tlstermination.bicep @@ -26,8 +26,7 @@ resource gateway 'Applications.Core/gateways@2022-03-15-privatepreview' = { name: 'tls-gtwy-gtwy' properties: { application: app.id - tls: { - minimumProtocolVersion: '1.2' + tls: { certificateFrom: certificate.id } routes: [