From bd2b094fa8188a087c42f782a23c3786f00a149c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Filho?= Date: Wed, 5 Feb 2025 17:09:19 -0300 Subject: [PATCH 1/2] fix: conditionally include MTLS configuration in domain process strategy --- .../implementations/domainProcessConfigStrategy.ts | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/packages/config/src/configProcessor/processStrategy/implementations/domainProcessConfigStrategy.ts b/packages/config/src/configProcessor/processStrategy/implementations/domainProcessConfigStrategy.ts index f2f6fc1c..59475437 100644 --- a/packages/config/src/configProcessor/processStrategy/implementations/domainProcessConfigStrategy.ts +++ b/packages/config/src/configProcessor/processStrategy/implementations/domainProcessConfigStrategy.ts @@ -63,11 +63,13 @@ class DomainProcessConfigStrategy extends ProcessConfigStrategy { digitalCertificateId: domain.digital_certificate_id, edgeApplicationId: domain.edge_application_id, edgeFirewallId: domain.edge_firewall_id, - mtls: { - verification: domain.mtls_verification, - trustedCaCertificateId: domain.mtls_trusted_ca_certificate_id, - crlList: domain.crl_list, - }, + mtls: domain.mtls_verification + ? { + verification: domain.mtls_verification, + trustedCaCertificateId: domain.mtls_trusted_ca_certificate_id, + crlList: domain.crl_list, + } + : undefined, }; return transformedPayload.domain; } From 99061b2ae6023a597016d2c5a825c459cadc199a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Filho?= Date: Wed, 5 Feb 2025 17:36:09 -0300 Subject: [PATCH 2/2] fix: update firewall schema validation and improve transformToConfig handling --- .../src/configProcessor/helpers/schemaManifest.ts | 8 ++------ .../secure/firewallProcessConfigStrategy.test.ts | 11 +++++++---- .../secure/firewallProcessConfigStrategy.ts | 4 ++-- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/packages/config/src/configProcessor/helpers/schemaManifest.ts b/packages/config/src/configProcessor/helpers/schemaManifest.ts index 8ff37438..fcfff03d 100644 --- a/packages/config/src/configProcessor/helpers/schemaManifest.ts +++ b/packages/config/src/configProcessor/helpers/schemaManifest.ts @@ -475,11 +475,9 @@ const schemaFirewallManifest = { errorMessage: "The 'rules' field must be an array of firewall rules.", }, }, - required: ['main_settings'], additionalProperties: false, errorMessage: { - additionalProperties: 'No additional properties are allowed in firewall items.', - required: "The 'main_settings' field is required in each firewall item.", + additionalProperties: 'No additional properties are allowed in firewall object.', }, }; @@ -797,9 +795,7 @@ const schemaManifest = { errorMessage: "The 'domains' field must be an array of domain items.", }, firewall: { - type: 'array', - items: schemaFirewallManifest, - errorMessage: "The 'firewall' field must be an array of firewall items.", + ...schemaFirewallManifest, }, application: { type: 'array', diff --git a/packages/config/src/configProcessor/processStrategy/implementations/secure/firewallProcessConfigStrategy.test.ts b/packages/config/src/configProcessor/processStrategy/implementations/secure/firewallProcessConfigStrategy.test.ts index 20afe318..7ca644df 100644 --- a/packages/config/src/configProcessor/processStrategy/implementations/secure/firewallProcessConfigStrategy.test.ts +++ b/packages/config/src/configProcessor/processStrategy/implementations/secure/firewallProcessConfigStrategy.test.ts @@ -253,7 +253,7 @@ describe('FirewallProcessConfigStrategy', () => { const manifest = {}; const config = {}; const result = strategy.transformToConfig(manifest, config); - expect(result).toBeUndefined(); + expect(result).toStrictEqual(expect.objectContaining({})); }); it('should transform all behavior types from manifest to config', () => { @@ -299,7 +299,8 @@ describe('FirewallProcessConfigStrategy', () => { }; const config = {}; - const result = strategy.transformToConfig(manifest, config); + // eslint-disable-next-line @typescript-eslint/no-explicit-any + const result: any = strategy.transformToConfig(manifest, config); expect(result?.rules?.[0].behavior).toEqual({ runFunction: { path: '/edge/function.js', @@ -336,7 +337,8 @@ describe('FirewallProcessConfigStrategy', () => { }; const config = {}; - const result = strategy.transformToConfig(manifest, config); + // eslint-disable-next-line @typescript-eslint/no-explicit-any + const result: any = strategy.transformToConfig(manifest, config); expect(result?.rules?.[0].behavior).toEqual({}); }); @@ -360,7 +362,8 @@ describe('FirewallProcessConfigStrategy', () => { }; const config = {}; - const result = strategy.transformToConfig(manifest, config); + // eslint-disable-next-line @typescript-eslint/no-explicit-any + const result: any = strategy.transformToConfig(manifest, config); expect(result?.rules?.[0].behavior).toEqual({}); }); }); diff --git a/packages/config/src/configProcessor/processStrategy/implementations/secure/firewallProcessConfigStrategy.ts b/packages/config/src/configProcessor/processStrategy/implementations/secure/firewallProcessConfigStrategy.ts index 35b907b0..167ec782 100644 --- a/packages/config/src/configProcessor/processStrategy/implementations/secure/firewallProcessConfigStrategy.ts +++ b/packages/config/src/configProcessor/processStrategy/implementations/secure/firewallProcessConfigStrategy.ts @@ -121,8 +121,8 @@ class FirewallProcessConfigStrategy extends ProcessConfigStrategy { // eslint-disable-next-line @typescript-eslint/no-explicit-any transformToConfig(payload: any, transformedPayload: AzionConfig) { const firewall = payload.firewall; - if (!firewall) { - return; + if (!firewall || Object.keys(firewall).length === 0) { + return {}; } const firewallConfig: AzionFirewall = {