fix(certificates): validate the certificates schema failed if snis …

…was in the request body
Kong · Jul 12, 2024 · bdbb74e · bdbb74e
1 parent 8f9b82d
commit bdbb74e
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 5 deletions.
diff --git a/changelog/unreleased/kong/certificates_schema_validate.yml b/changelog/unreleased/kong/certificates_schema_validate.yml
@@ -0,0 +1,3 @@
+message: "Fixed an issue where validation of the certificate schema failed if the `snis` field was present in the request body."
+scope: Admin API
+type: bugfix
diff --git a/kong/api/routes/kong.lua b/kong/api/routes/kong.lua
@@ -210,6 +210,11 @@ return {
       local db_entity_name = self.params.db_entity_name
       -- What happens when db_entity_name is a field name in the schema?
       self.params.db_entity_name = nil
+      -- The validation of the certificate schema failed because snis was not part of the schema.
+      if db_entity_name == "certificates" then
+        self.params.snis = nil
+      end
+
       return validate_schema(db_entity_name, self.params)
     end
   },

diff --git a/spec/02-integration/04-admin_api/02-kong_routes_spec.lua b/spec/02-integration/04-admin_api/02-kong_routes_spec.lua
@@ -1,4 +1,5 @@
 local helpers = require "spec.helpers"
+local ssl_fixtures = require "spec.fixtures.ssl"
 local cjson = require "cjson"
 local constants = require "kong.constants"
 
@@ -554,6 +555,22 @@ describe("Admin API - Kong routes with strategy #" .. strategy, function()
       local json = cjson.decode(body)
       assert.equal("schema validation successful", json.message)
     end)
+
+    it("returns 200 on certificates schema with snis", function()
+
+      local res = assert(client:post("/schemas/certificates/validate", {
+        body = {
+          cert = ssl_fixtures.cert,
+          key  = ssl_fixtures.key,
+          snis = {"a", "b", "c" },
+        },
+        headers = { ["Content-Type"] = "application/json" }
+      }))
+      local body = assert.res_status(200, res)
+      local json = cjson.decode(body)
+      assert.equal("schema validation successful", json.message)
+    end)
+
     it("returns 200 on a valid plugin schema", function()
       local res = assert(client:post("/schemas/plugins/validate", {
         body = {

diff --git a/spec/02-integration/04-admin_api/06-certificates_routes_spec.lua b/spec/02-integration/04-admin_api/06-certificates_routes_spec.lua
@@ -36,12 +36,23 @@ describe("Admin API: #" .. strategy, function()
     local n2 = get_name()
     local names = { n1, n2 }
 
+     local certificate = {
+      cert  = ssl_fixtures.cert,
+      key   = ssl_fixtures.key,
+      snis  = names,
+    }
+
+    local validate_res = client:post("/schemas/certificates/validate", {
+      body    = certificate,
+      headers = { ["Content-Type"] = "application/json" },
+    })
+
+    local validate_body = assert.res_status(200, validate_res)
+    local json = cjson.decode(validate_body)
+    assert.equal("schema validation successful", json.message)
+
     local res = client:post("/certificates", {
-      body    = {
-        cert  = ssl_fixtures.cert,
-        key   = ssl_fixtures.key,
-        snis  = names,
-      },
+      body    = certificate,
       headers = { ["Content-Type"] = "application/json" },
     })