From 1b8e0cc6bfbf6f31861ab9edbf267e091ed1322f Mon Sep 17 00:00:00 2001 From: David Fialho Date: Thu, 7 Nov 2024 11:07:56 +0000 Subject: [PATCH 1/3] Fix disabling redact PII on logging settings Trying to disable redact PII on the logging settings would have no effect because the logging settings object would be marshaled without the `redact_pii` field which result in the default value being used, which is `true` in this case. To fix this, the `redact_pii` is now included even set to `false` when the logging settings object is marshaled. --- teams_accounts.go | 2 +- teams_accounts_test.go | 56 +++++++++++++++++++++++++++++++++++++++--- 2 files changed, 54 insertions(+), 4 deletions(-) diff --git a/teams_accounts.go b/teams_accounts.go index 91e1e6a6c9b..03660558821 100644 --- a/teams_accounts.go +++ b/teams_accounts.go @@ -132,7 +132,7 @@ type TeamsAccountLoggingConfiguration struct { type TeamsLoggingSettings struct { LoggingSettingsByRuleType map[TeamsRuleType]TeamsAccountLoggingConfiguration `json:"settings_by_rule_type"` - RedactPii bool `json:"redact_pii,omitempty"` + RedactPii *bool `json:"redact_pii,omitempty"` } type TeamsDeviceSettings struct { diff --git a/teams_accounts_test.go b/teams_accounts_test.go index c681e9fefca..61814f245de 100644 --- a/teams_accounts_test.go +++ b/teams_accounts_test.go @@ -2,7 +2,9 @@ package cloudflare import ( "context" + "encoding/json" "fmt" + "github.com/stretchr/testify/require" "net/http" "testing" @@ -231,7 +233,7 @@ func TestTeamsAccountGetLoggingConfiguration(t *testing.T) { if assert.NoError(t, err) { assert.Equal(t, actual, TeamsLoggingSettings{ - RedactPii: true, + RedactPii: &trueValue, LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{ TeamsDnsRuleType: {LogAll: false, LogBlocks: true}, }, @@ -257,7 +259,7 @@ func TestTeamsAccountUpdateLoggingConfiguration(t *testing.T) { mux.HandleFunc("/accounts/"+testAccountID+"/gateway/logging", handler) actual, err := client.TeamsAccountUpdateLoggingConfiguration(context.Background(), testAccountID, TeamsLoggingSettings{ - RedactPii: true, + RedactPii: &trueValue, LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{ TeamsDnsRuleType: { LogAll: false, @@ -274,7 +276,7 @@ func TestTeamsAccountUpdateLoggingConfiguration(t *testing.T) { if assert.NoError(t, err) { assert.Equal(t, actual, TeamsLoggingSettings{ - RedactPii: true, + RedactPii: &trueValue, LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{ TeamsDnsRuleType: {LogAll: false, LogBlocks: true}, TeamsHttpRuleType: {LogAll: true, LogBlocks: false}, @@ -284,6 +286,54 @@ func TestTeamsAccountUpdateLoggingConfiguration(t *testing.T) { } } +func TestTeamsAccountDisableRedactPIILoggingConfiguration(t *testing.T) { + setup() + defer teardown() + + handler := func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method) + + request := readJson(t, r) + require.False(t, request["redact_pii"].(bool)) + + w.Header().Set("content-type", "application/json") + fmt.Fprintf(w, `{ + "success": true, + "errors": [], + "messages": [], + "result": {"settings_by_rule_type":{"dns":{"log_all":false,"log_blocks":true}, "http":{"log_all":true,"log_blocks":false}, "l4": {"log_all": false, "log_blocks": true}},"redact_pii":true} + }`) + } + + mux.HandleFunc("/accounts/"+testAccountID+"/gateway/logging", handler) + + _, err := client.TeamsAccountUpdateLoggingConfiguration(context.Background(), testAccountID, TeamsLoggingSettings{ + RedactPii: &falseValue, + LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{ + TeamsDnsRuleType: { + LogAll: false, + LogBlocks: true, + }, + TeamsHttpRuleType: { + LogAll: true, + }, + TeamsL4RuleType: { + LogBlocks: true, + }, + }, + }) + require.NoError(t, err) +} + +func readJson(t *testing.T, r *http.Request) map[string]interface{} { + var result map[string]interface{} + decoder := json.NewDecoder(r.Body) + defer r.Body.Close() + err := decoder.Decode(&result) + require.NoError(t, err) + return result +} + func TestTeamsAccountGetDeviceConfiguration(t *testing.T) { setup() defer teardown() From 788cd499fc597a67c5ed55e0bf00a0ff4e52d627 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Tue, 12 Nov 2024 12:33:36 +1100 Subject: [PATCH 2/3] goimports --- teams_accounts_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/teams_accounts_test.go b/teams_accounts_test.go index 61814f245de..fd82c66d35f 100644 --- a/teams_accounts_test.go +++ b/teams_accounts_test.go @@ -4,11 +4,11 @@ import ( "context" "encoding/json" "fmt" - "github.com/stretchr/testify/require" "net/http" "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestTeamsAccount(t *testing.T) { From 8103a2d69a8a04c7eac5e7a58140781fab489288 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Tue, 12 Nov 2024 12:36:44 +1100 Subject: [PATCH 3/3] use `BoolPtr` helpers --- teams_accounts_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/teams_accounts_test.go b/teams_accounts_test.go index fd82c66d35f..6c58caac473 100644 --- a/teams_accounts_test.go +++ b/teams_accounts_test.go @@ -114,7 +114,7 @@ func TestTeamsAccountConfiguration(t *testing.T) { Antivirus: &TeamsAntivirus{ EnabledDownloadPhase: true, NotificationSettings: &TeamsNotificationSettings{ - Enabled: &trueValue, + Enabled: BoolPtr(true), Message: "msg", SupportURL: "https://hi.com", }, @@ -233,7 +233,7 @@ func TestTeamsAccountGetLoggingConfiguration(t *testing.T) { if assert.NoError(t, err) { assert.Equal(t, actual, TeamsLoggingSettings{ - RedactPii: &trueValue, + RedactPii: BoolPtr(true), LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{ TeamsDnsRuleType: {LogAll: false, LogBlocks: true}, }, @@ -259,7 +259,7 @@ func TestTeamsAccountUpdateLoggingConfiguration(t *testing.T) { mux.HandleFunc("/accounts/"+testAccountID+"/gateway/logging", handler) actual, err := client.TeamsAccountUpdateLoggingConfiguration(context.Background(), testAccountID, TeamsLoggingSettings{ - RedactPii: &trueValue, + RedactPii: BoolPtr(true), LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{ TeamsDnsRuleType: { LogAll: false, @@ -276,7 +276,7 @@ func TestTeamsAccountUpdateLoggingConfiguration(t *testing.T) { if assert.NoError(t, err) { assert.Equal(t, actual, TeamsLoggingSettings{ - RedactPii: &trueValue, + RedactPii: BoolPtr(true), LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{ TeamsDnsRuleType: {LogAll: false, LogBlocks: true}, TeamsHttpRuleType: {LogAll: true, LogBlocks: false}, @@ -308,7 +308,7 @@ func TestTeamsAccountDisableRedactPIILoggingConfiguration(t *testing.T) { mux.HandleFunc("/accounts/"+testAccountID+"/gateway/logging", handler) _, err := client.TeamsAccountUpdateLoggingConfiguration(context.Background(), testAccountID, TeamsLoggingSettings{ - RedactPii: &falseValue, + RedactPii: BoolPtr(false), LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{ TeamsDnsRuleType: { LogAll: false,