Remove empty string as default value for VerificationMode (#59)

* remove empty option * add test * go lint * go lint
elastic · Jun 27, 2022 · b5be848 · b5be848
1 parent 9e0189f
commit b5be848
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
-build/
+build/
+.idea
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Fixed
 
+## [0.2.5]
+
+### Fixed
+
+- Remove VerificationMode option to empty string. Default will be `full` #49
+
 ## [0.2.4]
 
 ### Fixed

diff --git a/transport/tlscommon/types.go b/transport/tlscommon/types.go
@@ -133,7 +133,6 @@ const (
 )
 
 var tlsVerificationModes = map[string]TLSVerificationMode{
-	"":            VerifyFull,
 	"full":        VerifyFull,
 	"strict":      VerifyStrict,
 	"none":        VerifyNone,
@@ -166,6 +165,10 @@ func (m *TLSVerificationMode) Unpack(in interface{}) error {
 	if !ok {
 		return fmt.Errorf("verification mode must be an identifier")
 	}
+	if s == "" {
+		*m = VerifyFull
+		return nil
+	}
 
 	mode, found := tlsVerificationModes[s]
 	if !found {

diff --git a/transport/tlscommon/types_test.go b/transport/tlscommon/types_test.go
@@ -0,0 +1,68 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package tlscommon
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestMarshallText(t *testing.T) {
+	var verification TLSVerificationMode
+	bytes, err := verification.MarshalText()
+	require.NoError(t, err)
+	require.NotNil(t, bytes)
+	require.Equal(t, "full", string(bytes))
+
+	verification = VerifyNone
+	bytes, err = verification.MarshalText()
+	require.NoError(t, err)
+	require.NotNil(t, bytes)
+	require.Equal(t, "none", string(bytes))
+}
+
+func TestLoadWithEmptyStringVerificationMode(t *testing.T) {
+	cfg, err := load(`
+    enabled: true
+    certificate: mycert.pem
+    key: mycert.key
+    verification_mode: ""
+    supported_protocols: [TLSv1.1, TLSv1.2]
+    renegotiation: freely
+  `)
+
+	assert.NoError(t, err)
+	assert.Equal(t, cfg.VerificationMode, VerifyFull)
+}
+
+func TestLoadWithEmptyVerificationMode(t *testing.T) {
+	cfg, err := load(`
+    enabled: true
+    verification_mode:
+    supported_protocols: [TLSv1.1, TLSv1.2]
+    curve_types:
+      - P-521
+    renegotiation: freely
+  `)
+
+	assert.NoError(t, err)
+	assert.Equal(t, cfg.VerificationMode, VerifyFull)
+}