fix(meshtls): do not panic when no topLevel targetRef (#11468)

Signed-off-by: Lukasz Dziedziak <lukidzi@gmail.com>
kumahq · Sep 19, 2024 · ec36212 · ec36212
1 parent 16c5e83
commit ec36212
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 1 deletion.
diff --git a/pkg/plugins/policies/meshtls/api/v1alpha1/testdata/full-valid-no-top-target.input.yaml b/pkg/plugins/policies/meshtls/api/v1alpha1/testdata/full-valid-no-top-target.input.yaml
@@ -0,0 +1,15 @@
+from:
+  - targetRef:
+      kind: Mesh
+    default:
+      tlsVersion:
+        min: TLS11
+        max: TLS12
+      tlsCiphers:
+        - "ECDHE-ECDSA-AES128-GCM-SHA256"
+        - "ECDHE-ECDSA-AES256-GCM-SHA384"
+        - "ECDHE-ECDSA-CHACHA20-POLY1305"
+        - "ECDHE-RSA-AES128-GCM-SHA256"
+        - "ECDHE-RSA-AES256-GCM-SHA384"
+        - "ECDHE-RSA-CHACHA20-POLY1305"
+      mode: Strict
diff --git a/pkg/plugins/policies/meshtls/api/v1alpha1/testdata/full-valid-no-top-target.output.yaml b/pkg/plugins/policies/meshtls/api/v1alpha1/testdata/full-valid-no-top-target.output.yaml
diff --git a/pkg/plugins/policies/meshtls/api/v1alpha1/validator.go b/pkg/plugins/policies/meshtls/api/v1alpha1/validator.go
@@ -7,13 +7,15 @@ import (
 	common_tls "github.com/kumahq/kuma/api/common/v1alpha1/tls"
 	"github.com/kumahq/kuma/pkg/core/resources/apis/mesh"
 	"github.com/kumahq/kuma/pkg/core/validators"
+	"github.com/kumahq/kuma/pkg/util/pointer"
 )
 
 func (r *MeshTLSResource) validate() error {
 	var verr validators.ValidationError
 	path := validators.RootedAt("spec")
 	verr.AddErrorAt(path.Field("targetRef"), validateTop(r.Spec.TargetRef))
-	verr.AddErrorAt(path.Field("from"), validateFrom(r.Spec.From, r.Spec.TargetRef.Kind))
+	topLevel := pointer.DerefOr(r.Spec.TargetRef, common_api.TargetRef{Kind: common_api.Mesh, UsesSyntacticSugar: true})
+	verr.AddErrorAt(path.Field("from"), validateFrom(r.Spec.From, topLevel.Kind))
 	return verr.OrNil()
 }
 

diff --git a/pkg/plugins/policies/meshtls/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshtls/api/v1alpha1/validator_test.go
@@ -60,6 +60,10 @@ var _ = Describe("MeshTLS", func() {
 				name: "meshtls-3",
 				file: "invalid-top-level",
 			}),
+			Entry("full passing without top level", testCase{
+				name: "meshtls-4",
+				file: "full-valid-no-top-target",
+			}),
 		)
 	})
 })