This implements the feature in #47 which checks the SAML signing certificate expiration date against a comparison value, which is visible from the Atlas console. This is a test for certificate validity in lieu of having the actual certificate to do a proper validation.
Steps to complete
[x] Refactor validation to allow for arbitrary function to validate instead of just regex
[x] Add ability to input a comparison date in the CLI and by JSON
[x] Write validation and parsing functions for date input
[x] Add function to pull expiration date for cert read from SAML response
[x] Add tests to MongoTestSuite to:
[x] Validate a certificate is present in the SAML data
[ ] ~Validate the date is readable~ (we should get this for free with the first test)
[x] Validate that the date is in the future (i.e. the cert is not expired)
[x] Compare the cert date with the comparison value
[x] Add validation report info for the above tests
[x] Add certificate date to the SAML summary information
[x] Add and update docstrings
[x] Update readme page with changes
Implementation notes and additional changes
To do this, I had to do some refactoring not directly related to this feature:
User input validation now all lives in saml_reader.validation.input_validation
New classes UserInputValidator and UserInputParser do the heavy lifting to validate input and parse it for storage in MongoFederationConfig, respectively.
In turn, saml_reader.validation.mongo includes MongoFederationConfig and the MongoTestSuite classes. All actual input validation was removed from MongoFederationConfig. However, to handle JSON input, which sends those values directly to the constructor of MongoFederationConfig, the class does send those values through the MongoComparisonValue pipeline for validation.
Empty user responses are now recorded as _NullUserInput instead of None
Necessary adjustments to the CLI interface where user input is collected were made accordingly.
In large part, this was done to allow for both regex-type validation and/or the execution of an arbitrary validation function. This was needed to validate the entered date as a valid date, because this is not (easily) doable with regex. It future-proofs for any other inputs that we may want to validate with an arbitrary function.
Summary of added functionality
This implements the feature in #47 which checks the SAML signing certificate expiration date against a comparison value, which is visible from the Atlas console. This is a test for certificate validity in lieu of having the actual certificate to do a proper validation.
Steps to complete
MongoTestSuite
to:Implementation notes and additional changes
To do this, I had to do some refactoring not directly related to this feature:
saml_reader.validation.input_validation
UserInputValidator
andUserInputParser
do the heavy lifting to validate input and parse it for storage inMongoFederationConfig
, respectively.saml_reader.validation.mongo
includesMongoFederationConfig
and theMongoTestSuite
classes. All actual input validation was removed fromMongoFederationConfig
. However, to handle JSON input, which sends those values directly to the constructor ofMongoFederationConfig
, the class does send those values through theMongoComparisonValue
pipeline for validation._NullUserInput
instead ofNone
In large part, this was done to allow for both regex-type validation and/or the execution of an arbitrary validation function. This was needed to validate the entered date as a valid date, because this is not (easily) doable with regex. It future-proofs for any other inputs that we may want to validate with an arbitrary function.