[v15] Fix AccessList proto 0 time mapping to epoch

api/types/accesslist/convert/v1/accesslist.go

@@ -17,6 +17,8 @@ limitations under the License.
 package v1
 
 import (
+	"time"
+
 	"github.com/gravitational/trace"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -83,12 +85,20 @@ func FromProto(msg *accesslistv1.AccessList, opts ...AccessListOption) (*accessl
 		}
 	}
 
+	// We map the zero protobuf time (nil) to the zero go time.
+	// NewAccessList will handle this properly and set a time in the future
+	// based on the recurrence rules.
+	var nextAuditDate time.Time
+	if msg.Spec.Audit.NextAuditDate != nil {
+		nextAuditDate = msg.Spec.Audit.NextAuditDate.AsTime()
+	}
+
 	accessList, err := accesslist.NewAccessList(headerv1.FromMetadataProto(msg.Header.Metadata), accesslist.Spec{
 		Title:       msg.Spec.Title,
 		Description: msg.Spec.Description,
 		Owners:      owners,
 		Audit: accesslist.Audit{
-			NextAuditDate: msg.Spec.Audit.NextAuditDate.AsTime(),
+			NextAuditDate: nextAuditDate,
 			Recurrence:    recurrence,
 			Notifications: notifications,
 		},
@@ -149,6 +159,12 @@ func ToProto(accessList *accesslist.AccessList) *accesslistv1.AccessList {
 		ownerGrants.Traits = traitv1.ToProto(accessList.Spec.OwnerGrants.Traits)
 	}
 
+	// We map the zero go time to the zero protobuf time (nil).
+	var nextAuditDate *timestamppb.Timestamp
+	if !accessList.Spec.Audit.NextAuditDate.IsZero() {
+		nextAuditDate = timestamppb.New(accessList.Spec.Audit.NextAuditDate)
+	}
+
 	return &accesslistv1.AccessList{
 		Header: headerv1.ToResourceHeaderProto(accessList.ResourceHeader),
 		Spec: &accesslistv1.AccessListSpec{
@@ -158,7 +174,7 @@ func ToProto(accessList *accesslist.AccessList) *accesslistv1.AccessList {
 			Membership:  string(accessList.Spec.Membership),
 			Owners:      owners,
 			Audit: &accesslistv1.AccessListAudit{
-				NextAuditDate: timestamppb.New(accessList.Spec.Audit.NextAuditDate),
+				NextAuditDate: nextAuditDate,
 				Recurrence: &accesslistv1.Recurrence{
 					Frequency:  accesslistv1.ReviewFrequency(accessList.Spec.Audit.Recurrence.Frequency),
 					DayOfMonth: accesslistv1.ReviewDayOfMonth(accessList.Spec.Audit.Recurrence.DayOfMonth),

api/types/accesslist/convert/v1/accesslist_test.go

@@ -242,3 +242,27 @@ func newAccessList(t *testing.T, name string) *accesslist.AccessList {
 	require.NoError(t, err)
 	return accessList
 }
+
+func TestNextAuditDateZeroTime(t *testing.T) {
+	// When a proto message without expiration is converted to an AL
+	// we expect next audit date to be mapped to golang's zero time. Then
+	// AccessList.CheckAndSetDefaults will set a time in the future based on
+	// the recurrence rules.
+	accessList := ToProto(newAccessList(t, "access-list"))
+	accessList.Spec.Audit.NextAuditDate = nil
+	converted, err := FromProto(accessList)
+
+	require.NoError(t, err)
+	require.NotZero(
+		t,
+		converted.Spec.Audit.NextAuditDate.Unix(),
+		"next audit date should not be epoch",
+	)
+
+	converted.Spec.Audit.NextAuditDate = time.Time{}
+	// When an Access List without next audit date is converted to protobuf
+	// it should be nil.
+	convertedTwice := ToProto(converted)
+
+	require.Nil(t, convertedTwice.Spec.Audit.NextAuditDate)
+}