Add SignWithContext method to authority and mocks

hslatman · hslatman · commit 4e06bdbc5148 · 2023-09-19T16:30:53.000+02:00
diff --git a/acme/api/revoke_test.go b/acme/api/revoke_test.go
@@ -285,6 +285,10 @@ func (m *mockCA) Sign(*x509.CertificateRequest, provisioner.SignOptions, ...prov
 	return nil, nil
 }
 
+func (m *mockCA) SignWithContext(context.Context, *x509.CertificateRequest, provisioner.SignOptions, ...provisioner.SignOption) ([]*x509.Certificate, error) {
+	return nil, nil
+}
+
 func (m *mockCA) AreSANsAllowed(ctx context.Context, sans []string) error {
 	if m.MockAreSANsallowed != nil {
 		return m.MockAreSANsallowed(ctx, sans)
diff --git a/acme/common.go b/acme/common.go
@@ -22,6 +22,7 @@ var clock Clock
 // CertificateAuthority is the interface implemented by a CA authority.
 type CertificateAuthority interface {
 	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
+	SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	AreSANsAllowed(ctx context.Context, sans []string) error
 	IsRevoked(sn string) (bool, error)
 	Revoke(context.Context, *authority.RevokeOptions) error
diff --git a/acme/order_test.go b/acme/order_test.go
@@ -272,6 +272,7 @@ func TestOrder_UpdateStatus(t *testing.T) {
 
 type mockSignAuth struct {
 	sign                  func(csr *x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
+	signWithContext       func(ctx context.Context, csr *x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	areSANsAllowed        func(ctx context.Context, sans []string) error
 	loadProvisionerByName func(string) (provisioner.Interface, error)
 	ret1, ret2            interface{}
@@ -287,6 +288,15 @@ func (m *mockSignAuth) Sign(csr *x509.CertificateRequest, signOpts provisioner.S
 	return []*x509.Certificate{m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate)}, m.err
 }
 
+func (m *mockSignAuth) SignWithContext(ctx context.Context, csr *x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {
+	if m.signWithContext != nil {
+		return m.signWithContext(ctx, csr, signOpts, extraOpts...)
+	} else if m.err != nil {
+		return nil, m.err
+	}
+	return []*x509.Certificate{m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate)}, m.err
+}
+
 func (m *mockSignAuth) AreSANsAllowed(ctx context.Context, sans []string) error {
 	if m.areSANsAllowed != nil {
 		return m.areSANsAllowed(ctx, sans)
diff --git a/api/api.go b/api/api.go
@@ -42,6 +42,7 @@ type Authority interface {
 	GetTLSOptions() *config.TLSOptions
 	Root(shasum string) (*x509.Certificate, error)
 	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
+	SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	Renew(peer *x509.Certificate) ([]*x509.Certificate, error)
 	RenewContext(ctx context.Context, peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error)
 	Rekey(peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error)
diff --git a/api/api_test.go b/api/api_test.go
@@ -193,6 +193,7 @@ type mockAuthority struct {
 	getTLSOptions                func() *authority.TLSOptions
 	root                         func(shasum string) (*x509.Certificate, error)
 	sign                         func(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
+	signWithContext              func(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	renew                        func(cert *x509.Certificate) ([]*x509.Certificate, error)
 	rekey                        func(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error)
 	renewContext                 func(ctx context.Context, oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error)
@@ -261,6 +262,13 @@ func (m *mockAuthority) Sign(cr *x509.CertificateRequest, opts provisioner.SignO
 	return []*x509.Certificate{m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate)}, m.err
 }
 
+func (m *mockAuthority) SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {
+	if m.signWithContext != nil {
+		return m.signWithContext(ctx, cr, opts, signOpts...)
+	}
+	return []*x509.Certificate{m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate)}, m.err
+}
+
 func (m *mockAuthority) Renew(cert *x509.Certificate) ([]*x509.Certificate, error) {
 	if m.renew != nil {
 		return m.renew(cert)
diff --git a/authority/provisioner/webhook.go b/authority/provisioner/webhook.go
@@ -37,7 +37,7 @@ type WebhookController struct {
 
 // Enrich fetches data from remote servers and adds returned data to the
 // templateData
-func (wc *WebhookController) Enrich(req *webhook.RequestBody) error {
+func (wc *WebhookController) Enrich(ctx context.Context, req *webhook.RequestBody) error {
 	if wc == nil {
 		return nil
 	}
@@ -56,11 +56,11 @@ func (wc *WebhookController) Enrich(req *webhook.RequestBody) error {
 		if !wc.isCertTypeOK(wh) {
 			continue
 		}
-		// TODO(hs): propagate context from above
-		ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
-		defer cancel()
 
-		resp, err := wh.DoWithContext(ctx, wc.client, req, wc.TemplateData)
+		whCtx, cancel := context.WithTimeout(ctx, time.Second*10)
+		defer cancel() //nolint:gocritic // every request canceled with its own timeout
+
+		resp, err := wh.DoWithContext(whCtx, wc.client, req, wc.TemplateData)
 		if err != nil {
 			return err
 		}
@@ -73,7 +73,7 @@ func (wc *WebhookController) Enrich(req *webhook.RequestBody) error {
 }
 
 // Authorize checks that all remote servers allow the request
-func (wc *WebhookController) Authorize(req *webhook.RequestBody) error {
+func (wc *WebhookController) Authorize(ctx context.Context, req *webhook.RequestBody) error {
 	if wc == nil {
 		return nil
 	}
@@ -93,11 +93,10 @@ func (wc *WebhookController) Authorize(req *webhook.RequestBody) error {
 			continue
 		}
 
-		// TODO(hs): propagate context from above
-		ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
-		defer cancel()
+		whCtx, cancel := context.WithTimeout(ctx, time.Second*10)
+		defer cancel() //nolint:gocritic // every request canceled with its own timeout
 
-		resp, err := wh.DoWithContext(ctx, wc.client, req, wc.TemplateData)
+		resp, err := wh.DoWithContext(whCtx, wc.client, req, wc.TemplateData)
 		if err != nil {
 			return err
 		}
diff --git a/authority/provisioner/webhook_test.go b/authority/provisioner/webhook_test.go
@@ -242,7 +242,7 @@ func TestWebhookController_Enrich(t *testing.T) {
 				wh.URL = ts.URL
 			}
 
-			err := test.ctl.Enrich(test.req)
+			err := test.ctl.Enrich(context.Background(), test.req)
 			if (err != nil) != test.expectErr {
 				t.Fatalf("Got err %v, want %v", err, test.expectErr)
 			}
@@ -352,7 +352,7 @@ func TestWebhookController_Authorize(t *testing.T) {
 				wh.URL = ts.URL
 			}
 
-			err := test.ctl.Authorize(test.req)
+			err := test.ctl.Authorize(context.Background(), test.req)
 			if (err != nil) != test.expectErr {
 				t.Fatalf("Got err %v, want %v", err, test.expectErr)
 			}
diff --git a/authority/ssh.go b/authority/ssh.go
@@ -146,7 +146,7 @@ func (a *Authority) GetSSHBastion(ctx context.Context, user, hostname string) (*
 }
 
 // SignSSH creates a signed SSH certificate with the given public key and options.
-func (a *Authority) SignSSH(_ context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) {
+func (a *Authority) SignSSH(ctx context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) {
 	var (
 		certOptions []sshutil.Option
 		mods        []provisioner.SSHCertModifier
@@ -205,7 +205,7 @@ func (a *Authority) SignSSH(_ context.Context, key ssh.PublicKey, opts provision
 	}
 
 	// Call enriching webhooks
-	if err := callEnrichingWebhooksSSH(webhookCtl, cr); err != nil {
+	if err := callEnrichingWebhooksSSH(ctx, webhookCtl, cr); err != nil {
 		return nil, errs.ApplyOptions(
 			errs.ForbiddenErr(err, err.Error()),
 			errs.WithKeyVal("signOptions", signOpts),
@@ -277,7 +277,7 @@ func (a *Authority) SignSSH(_ context.Context, key ssh.PublicKey, opts provision
 	}
 
 	// Send certificate to webhooks for authorization
-	if err := callAuthorizingWebhooksSSH(webhookCtl, certificate, certTpl); err != nil {
+	if err := callAuthorizingWebhooksSSH(ctx, webhookCtl, certificate, certTpl); err != nil {
 		return nil, errs.ApplyOptions(
 			errs.ForbiddenErr(err, "authority.SignSSH: error signing certificate"),
 		)
@@ -653,7 +653,7 @@ func (a *Authority) getAddUserCommand(principal string) string {
 	return strings.ReplaceAll(cmd, "<principal>", principal)
 }
 
-func callEnrichingWebhooksSSH(webhookCtl webhookController, cr sshutil.CertificateRequest) error {
+func callEnrichingWebhooksSSH(ctx context.Context, webhookCtl webhookController, cr sshutil.CertificateRequest) error {
 	if webhookCtl == nil {
 		return nil
 	}
@@ -663,10 +663,10 @@ func callEnrichingWebhooksSSH(webhookCtl webhookController, cr sshutil.Certifica
 	if err != nil {
 		return err
 	}
-	return webhookCtl.Enrich(whEnrichReq)
+	return webhookCtl.Enrich(ctx, whEnrichReq)
 }
 
-func callAuthorizingWebhooksSSH(webhookCtl webhookController, cert *sshutil.Certificate, certTpl *ssh.Certificate) error {
+func callAuthorizingWebhooksSSH(ctx context.Context, webhookCtl webhookController, cert *sshutil.Certificate, certTpl *ssh.Certificate) error {
 	if webhookCtl == nil {
 		return nil
 	}
@@ -676,5 +676,5 @@ func callAuthorizingWebhooksSSH(webhookCtl webhookController, cert *sshutil.Cert
 	if err != nil {
 		return err
 	}
-	return webhookCtl.Authorize(whAuthBody)
+	return webhookCtl.Authorize(ctx, whAuthBody)
 }
diff --git a/authority/tls.go b/authority/tls.go
@@ -91,8 +91,17 @@ func withDefaultASN1DN(def *config.ASN1DN) provisioner.CertificateModifierFunc {
 	}
 }
 
-// Sign creates a signed certificate from a certificate signing request.
+// Sign creates a signed certificate from a certificate signing request. It
+// creates a new context.Context, and calls into SignWithContext.
+//
+// Deprecated: Use authority.SignWithContext with an actual context.Context.
 func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {
+	return a.SignWithContext(context.Background(), csr, signOpts, extraOpts...)
+}
+
+// SignWithContext creates a signed certificate from a certificate signing request,
+// taking the provided context.Context.
+func (a *Authority) SignWithContext(ctx context.Context, csr *x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {
 	var (
 		certOptions    []x509util.Option
 		certValidators []provisioner.CertificateValidator
@@ -163,7 +172,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
 		}
 	}
 
-	if err := callEnrichingWebhooksX509(webhookCtl, attData, csr); err != nil {
+	if err := callEnrichingWebhooksX509(ctx, webhookCtl, attData, csr); err != nil {
 		return nil, errs.ApplyOptions(
 			errs.ForbiddenErr(err, err.Error()),
 			errs.WithKeyVal("csr", csr),
@@ -256,7 +265,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
 	}
 
 	// Send certificate to webhooks for authorization
-	if err := callAuthorizingWebhooksX509(webhookCtl, cert, leaf, attData); err != nil {
+	if err := callAuthorizingWebhooksX509(ctx, webhookCtl, cert, leaf, attData); err != nil {
 		return nil, errs.ApplyOptions(
 			errs.ForbiddenErr(err, "error creating certificate"),
 			opts...,
@@ -952,7 +961,7 @@ func templatingError(err error) error {
 	return errors.Wrap(cause, "error applying certificate template")
 }
 
-func callEnrichingWebhooksX509(webhookCtl webhookController, attData *provisioner.AttestationData, csr *x509.CertificateRequest) error {
+func callEnrichingWebhooksX509(ctx context.Context, webhookCtl webhookController, attData *provisioner.AttestationData, csr *x509.CertificateRequest) error {
 	if webhookCtl == nil {
 		return nil
 	}
@@ -969,10 +978,10 @@ func callEnrichingWebhooksX509(webhookCtl webhookController, attData *provisione
 	if err != nil {
 		return err
 	}
-	return webhookCtl.Enrich(whEnrichReq)
+	return webhookCtl.Enrich(ctx, whEnrichReq)
 }
 
-func callAuthorizingWebhooksX509(webhookCtl webhookController, cert *x509util.Certificate, leaf *x509.Certificate, attData *provisioner.AttestationData) error {
+func callAuthorizingWebhooksX509(ctx context.Context, webhookCtl webhookController, cert *x509util.Certificate, leaf *x509.Certificate, attData *provisioner.AttestationData) error {
 	if webhookCtl == nil {
 		return nil
 	}
@@ -989,5 +998,5 @@ func callAuthorizingWebhooksX509(webhookCtl webhookController, cert *x509util.Ce
 	if err != nil {
 		return err
 	}
-	return webhookCtl.Authorize(whAuthBody)
+	return webhookCtl.Authorize(ctx, whAuthBody)
 }
diff --git a/authority/webhook.go b/authority/webhook.go
@@ -1,8 +1,12 @@
 package authority
 
-import "github.com/smallstep/certificates/webhook"
+import (
+	"context"
+
+	"github.com/smallstep/certificates/webhook"
+)
 
 type webhookController interface {
-	Enrich(*webhook.RequestBody) error
-	Authorize(*webhook.RequestBody) error
+	Enrich(context.Context, *webhook.RequestBody) error
+	Authorize(context.Context, *webhook.RequestBody) error
 }
diff --git a/authority/webhook_test.go b/authority/webhook_test.go
@@ -1,6 +1,8 @@
 package authority
 
 import (
+	"context"
+
 	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/webhook"
 )
@@ -14,14 +16,14 @@ type mockWebhookController struct {
 
 var _ webhookController = &mockWebhookController{}
 
-func (wc *mockWebhookController) Enrich(*webhook.RequestBody) error {
+func (wc *mockWebhookController) Enrich(context.Context, *webhook.RequestBody) error {
 	for key, data := range wc.respData {
 		wc.templateData.SetWebhook(key, data)
 	}
 
 	return wc.enrichErr
 }
 
-func (wc *mockWebhookController) Authorize(*webhook.RequestBody) error {
+func (wc *mockWebhookController) Authorize(context.Context, *webhook.RequestBody) error {
 	return wc.authorizeErr
 }

Original file line number	Diff line number	Diff line change
`@@ -242,7 +242,7 @@ func TestWebhookController_Enrich(t *testing.T) {`
`242`	`242`	`wh.URL = ts.URL`
`243`	`243`	`}`
`244`	`244`
`245`		`- err := test.ctl.Enrich(test.req)`
	`245`	`+ err := test.ctl.Enrich(context.Background(), test.req)`
`246`	`246`	`if (err != nil) != test.expectErr {`
`247`	`247`	`t.Fatalf("Got err %v, want %v", err, test.expectErr)`
`248`	`248`	`}`
`@@ -352,7 +352,7 @@ func TestWebhookController_Authorize(t *testing.T) {`
`352`	`352`	`wh.URL = ts.URL`
`353`	`353`	`}`
`354`	`354`
`355`		`- err := test.ctl.Authorize(test.req)`
	`355`	`+ err := test.ctl.Authorize(context.Background(), test.req)`
`356`	`356`	`if (err != nil) != test.expectErr {`
`357`	`357`	`t.Fatalf("Got err %v, want %v", err, test.expectErr)`
`358`	`358`	`}`
Original file line number	Diff line number	Diff line change
`@@ -146,7 +146,7 @@ func (a Authority) GetSSHBastion(ctx context.Context, user, hostname string) (`
`146`	`146`	`}`
`147`	`147`
`148`	`148`	`// SignSSH creates a signed SSH certificate with the given public key and options.`
`149`		`-func (a Authority) SignSSH(_ context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (ssh.Certificate, error) {`
	`149`	`+func (a Authority) SignSSH(ctx context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (ssh.Certificate, error) {`
`150`	`150`	`var (`
`151`	`151`	`certOptions []sshutil.Option`
`152`	`152`	`mods []provisioner.SSHCertModifier`
`@@ -205,7 +205,7 @@ func (a *Authority) SignSSH(_ context.Context, key ssh.PublicKey, opts provision`
`205`	`205`	`}`
`206`	`206`
`207`	`207`	`// Call enriching webhooks`
`208`		`- if err := callEnrichingWebhooksSSH(webhookCtl, cr); err != nil {`
	`208`	`+ if err := callEnrichingWebhooksSSH(ctx, webhookCtl, cr); err != nil {`
`209`	`209`	`return nil, errs.ApplyOptions(`
`210`	`210`	`errs.ForbiddenErr(err, err.Error()),`
`211`	`211`	`errs.WithKeyVal("signOptions", signOpts),`
`@@ -277,7 +277,7 @@ func (a *Authority) SignSSH(_ context.Context, key ssh.PublicKey, opts provision`
`277`	`277`	`}`
`278`	`278`
`279`	`279`	`// Send certificate to webhooks for authorization`
`280`		`- if err := callAuthorizingWebhooksSSH(webhookCtl, certificate, certTpl); err != nil {`
	`280`	`+ if err := callAuthorizingWebhooksSSH(ctx, webhookCtl, certificate, certTpl); err != nil {`
`281`	`281`	`return nil, errs.ApplyOptions(`
`282`	`282`	`errs.ForbiddenErr(err, "authority.SignSSH: error signing certificate"),`
`283`	`283`	`)`
`@@ -653,7 +653,7 @@ func (a *Authority) getAddUserCommand(principal string) string {`
`653`	`653`	`return strings.ReplaceAll(cmd, "<principal>", principal)`
`654`	`654`	`}`
`655`	`655`
`656`		`-func callEnrichingWebhooksSSH(webhookCtl webhookController, cr sshutil.CertificateRequest) error {`
	`656`	`+func callEnrichingWebhooksSSH(ctx context.Context, webhookCtl webhookController, cr sshutil.CertificateRequest) error {`
`657`	`657`	`if webhookCtl == nil {`
`658`	`658`	`return nil`
`659`	`659`	`}`
`@@ -663,10 +663,10 @@ func callEnrichingWebhooksSSH(webhookCtl webhookController, cr sshutil.Certifica`
`663`	`663`	`if err != nil {`
`664`	`664`	`return err`
`665`	`665`	`}`
`666`		`- return webhookCtl.Enrich(whEnrichReq)`
	`666`	`+ return webhookCtl.Enrich(ctx, whEnrichReq)`
`667`	`667`	`}`
`668`	`668`
`669`		`-func callAuthorizingWebhooksSSH(webhookCtl webhookController, cert sshutil.Certificate, certTpl ssh.Certificate) error {`
	`669`	`+func callAuthorizingWebhooksSSH(ctx context.Context, webhookCtl webhookController, cert sshutil.Certificate, certTpl ssh.Certificate) error {`
`670`	`670`	`if webhookCtl == nil {`
`671`	`671`	`return nil`
`672`	`672`	`}`
`@@ -676,5 +676,5 @@ func callAuthorizingWebhooksSSH(webhookCtl webhookController, cert *sshutil.Cert`
`676`	`676`	`if err != nil {`
`677`	`677`	`return err`
`678`	`678`	`}`
`679`		`- return webhookCtl.Authorize(whAuthBody)`
	`679`	`+ return webhookCtl.Authorize(ctx, whAuthBody)`
`680`	`680`	`}`
Original file line number	Diff line number	Diff line change
`@@ -91,8 +91,17 @@ func withDefaultASN1DN(def *config.ASN1DN) provisioner.CertificateModifierFunc {`
`91`	`91`	`}`
`92`	`92`	`}`
`93`	`93`
`94`		`-// Sign creates a signed certificate from a certificate signing request.`
	`94`	`+// Sign creates a signed certificate from a certificate signing request. It`
	`95`	`+// creates a new context.Context, and calls into SignWithContext.`
	`96`	`+//`
	`97`	`+// Deprecated: Use authority.SignWithContext with an actual context.Context.`
`95`	`98`	`func (a Authority) Sign(csr x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {`
	`99`	`+ return a.SignWithContext(context.Background(), csr, signOpts, extraOpts...)`
	`100`	`+}`
	`101`	`+`
	`102`	`+// SignWithContext creates a signed certificate from a certificate signing request,`
	`103`	`+// taking the provided context.Context.`
	`104`	`+func (a Authority) SignWithContext(ctx context.Context, csr x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {`
`96`	`105`	`var (`
`97`	`106`	`certOptions []x509util.Option`
`98`	`107`	`certValidators []provisioner.CertificateValidator`
`@@ -163,7 +172,7 @@ func (a Authority) Sign(csr x509.CertificateRequest, signOpts provisioner.Sign`
`163`	`172`	`}`
`164`	`173`	`}`
`165`	`174`
`166`		`- if err := callEnrichingWebhooksX509(webhookCtl, attData, csr); err != nil {`
	`175`	`+ if err := callEnrichingWebhooksX509(ctx, webhookCtl, attData, csr); err != nil {`
`167`	`176`	`return nil, errs.ApplyOptions(`
`168`	`177`	`errs.ForbiddenErr(err, err.Error()),`
`169`	`178`	`errs.WithKeyVal("csr", csr),`
`@@ -256,7 +265,7 @@ func (a Authority) Sign(csr x509.CertificateRequest, signOpts provisioner.Sign`
`256`	`265`	`}`
`257`	`266`
`258`	`267`	`// Send certificate to webhooks for authorization`
`259`		`- if err := callAuthorizingWebhooksX509(webhookCtl, cert, leaf, attData); err != nil {`
	`268`	`+ if err := callAuthorizingWebhooksX509(ctx, webhookCtl, cert, leaf, attData); err != nil {`
`260`	`269`	`return nil, errs.ApplyOptions(`
`261`	`270`	`errs.ForbiddenErr(err, "error creating certificate"),`
`262`	`271`	`opts...,`
`@@ -952,7 +961,7 @@ func templatingError(err error) error {`
`952`	`961`	`return errors.Wrap(cause, "error applying certificate template")`
`953`	`962`	`}`
`954`	`963`
`955`		`-func callEnrichingWebhooksX509(webhookCtl webhookController, attData provisioner.AttestationData, csr x509.CertificateRequest) error {`
	`964`	`+func callEnrichingWebhooksX509(ctx context.Context, webhookCtl webhookController, attData provisioner.AttestationData, csr x509.CertificateRequest) error {`
`956`	`965`	`if webhookCtl == nil {`
`957`	`966`	`return nil`
`958`	`967`	`}`
`@@ -969,10 +978,10 @@ func callEnrichingWebhooksX509(webhookCtl webhookController, attData *provisione`
`969`	`978`	`if err != nil {`
`970`	`979`	`return err`
`971`	`980`	`}`
`972`		`- return webhookCtl.Enrich(whEnrichReq)`
	`981`	`+ return webhookCtl.Enrich(ctx, whEnrichReq)`
`973`	`982`	`}`
`974`	`983`
`975`		`-func callAuthorizingWebhooksX509(webhookCtl webhookController, cert x509util.Certificate, leaf x509.Certificate, attData *provisioner.AttestationData) error {`
	`984`	`+func callAuthorizingWebhooksX509(ctx context.Context, webhookCtl webhookController, cert x509util.Certificate, leaf x509.Certificate, attData *provisioner.AttestationData) error {`
`976`	`985`	`if webhookCtl == nil {`
`977`	`986`	`return nil`
`978`	`987`	`}`
`@@ -989,5 +998,5 @@ func callAuthorizingWebhooksX509(webhookCtl webhookController, cert *x509util.Ce`
`989`	`998`	`if err != nil {`
`990`	`999`	`return err`
`991`	`1000`	`}`
`992`		`- return webhookCtl.Authorize(whAuthBody)`
	`1001`	`+ return webhookCtl.Authorize(ctx, whAuthBody)`
`993`	`1002`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,8 @@`
`1`	`1`	`package authority`
`2`	`2`
`3`	`3`	`import (`
	`4`	`+ "context"`
	`5`	`+`
`4`	`6`	`"github.com/smallstep/certificates/authority/provisioner"`
`5`	`7`	`"github.com/smallstep/certificates/webhook"`
`6`	`8`	`)`
`@@ -14,14 +16,14 @@ type mockWebhookController struct {`
`14`	`16`
`15`	`17`	`var _ webhookController = &mockWebhookController{}`
`16`	`18`
`17`		`-func (wc mockWebhookController) Enrich(webhook.RequestBody) error {`
	`19`	`+func (wc mockWebhookController) Enrich(context.Context, webhook.RequestBody) error {`
`18`	`20`	`for key, data := range wc.respData {`
`19`	`21`	`wc.templateData.SetWebhook(key, data)`
`20`	`22`	`}`
`21`	`23`
`22`	`24`	`return wc.enrichErr`
`23`	`25`	`}`
`24`	`26`
`25`		`-func (wc mockWebhookController) Authorize(webhook.RequestBody) error {`
	`27`	`+func (wc mockWebhookController) Authorize(context.Context, webhook.RequestBody) error {`
`26`	`28`	`return wc.authorizeErr`
`27`	`29`	`}`