Skip to content

Commit 63371a8

Browse files
hslatmanhslatman
committed
Add additional tests for ACME EAB Admin
1 parent 2215a05 commit 63371a8

File tree

3 files changed

+775
-14
lines changed

3 files changed

+775
-14
lines changed

acme/db.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ type DB interface {
1919
GetAccountByKeyID(ctx context.Context, kid string) (*Account, error)
2020
UpdateAccount(ctx context.Context, acc *Account) error
2121

22-
CreateExternalAccountKey(ctx context.Context, provisionerName, name string) (*ExternalAccountKey, error)
22+
CreateExternalAccountKey(ctx context.Context, provisionerName, reference string) (*ExternalAccountKey, error)
2323
GetExternalAccountKey(ctx context.Context, provisionerName, keyID string) (*ExternalAccountKey, error)
2424
GetExternalAccountKeys(ctx context.Context, provisionerName, cursor string, limit int) ([]*ExternalAccountKey, string, error)
2525
GetExternalAccountKeyByReference(ctx context.Context, provisionerName, reference string) (*ExternalAccountKey, error)
@@ -54,7 +54,7 @@ type MockDB struct {
5454
MockGetAccountByKeyID func(ctx context.Context, kid string) (*Account, error)
5555
MockUpdateAccount func(ctx context.Context, acc *Account) error
5656

57-
MockCreateExternalAccountKey func(ctx context.Context, provisionerName, name string) (*ExternalAccountKey, error)
57+
MockCreateExternalAccountKey func(ctx context.Context, provisionerName, reference string) (*ExternalAccountKey, error)
5858
MockGetExternalAccountKey func(ctx context.Context, provisionerName, keyID string) (*ExternalAccountKey, error)
5959
MockGetExternalAccountKeys func(ctx context.Context, provisionerName string, cursor string, limit int) ([]*ExternalAccountKey, string, error)
6060
MockGetExternalAccountKeyByReference func(ctx context.Context, provisionerName, reference string) (*ExternalAccountKey, error)
@@ -125,9 +125,9 @@ func (m *MockDB) UpdateAccount(ctx context.Context, acc *Account) error {
125125
}
126126

127127
// CreateExternalAccountKey mock
128-
func (m *MockDB) CreateExternalAccountKey(ctx context.Context, provisionerName, name string) (*ExternalAccountKey, error) {
128+
func (m *MockDB) CreateExternalAccountKey(ctx context.Context, provisionerName, reference string) (*ExternalAccountKey, error) {
129129
if m.MockCreateExternalAccountKey != nil {
130-
return m.MockCreateExternalAccountKey(ctx, provisionerName, name)
130+
return m.MockCreateExternalAccountKey(ctx, provisionerName, reference)
131131
} else if m.MockError != nil {
132132
return nil, m.MockError
133133
}
@@ -156,8 +156,8 @@ func (m *MockDB) GetExternalAccountKeys(ctx context.Context, provisionerName, cu
156156

157157
// GetExternalAccountKeyByReference mock
158158
func (m *MockDB) GetExternalAccountKeyByReference(ctx context.Context, provisionerName, reference string) (*ExternalAccountKey, error) {
159-
if m.MockGetExternalAccountKeys != nil {
160-
return m.GetExternalAccountKeyByReference(ctx, provisionerName, reference)
159+
if m.MockGetExternalAccountKeyByReference != nil {
160+
return m.MockGetExternalAccountKeyByReference(ctx, provisionerName, reference)
161161
} else if m.MockError != nil {
162162
return nil, m.MockError
163163
}

authority/admin/api/acme.go

Lines changed: 19 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@ package api
22

33
import (
44
"context"
5+
"errors"
6+
"fmt"
57
"net/http"
68

79
"github.com/go-chi/chi"
@@ -20,6 +22,9 @@ type CreateExternalAccountKeyRequest struct {
2022

2123
// Validate validates a new ACME EAB Key request body.
2224
func (r *CreateExternalAccountKeyRequest) Validate() error {
25+
if len(r.Reference) > 256 { // an arbitrary, but sensible (IMO), limit
26+
return fmt.Errorf("reference length %d exceeds the maximum (256)", len(r.Reference))
27+
}
2328
return nil
2429
}
2530

@@ -85,7 +90,7 @@ func (h *Handler) CreateExternalAccountKey(w http.ResponseWriter, r *http.Reques
8590
}
8691

8792
if err := body.Validate(); err != nil {
88-
api.WriteError(w, err)
93+
api.WriteError(w, admin.WrapError(admin.ErrorBadRequestType, err, "error validating request body"))
8994
return
9095
}
9196

@@ -97,9 +102,9 @@ func (h *Handler) CreateExternalAccountKey(w http.ResponseWriter, r *http.Reques
97102
k, err := h.acmeDB.GetExternalAccountKeyByReference(r.Context(), prov, reference)
98103
// retrieving an EAB key from DB results in an error if it doesn't exist, which is what we're looking for,
99104
// but other errors can also happen. Return early if that happens; continuing if it was acme.ErrNotFound.
100-
shouldWriteError := err != nil && acme.ErrNotFound != err
105+
shouldWriteError := err != nil && !errors.Is(err, acme.ErrNotFound)
101106
if shouldWriteError {
102-
api.WriteError(w, err)
107+
api.WriteError(w, admin.WrapErrorISE(err, "could not lookup external account key by reference"))
103108
return
104109
}
105110
// if a key was found, return HTTP 409 conflict
@@ -114,7 +119,11 @@ func (h *Handler) CreateExternalAccountKey(w http.ResponseWriter, r *http.Reques
114119

115120
eak, err := h.acmeDB.CreateExternalAccountKey(r.Context(), prov, reference)
116121
if err != nil {
117-
api.WriteError(w, admin.WrapErrorISE(err, "error creating ACME EAB key for provisioner %s and reference %s", prov, reference))
122+
msg := fmt.Sprintf("error creating ACME EAB key for provisioner '%s'", prov)
123+
if reference != "" {
124+
msg += fmt.Sprintf(" and reference '%s'", reference)
125+
}
126+
api.WriteError(w, admin.WrapErrorISE(err, msg))
118127
return
119128
}
120129

@@ -134,7 +143,7 @@ func (h *Handler) DeleteExternalAccountKey(w http.ResponseWriter, r *http.Reques
134143
keyID := chi.URLParam(r, "id")
135144

136145
if err := h.acmeDB.DeleteExternalAccountKey(r.Context(), prov, keyID); err != nil {
137-
api.WriteError(w, admin.WrapErrorISE(err, "error deleting ACME EAB Key %s", keyID))
146+
api.WriteError(w, admin.WrapErrorISE(err, "error deleting ACME EAB Key '%s'", keyID))
138147
return
139148
}
140149

@@ -165,14 +174,16 @@ func (h *Handler) GetExternalAccountKeys(w http.ResponseWriter, r *http.Request)
165174
if reference != "" {
166175
key, err = h.acmeDB.GetExternalAccountKeyByReference(r.Context(), prov, reference)
167176
if err != nil {
168-
api.WriteError(w, admin.WrapErrorISE(err, "error getting external account key with reference %s", reference))
177+
api.WriteError(w, admin.WrapErrorISE(err, "error retrieving external account key with reference '%s'", reference))
169178
return
170179
}
171-
keys = []*acme.ExternalAccountKey{key}
180+
if key != nil {
181+
keys = []*acme.ExternalAccountKey{key}
182+
}
172183
} else {
173184
keys, nextCursor, err = h.acmeDB.GetExternalAccountKeys(r.Context(), prov, cursor, limit)
174185
if err != nil {
175-
api.WriteError(w, admin.WrapErrorISE(err, "error getting external account keys"))
186+
api.WriteError(w, admin.WrapErrorISE(err, "error retrieving external account keys"))
176187
return
177188
}
178189
}

0 commit comments

Comments
 (0)