Add SCEPCHALLENGE as valid webhook type in admin API

hslatman · hslatman · commit ad4d8e6c6894 · 2023-04-29T01:40:03.000+02:00
diff --git a/authority/admin/api/webhook.go b/authority/admin/api/webhook.go
@@ -57,9 +57,9 @@ func validateWebhook(webhook *linkedca.Webhook) error {
 
 	// kind
 	switch webhook.Kind {
-	case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING:
+	case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING, linkedca.Webhook_SCEPCHALLENGE:
 	default:
-		return admin.NewError(admin.ErrorBadRequestType, "webhook kind is invalid")
+		return admin.NewError(admin.ErrorBadRequestType, "webhook kind %q is invalid", webhook.Kind)
 	}
 
 	return nil
diff --git a/authority/admin/api/webhook_test.go b/authority/admin/api/webhook_test.go
@@ -180,6 +180,26 @@ func TestWebhookAdminResponder_CreateProvisionerWebhook(t *testing.T) {
 				statusCode: 400,
 			}
 		},
+		"fail/unsupported-webhook-kind": func(t *testing.T) test {
+			prov := &linkedca.Provisioner{
+				Name: "provName",
+			}
+			ctx := linkedca.NewContextWithProvisioner(context.Background(), prov)
+			adminErr := admin.NewError(admin.ErrorBadRequestType, `(line 5:13): invalid value for enum type: "UNSUPPORTED"`)
+			adminErr.Message = `(line 5:13): invalid value for enum type: "UNSUPPORTED"`
+			body := []byte(`
+			{
+				"name": "metadata",
+				"url": "https://example.com",
+				"kind": "UNSUPPORTED",
+			}`)
+			return test{
+				ctx:        ctx,
+				body:       body,
+				err:        adminErr,
+				statusCode: 400,
+			}
+		},
 		"fail/auth.UpdateProvisioner-error": func(t *testing.T) test {
 			adm := &linkedca.Admin{
 				Subject: "step",
diff --git a/scep/api/webhook/webhook.go b/scep/api/webhook/webhook.go
@@ -54,8 +54,11 @@ func (c *Controller) Validate(ctx context.Context, challenge string) error {
 	return provisioner.ErrWebhookDenied
 }
 
-// isCertTypeOK returns whether or not the webhook is for X.509
-// certificates.
+// isCertTypeOK returns whether or not the webhook can be used
+// with the SCEP challenge validation webhook controller.
 func (c *Controller) isCertTypeOK(wh *provisioner.Webhook) bool {
+	if wh.CertType == linkedca.Webhook_ALL.String() || wh.CertType == "" {
+		return true
+	}
 	return linkedca.Webhook_X509.String() == wh.CertType
 }

Original file line number	Diff line number	Diff line change
`@@ -54,8 +54,11 @@ func (c *Controller) Validate(ctx context.Context, challenge string) error {`
`54`	`54`	`return provisioner.ErrWebhookDenied`
`55`	`55`	`}`
`56`	`56`
`57`		`-// isCertTypeOK returns whether or not the webhook is for X.509`
`58`		`-// certificates.`
	`57`	`+// isCertTypeOK returns whether or not the webhook can be used`
	`58`	`+// with the SCEP challenge validation webhook controller.`
`59`	`59`	`func (c Controller) isCertTypeOK(wh provisioner.Webhook) bool {`
	`60`	`+ if wh.CertType == linkedca.Webhook_ALL.String() \|\| wh.CertType == "" {`
	`61`	`+ return true`
	`62`	`+ }`
`60`	`63`	`return linkedca.Webhook_X509.String() == wh.CertType`
`61`	`64`	`}`