alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Improve policy bad request handling

Browse source
This commit is contained in:
Herman Slatman 2022-04-21 17:16:02 +02:00
parent b72430f4ea
commit e9f5a1eb98
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
2 changed files with 314 additions and 117 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
authority/admin/api/policy.go
View file

@ -105,11 +105,8 @@ func (par *PolicyAdminResponder) CreateAuthorityPolicy(w http.ResponseWriter, r
var createdPolicy *linkedca.Policy var createdPolicy *linkedca.Policy
if createdPolicy, err = par.auth.CreateAuthorityPolicy(ctx, adm, newPolicy); err != nil { if createdPolicy, err = par.auth.CreateAuthorityPolicy(ctx, adm, newPolicy); err != nil {
var pe *authority.PolicyError if isBadRequest(err) {
isPolicyError := errors.As(err, &pe) render.Error(w, admin.WrapError(admin.ErrorBadRequestType, err, "error storing authority policy"))
if isPolicyError && pe.Typ == authority.AdminLockOut || pe.Typ == authority.EvaluationFailure || pe.Typ == authority.ConfigurationFailure {
render.Error(w, admin.WrapError(admin.ErrorBadRequestType, pe, "error storing authority policy"))
return return
} }
@ -153,10 +150,8 @@ func (par *PolicyAdminResponder) UpdateAuthorityPolicy(w http.ResponseWriter, r
var updatedPolicy *linkedca.Policy var updatedPolicy *linkedca.Policy
if updatedPolicy, err = par.auth.UpdateAuthorityPolicy(ctx, adm, newPolicy); err != nil { if updatedPolicy, err = par.auth.UpdateAuthorityPolicy(ctx, adm, newPolicy); err != nil {
var pe *authority.PolicyError if isBadRequest(err) {
isPolicyError := errors.As(err, &pe) render.Error(w, admin.WrapError(admin.ErrorBadRequestType, err, "error updating authority policy"))
if isPolicyError && pe.Typ == authority.AdminLockOut || pe.Typ == authority.EvaluationFailure || pe.Typ == authority.ConfigurationFailure {
render.Error(w, admin.WrapError(admin.ErrorBadRequestType, pe, "error updating authority policy"))
return return
} }
@ -246,10 +241,8 @@ func (par *PolicyAdminResponder) CreateProvisionerPolicy(w http.ResponseWriter,
prov.Policy = newPolicy prov.Policy = newPolicy
if err := par.auth.UpdateProvisioner(ctx, prov); err != nil { if err := par.auth.UpdateProvisioner(ctx, prov); err != nil {
var pe *authority.PolicyError if isBadRequest(err) {
isPolicyError := errors.As(err, &pe) render.Error(w, admin.WrapError(admin.ErrorBadRequestType, err, "error creating provisioner policy"))
if isPolicyError && pe.Typ == authority.AdminLockOut || pe.Typ == authority.EvaluationFailure || pe.Typ == authority.ConfigurationFailure {
render.Error(w, admin.WrapError(admin.ErrorBadRequestType, pe, "error creating provisioner policy"))
return return
} }
@ -286,10 +279,8 @@ func (par *PolicyAdminResponder) UpdateProvisionerPolicy(w http.ResponseWriter,
prov.Policy = newPolicy prov.Policy = newPolicy
if err := par.auth.UpdateProvisioner(ctx, prov); err != nil { if err := par.auth.UpdateProvisioner(ctx, prov); err != nil {
var pe *authority.PolicyError if isBadRequest(err) {
isPolicyError := errors.As(err, &pe) render.Error(w, admin.WrapError(admin.ErrorBadRequestType, err, "error updating provisioner policy"))
if isPolicyError && pe.Typ == authority.AdminLockOut || pe.Typ == authority.EvaluationFailure || pe.Typ == authority.ConfigurationFailure {
render.Error(w, admin.WrapError(admin.ErrorBadRequestType, pe, "error updating provisioner policy"))
return return
} }
@ -456,6 +447,14 @@ func (par *PolicyAdminResponder) blockLinkedCA() error {
return nil return nil
} }
// isBadRequest checks if an error should result in a bad request error
// returned to the client.
func isBadRequest(err error) bool {
var pe *authority.PolicyError
isPolicyError := errors.As(err, &pe)
return isPolicyError && (pe.Typ == authority.AdminLockOut || pe.Typ == authority.EvaluationFailure || pe.Typ == authority.ConfigurationFailure)
}
// applyConditionalDefaults applies default settings in case they're not provided // applyConditionalDefaults applies default settings in case they're not provided
// in the request body. // in the request body.
func applyConditionalDefaults(p *linkedca.Policy) { func applyConditionalDefaults(p *linkedca.Policy) {

198
authority/admin/api/policy_test.go
View file

@ -25,6 +25,7 @@ import (
func TestPolicyAdminResponder_GetAuthorityPolicy(t *testing.T) { func TestPolicyAdminResponder_GetAuthorityPolicy(t *testing.T) {
type test struct { type test struct {
auth adminAuthority auth adminAuthority
deploymentType string
adminDB admin.DB adminDB admin.DB
ctx context.Context ctx context.Context
err *admin.Error err *admin.Error
@ -32,6 +33,17 @@ func TestPolicyAdminResponder_GetAuthorityPolicy(t *testing.T) {
statusCode int statusCode int
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/auth.GetAuthorityPolicy-error": func(t *testing.T) test { "fail/auth.GetAuthorityPolicy-error": func(t *testing.T) test {
ctx := context.Background() ctx := context.Background()
err := admin.WrapErrorISE(errors.New("force"), "error retrieving authority policy") err := admin.WrapErrorISE(errors.New("force"), "error retrieving authority policy")
@ -89,6 +101,7 @@ func TestPolicyAdminResponder_GetAuthorityPolicy(t *testing.T) {
par := &PolicyAdminResponder{ par := &PolicyAdminResponder{
auth: tc.auth, auth: tc.auth,
adminDB: tc.adminDB, adminDB: tc.adminDB,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("GET", "/foo", nil) req := httptest.NewRequest("GET", "/foo", nil)
@ -128,6 +141,7 @@ func TestPolicyAdminResponder_GetAuthorityPolicy(t *testing.T) {
func TestPolicyAdminResponder_CreateAuthorityPolicy(t *testing.T) { func TestPolicyAdminResponder_CreateAuthorityPolicy(t *testing.T) {
type test struct { type test struct {
auth adminAuthority auth adminAuthority
deploymentType string
adminDB admin.DB adminDB admin.DB
body []byte body []byte
ctx context.Context ctx context.Context
@ -137,6 +151,17 @@ func TestPolicyAdminResponder_CreateAuthorityPolicy(t *testing.T) {
statusCode int statusCode int
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/auth.GetAuthorityPolicy-error": func(t *testing.T) test { "fail/auth.GetAuthorityPolicy-error": func(t *testing.T) test {
ctx := context.Background() ctx := context.Background()
err := admin.WrapErrorISE(errors.New("force"), "error retrieving authority policy") err := admin.WrapErrorISE(errors.New("force"), "error retrieving authority policy")
@ -323,6 +348,7 @@ func TestPolicyAdminResponder_CreateAuthorityPolicy(t *testing.T) {
auth: tc.auth, auth: tc.auth,
adminDB: tc.adminDB, adminDB: tc.adminDB,
acmeDB: tc.acmeDB, acmeDB: tc.acmeDB,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body))) req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body)))
@ -371,6 +397,7 @@ func TestPolicyAdminResponder_CreateAuthorityPolicy(t *testing.T) {
func TestPolicyAdminResponder_UpdateAuthorityPolicy(t *testing.T) { func TestPolicyAdminResponder_UpdateAuthorityPolicy(t *testing.T) {
type test struct { type test struct {
auth adminAuthority auth adminAuthority
deploymentType string
adminDB admin.DB adminDB admin.DB
body []byte body []byte
ctx context.Context ctx context.Context
@ -380,6 +407,17 @@ func TestPolicyAdminResponder_UpdateAuthorityPolicy(t *testing.T) {
statusCode int statusCode int
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/auth.GetAuthorityPolicy-error": func(t *testing.T) test { "fail/auth.GetAuthorityPolicy-error": func(t *testing.T) test {
ctx := context.Background() ctx := context.Background()
err := admin.WrapErrorISE(errors.New("force"), "error retrieving authority policy") err := admin.WrapErrorISE(errors.New("force"), "error retrieving authority policy")
@ -573,6 +611,7 @@ func TestPolicyAdminResponder_UpdateAuthorityPolicy(t *testing.T) {
auth: tc.auth, auth: tc.auth,
adminDB: tc.adminDB, adminDB: tc.adminDB,
acmeDB: tc.acmeDB, acmeDB: tc.acmeDB,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body))) req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body)))
@ -621,6 +660,7 @@ func TestPolicyAdminResponder_UpdateAuthorityPolicy(t *testing.T) {
func TestPolicyAdminResponder_DeleteAuthorityPolicy(t *testing.T) { func TestPolicyAdminResponder_DeleteAuthorityPolicy(t *testing.T) {
type test struct { type test struct {
auth adminAuthority auth adminAuthority
deploymentType string
adminDB admin.DB adminDB admin.DB
body []byte body []byte
ctx context.Context ctx context.Context
@ -630,6 +670,17 @@ func TestPolicyAdminResponder_DeleteAuthorityPolicy(t *testing.T) {
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/auth.GetAuthorityPolicy-error": func(t *testing.T) test { "fail/auth.GetAuthorityPolicy-error": func(t *testing.T) test {
ctx := context.Background() ctx := context.Background()
err := admin.WrapErrorISE(errors.New("force"), "error retrieving authority policy") err := admin.WrapErrorISE(errors.New("force"), "error retrieving authority policy")
@ -716,6 +767,7 @@ func TestPolicyAdminResponder_DeleteAuthorityPolicy(t *testing.T) {
auth: tc.auth, auth: tc.auth,
adminDB: tc.adminDB, adminDB: tc.adminDB,
acmeDB: tc.acmeDB, acmeDB: tc.acmeDB,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body))) req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body)))
@ -759,6 +811,7 @@ func TestPolicyAdminResponder_DeleteAuthorityPolicy(t *testing.T) {
func TestPolicyAdminResponder_GetProvisionerPolicy(t *testing.T) { func TestPolicyAdminResponder_GetProvisionerPolicy(t *testing.T) {
type test struct { type test struct {
auth adminAuthority auth adminAuthority
deploymentType string
adminDB admin.DB adminDB admin.DB
ctx context.Context ctx context.Context
acmeDB acme.DB acmeDB acme.DB
@ -767,6 +820,17 @@ func TestPolicyAdminResponder_GetProvisionerPolicy(t *testing.T) {
statusCode int statusCode int
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/prov-no-policy": func(t *testing.T) test { "fail/prov-no-policy": func(t *testing.T) test {
prov := &linkedca.Provisioner{} prov := &linkedca.Provisioner{}
ctx := linkedca.NewContextWithProvisioner(context.Background(), prov) ctx := linkedca.NewContextWithProvisioner(context.Background(), prov)
@ -804,6 +868,7 @@ func TestPolicyAdminResponder_GetProvisionerPolicy(t *testing.T) {
auth: tc.auth, auth: tc.auth,
adminDB: tc.adminDB, adminDB: tc.adminDB,
acmeDB: tc.acmeDB, acmeDB: tc.acmeDB,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("GET", "/foo", nil) req := httptest.NewRequest("GET", "/foo", nil)
@ -843,6 +908,7 @@ func TestPolicyAdminResponder_GetProvisionerPolicy(t *testing.T) {
func TestPolicyAdminResponder_CreateProvisionerPolicy(t *testing.T) { func TestPolicyAdminResponder_CreateProvisionerPolicy(t *testing.T) {
type test struct { type test struct {
auth adminAuthority auth adminAuthority
deploymentType string
body []byte body []byte
ctx context.Context ctx context.Context
err *admin.Error err *admin.Error
@ -850,6 +916,17 @@ func TestPolicyAdminResponder_CreateProvisionerPolicy(t *testing.T) {
statusCode int statusCode int
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/existing-policy": func(t *testing.T) test { "fail/existing-policy": func(t *testing.T) test {
policy := &linkedca.Policy{ policy := &linkedca.Policy{
X509: &linkedca.X509Policy{ X509: &linkedca.X509Policy{
@ -993,6 +1070,7 @@ func TestPolicyAdminResponder_CreateProvisionerPolicy(t *testing.T) {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
par := &PolicyAdminResponder{ par := &PolicyAdminResponder{
auth: tc.auth, auth: tc.auth,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body))) req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body)))
@ -1041,6 +1119,7 @@ func TestPolicyAdminResponder_CreateProvisionerPolicy(t *testing.T) {
func TestPolicyAdminResponder_UpdateProvisionerPolicy(t *testing.T) { func TestPolicyAdminResponder_UpdateProvisionerPolicy(t *testing.T) {
type test struct { type test struct {
auth adminAuthority auth adminAuthority
deploymentType string
body []byte body []byte
ctx context.Context ctx context.Context
err *admin.Error err *admin.Error
@ -1048,6 +1127,17 @@ func TestPolicyAdminResponder_UpdateProvisionerPolicy(t *testing.T) {
statusCode int statusCode int
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/no-existing-policy": func(t *testing.T) test { "fail/no-existing-policy": func(t *testing.T) test {
prov := &linkedca.Provisioner{ prov := &linkedca.Provisioner{
Name: "provName", Name: "provName",
@ -1193,6 +1283,7 @@ func TestPolicyAdminResponder_UpdateProvisionerPolicy(t *testing.T) {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
par := &PolicyAdminResponder{ par := &PolicyAdminResponder{
auth: tc.auth, auth: tc.auth,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body))) req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body)))
@ -1241,6 +1332,7 @@ func TestPolicyAdminResponder_UpdateProvisionerPolicy(t *testing.T) {
func TestPolicyAdminResponder_DeleteProvisionerPolicy(t *testing.T) { func TestPolicyAdminResponder_DeleteProvisionerPolicy(t *testing.T) {
type test struct { type test struct {
auth adminAuthority auth adminAuthority
deploymentType string
adminDB admin.DB adminDB admin.DB
body []byte body []byte
ctx context.Context ctx context.Context
@ -1250,6 +1342,17 @@ func TestPolicyAdminResponder_DeleteProvisionerPolicy(t *testing.T) {
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/no-existing-policy": func(t *testing.T) test { "fail/no-existing-policy": func(t *testing.T) test {
prov := &linkedca.Provisioner{ prov := &linkedca.Provisioner{
Name: "provName", Name: "provName",
@ -1306,6 +1409,7 @@ func TestPolicyAdminResponder_DeleteProvisionerPolicy(t *testing.T) {
auth: tc.auth, auth: tc.auth,
adminDB: tc.adminDB, adminDB: tc.adminDB,
acmeDB: tc.acmeDB, acmeDB: tc.acmeDB,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body))) req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body)))
@ -1348,6 +1452,7 @@ func TestPolicyAdminResponder_DeleteProvisionerPolicy(t *testing.T) {
func TestPolicyAdminResponder_GetACMEAccountPolicy(t *testing.T) { func TestPolicyAdminResponder_GetACMEAccountPolicy(t *testing.T) {
type test struct { type test struct {
deploymentType string
ctx context.Context ctx context.Context
acmeDB acme.DB acmeDB acme.DB
err *admin.Error err *admin.Error
@ -1355,6 +1460,17 @@ func TestPolicyAdminResponder_GetACMEAccountPolicy(t *testing.T) {
statusCode int statusCode int
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/no-policy": func(t *testing.T) test { "fail/no-policy": func(t *testing.T) test {
prov := &linkedca.Provisioner{ prov := &linkedca.Provisioner{
Name: "provName", Name: "provName",
@ -1401,6 +1517,7 @@ func TestPolicyAdminResponder_GetACMEAccountPolicy(t *testing.T) {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
par := &PolicyAdminResponder{ par := &PolicyAdminResponder{
acmeDB: tc.acmeDB, acmeDB: tc.acmeDB,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("GET", "/foo", nil) req := httptest.NewRequest("GET", "/foo", nil)
@ -1439,6 +1556,7 @@ func TestPolicyAdminResponder_GetACMEAccountPolicy(t *testing.T) {
func TestPolicyAdminResponder_CreateACMEAccountPolicy(t *testing.T) { func TestPolicyAdminResponder_CreateACMEAccountPolicy(t *testing.T) {
type test struct { type test struct {
deploymentType string
acmeDB acme.DB acmeDB acme.DB
body []byte body []byte
ctx context.Context ctx context.Context
@ -1447,6 +1565,17 @@ func TestPolicyAdminResponder_CreateACMEAccountPolicy(t *testing.T) {
statusCode int statusCode int
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/existing-policy": func(t *testing.T) test { "fail/existing-policy": func(t *testing.T) test {
policy := &linkedca.Policy{ policy := &linkedca.Policy{
X509: &linkedca.X509Policy{ X509: &linkedca.X509Policy{
@ -1565,6 +1694,7 @@ func TestPolicyAdminResponder_CreateACMEAccountPolicy(t *testing.T) {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
par := &PolicyAdminResponder{ par := &PolicyAdminResponder{
acmeDB: tc.acmeDB, acmeDB: tc.acmeDB,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body))) req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body)))
@ -1612,6 +1742,7 @@ func TestPolicyAdminResponder_CreateACMEAccountPolicy(t *testing.T) {
func TestPolicyAdminResponder_UpdateACMEAccountPolicy(t *testing.T) { func TestPolicyAdminResponder_UpdateACMEAccountPolicy(t *testing.T) {
type test struct { type test struct {
deploymentType string
acmeDB acme.DB acmeDB acme.DB
body []byte body []byte
ctx context.Context ctx context.Context
@ -1620,6 +1751,17 @@ func TestPolicyAdminResponder_UpdateACMEAccountPolicy(t *testing.T) {
statusCode int statusCode int
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/no-existing-policy": func(t *testing.T) test { "fail/no-existing-policy": func(t *testing.T) test {
prov := &linkedca.Provisioner{ prov := &linkedca.Provisioner{
Name: "provName", Name: "provName",
@ -1740,6 +1882,7 @@ func TestPolicyAdminResponder_UpdateACMEAccountPolicy(t *testing.T) {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
par := &PolicyAdminResponder{ par := &PolicyAdminResponder{
acmeDB: tc.acmeDB, acmeDB: tc.acmeDB,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body))) req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body)))
@ -1787,6 +1930,7 @@ func TestPolicyAdminResponder_UpdateACMEAccountPolicy(t *testing.T) {
func TestPolicyAdminResponder_DeleteACMEAccountPolicy(t *testing.T) { func TestPolicyAdminResponder_DeleteACMEAccountPolicy(t *testing.T) {
type test struct { type test struct {
deploymentType string
body []byte body []byte
ctx context.Context ctx context.Context
acmeDB acme.DB acmeDB acme.DB
@ -1795,6 +1939,17 @@ func TestPolicyAdminResponder_DeleteACMEAccountPolicy(t *testing.T) {
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/linkedca": func(t *testing.T) test {
ctx := context.Background()
err := admin.NewError(admin.ErrorNotImplementedType, "policy operations not yet supported in linked deployments")
err.Message = "policy operations not yet supported in linked deployments"
return test{
ctx: ctx,
deploymentType: "linked",
err: err,
statusCode: 501,
}
},
"fail/no-existing-policy": func(t *testing.T) test { "fail/no-existing-policy": func(t *testing.T) test {
prov := &linkedca.Provisioner{ prov := &linkedca.Provisioner{
Name: "provName", Name: "provName",
@ -1881,6 +2036,7 @@ func TestPolicyAdminResponder_DeleteACMEAccountPolicy(t *testing.T) {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
par := &PolicyAdminResponder{ par := &PolicyAdminResponder{
acmeDB: tc.acmeDB, acmeDB: tc.acmeDB,
deploymentType: tc.deploymentType,
} }
req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body))) req := httptest.NewRequest("POST", "/foo", io.NopCloser(bytes.NewBuffer(tc.body)))
@ -2000,3 +2156,45 @@ func Test_applyConditionalDefaults(t *testing.T) {
}) })
} }
} }
func Test_isBadRequest(t *testing.T) {
tests := []struct {
name string
err error
want bool
}{
{
name: "nil",
err: nil,
want: false,
},
{
name: "no-policy-error",
err: errors.New("some error"),
want: false,
},
{
name: "no-bad-request",
err: &authority.PolicyError{
Typ: authority.InternalFailure,
Err: errors.New("error"),
},
want: false,
},
{
name: "bad-request",
err: &authority.PolicyError{
Typ: authority.AdminLockOut,
Err: errors.New("admin lock out"),
},
want: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := isBadRequest(tt.err); got != tt.want {
t.Errorf("isBadRequest() = %v, want %v", got, tt.want)
}
})
}
}