forked from TrueCloudLab/certificates
9af4dd3692
Section 8.2 of RFC 8555 explains how retries apply to the validation process. However, much is left up to the implementer. Add retries every 12 seconds for 2 minutes after a client requests a validation. The challenge status remains "processing" indefinitely until a distinct conclusion is reached. This allows a client to continually re-request a validation by sending a post-get to the challenge resource until the process fails or succeeds. Challenges in the processing state include information about why a validation did not complete in the error field. The server also includes a Retry-After header to help clients and servers coordinate. Retries are inherently stateful because they're part of the public API. When running step-ca in a highly available setup with replicas, care must be taken to maintain a persistent identifier for each instance "slot". In kubernetes, this implies a *stateful set*.
74 lines
1.9 KiB
Go
74 lines
1.9 KiB
Go
package api
|
|
|
|
import (
|
|
"encoding/json"
|
|
"io"
|
|
"log"
|
|
"net/http"
|
|
|
|
"github.com/smallstep/certificates/errs"
|
|
"github.com/smallstep/certificates/logging"
|
|
)
|
|
|
|
// EnableLogger is an interface that enables response logging for an object.
|
|
type EnableLogger interface {
|
|
ToLog() (interface{}, error)
|
|
}
|
|
|
|
// LogError adds to the response writer the given error if it implements
|
|
// logging.ResponseLogger. If it does not implement it, then writes the error
|
|
// using the log package.
|
|
func LogError(rw http.ResponseWriter, err error) {
|
|
if rl, ok := rw.(logging.ResponseLogger); ok {
|
|
rl.WithFields(map[string]interface{}{
|
|
"error": err,
|
|
})
|
|
} else {
|
|
log.Println(err)
|
|
}
|
|
}
|
|
|
|
// LogEnabledResponse log the response object if it implements the EnableLogger
|
|
// interface.
|
|
func LogEnabledResponse(rw http.ResponseWriter, v interface{}) {
|
|
if el, ok := v.(EnableLogger); ok {
|
|
out, err := el.ToLog()
|
|
if err != nil {
|
|
LogError(rw, err)
|
|
return
|
|
}
|
|
if rl, ok := rw.(logging.ResponseLogger); ok {
|
|
rl.WithFields(map[string]interface{}{
|
|
"response": out,
|
|
})
|
|
} else {
|
|
log.Println(out)
|
|
}
|
|
}
|
|
}
|
|
|
|
// JSON writes the passed value into the http.ResponseWriter.
|
|
func JSON(w http.ResponseWriter, v interface{}) {
|
|
JSONStatus(w, v, http.StatusOK)
|
|
}
|
|
|
|
// JSONStatus writes the given value into the http.ResponseWriter and the
|
|
// given status is written as the status code of the response.
|
|
func JSONStatus(w http.ResponseWriter, v interface{}, status int) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(status)
|
|
if err := json.NewEncoder(w).Encode(v); err != nil {
|
|
LogError(w, err)
|
|
return
|
|
}
|
|
LogEnabledResponse(w, v)
|
|
}
|
|
|
|
// ReadJSON reads JSON from the request body and stores it in the value
|
|
// pointed by v.
|
|
func ReadJSON(r io.Reader, v interface{}) error {
|
|
if err := json.NewDecoder(r).Decode(v); err != nil {
|
|
return errs.Wrap(http.StatusBadRequest, err, "error decoding json")
|
|
}
|
|
return nil
|
|
}
|