forked from TrueCloudLab/certificates
Add SCEPCHALLENGE
as valid webhook type in admin API
This commit is contained in:
parent
419478d1e5
commit
ad4d8e6c68
3 changed files with 27 additions and 4 deletions
|
@ -57,9 +57,9 @@ func validateWebhook(webhook *linkedca.Webhook) error {
|
|||
|
||||
// kind
|
||||
switch webhook.Kind {
|
||||
case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING:
|
||||
case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING, linkedca.Webhook_SCEPCHALLENGE:
|
||||
default:
|
||||
return admin.NewError(admin.ErrorBadRequestType, "webhook kind is invalid")
|
||||
return admin.NewError(admin.ErrorBadRequestType, "webhook kind %q is invalid", webhook.Kind)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
|
|
@ -180,6 +180,26 @@ func TestWebhookAdminResponder_CreateProvisionerWebhook(t *testing.T) {
|
|||
statusCode: 400,
|
||||
}
|
||||
},
|
||||
"fail/unsupported-webhook-kind": func(t *testing.T) test {
|
||||
prov := &linkedca.Provisioner{
|
||||
Name: "provName",
|
||||
}
|
||||
ctx := linkedca.NewContextWithProvisioner(context.Background(), prov)
|
||||
adminErr := admin.NewError(admin.ErrorBadRequestType, `(line 5:13): invalid value for enum type: "UNSUPPORTED"`)
|
||||
adminErr.Message = `(line 5:13): invalid value for enum type: "UNSUPPORTED"`
|
||||
body := []byte(`
|
||||
{
|
||||
"name": "metadata",
|
||||
"url": "https://example.com",
|
||||
"kind": "UNSUPPORTED",
|
||||
}`)
|
||||
return test{
|
||||
ctx: ctx,
|
||||
body: body,
|
||||
err: adminErr,
|
||||
statusCode: 400,
|
||||
}
|
||||
},
|
||||
"fail/auth.UpdateProvisioner-error": func(t *testing.T) test {
|
||||
adm := &linkedca.Admin{
|
||||
Subject: "step",
|
||||
|
|
|
@ -54,8 +54,11 @@ func (c *Controller) Validate(ctx context.Context, challenge string) error {
|
|||
return provisioner.ErrWebhookDenied
|
||||
}
|
||||
|
||||
// isCertTypeOK returns whether or not the webhook is for X.509
|
||||
// certificates.
|
||||
// isCertTypeOK returns whether or not the webhook can be used
|
||||
// with the SCEP challenge validation webhook controller.
|
||||
func (c *Controller) isCertTypeOK(wh *provisioner.Webhook) bool {
|
||||
if wh.CertType == linkedca.Webhook_ALL.String() || wh.CertType == "" {
|
||||
return true
|
||||
}
|
||||
return linkedca.Webhook_X509.String() == wh.CertType
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue