gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-14 11:59:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: TICKET-016 document InsecureSkipVerify, TICKET-019 consistent error wrapping, TICKET-020 config struct docs

Browse Source 
TICKET-016: Document InsecureSkipVerify rationale
- Added detailed security comments above each InsecureSkipVerify usage
- Explained that discovery/verification must see ALL certificates
- Clarified that InsecureSkipVerify is scoped to probing only
- Referenced full security audit rationale
- Updated: internal/service/network_scan.go, cmd/agent/verify.go

TICKET-019: Consistent error wrapping in services
- Wrapped raw error returns with context in DeleteTarget (network_scan.go)
- Wrapped raw error returns in ClaimDiscovered (discovery.go)
- Wrapped raw error returns in DismissDiscovered (discovery.go)
- Pattern: return fmt.Errorf("failed to <operation>: %w", err)

TICKET-020: Config struct documentation
- Added godoc comments to all config struct fields
- Documented valid values, defaults, requirements, dependencies
- Updated: NotifierConfig, KeygenConfig, CAConfig, StepCAConfig
- Updated: ACMEConfig, OpenSSLConfig, ESTConfig
- Updated: SchedulerConfig, LogConfig, AuthConfig, RateLimitConfig
- Updated: ServerConfig, DatabaseConfig, VerificationConfig, NetworkScanConfig
- All fields now have comprehensive inline documentation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
shankar0123
2026-03-27 21:41:56 -04:00
parent a0afa7ab6f
commit 10f9574bcd
4 changed files with 197 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/service/discovery.go
+3 -3
View File
@@ -151,7 +151,7 @@ func (s *DiscoveryService) ClaimDiscovered(ctx context.Context, id string, manag
// Verify the discovered cert exists
disc, err := s.discoveryRepo.GetDiscovered(ctx, id)
if err != nil {
return err
return fmt.Errorf("failed to get discovered certificate: %w", err)
}
// Verify the managed cert exists
@@ -160,7 +160,7 @@ func (s *DiscoveryService) ClaimDiscovered(ctx context.Context, id string, manag
}
if err := s.discoveryRepo.UpdateDiscoveredStatus(ctx, id, domain.DiscoveryStatusManaged, managedCertID); err != nil {
return err
return fmt.Errorf("failed to update discovered certificate status: %w", err)
}
// Audit trail
@@ -180,7 +180,7 @@ func (s *DiscoveryService) ClaimDiscovered(ctx context.Context, id string, manag
// DismissDiscovered marks a discovered certificate as dismissed.
func (s *DiscoveryService) DismissDiscovered(ctx context.Context, id string) error {
if err := s.discoveryRepo.UpdateDiscoveredStatus(ctx, id, domain.DiscoveryStatusDismissed, ""); err != nil {
return err
return fmt.Errorf("failed to dismiss discovered certificate: %w", err)
}
// Audit trail