mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-09 16:58:51 +00:00
fix(gui,api): close C-001 + C-002 — ownership + agent FK contract
C-001 — CreateCertificate was server-accepted with null owner_id,
team_id, renewal_policy_id because the GUI neither collected the fields
nor enforced them, even though the backend's ManagedCertificate schema
and handler contract treat them as required. Fix the contract at all
four layers:
- web/src/pages/CertificatesPage.tsx: replace owner_id/team_id free-
text inputs with <select> elements fed by getOwners/getTeams/
getPolicies queries; mark all three required; gate the Create
button on owner_id + team_id + renewal_policy_id being set.
- internal/api/handler/certificates.go: ValidateRequired for
owner_id, team_id, renewal_policy_id on CreateCertificate so the
handler returns HTTP 400 with the offending field name before the
service layer is reached.
- internal/mcp/types.go: drop ',omitempty' from
CreateCertificateInput.RenewalPolicyID so the MCP schema reflects
the required contract; Update inputs keep partial-update semantics.
- api/openapi.yaml: 'required: [name, common_name, renewal_policy_id,
issuer_id, owner_id, team_id]' was already present on the Create
schema; clarified DeploymentTarget.agent_id description to note the
FK contract.
C-002 — CreateTargetWizard accepted an empty or bogus agent_id and the
service inserted directly, producing a Postgres 23503 FK-violation that
bubbled out as a generic HTTP 500. The FK itself (migration 000001 line
104: agent_id TEXT NOT NULL REFERENCES agents(id)) is correct; we keep
the schema strict and add validation at three layers:
- internal/service/target.go: introduce
ErrAgentNotFound sentinel and pre-validate agent_id in
TargetService.CreateTarget — empty string returns
'agent_id is required'; a nonexistent id returns the full
'referenced agent does not exist: <id>' error. Both wrap
ErrAgentNotFound via fmt.Errorf %w so callers can use errors.Is.
- internal/api/handler/targets.go: ValidateRequired on agent_id; map
errors.Is(err, service.ErrAgentNotFound) to HTTP 400 instead of
letting it fall through to the generic 500 branch.
- internal/mcp/types.go: drop ',omitempty' from
CreateTargetInput.AgentID to match the required contract.
- web/src/pages/TargetsPage.tsx: replace the free-text Agent ID input
with a <select> populated from getAgents(); include agent in the
canProceedToReview gate so Next is disabled until an agent is
chosen.
Regression coverage (21 new subtests total):
- TestCreateCertificate_MissingRequiredField_Returns400 — 6 subtests,
one per required field, each proves the handler guard fires before
the mock service is called.
- TestCreateTarget_MissingAgentID_Returns400 — handler guard.
- TestCreateTarget_NonexistentAgent_Returns400 — pins the
ErrAgentNotFound -> 400 translation.
- TestTargetService_CreateTarget_MissingAgentID — errors.Is sentinel.
- TestTargetService_CreateTarget_NonexistentAgentID — errors.Is.
- The existing TestTargetService_CreateTarget_Success, along with
TestCreateTarget_{MissingName,MissingType,NameTooLong}_* handler
tests, were updated to seed a real agent or include agent_id in
the request body so the happy paths still run cleanly.
Gates (Phase 4):
- go build/vet/test/race: green
- go test -cover: internal/service 68.7% (gate 55%),
internal/api/handler 78.9% (gate 60%)
- golangci-lint on service+handler+mcp: 0 issues
- govulncheck: no reachable vulns
- tsc --noEmit: clean
- vitest: 223/223 passing
See cowork/certctl-coverage-gap-audit.md entries C-001 and C-002.
This commit is contained in:
Shankar Reddy
@@ -432,6 +432,66 @@ func TestCreateCertificate_ServiceError(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// TestCreateCertificate_MissingRequiredField_Returns400 pins the C-001 handler
|
||||
// contract: handler MUST reject a create payload that omits any of the five
|
||||
// required fields (name, common_name, owner_id, team_id, issuer_id,
|
||||
// renewal_policy_id) with HTTP 400 before the service is invoked. The mock
|
||||
// service here would succeed if called; every subtest proving 400 therefore
|
||||
// proves the handler guard fires.
|
||||
func TestCreateCertificate_MissingRequiredField_Returns400(t *testing.T) {
|
||||
baseBody := map[string]interface{}{
|
||||
"name": "API Prod",
|
||||
"common_name": "api.example.com",
|
||||
"owner_id": "o-alice",
|
||||
"team_id": "t-platform",
|
||||
"issuer_id": "iss-local",
|
||||
"renewal_policy_id": "rp-standard",
|
||||
}
|
||||
|
||||
cases := []struct {
|
||||
name string
|
||||
missingField string
|
||||
}{
|
||||
{"missing name", "name"},
|
||||
{"missing common_name", "common_name"},
|
||||
{"missing owner_id", "owner_id"},
|
||||
{"missing team_id", "team_id"},
|
||||
{"missing issuer_id", "issuer_id"},
|
||||
{"missing renewal_policy_id", "renewal_policy_id"},
|
||||
}
|
||||
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
body := make(map[string]interface{}, len(baseBody))
|
||||
for k, v := range baseBody {
|
||||
body[k] = v
|
||||
}
|
||||
delete(body, tc.missingField)
|
||||
bodyBytes, _ := json.Marshal(body)
|
||||
|
||||
mock := &MockCertificateService{
|
||||
CreateCertificateFn: func(_ context.Context, cert domain.ManagedCertificate) (*domain.ManagedCertificate, error) {
|
||||
// Would succeed if handler guard did not fire.
|
||||
cert.ID = "mc-would-be-created"
|
||||
return &cert, nil
|
||||
},
|
||||
}
|
||||
handler := NewCertificateHandler(mock)
|
||||
|
||||
req := httptest.NewRequest(http.MethodPost, "/api/v1/certificates", bytes.NewReader(bodyBytes))
|
||||
req = req.WithContext(contextWithRequestID())
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
w := httptest.NewRecorder()
|
||||
|
||||
handler.CreateCertificate(w, req)
|
||||
|
||||
if w.Code != http.StatusBadRequest {
|
||||
t.Fatalf("%s: expected 400, got %d — body=%s", tc.name, w.Code, w.Body.String())
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// Test UpdateCertificate - success case
|
||||
func TestUpdateCertificate_Success(t *testing.T) {
|
||||
updated := &domain.ManagedCertificate{
|
||||
|
||||
@@ -10,6 +10,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shankar0123/certctl/internal/domain"
|
||||
"github.com/shankar0123/certctl/internal/service"
|
||||
)
|
||||
|
||||
// MockTargetService is a mock implementation of TargetService interface.
|
||||
@@ -239,8 +240,9 @@ func TestCreateTarget_Success(t *testing.T) {
|
||||
}
|
||||
|
||||
body := map[string]interface{}{
|
||||
"name": "New Target",
|
||||
"type": "nginx",
|
||||
"name": "New Target",
|
||||
"type": "nginx",
|
||||
"agent_id": "agent-001",
|
||||
}
|
||||
bodyBytes, _ := json.Marshal(body)
|
||||
|
||||
@@ -258,7 +260,8 @@ func TestCreateTarget_Success(t *testing.T) {
|
||||
|
||||
func TestCreateTarget_MissingName(t *testing.T) {
|
||||
body := map[string]interface{}{
|
||||
"type": "nginx",
|
||||
"type": "nginx",
|
||||
"agent_id": "agent-001",
|
||||
}
|
||||
bodyBytes, _ := json.Marshal(body)
|
||||
|
||||
@@ -276,7 +279,8 @@ func TestCreateTarget_MissingName(t *testing.T) {
|
||||
|
||||
func TestCreateTarget_MissingType(t *testing.T) {
|
||||
body := map[string]interface{}{
|
||||
"name": "New Target",
|
||||
"name": "New Target",
|
||||
"agent_id": "agent-001",
|
||||
}
|
||||
bodyBytes, _ := json.Marshal(body)
|
||||
|
||||
@@ -311,8 +315,9 @@ func TestCreateTarget_NameTooLong(t *testing.T) {
|
||||
longName += "x"
|
||||
}
|
||||
body := map[string]interface{}{
|
||||
"name": longName,
|
||||
"type": "nginx",
|
||||
"name": longName,
|
||||
"type": "nginx",
|
||||
"agent_id": "agent-001",
|
||||
}
|
||||
bodyBytes, _ := json.Marshal(body)
|
||||
|
||||
@@ -340,6 +345,65 @@ func TestCreateTarget_MethodNotAllowed(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// TestCreateTarget_MissingAgentID_Returns400 pins the C-002 handler contract:
|
||||
// handler MUST reject a create payload that omits agent_id with HTTP 400
|
||||
// before the service is invoked. Using a mock that would return 201-worthy
|
||||
// success proves the guard fires.
|
||||
func TestCreateTarget_MissingAgentID_Returns400(t *testing.T) {
|
||||
body := map[string]interface{}{
|
||||
"name": "New Target",
|
||||
"type": "nginx",
|
||||
// agent_id intentionally omitted
|
||||
}
|
||||
bodyBytes, _ := json.Marshal(body)
|
||||
|
||||
mock := &MockTargetService{
|
||||
CreateTargetFn: func(_ context.Context, target domain.DeploymentTarget) (*domain.DeploymentTarget, error) {
|
||||
// Would succeed if handler guard did not fire.
|
||||
target.ID = "t-would-be-created"
|
||||
return &target, nil
|
||||
},
|
||||
}
|
||||
handler := NewTargetHandler(mock)
|
||||
req := httptest.NewRequest(http.MethodPost, "/api/v1/targets", bytes.NewReader(bodyBytes))
|
||||
req = req.WithContext(contextWithRequestID())
|
||||
w := httptest.NewRecorder()
|
||||
|
||||
handler.CreateTarget(w, req)
|
||||
|
||||
if w.Code != http.StatusBadRequest {
|
||||
t.Fatalf("expected 400, got %d — body=%s", w.Code, w.Body.String())
|
||||
}
|
||||
}
|
||||
|
||||
// TestCreateTarget_NonexistentAgent_Returns400 pins the C-002 handler↔service
|
||||
// translation: when the service returns service.ErrAgentNotFound, the handler
|
||||
// MUST map it to HTTP 400, not the generic 500 used for other service errors.
|
||||
func TestCreateTarget_NonexistentAgent_Returns400(t *testing.T) {
|
||||
mock := &MockTargetService{
|
||||
CreateTargetFn: func(_ context.Context, target domain.DeploymentTarget) (*domain.DeploymentTarget, error) {
|
||||
return nil, service.ErrAgentNotFound
|
||||
},
|
||||
}
|
||||
body := map[string]interface{}{
|
||||
"name": "New Target",
|
||||
"type": "nginx",
|
||||
"agent_id": "agent-does-not-exist",
|
||||
}
|
||||
bodyBytes, _ := json.Marshal(body)
|
||||
|
||||
handler := NewTargetHandler(mock)
|
||||
req := httptest.NewRequest(http.MethodPost, "/api/v1/targets", bytes.NewReader(bodyBytes))
|
||||
req = req.WithContext(contextWithRequestID())
|
||||
w := httptest.NewRecorder()
|
||||
|
||||
handler.CreateTarget(w, req)
|
||||
|
||||
if w.Code != http.StatusBadRequest {
|
||||
t.Fatalf("expected 400 for nonexistent agent, got %d — body=%s", w.Code, w.Body.String())
|
||||
}
|
||||
}
|
||||
|
||||
func TestUpdateTarget_Success(t *testing.T) {
|
||||
now := time.Now()
|
||||
mock := &MockTargetService{
|
||||
|
||||
@@ -3,12 +3,14 @@ package handler
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/shankar0123/certctl/internal/api/middleware"
|
||||
"github.com/shankar0123/certctl/internal/domain"
|
||||
"github.com/shankar0123/certctl/internal/service"
|
||||
)
|
||||
|
||||
// TargetService defines the service interface for deployment target operations.
|
||||
@@ -125,9 +127,23 @@ func (h TargetHandler) CreateTarget(w http.ResponseWriter, r *http.Request) {
|
||||
ErrorWithRequestID(w, http.StatusBadRequest, "type is required", requestID)
|
||||
return
|
||||
}
|
||||
// C-002: agent_id is a NOT NULL FK in deployment_targets (migration 000001
|
||||
// line 104). Reject empty values at the boundary so callers get a clean 400
|
||||
// with the field name rather than a generic "Failed to create target" 500.
|
||||
if err := ValidateRequired("agent_id", target.AgentID); err != nil {
|
||||
ErrorWithRequestID(w, http.StatusBadRequest, err.Error(), requestID)
|
||||
return
|
||||
}
|
||||
|
||||
created, err := h.svc.CreateTarget(r.Context(), target)
|
||||
if err != nil {
|
||||
// C-002: a nonexistent agent_id is a client error, not a server error.
|
||||
// The service returns ErrAgentNotFound (wrapped via fmt.Errorf %w) when
|
||||
// agentRepo.Get fails; we translate that to 400 via errors.Is.
|
||||
if errors.Is(err, service.ErrAgentNotFound) {
|
||||
ErrorWithRequestID(w, http.StatusBadRequest, err.Error(), requestID)
|
||||
return
|
||||
}
|
||||
ErrorWithRequestID(w, http.StatusInternalServerError, "Failed to create target", requestID)
|
||||
return
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user