G-1: renewal-policies API + frontend FK-drift fix

Three frontend call sites (OnboardingWizard.tsx:603, CertificatesPage.tsx:52, CertificateDetailPage.tsx:169) populated the renewal_policy_id dropdown from getPolicies() — the compliance-rule endpoint returning pol-* IDs — which violated the FK managed_certificates.renewal_policy_id REFERENCES renewal_policies(id) ON DELETE RESTRICT. Create would fail pg 23503 at insert. Backend (new): - RenewalPolicyRepository CRUD + ListAll/ExistsByID (pg 23503 → ErrRenewalPolicyInUse → HTTP 409; pg 23505 → ErrRenewalPolicyDuplicateName → HTTP 409) - RenewalPolicyService with repo-only constructor. Service sentinels var-alias the repo sentinels so errors.Is walks across layers. - RenewalPolicyHandler with validation bounds: name 1–255; renewal_window_days [1,365] default 30; max_retries [0,10] not defaulted; retry_interval_seconds [60,86400] default 3600; alert_thresholds_days [0,365] default [30,14,7,0]. Auto-generated IDs rp-<slug(name)>. - Router registers 5 routes under /api/v1/renewal-policies[/{id}]. Frontend: - CertificatesPage/CertificateDetailPage/OnboardingWizard now call getRenewalPolicies() and render rp-* IDs. - client.ts adds getRenewalPolicies/createRenewalPolicy/updateRenewalPolicy/ deleteRenewalPolicy. types.ts adds the RenewalPolicy shape. OpenAPI: RenewalPolicies tag + 5 operations + 3 schemas (RenewalPolicy, RenewalPolicyCreateRequest, RenewalPolicyUpdateRequest). 409 responses on create/update duplicate-name and delete FK-in-use. No migration — renewal_policies table already exists from the initial schema (000001). Tests: - internal/service/renewal_policy_test.go: CRUD + validation + sentinel error wrapping. - internal/api/handler/renewal_policy_handler_test.go: handler endpoint contracts including 400/404/409. - web/src/api/client.test.ts: 4 subtests covering the 4 new API functions. Phase 3 gates all green: go vet, build, short tests, race tests (service/ handler/router/scheduler), staticcheck (G-1 packages), govulncheck (0 reachable), coverage (service 69.7%, handler 79.0%, domain 86.9%, middleware 80.6% — all above thresholds), tsc, vitest (256 passed), vite build, OpenAPI structural validation.
2026-06-07 15:01:32 +00:00 · 2026-04-20 18:53:01 +00:00
parent cab579368b
commit 9834b4e4a4
18 changed files with 2004 additions and 58 deletions
@@ -749,11 +749,21 @@ func (m *mockPolicyRepo) AddRule(rule *domain.PolicyRule) {
 	m.Rules[rule.ID] = rule
 }

-// mockRenewalPolicyRepo is a test implementation of RenewalPolicyRepository
+// mockRenewalPolicyRepo is a test implementation of RenewalPolicyRepository.
+//
+// G-1: repo contract extended with Create/Update/Delete to support the
+// /api/v1/renewal-policies CRUD endpoints. Per-method *Err fields let tests
+// force specific repo failures (duplicate name → 23505, FK RESTRICT on Delete
+// → 23503) without standing up a real Postgres connection. The sentinel
+// errors `ErrRenewalPolicyDuplicateName` and `ErrRenewalPolicyInUse` are the
+// typed envelopes the service / handler layers translate into 409 Conflict.
 type mockRenewalPolicyRepo struct {
-	Policies map[string]*domain.RenewalPolicy
-	GetErr   error
-	ListErr  error
+	Policies  map[string]*domain.RenewalPolicy
+	GetErr    error
+	ListErr   error
+	CreateErr error
+	UpdateErr error
+	DeleteErr error
 }

 func (m *mockRenewalPolicyRepo) Get(ctx context.Context, id string) (*domain.RenewalPolicy, error) {
@@ -775,9 +785,49 @@ func (m *mockRenewalPolicyRepo) List(ctx context.Context) ([]*domain.RenewalPoli
 	for _, p := range m.Policies {
 		policies = append(policies, p)
 	}
+	// Deterministic ordering mirrors the production repo's ORDER BY name,
+	// so pagination-boundary assertions don't become flaky under map
+	// iteration randomness.
+	sort.Slice(policies, func(i, j int) bool {
+		return policies[i].Name < policies[j].Name
+	})
 	return policies, nil
 }

+func (m *mockRenewalPolicyRepo) Create(ctx context.Context, policy *domain.RenewalPolicy) error {
+	if m.CreateErr != nil {
+		return m.CreateErr
+	}
+	if _, exists := m.Policies[policy.ID]; exists {
+		return m.CreateErr
+	}
+	m.Policies[policy.ID] = policy
+	return nil
+}
+
+func (m *mockRenewalPolicyRepo) Update(ctx context.Context, id string, policy *domain.RenewalPolicy) error {
+	if m.UpdateErr != nil {
+		return m.UpdateErr
+	}
+	if _, exists := m.Policies[id]; !exists {
+		return errNotFound
+	}
+	policy.ID = id
+	m.Policies[id] = policy
+	return nil
+}
+
+func (m *mockRenewalPolicyRepo) Delete(ctx context.Context, id string) error {
+	if m.DeleteErr != nil {
+		return m.DeleteErr
+	}
+	if _, exists := m.Policies[id]; !exists {
+		return errNotFound
+	}
+	delete(m.Policies, id)
+	return nil
+}
+
 func (m *mockRenewalPolicyRepo) AddPolicy(policy *domain.RenewalPolicy) {
 	m.Policies[policy.ID] = policy
 }