mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 22:21:30 +00:00
G-1: renewal-policies API + frontend FK-drift fix
Three frontend call sites (OnboardingWizard.tsx:603, CertificatesPage.tsx:52,
CertificateDetailPage.tsx:169) populated the renewal_policy_id dropdown from
getPolicies() — the compliance-rule endpoint returning pol-* IDs — which
violated the FK managed_certificates.renewal_policy_id REFERENCES
renewal_policies(id) ON DELETE RESTRICT. Create would fail pg 23503 at insert.
Backend (new):
- RenewalPolicyRepository CRUD + ListAll/ExistsByID (pg 23503 → ErrRenewalPolicyInUse
→ HTTP 409; pg 23505 → ErrRenewalPolicyDuplicateName → HTTP 409)
- RenewalPolicyService with repo-only constructor. Service sentinels
var-alias the repo sentinels so errors.Is walks across layers.
- RenewalPolicyHandler with validation bounds: name 1–255;
renewal_window_days [1,365] default 30; max_retries [0,10] not defaulted;
retry_interval_seconds [60,86400] default 3600; alert_thresholds_days
[0,365] default [30,14,7,0]. Auto-generated IDs rp-<slug(name)>.
- Router registers 5 routes under /api/v1/renewal-policies[/{id}].
Frontend:
- CertificatesPage/CertificateDetailPage/OnboardingWizard now call
getRenewalPolicies() and render rp-* IDs.
- client.ts adds getRenewalPolicies/createRenewalPolicy/updateRenewalPolicy/
deleteRenewalPolicy. types.ts adds the RenewalPolicy shape.
OpenAPI: RenewalPolicies tag + 5 operations + 3 schemas (RenewalPolicy,
RenewalPolicyCreateRequest, RenewalPolicyUpdateRequest). 409 responses
on create/update duplicate-name and delete FK-in-use.
No migration — renewal_policies table already exists from the initial
schema (000001).
Tests:
- internal/service/renewal_policy_test.go: CRUD + validation + sentinel
error wrapping.
- internal/api/handler/renewal_policy_handler_test.go: handler endpoint
contracts including 400/404/409.
- web/src/api/client.test.ts: 4 subtests covering the 4 new API functions.
Phase 3 gates all green: go vet, build, short tests, race tests (service/
handler/router/scheduler), staticcheck (G-1 packages), govulncheck (0
reachable), coverage (service 69.7%, handler 79.0%, domain 86.9%,
middleware 80.6% — all above thresholds), tsc, vitest (256 passed),
vite build, OpenAPI structural validation.
This commit is contained in:
shankar0123
@@ -33,6 +33,10 @@ import {
|
||||
updatePolicy,
|
||||
deletePolicy,
|
||||
getPolicyViolations,
|
||||
getRenewalPolicies,
|
||||
createRenewalPolicy,
|
||||
updateRenewalPolicy,
|
||||
deleteRenewalPolicy,
|
||||
getIssuers,
|
||||
createIssuer,
|
||||
testIssuerConnection,
|
||||
@@ -575,6 +579,60 @@ describe('API Client', () => {
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Renewal Policies (G-1) ─────────────────────────
|
||||
// Distinct from compliance Policies above. Populates the
|
||||
// `renewal_policy_id` dropdown on OnboardingWizard + CertificatesPage +
|
||||
// CertificateDetailPage.InlinePolicyEditor. Hits `/api/v1/renewal-policies`.
|
||||
|
||||
describe('RenewalPolicies', () => {
|
||||
it('getRenewalPolicies sends GET', async () => {
|
||||
mockFetch.mockReturnValueOnce(mockJsonResponse({ data: [], total: 0, page: 1, per_page: 50 }));
|
||||
await getRenewalPolicies();
|
||||
expect(mockFetch.mock.calls[0][0]).toContain('/api/v1/renewal-policies');
|
||||
});
|
||||
|
||||
it('createRenewalPolicy sends POST with body', async () => {
|
||||
mockFetch.mockReturnValueOnce(
|
||||
mockJsonResponse({
|
||||
id: 'rp-new',
|
||||
name: 'New Policy',
|
||||
renewal_window_days: 30,
|
||||
max_retries: 3,
|
||||
retry_interval_seconds: 3600,
|
||||
auto_renew: true,
|
||||
}),
|
||||
);
|
||||
await createRenewalPolicy({
|
||||
name: 'New Policy',
|
||||
renewal_window_days: 30,
|
||||
max_retries: 3,
|
||||
retry_interval_seconds: 3600,
|
||||
auto_renew: true,
|
||||
});
|
||||
const [url, init] = mockFetch.mock.calls[0];
|
||||
expect(url).toBe('/api/v1/renewal-policies');
|
||||
expect(init.method).toBe('POST');
|
||||
expect(JSON.parse(init.body).name).toBe('New Policy');
|
||||
});
|
||||
|
||||
it('updateRenewalPolicy sends PUT with partial data', async () => {
|
||||
mockFetch.mockReturnValueOnce(mockJsonResponse({ id: 'rp-default', name: 'Renamed' }));
|
||||
await updateRenewalPolicy('rp-default', { name: 'Renamed' });
|
||||
const [url, init] = mockFetch.mock.calls[0];
|
||||
expect(url).toBe('/api/v1/renewal-policies/rp-default');
|
||||
expect(init.method).toBe('PUT');
|
||||
expect(JSON.parse(init.body)).toEqual({ name: 'Renamed' });
|
||||
});
|
||||
|
||||
it('deleteRenewalPolicy sends DELETE', async () => {
|
||||
mockFetch.mockReturnValueOnce(mockJsonResponse({ message: 'deleted' }));
|
||||
await deleteRenewalPolicy('rp-default');
|
||||
const [url, init] = mockFetch.mock.calls[0];
|
||||
expect(url).toBe('/api/v1/renewal-policies/rp-default');
|
||||
expect(init.method).toBe('DELETE');
|
||||
});
|
||||
});
|
||||
|
||||
// ─── Issuers ────────────────────────────────────────
|
||||
|
||||
describe('Issuers', () => {
|
||||
|
||||
+24
-1
@@ -1,4 +1,4 @@
|
||||
import type { Certificate, CertificateVersion, Agent, Job, Notification, AuditEvent, PolicyRule, PolicyViolation, Issuer, Target, CertificateProfile, Owner, Team, AgentGroup, PaginatedResponse, DashboardSummary, CertificateStatusCount, ExpirationBucket, JobTrendDataPoint, IssuanceRateDataPoint, MetricsResponse, DiscoveredCertificate, DiscoveryScan, DiscoverySummary, NetworkScanTarget, EndpointHealthCheck, HealthHistoryEntry, HealthCheckSummary, AgentDependencyCounts, RetireAgentResponse, BlockedByDependenciesResponse } from './types';
|
||||
import type { Certificate, CertificateVersion, Agent, Job, Notification, AuditEvent, PolicyRule, PolicyViolation, RenewalPolicy, Issuer, Target, CertificateProfile, Owner, Team, AgentGroup, PaginatedResponse, DashboardSummary, CertificateStatusCount, ExpirationBucket, JobTrendDataPoint, IssuanceRateDataPoint, MetricsResponse, DiscoveredCertificate, DiscoveryScan, DiscoverySummary, NetworkScanTarget, EndpointHealthCheck, HealthHistoryEntry, HealthCheckSummary, AgentDependencyCounts, RetireAgentResponse, BlockedByDependenciesResponse } from './types';
|
||||
|
||||
const BASE = '/api/v1';
|
||||
|
||||
@@ -344,6 +344,29 @@ export const deletePolicy = (id: string) =>
|
||||
export const getPolicyViolations = (id: string) =>
|
||||
fetchJSON<PaginatedResponse<PolicyViolation>>(`${BASE}/policies/${id}/violations`);
|
||||
|
||||
// G-1: Renewal Policies (/api/v1/renewal-policies) — lifecycle policies with
|
||||
// rp-* IDs in the renewal_policies table. Distinct from getPolicies() above
|
||||
// which hits /api/v1/policies and returns PolicyRule (compliance, pol-* IDs).
|
||||
// OnboardingWizard, CertificatesPage, and CertificateDetailPage populate the
|
||||
// `renewal_policy_id` dropdown from this endpoint; populating it from
|
||||
// getPolicies() produced FK violations on certificate insert/update.
|
||||
export const getRenewalPolicies = (page = 1, perPage = 50) => {
|
||||
const qs = new URLSearchParams({ page: String(page), per_page: String(perPage) }).toString();
|
||||
return fetchJSON<PaginatedResponse<RenewalPolicy>>(`${BASE}/renewal-policies?${qs}`);
|
||||
};
|
||||
|
||||
export const getRenewalPolicy = (id: string) =>
|
||||
fetchJSON<RenewalPolicy>(`${BASE}/renewal-policies/${id}`);
|
||||
|
||||
export const createRenewalPolicy = (data: Partial<RenewalPolicy>) =>
|
||||
fetchJSON<RenewalPolicy>(`${BASE}/renewal-policies`, { method: 'POST', body: JSON.stringify(data) });
|
||||
|
||||
export const updateRenewalPolicy = (id: string, data: Partial<RenewalPolicy>) =>
|
||||
fetchJSON<RenewalPolicy>(`${BASE}/renewal-policies/${id}`, { method: 'PUT', body: JSON.stringify(data) });
|
||||
|
||||
export const deleteRenewalPolicy = (id: string) =>
|
||||
fetchJSON<void>(`${BASE}/renewal-policies/${id}`, { method: 'DELETE' });
|
||||
|
||||
// Issuers
|
||||
export const getIssuers = (params: Record<string, string> = {}) => {
|
||||
const qs = new URLSearchParams({ page: '1', per_page: '50', ...params }).toString();
|
||||
|
||||
@@ -228,6 +228,31 @@ export interface PolicyViolation {
|
||||
created_at: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* G-1: RenewalPolicy is the lifecycle policy attached to managed certificates
|
||||
* via `managed_certificates.renewal_policy_id` (FK ON DELETE RESTRICT → `rp-*`
|
||||
* IDs in the `renewal_policies` table). Distinct from `PolicyRule` above, which
|
||||
* models compliance rules in the `policy_rules` table with `pol-*` IDs. The
|
||||
* OnboardingWizard + CertificatesPage + CertificateDetailPage dropdowns populate
|
||||
* `renewal_policy_id` from this interface — previously they mis-populated it
|
||||
* from `getPolicies()` which returned `pol-*` IDs and produced FK violations on
|
||||
* certificate insert/update.
|
||||
*
|
||||
* JSON tags mirror internal/domain/renewal_policy.go.
|
||||
*/
|
||||
export interface RenewalPolicy {
|
||||
id: string;
|
||||
name: string;
|
||||
renewal_window_days: number;
|
||||
auto_renew: boolean;
|
||||
max_retries: number;
|
||||
retry_interval_seconds: number;
|
||||
alert_thresholds_days: number[];
|
||||
certificate_profile_id?: string | null;
|
||||
created_at: string;
|
||||
updated_at: string;
|
||||
}
|
||||
|
||||
export interface Issuer {
|
||||
id: string;
|
||||
name: string;
|
||||
|
||||
Reference in New Issue
Block a user