certctl

gsadmin/certctl

Fork 0

mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 20:11:31 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
shankar0123	eb14236166	M-2 PR-B: Collapse IssuerService + TargetService to ctx-first signatures - Delete bare TestConnection wrapper in IssuerService; rename TestConnectionWithContext → TestConnection - Delete TestTargetConnection delegate shim in TargetService (canonical TestConnection already ctx-first) - Add ctx first param to 10 handler-interface methods (ListIssuers/GetIssuer/CreateIssuer/UpdateIssuer/DeleteIssuer and ListTargets/GetTarget/CreateTarget/UpdateTarget/DeleteTarget) - Replace 16 context.Background() call sites with received ctx - Thread r.Context() through 12 HTTP handler sites in issuers.go and targets.go (outer TargetHandler.TestTargetConnection HTTP method name preserved for router compatibility) - Update MockIssuerService, MockTargetService, and mockTargetService (integration) for ctx-first forwarding; update test callsite literals Audit complete. Commit: `1f6cf0eafa`. Sections: 12. Findings: 2/7/10/4/6.	2026-04-18 00:46:58 +00:00
shankar0123	68f6fd474b	fix: return 409 on duplicate issuer name, improve error handling and onboarding defaults Closes #7. The issuer create/update handlers swallowed all service errors as generic 500s. Now differentiates: 409 for UNIQUE constraint violations, 400 for unsupported issuer type, 404 for not-found on update, 500 for unknown errors. Adds structured error logging via slog. OnboardingWizard now pre-populates config field defaults when a type is selected (matching IssuersPage behavior), preventing empty required fields from causing silent failures. install-agent.sh hardened for curl\|bash usage: --agent-id flag, =value syntax, /dev/tty stdin reopening, proper stderr routing in download_binary, non-interactive install examples in help text, and updated wizard commands. Adds adversarial security tests for EST, path traversal, and query injection handlers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-12 19:18:32 -04:00
shankar0123	8526314a44	Implement M9: test hardening with handler tests, negative paths, CI coverage gates All 7 handler files now have test coverage: jobs (14 tests), notifications (11), policies (15), issuers (15), targets (14). Negative-path integration tests cover nonexistent resources, invalid payloads, malformed CSR, expired cert lifecycle, and method-not-allowed errors. CI now enforces coverage thresholds (service 60%+, handler 50%+) and includes connector tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 14:06:48 -04:00

shankar0123

eb14236166

M-2 PR-B: Collapse IssuerService + TargetService to ctx-first signatures

- Delete bare TestConnection wrapper in IssuerService; rename
  TestConnectionWithContext → TestConnection
- Delete TestTargetConnection delegate shim in TargetService (canonical
  TestConnection already ctx-first)
- Add ctx first param to 10 handler-interface methods
  (ListIssuers/GetIssuer/CreateIssuer/UpdateIssuer/DeleteIssuer and
  ListTargets/GetTarget/CreateTarget/UpdateTarget/DeleteTarget)
- Replace 16 context.Background() call sites with received ctx
- Thread r.Context() through 12 HTTP handler sites in issuers.go and
  targets.go (outer TargetHandler.TestTargetConnection HTTP method name
  preserved for router compatibility)
- Update MockIssuerService, MockTargetService, and mockTargetService
  (integration) for ctx-first forwarding; update test callsite literals

Audit complete. Commit: 1f6cf0eafa. Sections: 12. Findings: 2/7/10/4/6.

2026-04-18 00:46:58 +00:00

shankar0123

68f6fd474b

fix: return 409 on duplicate issuer name, improve error handling and onboarding defaults

Closes #7. The issuer create/update handlers swallowed all service errors
as generic 500s. Now differentiates: 409 for UNIQUE constraint violations,
400 for unsupported issuer type, 404 for not-found on update, 500 for
unknown errors. Adds structured error logging via slog.

OnboardingWizard now pre-populates config field defaults when a type is
selected (matching IssuersPage behavior), preventing empty required fields
from causing silent failures.

install-agent.sh hardened for curl|bash usage: --agent-id flag, =value
syntax, /dev/tty stdin reopening, proper stderr routing in download_binary,
non-interactive install examples in help text, and updated wizard commands.

Adds adversarial security tests for EST, path traversal, and query
injection handlers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-12 19:18:32 -04:00

shankar0123

8526314a44

Implement M9: test hardening with handler tests, negative paths, CI coverage gates

All 7 handler files now have test coverage: jobs (14 tests), notifications
(11), policies (15), issuers (15), targets (14). Negative-path integration
tests cover nonexistent resources, invalid payloads, malformed CSR, expired
cert lifecycle, and method-not-allowed errors. CI now enforces coverage
thresholds (service 60%+, handler 50%+) and includes connector tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-15 14:06:48 -04:00

3 Commits