mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 20:11:31 +00:00
shankar
e9bbf33193
Three frontend call sites (OnboardingWizard.tsx:603, CertificatesPage.tsx:52,
CertificateDetailPage.tsx:169) populated the renewal_policy_id dropdown from
getPolicies() — the compliance-rule endpoint returning pol-* IDs — which
violated the FK managed_certificates.renewal_policy_id REFERENCES
renewal_policies(id) ON DELETE RESTRICT. Create would fail pg 23503 at insert.
Backend (new):
- RenewalPolicyRepository CRUD + ListAll/ExistsByID (pg 23503 → ErrRenewalPolicyInUse
→ HTTP 409; pg 23505 → ErrRenewalPolicyDuplicateName → HTTP 409)
- RenewalPolicyService with repo-only constructor. Service sentinels
var-alias the repo sentinels so errors.Is walks across layers.
- RenewalPolicyHandler with validation bounds: name 1–255;
renewal_window_days [1,365] default 30; max_retries [0,10] not defaulted;
retry_interval_seconds [60,86400] default 3600; alert_thresholds_days
[0,365] default [30,14,7,0]. Auto-generated IDs rp-<slug(name)>.
- Router registers 5 routes under /api/v1/renewal-policies[/{id}].
Frontend:
- CertificatesPage/CertificateDetailPage/OnboardingWizard now call
getRenewalPolicies() and render rp-* IDs.
- client.ts adds getRenewalPolicies/createRenewalPolicy/updateRenewalPolicy/
deleteRenewalPolicy. types.ts adds the RenewalPolicy shape.
OpenAPI: RenewalPolicies tag + 5 operations + 3 schemas (RenewalPolicy,
RenewalPolicyCreateRequest, RenewalPolicyUpdateRequest). 409 responses
on create/update duplicate-name and delete FK-in-use.
No migration — renewal_policies table already exists from the initial
schema (000001).
Tests:
- internal/service/renewal_policy_test.go: CRUD + validation + sentinel
error wrapping.
- internal/api/handler/renewal_policy_handler_test.go: handler endpoint
contracts including 400/404/409.
- web/src/api/client.test.ts: 4 subtests covering the 4 new API functions.
Phase 3 gates all green: go vet, build, short tests, race tests (service/
handler/router/scheduler), staticcheck (G-1 packages), govulncheck (0
reachable), coverage (service 69.7%, handler 79.0%, domain 86.9%,
middleware 80.6% — all above thresholds), tsc, vitest (256 passed),
vite build, OpenAPI structural validation.
435 lines
13 KiB
Go
435 lines
13 KiB
Go
package handler
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/shankar0123/certctl/internal/domain"
|
|
"github.com/shankar0123/certctl/internal/service"
|
|
)
|
|
|
|
// G-1 red tests: lock in the HTTP surface of /api/v1/renewal-policies before
|
|
// the production code exists. Every subtest here references a symbol that
|
|
// Phase 2b must introduce:
|
|
//
|
|
// - NewRenewalPolicyHandler(svc) (constructor)
|
|
// - RenewalPolicyService (service-layer interface, in this package)
|
|
// - handler.ListRenewalPolicies / GetRenewalPolicy / CreateRenewalPolicy /
|
|
// UpdateRenewalPolicy / DeleteRenewalPolicy
|
|
// - service.ErrRenewalPolicyDuplicateName (pg 23505 → 409 mapping)
|
|
// - service.ErrRenewalPolicyInUse (pg 23503 → 409 mapping)
|
|
|
|
// MockRenewalPolicyService is a mock implementation of RenewalPolicyService.
|
|
type MockRenewalPolicyService struct {
|
|
ListRenewalPoliciesFn func(page, perPage int) ([]domain.RenewalPolicy, int64, error)
|
|
GetRenewalPolicyFn func(id string) (*domain.RenewalPolicy, error)
|
|
CreateRenewalPolicyFn func(rp domain.RenewalPolicy) (*domain.RenewalPolicy, error)
|
|
UpdateRenewalPolicyFn func(id string, rp domain.RenewalPolicy) (*domain.RenewalPolicy, error)
|
|
DeleteRenewalPolicyFn func(id string) error
|
|
}
|
|
|
|
func (m *MockRenewalPolicyService) ListRenewalPolicies(_ context.Context, page, perPage int) ([]domain.RenewalPolicy, int64, error) {
|
|
if m.ListRenewalPoliciesFn != nil {
|
|
return m.ListRenewalPoliciesFn(page, perPage)
|
|
}
|
|
return nil, 0, nil
|
|
}
|
|
|
|
func (m *MockRenewalPolicyService) GetRenewalPolicy(_ context.Context, id string) (*domain.RenewalPolicy, error) {
|
|
if m.GetRenewalPolicyFn != nil {
|
|
return m.GetRenewalPolicyFn(id)
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func (m *MockRenewalPolicyService) CreateRenewalPolicy(_ context.Context, rp domain.RenewalPolicy) (*domain.RenewalPolicy, error) {
|
|
if m.CreateRenewalPolicyFn != nil {
|
|
return m.CreateRenewalPolicyFn(rp)
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func (m *MockRenewalPolicyService) UpdateRenewalPolicy(_ context.Context, id string, rp domain.RenewalPolicy) (*domain.RenewalPolicy, error) {
|
|
if m.UpdateRenewalPolicyFn != nil {
|
|
return m.UpdateRenewalPolicyFn(id, rp)
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func (m *MockRenewalPolicyService) DeleteRenewalPolicy(_ context.Context, id string) error {
|
|
if m.DeleteRenewalPolicyFn != nil {
|
|
return m.DeleteRenewalPolicyFn(id)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ----- List -----
|
|
|
|
func TestListRenewalPolicies_Success(t *testing.T) {
|
|
now := time.Now()
|
|
rp1 := domain.RenewalPolicy{
|
|
ID: "rp-default", Name: "Default", RenewalWindowDays: 30,
|
|
MaxRetries: 3, RetryInterval: 3600, AutoRenew: true,
|
|
CreatedAt: now, UpdatedAt: now,
|
|
}
|
|
rp2 := domain.RenewalPolicy{
|
|
ID: "rp-urgent", Name: "Urgent", RenewalWindowDays: 7,
|
|
MaxRetries: 5, RetryInterval: 600, AutoRenew: true,
|
|
CreatedAt: now, UpdatedAt: now,
|
|
}
|
|
|
|
mock := &MockRenewalPolicyService{
|
|
ListRenewalPoliciesFn: func(page, perPage int) ([]domain.RenewalPolicy, int64, error) {
|
|
return []domain.RenewalPolicy{rp1, rp2}, 2, nil
|
|
},
|
|
}
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodGet, "/api/v1/renewal-policies", nil)
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.ListRenewalPolicies(w, req)
|
|
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("expected status 200, got %d", w.Code)
|
|
}
|
|
|
|
var resp PagedResponse
|
|
if err := json.NewDecoder(w.Body).Decode(&resp); err != nil {
|
|
t.Fatalf("failed to decode response: %v", err)
|
|
}
|
|
if resp.Total != 2 {
|
|
t.Errorf("expected total 2, got %d", resp.Total)
|
|
}
|
|
}
|
|
|
|
func TestListRenewalPolicies_ServiceError(t *testing.T) {
|
|
mock := &MockRenewalPolicyService{
|
|
ListRenewalPoliciesFn: func(page, perPage int) ([]domain.RenewalPolicy, int64, error) {
|
|
return nil, 0, ErrMockServiceFailed
|
|
},
|
|
}
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodGet, "/api/v1/renewal-policies", nil)
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.ListRenewalPolicies(w, req)
|
|
|
|
if w.Code != http.StatusInternalServerError {
|
|
t.Fatalf("expected status 500, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestListRenewalPolicies_MethodNotAllowed(t *testing.T) {
|
|
handler := NewRenewalPolicyHandler(&MockRenewalPolicyService{})
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/v1/renewal-policies", nil)
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.ListRenewalPolicies(w, req)
|
|
|
|
if w.Code != http.StatusMethodNotAllowed {
|
|
t.Fatalf("expected status 405, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
// ----- Get -----
|
|
|
|
func TestGetRenewalPolicy_Success(t *testing.T) {
|
|
now := time.Now()
|
|
mock := &MockRenewalPolicyService{
|
|
GetRenewalPolicyFn: func(id string) (*domain.RenewalPolicy, error) {
|
|
return &domain.RenewalPolicy{
|
|
ID: id, Name: "Default", RenewalWindowDays: 30,
|
|
MaxRetries: 3, RetryInterval: 3600, AutoRenew: true,
|
|
CreatedAt: now, UpdatedAt: now,
|
|
}, nil
|
|
},
|
|
}
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodGet, "/api/v1/renewal-policies/rp-default", nil)
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.GetRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("expected status 200, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestGetRenewalPolicy_NotFound(t *testing.T) {
|
|
mock := &MockRenewalPolicyService{
|
|
GetRenewalPolicyFn: func(id string) (*domain.RenewalPolicy, error) {
|
|
return nil, ErrMockNotFound
|
|
},
|
|
}
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodGet, "/api/v1/renewal-policies/nonexistent", nil)
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.GetRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusNotFound {
|
|
t.Fatalf("expected status 404, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
// ----- Create -----
|
|
|
|
func TestCreateRenewalPolicy_Success(t *testing.T) {
|
|
now := time.Now()
|
|
mock := &MockRenewalPolicyService{
|
|
CreateRenewalPolicyFn: func(rp domain.RenewalPolicy) (*domain.RenewalPolicy, error) {
|
|
rp.ID = "rp-new"
|
|
rp.CreatedAt = now
|
|
rp.UpdatedAt = now
|
|
return &rp, nil
|
|
},
|
|
}
|
|
|
|
body := map[string]interface{}{
|
|
"name": "New Policy",
|
|
"renewal_window_days": 30,
|
|
"max_retries": 3,
|
|
"retry_interval_seconds": 3600,
|
|
"auto_renew": true,
|
|
}
|
|
bodyBytes, _ := json.Marshal(body)
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/renewal-policies", bytes.NewReader(bodyBytes))
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.CreateRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusCreated {
|
|
t.Fatalf("expected status 201, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestCreateRenewalPolicy_MissingName(t *testing.T) {
|
|
body := map[string]interface{}{
|
|
"renewal_window_days": 30,
|
|
"max_retries": 3,
|
|
"retry_interval_seconds": 3600,
|
|
}
|
|
bodyBytes, _ := json.Marshal(body)
|
|
|
|
handler := NewRenewalPolicyHandler(&MockRenewalPolicyService{})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/renewal-policies", bytes.NewReader(bodyBytes))
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.CreateRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusBadRequest {
|
|
t.Fatalf("expected status 400, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestCreateRenewalPolicy_InvalidJSON(t *testing.T) {
|
|
handler := NewRenewalPolicyHandler(&MockRenewalPolicyService{})
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/renewal-policies", bytes.NewReader([]byte("not json")))
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.CreateRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusBadRequest {
|
|
t.Fatalf("expected status 400, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestCreateRenewalPolicy_DuplicateName(t *testing.T) {
|
|
// Service bubbles up ErrRenewalPolicyDuplicateName (pg 23505) → handler maps to 409.
|
|
mock := &MockRenewalPolicyService{
|
|
CreateRenewalPolicyFn: func(rp domain.RenewalPolicy) (*domain.RenewalPolicy, error) {
|
|
return nil, service.ErrRenewalPolicyDuplicateName
|
|
},
|
|
}
|
|
|
|
body := map[string]interface{}{
|
|
"name": "Duplicate",
|
|
"renewal_window_days": 30,
|
|
"max_retries": 3,
|
|
"retry_interval_seconds": 3600,
|
|
}
|
|
bodyBytes, _ := json.Marshal(body)
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodPost, "/api/v1/renewal-policies", bytes.NewReader(bodyBytes))
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.CreateRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusConflict {
|
|
t.Fatalf("expected status 409 on duplicate name, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestCreateRenewalPolicy_MethodNotAllowed(t *testing.T) {
|
|
handler := NewRenewalPolicyHandler(&MockRenewalPolicyService{})
|
|
req := httptest.NewRequest(http.MethodGet, "/api/v1/renewal-policies", nil)
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.CreateRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusMethodNotAllowed {
|
|
t.Fatalf("expected status 405, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
// ----- Update -----
|
|
|
|
func TestUpdateRenewalPolicy_Success(t *testing.T) {
|
|
now := time.Now()
|
|
mock := &MockRenewalPolicyService{
|
|
UpdateRenewalPolicyFn: func(id string, rp domain.RenewalPolicy) (*domain.RenewalPolicy, error) {
|
|
return &domain.RenewalPolicy{
|
|
ID: id, Name: rp.Name, RenewalWindowDays: rp.RenewalWindowDays,
|
|
MaxRetries: rp.MaxRetries, RetryInterval: rp.RetryInterval,
|
|
AutoRenew: rp.AutoRenew,
|
|
CreatedAt: now, UpdatedAt: now,
|
|
}, nil
|
|
},
|
|
}
|
|
|
|
body := map[string]interface{}{
|
|
"name": "Updated Policy",
|
|
"renewal_window_days": 45,
|
|
"max_retries": 5,
|
|
"retry_interval_seconds": 1800,
|
|
"auto_renew": true,
|
|
}
|
|
bodyBytes, _ := json.Marshal(body)
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodPut, "/api/v1/renewal-policies/rp-default", bytes.NewReader(bodyBytes))
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.UpdateRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusOK {
|
|
t.Fatalf("expected status 200, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestUpdateRenewalPolicy_NotFound(t *testing.T) {
|
|
mock := &MockRenewalPolicyService{
|
|
UpdateRenewalPolicyFn: func(id string, rp domain.RenewalPolicy) (*domain.RenewalPolicy, error) {
|
|
return nil, ErrMockNotFound
|
|
},
|
|
}
|
|
|
|
body := map[string]interface{}{
|
|
"name": "Updated",
|
|
"renewal_window_days": 30,
|
|
"max_retries": 3,
|
|
"retry_interval_seconds": 3600,
|
|
}
|
|
bodyBytes, _ := json.Marshal(body)
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodPut, "/api/v1/renewal-policies/rp-missing", bytes.NewReader(bodyBytes))
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.UpdateRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusNotFound {
|
|
t.Fatalf("expected status 404, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
// ----- Delete -----
|
|
|
|
func TestDeleteRenewalPolicy_Success(t *testing.T) {
|
|
var deletedID string
|
|
mock := &MockRenewalPolicyService{
|
|
DeleteRenewalPolicyFn: func(id string) error {
|
|
deletedID = id
|
|
return nil
|
|
},
|
|
}
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/v1/renewal-policies/rp-default", nil)
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.DeleteRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusNoContent {
|
|
t.Fatalf("expected status 204, got %d", w.Code)
|
|
}
|
|
if deletedID != "rp-default" {
|
|
t.Errorf("expected deleted ID 'rp-default', got '%s'", deletedID)
|
|
}
|
|
}
|
|
|
|
func TestDeleteRenewalPolicy_NotFound(t *testing.T) {
|
|
mock := &MockRenewalPolicyService{
|
|
DeleteRenewalPolicyFn: func(id string) error {
|
|
return ErrMockNotFound
|
|
},
|
|
}
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/v1/renewal-policies/rp-missing", nil)
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.DeleteRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusNotFound {
|
|
t.Fatalf("expected status 404, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestDeleteRenewalPolicy_InUseConflict(t *testing.T) {
|
|
// Service bubbles up ErrRenewalPolicyInUse (pg 23503 FK-RESTRICT) → handler maps to 409.
|
|
mock := &MockRenewalPolicyService{
|
|
DeleteRenewalPolicyFn: func(id string) error {
|
|
return service.ErrRenewalPolicyInUse
|
|
},
|
|
}
|
|
|
|
handler := NewRenewalPolicyHandler(mock)
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/v1/renewal-policies/rp-active", nil)
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.DeleteRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusConflict {
|
|
t.Fatalf("expected status 409 on in-use conflict, got %d", w.Code)
|
|
}
|
|
}
|
|
|
|
func TestDeleteRenewalPolicy_EmptyID(t *testing.T) {
|
|
handler := NewRenewalPolicyHandler(&MockRenewalPolicyService{})
|
|
req := httptest.NewRequest(http.MethodDelete, "/api/v1/renewal-policies/", nil)
|
|
req = req.WithContext(contextWithRequestID())
|
|
w := httptest.NewRecorder()
|
|
|
|
handler.DeleteRenewalPolicy(w, req)
|
|
|
|
if w.Code != http.StatusBadRequest {
|
|
t.Fatalf("expected status 400, got %d", w.Code)
|
|
}
|
|
}
|