gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-09 12:28:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ceca3647eb5bc522cb88bc2101980ea7aa47ea2e
certctl/internal/connector/target/f5/validate_only.go
T
claude 8e83f02401 feat(f5,iis): explicit ValidateOnly + leverage existing transactional rollback 
Phase 8 of the deploy-hardening I master bundle. F5 + IIS already
have transactional / explicit-backup-restore rollback semantics
in their DeployCertificate paths. Phase 8 adds the explicit
ValidateOnly dry-run probe that operators use to preview a deploy
without touching the live cert.

F5 (validate_only.go):
- ValidateOnly probes the iControl REST API via Authenticate.
  Cheap (no F5 transaction created) + cached after first success.
  Failure surfaces as a wrapped error so operators see the actual
  cause (auth provider down, invalid creds, BIG-IP unreachable,
  etc.). nil client returns ErrValidateOnlyNotSupported.
- A true cert-bind dry-run requires F5's no-commit transaction
  mode (v17.5+); V3-Pro can add per-version dispatch. V2 ships
  the reachability probe as the load-bearing safety check.
- 5 new tests in validate_only_test.go covering: auth-success,
  auth-fail wrapped, nil-client sentinel, error-message contains
  BIG-IP context, recoverable auth-fail surfaces provider info.

IIS (validate_only.go):
- ValidateOnly runs `Get-WebSite -Name <SiteName>` via the
  injected PowerShellExecutor. Confirms the IIS PS module is
  loaded AND the site exists AND the agent has admin privileges.
  Failure here surfaces the actual PowerShell stderr (site not
  found / module missing / access denied).
- A true cert-bind dry-run would need IIS to expose a no-commit
  New-WebBinding (it doesn't); V3-Pro can extend with a
  temp-install + immediate-remove. V2 ships the permission +
  module probe as the load-bearing check.
- 5 new tests in validate_only_test.go covering: get-website
  succeeds, get-website fails, nil-executor sentinel, site-name
  quoting (handles spaces in 'Default Web Site'), output-context
  in error.

Smoke test connectorsAtPhase3 list shrunk from 10 to 7 entries
(f5 + iis + postfix removed). Caddy stays in (file-mode returns
sentinel; api-mode is real-impl). Envoy + Traefik stay in (no
validate-with-target command exists for either). javakeystore +
k8ssecret + ssh + wincertstore stay in pending Phase 9.

Coverage: F5 holds at ≥85%; IIS holds at ≥85%. Race detector
clean. golangci-lint v2.11.4 clean.

Phase 9 next: SSH + WinCertStore + JavaKeystore + K8s — the
non-file-server connectors.
2026-04-30 15:16:11 +00:00

41 lines
1.6 KiB
Go
Raw Blame History

package f5
import (
"context"
"fmt"
"github.com/shankar0123/certctl/internal/connector/target"
)
// ValidateOnly — Phase 8 of the deploy-hardening I master bundle.
// F5 already has full transactional rollback semantics in
// DeployCertificate (the iControl REST API is transactional —
// `mgmt/tm/transaction` wraps the install + bind together; on
// failure the whole transaction aborts atomically with no live
// VS impact). Phase 8 makes the dry-run explicit by probing the
// BIG-IP control plane health: if the API is reachable and
// authenticated, ValidateOnly returns nil; otherwise it returns
// the wrapped client error so operators can preview a deploy
// without touching the live SSL profile.
//
// Note: a full dry-run that simulates the cert install + bind
// without commit would require F5 to expose a no-commit transaction
// mode (it does not in v15.x; it does in v17.5+ — V3-Pro will add
// per-version dispatch). For V2 the reachability probe is the
// load-bearing safety check.
func (c *Connector) ValidateOnly(ctx context.Context, request target.DeploymentRequest) error {
if c.client == nil {
return target.ErrValidateOnlyNotSupported
}
// Probe by attempting authentication. The F5 client caches
// the token after first success, so subsequent ValidateOnly
// calls are cheap. Failure here means the BIG-IP is
// unreachable, the operator credentials are wrong, or the
// auth provider (TACACS+, RADIUS) is down — all reasons to
// abort a deploy preview.
if err := c.client.Authenticate(ctx); err != nil {
return fmt.Errorf("F5 ValidateOnly: BIG-IP control plane probe failed: %w", err)
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink