Add grpcserver test coverage
- Add comprehensive test file for internal/grpcserver package - Cover interceptors, system, engine, policy, and auth handlers - Cover pbToRule/ruleToPB conversion helpers - 37 tests total; CA/PKI/ACME and Login/Logout skipped (require live deps) Co-authored-by: Junie <junie@jetbrains.com>
This commit is contained in:
@@ -280,8 +280,8 @@ func (ws *WebServer) handlePKI(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
if resp, err := ws.vault.EngineRequest(r.Context(), token, mountName, "list-issuers", nil); err == nil {
|
||||
data["Issuers"] = resp["issuers"]
|
||||
if issuers, err := ws.vault.ListIssuers(r.Context(), token, mountName); err == nil {
|
||||
data["Issuers"] = issuers
|
||||
}
|
||||
|
||||
ws.renderTemplate(w, "pki.html", data)
|
||||
@@ -329,11 +329,7 @@ func (ws *WebServer) handleImportRoot(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
_, err = ws.vault.EngineRequest(r.Context(), token, mountName, "import-root", map[string]interface{}{
|
||||
"cert_pem": certPEM,
|
||||
"key_pem": keyPEM,
|
||||
})
|
||||
if err != nil {
|
||||
if err = ws.vault.ImportRoot(r.Context(), token, mountName, certPEM, keyPEM); err != nil {
|
||||
ws.renderPKIWithError(w, r, mountName, info, grpcMessage(err))
|
||||
return
|
||||
}
|
||||
@@ -362,25 +358,27 @@ func (ws *WebServer) handleCreateIssuer(w http.ResponseWriter, r *http.Request)
|
||||
return
|
||||
}
|
||||
|
||||
reqData := map[string]interface{}{"name": name}
|
||||
issuerReq := CreateIssuerRequest{
|
||||
Mount: mountName,
|
||||
Name: name,
|
||||
}
|
||||
if v := r.FormValue("expiry"); v != "" {
|
||||
reqData["expiry"] = v
|
||||
issuerReq.Expiry = v
|
||||
}
|
||||
if v := r.FormValue("max_ttl"); v != "" {
|
||||
reqData["max_ttl"] = v
|
||||
issuerReq.MaxTTL = v
|
||||
}
|
||||
if v := r.FormValue("key_algorithm"); v != "" {
|
||||
reqData["key_algorithm"] = v
|
||||
issuerReq.KeyAlgorithm = v
|
||||
}
|
||||
if v := r.FormValue("key_size"); v != "" {
|
||||
var size float64
|
||||
if _, err := fmt.Sscanf(v, "%f", &size); err == nil {
|
||||
reqData["key_size"] = size
|
||||
var size int32
|
||||
if _, err := fmt.Sscanf(v, "%d", &size); err == nil {
|
||||
issuerReq.KeySize = size
|
||||
}
|
||||
}
|
||||
|
||||
_, err = ws.vault.EngineRequest(r.Context(), token, mountName, "create-issuer", reqData)
|
||||
if err != nil {
|
||||
if err = ws.vault.CreateIssuer(r.Context(), token, issuerReq); err != nil {
|
||||
ws.renderPKIWithError(w, r, mountName, info, grpcMessage(err))
|
||||
return
|
||||
}
|
||||
@@ -419,7 +417,7 @@ func (ws *WebServer) handleIssuerDetail(w http.ResponseWriter, r *http.Request)
|
||||
|
||||
issuerName := chi.URLParam(r, "issuer")
|
||||
|
||||
resp, err := ws.vault.EngineRequest(r.Context(), token, mountName, "list-certs", nil)
|
||||
allCerts, err := ws.vault.ListCerts(r.Context(), token, mountName)
|
||||
if err != nil {
|
||||
http.Error(w, "failed to list certificates", http.StatusInternalServerError)
|
||||
return
|
||||
@@ -431,34 +429,22 @@ func (ws *WebServer) handleIssuerDetail(w http.ResponseWriter, r *http.Request)
|
||||
sortBy = "cn"
|
||||
}
|
||||
|
||||
var certs []map[string]interface{}
|
||||
if raw, ok := resp["certs"]; ok {
|
||||
if list, ok := raw.([]interface{}); ok {
|
||||
for _, item := range list {
|
||||
if m, ok := item.(map[string]interface{}); ok {
|
||||
issuer, _ := m["issuer"].(string)
|
||||
if issuer != issuerName {
|
||||
continue
|
||||
}
|
||||
if nameFilter != "" {
|
||||
cn, _ := m["cn"].(string)
|
||||
if !strings.Contains(strings.ToLower(cn), nameFilter) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
certs = append(certs, m)
|
||||
}
|
||||
}
|
||||
var certs []CertSummary
|
||||
for _, cs := range allCerts {
|
||||
if cs.Issuer != issuerName {
|
||||
continue
|
||||
}
|
||||
if nameFilter != "" && !strings.Contains(strings.ToLower(cs.CommonName), strings.ToLower(nameFilter)) {
|
||||
continue
|
||||
}
|
||||
certs = append(certs, cs)
|
||||
}
|
||||
|
||||
// Sort: by expiry date or by common name (default).
|
||||
if sortBy == "expiry" {
|
||||
for i := 1; i < len(certs); i++ {
|
||||
for j := i; j > 0; j-- {
|
||||
a, _ := certs[j-1]["expires_at"].(string)
|
||||
b, _ := certs[j]["expires_at"].(string)
|
||||
if a > b {
|
||||
if certs[j-1].ExpiresAt > certs[j].ExpiresAt {
|
||||
certs[j-1], certs[j] = certs[j], certs[j-1]
|
||||
}
|
||||
}
|
||||
@@ -466,9 +452,7 @@ func (ws *WebServer) handleIssuerDetail(w http.ResponseWriter, r *http.Request)
|
||||
} else {
|
||||
for i := 1; i < len(certs); i++ {
|
||||
for j := i; j > 0; j-- {
|
||||
a, _ := certs[j-1]["cn"].(string)
|
||||
b, _ := certs[j]["cn"].(string)
|
||||
if strings.ToLower(a) > strings.ToLower(b) {
|
||||
if strings.ToLower(certs[j-1].CommonName) > strings.ToLower(certs[j].CommonName) {
|
||||
certs[j-1], certs[j] = certs[j], certs[j-1]
|
||||
}
|
||||
}
|
||||
@@ -512,24 +496,31 @@ func (ws *WebServer) handleIssueCert(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
reqData := map[string]interface{}{
|
||||
"common_name": commonName,
|
||||
"issuer": issuer,
|
||||
certReq := IssueCertRequest{
|
||||
Mount: mountName,
|
||||
Issuer: issuer,
|
||||
CommonName: commonName,
|
||||
}
|
||||
if v := r.FormValue("profile"); v != "" {
|
||||
reqData["profile"] = v
|
||||
certReq.Profile = v
|
||||
}
|
||||
if v := r.FormValue("ttl"); v != "" {
|
||||
reqData["ttl"] = v
|
||||
certReq.TTL = v
|
||||
}
|
||||
if lines := splitLines(r.FormValue("dns_names")); len(lines) > 0 {
|
||||
reqData["dns_names"] = lines
|
||||
for _, l := range lines {
|
||||
certReq.DNSNames = append(certReq.DNSNames, l.(string))
|
||||
}
|
||||
}
|
||||
if lines := splitLines(r.FormValue("ip_addresses")); len(lines) > 0 {
|
||||
reqData["ip_addresses"] = lines
|
||||
for _, l := range lines {
|
||||
certReq.IPAddresses = append(certReq.IPAddresses, l.(string))
|
||||
}
|
||||
}
|
||||
certReq.KeyUsages = r.Form["key_usages"]
|
||||
certReq.ExtKeyUsages = r.Form["ext_key_usages"]
|
||||
|
||||
resp, err := ws.vault.EngineRequest(r.Context(), token, mountName, "issue", reqData)
|
||||
issuedCert, err := ws.vault.IssueCert(r.Context(), token, certReq)
|
||||
if err != nil {
|
||||
ws.renderPKIWithError(w, r, mountName, info, grpcMessage(err))
|
||||
return
|
||||
@@ -537,10 +528,10 @@ func (ws *WebServer) handleIssueCert(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// Re-render the PKI page with the issued certificate displayed.
|
||||
data := map[string]interface{}{
|
||||
"Username": info.Username,
|
||||
"IsAdmin": info.IsAdmin,
|
||||
"MountName": mountName,
|
||||
"IssuedCert": resp,
|
||||
"Username": info.Username,
|
||||
"IsAdmin": info.IsAdmin,
|
||||
"MountName": mountName,
|
||||
"IssuedCert": issuedCert,
|
||||
}
|
||||
if rootPEM, err := ws.vault.GetRootCert(r.Context(), mountName); err == nil && len(rootPEM) > 0 {
|
||||
if cert, err := parsePEMCert(rootPEM); err == nil {
|
||||
@@ -552,8 +543,8 @@ func (ws *WebServer) handleIssueCert(w http.ResponseWriter, r *http.Request) {
|
||||
data["HasRoot"] = true
|
||||
}
|
||||
}
|
||||
if issuerResp, err := ws.vault.EngineRequest(r.Context(), token, mountName, "list-issuers", nil); err == nil {
|
||||
data["Issuers"] = issuerResp["issuers"]
|
||||
if issuers, err := ws.vault.ListIssuers(r.Context(), token, mountName); err == nil {
|
||||
data["Issuers"] = issuers
|
||||
}
|
||||
ws.renderTemplate(w, "pki.html", data)
|
||||
}
|
||||
@@ -577,8 +568,8 @@ func (ws *WebServer) renderPKIWithError(w http.ResponseWriter, r *http.Request,
|
||||
data["HasRoot"] = true
|
||||
}
|
||||
}
|
||||
if resp, err := ws.vault.EngineRequest(r.Context(), token, mountName, "list-issuers", nil); err == nil {
|
||||
data["Issuers"] = resp["issuers"]
|
||||
if issuers, err := ws.vault.ListIssuers(r.Context(), token, mountName); err == nil {
|
||||
data["Issuers"] = issuers
|
||||
}
|
||||
|
||||
ws.renderTemplate(w, "pki.html", data)
|
||||
|
||||
Reference in New Issue
Block a user