Checkpoint: grpc auth fix, issuer list/detail, v2 protos, architecture docs

Co-authored-by: Junie <junie@jetbrains.com>
2026-03-15 11:39:13 -07:00
parent d0b1875dbb
commit ad167aed9b
41 changed files with 1080 additions and 219 deletions
--- a/internal/engine/ca/ca.go
+++ b/internal/engine/ca/ca.go
@@ -412,7 +412,7 @@ func (e *CAEngine) handleImportRoot(ctx context.Context, req *engine.Request) (*
 	return &engine.Response{
 		Data: map[string]interface{}{
 			"cn":         newCert.Subject.CommonName,
-			"expires_at": newCert.NotAfter,
+			"expires_at": newCert.NotAfter.Format(time.RFC3339),
 		},
 	}, nil
 }
@@ -639,7 +639,7 @@ func (e *CAEngine) handleListIssuers(_ context.Context, req *engine.Request) (*e
 		return nil, ErrSealed
 	}

-	names := make([]string, 0, len(e.issuers))
+	names := make([]interface{}, 0, len(e.issuers))
 	for name := range e.issuers {
 		names = append(names, name)
 	}
@@ -795,7 +795,7 @@ func (e *CAEngine) handleIssue(ctx context.Context, req *engine.Request) (*engin
 			"cn":         cn,
 			"sans":       allSANs,
 			"issued_by":  req.CallerInfo.Username,
-			"expires_at": leafCert.NotAfter,
+			"expires_at": leafCert.NotAfter.Format(time.RFC3339),
 		},
 	}, nil
 }
@@ -838,8 +838,8 @@ func (e *CAEngine) handleGetCert(ctx context.Context, req *engine.Request) (*eng
 			"profile":    record.Profile,
 			"cert_pem":   record.CertPEM,
 			"issued_by":  record.IssuedBy,
-			"issued_at":  record.IssuedAt,
-			"expires_at": record.ExpiresAt,
+			"issued_at":  record.IssuedAt.Format(time.RFC3339),
+			"expires_at": record.ExpiresAt.Format(time.RFC3339),
 		},
 	}, nil
 }
@@ -857,7 +857,7 @@ func (e *CAEngine) handleListCerts(ctx context.Context, req *engine.Request) (*e
 		return nil, fmt.Errorf("ca: list certs: %w", err)
 	}

-	var certs []map[string]interface{}
+	var certs []interface{}
 	for _, p := range paths {
 		if !strings.HasSuffix(p, ".json") {
 			continue
@@ -876,8 +876,8 @@ func (e *CAEngine) handleListCerts(ctx context.Context, req *engine.Request) (*e
 			"cn":         record.CN,
 			"profile":    record.Profile,
 			"issued_by":  record.IssuedBy,
-			"issued_at":  record.IssuedAt,
-			"expires_at": record.ExpiresAt,
+			"issued_at":  record.IssuedAt.Format(time.RFC3339),
+			"expires_at": record.ExpiresAt.Format(time.RFC3339),
 		})
 	}

@@ -1009,7 +1009,7 @@ func (e *CAEngine) handleRenew(ctx context.Context, req *engine.Request) (*engin
 			"key_pem":    string(newKeyPEM),
 			"chain_pem":  string(chainPEM),
 			"cn":         record.CN,
-			"expires_at": newCert.NotAfter,
+			"expires_at": newCert.NotAfter.Format(time.RFC3339),
 		},
 	}, nil
 }
--- a/internal/engine/ca/ca_test.go
+++ b/internal/engine/ca/ca_test.go
@@ -566,7 +566,7 @@ func TestGetAndListCerts(t *testing.T) {
 		t.Fatalf("list-certs: %v", err)
 	}

-	certs, ok := listResp.Data["certs"].([]map[string]interface{})
+	certs, ok := listResp.Data["certs"].([]interface{})
 	if !ok {
 		t.Fatalf("certs type: %T", listResp.Data["certs"])
 	}
@@ -575,7 +575,7 @@ func TestGetAndListCerts(t *testing.T) {
 	}

 	// Get a specific cert.
-	serial := certs[0]["serial"].(string) //nolint:errcheck
+	serial := certs[0].(map[string]interface{})["serial"].(string) //nolint:errcheck
 	getResp, err := eng.HandleRequest(ctx, &engine.Request{
 		Operation:  "get-cert",
 		CallerInfo: userCaller(),