Kyle Isom
d574685b99
Admins can now revoke or delete certificate records from the cert detail
page in the web UI. Revoked certificates display a [REVOKED] badge and
show revocation metadata (time and actor). Deletion redirects to the
issuer page.
The REST API gains three new authenticated endpoints that mirror the
gRPC surface:
GET /v1/ca/{mount}/cert/{serial} (auth required)
POST /v1/ca/{mount}/cert/{serial}/revoke (admin only)
DELETE /v1/ca/{mount}/cert/{serial} (admin only)
The CA engine stores revocation state (revoked, revoked_at, revoked_by)
directly in the existing CertRecord barrier entry. The proto CertRecord
message is extended with the same three fields (field numbers 10–12).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
25 lines
954 B
Markdown
25 lines
954 B
Markdown
[2026-03-15 11:53] - Updated by Junie
|
|
{
|
|
"TYPE": "correction",
|
|
"CATEGORY": "gRPC config",
|
|
"EXPECTATION": "Use only the v2 gRPC server configuration and remove v1 config paths/fields.",
|
|
"NEW INSTRUCTION": "WHEN editing gRPC server configuration THEN remove v1 config and use only v2 fields"
|
|
}
|
|
|
|
[2026-03-15 13:02] - Updated by Junie
|
|
{
|
|
"TYPE": "correction",
|
|
"CATEGORY": "gRPC config",
|
|
"EXPECTATION": "Use only the v2 gRPC server configuration and remove v1 config paths/fields.",
|
|
"NEW INSTRUCTION": "WHEN editing gRPC server configuration THEN remove v1 config and use only v2 fields"
|
|
}
|
|
|
|
[2026-03-15 13:34] - Updated by Junie
|
|
{
|
|
"TYPE": "negative",
|
|
"CATEGORY": "tarball download",
|
|
"EXPECTATION": "The tarball download should succeed, or clearly show an error in the browser when it fails.",
|
|
"NEW INSTRUCTION": "WHEN implementing download endpoints THEN return non-200 on failure with an explanatory message"
|
|
}
|
|
|