REST error response body for invalid TLS Secrets on PUT.

pkg/rest/handlers.go

@@ -101,6 +101,11 @@ var (
 		Title:  "Matching Secret not found",
 		Detail: "",
 	}
+	errPemInvalidSecret = ErrorDetails{
+		Type:   "/errors/pems/invalidSecret",
+		Title:  "Invalid TLS Secret",
+		Detail: "",
+	}
 )
 
 // Problem Details object per RFC7807
@@ -308,13 +313,11 @@ func (h *pemsHndlr) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
 		h.errorResponse(resp, req, now, http.StatusNotFound,
 			errPemSecretNotFound, errr)
 		return
-	} else if !valid || err != nil {
-		// XXX problem description in body
-		status = http.StatusForbidden
-		errLog(h.log, req, err)
-		resp.WriteHeader(status)
-		reqLog(h.log, req, now, status, bytes)
+	} else if !valid {
+		h.errorResponse(resp, req, now, http.StatusForbidden,
+			errPemInvalidSecret, err)
 		return
+	} else if err != nil {
 	}
 	if !have {
 		status = http.StatusCreated

pkg/rest/handlers_test.go

@@ -473,7 +473,45 @@ func TestPutPem(t *testing.T) {
 		t.Errorf("PUT /v1/pems/missing/crtField status: got %d want %d",
 			rr.Code, http.StatusForbidden)
 	}
-	// XXX check response body
+	if rr.Header().Get("Content-Type") != problemContentType {
+		t.Errorf("PUT /v1/pems/missing/crtField Content-Type: "+
+			"got %s want %s",
+			rr.Header().Get("Content-Type"), problemContentType)
+	}
+	bodylen = len(rr.Body.String())
+	if rr.Header().Get("Content-Length") != strconv.Itoa(bodylen) {
+		t.Errorf("PUT /v1/pems/missing/crtField Content-Length: "+
+			"got %s want %d",
+			rr.Header().Get("Content-Length"), bodylen)
+	}
+	problem = &Problem{}
+	if err = json.Unmarshal(rr.Body.Bytes(), problem); err != nil {
+		t.Fatalf("PUT /v1/pems/missing/crtField body unmarshal: %v",
+			err)
+	}
+	if problem.Type != errPemInvalidSecret.Type {
+		t.Errorf("PUT /v1/pems/missing/crtField problem type: "+
+			"got %s want %s", problem.Type,
+			errPemInvalidSecret.Type)
+	}
+	if problem.Title != errPemInvalidSecret.Title {
+		t.Errorf("PUT /v1/pems/missing/crtField problem title: "+
+			"got %s want %s", problem.Title,
+			errPemInvalidSecret.Title)
+	}
+	fieldMissing := "required field missing"
+	if problem.Detail != fieldMissing {
+		t.Errorf("PUT /v1/pems/missing/crtField problem detail: "+
+			"got \"%s\" want \"%s\"", problem.Detail, fieldMissing)
+	}
+	if problem.Status != http.StatusForbidden {
+		t.Errorf("PUT /v1/pems/missing/crtField problem status: "+
+			"got %d want %d", problem.Status, http.StatusForbidden)
+	}
+	if !errInstancePattern.Match([]byte(problem.Instance)) {
+		t.Errorf("PUT /v1/pems/missing/crtField problem instance: "+
+			"got %s want /log/errors/N", problem.Instance)
+	}
 	if files.Check("missing", "crtField", "", "") {
 		t.Error("files.Check() after PUT: got true want false")
 	}
@@ -486,7 +524,44 @@ func TestPutPem(t *testing.T) {
 		t.Errorf("PUT /v1/pems/missing/keyField status: got %d want %d",
 			rr.Code, http.StatusForbidden)
 	}
-	// XXX check response body
+	if rr.Header().Get("Content-Type") != problemContentType {
+		t.Errorf("PUT /v1/pems/missing/keyField Content-Type: "+
+			"got %s want %s",
+			rr.Header().Get("Content-Type"), problemContentType)
+	}
+	bodylen = len(rr.Body.String())
+	if rr.Header().Get("Content-Length") != strconv.Itoa(bodylen) {
+		t.Errorf("PUT /v1/pems/missing/keyField Content-Length: "+
+			"got %s want %d",
+			rr.Header().Get("Content-Length"), bodylen)
+	}
+	problem = &Problem{}
+	if err = json.Unmarshal(rr.Body.Bytes(), problem); err != nil {
+		t.Fatalf("PUT /v1/pems/missing/keyField body unmarshal: %v",
+			err)
+	}
+	if problem.Type != errPemInvalidSecret.Type {
+		t.Errorf("PUT /v1/pems/missing/keyField problem type: "+
+			"got %s want %s", problem.Type,
+			errPemInvalidSecret.Type)
+	}
+	if problem.Title != errPemInvalidSecret.Title {
+		t.Errorf("PUT /v1/pems/missing/keyField problem title: "+
+			"got %s want %s", problem.Title,
+			errPemInvalidSecret.Title)
+	}
+	if problem.Detail != fieldMissing {
+		t.Errorf("PUT /v1/pems/missing/keyField problem detail: "+
+			"got \"%s\" want \"%s\"", problem.Detail, fieldMissing)
+	}
+	if problem.Status != http.StatusForbidden {
+		t.Errorf("PUT /v1/pems/missing/keyField problem status: "+
+			"got %d want %d", problem.Status, http.StatusForbidden)
+	}
+	if !errInstancePattern.Match([]byte(problem.Instance)) {
+		t.Errorf("PUT /v1/pems/missing/keyField problem instance: "+
+			"got %s want /log/errors/N", problem.Instance)
+	}
 	if files.Check("missing", "keyField", "", "") {
 		t.Error("files.Check() after PUT: got true want false")
 	}
@@ -499,7 +574,45 @@ func TestPutPem(t *testing.T) {
 		t.Errorf("PUT /v1/pems/empty/crtField status: got %d want %d",
 			rr.Code, http.StatusForbidden)
 	}
-	// XXX check response body
+	if rr.Header().Get("Content-Type") != problemContentType {
+		t.Errorf("PUT /v1/pems/empty/crtField Content-Type: "+
+			"got %s want %s",
+			rr.Header().Get("Content-Type"), problemContentType)
+	}
+	bodylen = len(rr.Body.String())
+	if rr.Header().Get("Content-Length") != strconv.Itoa(bodylen) {
+		t.Errorf("PUT /v1/pems/empty/crtField Content-Length: "+
+			"got %s want %d",
+			rr.Header().Get("Content-Length"), bodylen)
+	}
+	problem = &Problem{}
+	if err = json.Unmarshal(rr.Body.Bytes(), problem); err != nil {
+		t.Fatalf("PUT /v1/pems/empty/crtField body unmarshal: %v",
+			err)
+	}
+	if problem.Type != errPemInvalidSecret.Type {
+		t.Errorf("PUT /v1/pems/empty/crtField problem type: "+
+			"got %s want %s", problem.Type,
+			errPemInvalidSecret.Type)
+	}
+	if problem.Title != errPemInvalidSecret.Title {
+		t.Errorf("PUT /v1/pems/empty/crtField problem title: "+
+			"got %s want %s", problem.Title,
+			errPemInvalidSecret.Title)
+	}
+	fieldEmpty := "required field empty"
+	if problem.Detail != fieldEmpty {
+		t.Errorf("PUT /v1/pems/empty/crtField problem detail: "+
+			"got \"%s\" want \"%s\"", problem.Detail, fieldEmpty)
+	}
+	if problem.Status != http.StatusForbidden {
+		t.Errorf("PUT /v1/pems/empty/crtField problem status: "+
+			"got %d want %d", problem.Status, http.StatusForbidden)
+	}
+	if !errInstancePattern.Match([]byte(problem.Instance)) {
+		t.Errorf("PUT /v1/pems/empty/crtField problem instance: "+
+			"got %s want /log/errors/N", problem.Instance)
+	}
 	if files.Check("empty", "crtField", "", "") {
 		t.Error("files.Check() after PUT: got true want false")
 	}
@@ -512,7 +625,44 @@ func TestPutPem(t *testing.T) {
 		t.Errorf("PUT /v1/pems/empty/keyField status: got %d want %d",
 			rr.Code, http.StatusForbidden)
 	}
-	// XXX check response body
+	if rr.Header().Get("Content-Type") != problemContentType {
+		t.Errorf("PUT /v1/pems/empty/keyField Content-Type: "+
+			"got %s want %s",
+			rr.Header().Get("Content-Type"), problemContentType)
+	}
+	bodylen = len(rr.Body.String())
+	if rr.Header().Get("Content-Length") != strconv.Itoa(bodylen) {
+		t.Errorf("PUT /v1/pems/empty/keyField Content-Length: "+
+			"got %s want %d",
+			rr.Header().Get("Content-Length"), bodylen)
+	}
+	problem = &Problem{}
+	if err = json.Unmarshal(rr.Body.Bytes(), problem); err != nil {
+		t.Fatalf("PUT /v1/pems/empty/keyField body unmarshal: %v",
+			err)
+	}
+	if problem.Type != errPemInvalidSecret.Type {
+		t.Errorf("PUT /v1/pems/empty/keyField problem type: "+
+			"got %s want %s", problem.Type,
+			errPemInvalidSecret.Type)
+	}
+	if problem.Title != errPemInvalidSecret.Title {
+		t.Errorf("PUT /v1/pems/empty/keyField problem title: "+
+			"got %s want %s", problem.Title,
+			errPemInvalidSecret.Title)
+	}
+	if problem.Detail != fieldEmpty {
+		t.Errorf("PUT /v1/pems/empty/keyField problem detail: "+
+			"got \"%s\" want \"%s\"", problem.Detail, fieldEmpty)
+	}
+	if problem.Status != http.StatusForbidden {
+		t.Errorf("PUT /v1/pems/empty/keyField problem status: "+
+			"got %d want %d", problem.Status, http.StatusForbidden)
+	}
+	if !errInstancePattern.Match([]byte(problem.Instance)) {
+		t.Errorf("PUT /v1/pems/empty/keyField problem instance: "+
+			"got %s want /log/errors/N", problem.Instance)
+	}
 	if files.Check("empty", "keyField", "", "") {
 		t.Error("files.Check() after PUT: got true want false")
 	}
@@ -525,7 +675,45 @@ func TestPutPem(t *testing.T) {
 		t.Errorf("PUT /v1/pems/invalid/typeField status: "+
 			"got %d want %d", rr.Code, http.StatusForbidden)
 	}
-	// XXX check response body
+	if rr.Header().Get("Content-Type") != problemContentType {
+		t.Errorf("PUT /v1/pems/invalid/typeField Content-Type: "+
+			"got %s want %s",
+			rr.Header().Get("Content-Type"), problemContentType)
+	}
+	bodylen = len(rr.Body.String())
+	if rr.Header().Get("Content-Length") != strconv.Itoa(bodylen) {
+		t.Errorf("PUT /v1/pems/invalid/typeField Content-Length: "+
+			"got %s want %d",
+			rr.Header().Get("Content-Length"), bodylen)
+	}
+	problem = &Problem{}
+	if err = json.Unmarshal(rr.Body.Bytes(), problem); err != nil {
+		t.Fatalf("PUT /v1/pems/invalid/typeField body unmarshal: %v",
+			err)
+	}
+	if problem.Type != errPemInvalidSecret.Type {
+		t.Errorf("PUT /v1/pems/invalid/typeField problem type: "+
+			"got %s want %s", problem.Type,
+			errPemInvalidSecret.Type)
+	}
+	if problem.Title != errPemInvalidSecret.Title {
+		t.Errorf("PUT /v1/pems/invalid/typeField problem title: "+
+			"got %s want %s", problem.Title,
+			errPemInvalidSecret.Title)
+	}
+	invalidType := "invalid type value"
+	if problem.Detail != invalidType {
+		t.Errorf("PUT /v1/pems/invalid/typeField problem detail: "+
+			"got \"%s\" want \"%s\"", problem.Detail, invalidType)
+	}
+	if problem.Status != http.StatusForbidden {
+		t.Errorf("PUT /v1/pems/invalid/typeField problem status: "+
+			"got %d want %d", problem.Status, http.StatusForbidden)
+	}
+	if !errInstancePattern.Match([]byte(problem.Instance)) {
+		t.Errorf("PUT /v1/pems/invalid/typeField problem instance: "+
+			"got %s want /log/errors/N", problem.Instance)
+	}
 	if files.Check("invalid", "typeField", "", "") {
 		t.Error("files.Check() after PUT: got true want false")
 	}