Skip to content

K
k8s-crt-dnldr
Commit c3399057 authored by Geoff Simmons's avatar Geoff Simmons
Browse files
Options

REST error response body for invalid TLS Secrets on PUT.

parent 71566b51
Hide whitespace changes
Inline Side-by-side
Showing with 202 additions and 11 deletions
pkg/rest/handlers.go
View file @ c3399057
...@@ -101,6 +101,11 @@ var ( ...@@ -101,6 +101,11 @@ var (
Title: "Matching Secret not found", Title: "Matching Secret not found",
Detail: "", Detail: "",
} }
errPemInvalidSecret = ErrorDetails{
Type: "/errors/pems/invalidSecret",
Title: "Invalid TLS Secret",
Detail: "",
}
) )
// Problem Details object per RFC7807 // Problem Details object per RFC7807
...@@ -308,13 +313,11 @@ func (h *pemsHndlr) ServeHTTP(resp http.ResponseWriter, req *http.Request) { ...@@ -308,13 +313,11 @@ func (h *pemsHndlr) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
h.errorResponse(resp, req, now, http.StatusNotFound, h.errorResponse(resp, req, now, http.StatusNotFound,
errPemSecretNotFound, errr) errPemSecretNotFound, errr)
return return
} else if !valid || err != nil { } else if !valid {
// XXX problem description in body h.errorResponse(resp, req, now, http.StatusForbidden,
status = http.StatusForbidden errPemInvalidSecret, err)
errLog(h.log, req, err)
resp.WriteHeader(status)
reqLog(h.log, req, now, status, bytes)
return return
} else if err != nil {
} }
if !have { if !have {
status = http.StatusCreated status = http.StatusCreated
......
pkg/rest/handlers_test.go
View file @ c3399057
...@@ -473,7 +473,45 @@ func TestPutPem(t *testing.T) { ...@@ -473,7 +473,45 @@ func TestPutPem(t *testing.T) {
t.Errorf("PUT /v1/pems/missing/crtField status: got %d want %d", t.Errorf("PUT /v1/pems/missing/crtField status: got %d want %d",
rr.Code, http.StatusForbidden) rr.Code, http.StatusForbidden)
} }
// XXX check response body if rr.Header().Get("Content-Type") != problemContentType {
t.Errorf("PUT /v1/pems/missing/crtField Content-Type: "+
"got %s want %s",
rr.Header().Get("Content-Type"), problemContentType)
}
bodylen = len(rr.Body.String())
if rr.Header().Get("Content-Length") != strconv.Itoa(bodylen) {
t.Errorf("PUT /v1/pems/missing/crtField Content-Length: "+
"got %s want %d",
rr.Header().Get("Content-Length"), bodylen)
}
problem = &Problem{}
if err = json.Unmarshal(rr.Body.Bytes(), problem); err != nil {
t.Fatalf("PUT /v1/pems/missing/crtField body unmarshal: %v",
err)
}
if problem.Type != errPemInvalidSecret.Type {
t.Errorf("PUT /v1/pems/missing/crtField problem type: "+
"got %s want %s", problem.Type,
errPemInvalidSecret.Type)
}
if problem.Title != errPemInvalidSecret.Title {
t.Errorf("PUT /v1/pems/missing/crtField problem title: "+
"got %s want %s", problem.Title,
errPemInvalidSecret.Title)
}
fieldMissing := "required field missing"
if problem.Detail != fieldMissing {
t.Errorf("PUT /v1/pems/missing/crtField problem detail: "+
"got \"%s\" want \"%s\"", problem.Detail, fieldMissing)
}
if problem.Status != http.StatusForbidden {
t.Errorf("PUT /v1/pems/missing/crtField problem status: "+
"got %d want %d", problem.Status, http.StatusForbidden)
}
if !errInstancePattern.Match([]byte(problem.Instance)) {
t.Errorf("PUT /v1/pems/missing/crtField problem instance: "+
"got %s want /log/errors/N", problem.Instance)
}
if files.Check("missing", "crtField", "", "") { if files.Check("missing", "crtField", "", "") {
t.Error("files.Check() after PUT: got true want false") t.Error("files.Check() after PUT: got true want false")
} }
...@@ -486,7 +524,44 @@ func TestPutPem(t *testing.T) { ...@@ -486,7 +524,44 @@ func TestPutPem(t *testing.T) {
t.Errorf("PUT /v1/pems/missing/keyField status: got %d want %d", t.Errorf("PUT /v1/pems/missing/keyField status: got %d want %d",
rr.Code, http.StatusForbidden) rr.Code, http.StatusForbidden)
} }
// XXX check response body if rr.Header().Get("Content-Type") != problemContentType {
t.Errorf("PUT /v1/pems/missing/keyField Content-Type: "+
"got %s want %s",
rr.Header().Get("Content-Type"), problemContentType)
}
bodylen = len(rr.Body.String())
if rr.Header().Get("Content-Length") != strconv.Itoa(bodylen) {
t.Errorf("PUT /v1/pems/missing/keyField Content-Length: "+
"got %s want %d",
rr.Header().Get("Content-Length"), bodylen)
}
problem = &Problem{}
if err = json.Unmarshal(rr.Body.Bytes(), problem); err != nil {
t.Fatalf("PUT /v1/pems/missing/keyField body unmarshal: %v",
err)
}
if problem.Type != errPemInvalidSecret.Type {
t.Errorf("PUT /v1/pems/missing/keyField problem type: "+
"got %s want %s", problem.Type,
errPemInvalidSecret.Type)
}
if problem.Title != errPemInvalidSecret.Title {
t.Errorf("PUT /v1/pems/missing/keyField problem title: "+
"got %s want %s", problem.Title,
errPemInvalidSecret.Title)
}
if problem.Detail != fieldMissing {
t.Errorf("PUT /v1/pems/missing/keyField problem detail: "+
"got \"%s\" want \"%s\"", problem.Detail, fieldMissing)
}
if problem.Status != http.StatusForbidden {
t.Errorf("PUT /v1/pems/missing/keyField problem status: "+
"got %d want %d", problem.Status, http.StatusForbidden)
}
if !errInstancePattern.Match([]byte(problem.Instance)) {
t.Errorf("PUT /v1/pems/missing/keyField problem instance: "+
"got %s want /log/errors/N", problem.Instance)
}
if files.Check("missing", "keyField", "", "") { if files.Check("missing", "keyField", "", "") {
t.Error("files.Check() after PUT: got true want false") t.Error("files.Check() after PUT: got true want false")
} }
...@@ -499,7 +574,45 @@ func TestPutPem(t *testing.T) { ...@@ -499,7 +574,45 @@ func TestPutPem(t *testing.T) {
t.Errorf("PUT /v1/pems/empty/crtField status: got %d want %d", t.Errorf("PUT /v1/pems/empty/crtField status: got %d want %d",
rr.Code, http.StatusForbidden) rr.Code, http.StatusForbidden)
} }
// XXX check response body if rr.Header().Get("Content-Type") != problemContentType {
t.Errorf("PUT /v1/pems/empty/crtField Content-Type: "+
"got %s want %s",
rr.Header().Get("Content-Type"), problemContentType)
}
bodylen = len(rr.Body.String())
if rr.Header().Get("Content-Length") != strconv.Itoa(bodylen) {
t.Errorf("PUT /v1/pems/empty/crtField Content-Length: "+
"got %s want %d",
rr.Header().Get("Content-Length"), bodylen)
}
problem = &Problem{}
if err = json.Unmarshal(rr.Body.Bytes(), problem); err != nil {
t.Fatalf("PUT /v1/pems/empty/crtField body unmarshal: %v",
err)
}
if problem.Type != errPemInvalidSecret.Type {
t.Errorf("PUT /v1/pems/empty/crtField problem type: "+
"got %s want %s", problem.Type,
errPemInvalidSecret.Type)
}
if problem.Title != errPemInvalidSecret.Title {
t.Errorf("PUT /v1/pems/empty/crtField problem title: "+
"got %s want %s", problem.Title,
errPemInvalidSecret.Title)
}
fieldEmpty := "required field empty"
if problem.Detail != fieldEmpty {
t.Errorf("PUT /v1/pems/empty/crtField problem detail: "+
"got \"%s\" want \"%s\"", problem.Detail, fieldEmpty)
}
if problem.Status != http.StatusForbidden {
t.Errorf("PUT /v1/pems/empty/crtField problem status: "+
"got %d want %d", problem.Status, http.StatusForbidden)
}
if !errInstancePattern.Match([]byte(problem.Instance)) {
t.Errorf("PUT /v1/pems/empty/crtField problem instance: "+
"got %s want /log/errors/N", problem.Instance)
}
if files.Check("empty", "crtField", "", "") { if files.Check("empty", "crtField", "", "") {
t.Error("files.Check() after PUT: got true want false") t.Error("files.Check() after PUT: got true want false")
} }
...@@ -512,7 +625,44 @@ func TestPutPem(t *testing.T) { ...@@ -512,7 +625,44 @@ func TestPutPem(t *testing.T) {
t.Errorf("PUT /v1/pems/empty/keyField status: got %d want %d", t.Errorf("PUT /v1/pems/empty/keyField status: got %d want %d",
rr.Code, http.StatusForbidden) rr.Code, http.StatusForbidden)
} }
// XXX check response body if rr.Header().Get("Content-Type") != problemContentType {
t.Errorf("PUT /v1/pems/empty/keyField Content-Type: "+
"got %s want %s",
rr.Header().Get("Content-Type"), problemContentType)
}
bodylen = len(rr.Body.String())
if rr.Header().Get("Content-Length") != strconv.Itoa(bodylen) {
t.Errorf("PUT /v1/pems/empty/keyField Content-Length: "+
"got %s want %d",
rr.Header().Get("Content-Length"), bodylen)
}
problem = &Problem{}
if err = json.Unmarshal(rr.Body.Bytes(), problem); err != nil {
t.Fatalf("PUT /v1/pems/empty/keyField body unmarshal: %v",
err)
}
if problem.Type != errPemInvalidSecret.Type {
t.Errorf("PUT /v1/pems/empty/keyField problem type: "+
"got %s want %s", problem.Type,
errPemInvalidSecret.Type)
}
if problem.Title != errPemInvalidSecret.Title {
t.Errorf("PUT /v1/pems/empty/keyField problem title: "+
"got %s want %s", problem.Title,
errPemInvalidSecret.Title)
}
if problem.Detail != fieldEmpty {
t.Errorf("PUT /v1/pems/empty/keyField problem detail: "+
"got \"%s\" want \"%s\"", problem.Detail, fieldEmpty)
}
if problem.Status != http.StatusForbidden {
t.Errorf("PUT /v1/pems/empty/keyField problem status: "+
"got %d want %d", problem.Status, http.StatusForbidden)
}
if !errInstancePattern.Match([]byte(problem.Instance)) {
t.Errorf("PUT /v1/pems/empty/keyField problem instance: "+
"got %s want /log/errors/N", problem.Instance)
}
if files.Check("empty", "keyField", "", "") { if files.Check("empty", "keyField", "", "") {
t.Error("files.Check() after PUT: got true want false") t.Error("files.Check() after PUT: got true want false")
} }
...@@ -525,7 +675,45 @@ func TestPutPem(t *testing.T) { ...@@ -525,7 +675,45 @@ func TestPutPem(t *testing.T) {
t.Errorf("PUT /v1/pems/invalid/typeField status: "+ t.Errorf("PUT /v1/pems/invalid/typeField status: "+
"got %d want %d", rr.Code, http.StatusForbidden) "got %d want %d", rr.Code, http.StatusForbidden)
} }
// XXX check response body if rr.Header().Get("Content-Type") != problemContentType {
t.Errorf("PUT /v1/pems/invalid/typeField Content-Type: "+
"got %s want %s",
rr.Header().Get("Content-Type"), problemContentType)
}
bodylen = len(rr.Body.String())
if rr.Header().Get("Content-Length") != strconv.Itoa(bodylen) {
t.Errorf("PUT /v1/pems/invalid/typeField Content-Length: "+
"got %s want %d",
rr.Header().Get("Content-Length"), bodylen)
}
problem = &Problem{}
if err = json.Unmarshal(rr.Body.Bytes(), problem); err != nil {
t.Fatalf("PUT /v1/pems/invalid/typeField body unmarshal: %v",
err)
}
if problem.Type != errPemInvalidSecret.Type {
t.Errorf("PUT /v1/pems/invalid/typeField problem type: "+
"got %s want %s", problem.Type,
errPemInvalidSecret.Type)
}
if problem.Title != errPemInvalidSecret.Title {
t.Errorf("PUT /v1/pems/invalid/typeField problem title: "+
"got %s want %s", problem.Title,
errPemInvalidSecret.Title)
}
invalidType := "invalid type value"
if problem.Detail != invalidType {
t.Errorf("PUT /v1/pems/invalid/typeField problem detail: "+
"got \"%s\" want \"%s\"", problem.Detail, invalidType)
}
if problem.Status != http.StatusForbidden {
t.Errorf("PUT /v1/pems/invalid/typeField problem status: "+
"got %d want %d", problem.Status, http.StatusForbidden)
}
if !errInstancePattern.Match([]byte(problem.Instance)) {
t.Errorf("PUT /v1/pems/invalid/typeField problem instance: "+
"got %s want /log/errors/N", problem.Instance)
}
if files.Check("invalid", "typeField", "", "") { if files.Check("invalid", "typeField", "", "") {
t.Error("files.Check() after PUT: got true want false") t.Error("files.Check() after PUT: got true want false")
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment