Skip to content

Commit

Permalink
certificate_packs: deprecate "custom" in favour of ACM
Browse files Browse the repository at this point in the history
Triggered by cloudflare/cf-terraforming#443 validation mismatches, I
went ahead and updated `CertificatePacks` to only reference ACM
configuration now that dedicated custom/custom certificates are no more.
  • Loading branch information
jacobbednarz committed Aug 10, 2022
1 parent 4d8affc commit af411c5
Show file tree
Hide file tree
Showing 2 changed files with 80 additions and 149 deletions.
70 changes: 20 additions & 50 deletions certificate_packs.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,25 +33,21 @@ type CertificatePackCertificate struct {

// CertificatePack is the overarching structure of a certificate pack response.
type CertificatePack struct {
ID string `json:"id"`
Type string `json:"type"`
Hosts []string `json:"hosts"`
Certificates []CertificatePackCertificate `json:"certificates"`
PrimaryCertificate string `json:"primary_certificate"`
ValidationRecords []SSLValidationRecord `json:"validation_records,omitempty"`
ValidationErrors []SSLValidationError `json:"validation_errors,omitempty"`
ID string `json:"id"`
Type string `json:"type"`
Hosts []string `json:"hosts"`
Certificates []CertificatePackCertificate `json:"certificates"`
PrimaryCertificate string `json:"primary_certificate"`
ValidationRecords []SSLValidationRecord `json:"validation_records,omitempty"`
ValidationErrors []SSLValidationError `json:"validation_errors,omitempty"`
ValidationMethod string `json:"validation_method"`
ValidityDays int `json:"validity_days"`
CertificateAuthority string `json:"certificate_authority"`
CloudflareBranding bool `json:"cloudflare_branding"`
}

// CertificatePackRequest is used for requesting a new certificate.
type CertificatePackRequest struct {
Type string `json:"type"`
Hosts []string `json:"hosts"`
}

// CertificatePackAdvancedCertificate is the structure of the advanced
// certificate pack certificate.
type CertificatePackAdvancedCertificate struct {
ID string `json:"id"`
Type string `json:"type"`
Hosts []string `json:"hosts"`
ValidationMethod string `json:"validation_method"`
Expand All @@ -74,13 +70,6 @@ type CertificatePacksDetailResponse struct {
Result CertificatePack `json:"result"`
}

// CertificatePacksAdvancedDetailResponse contains a single advanced certificate
// pack in the response.
type CertificatePacksAdvancedDetailResponse struct {
Response
Result CertificatePackAdvancedCertificate `json:"result"`
}

// ListCertificatePacks returns all available TLS certificate packs for a zone.
//
// API Reference: https://api.cloudflare.com/#certificate-packs-list-certificate-packs
Expand Down Expand Up @@ -121,9 +110,9 @@ func (api *API) CertificatePack(ctx context.Context, zoneID, certificatePackID s

// CreateCertificatePack creates a new certificate pack associated with a zone.
//
// API Reference: https://api.cloudflare.com/#certificate-packs-order-certificate-pack
// API Reference: https://api.cloudflare.com/#certificate-packs-order-advanced-certificate-manager-certificate-pack
func (api *API) CreateCertificatePack(ctx context.Context, zoneID string, cert CertificatePackRequest) (CertificatePack, error) {
uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs", zoneID)
uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/order", zoneID)
res, err := api.makeRequestContext(ctx, http.MethodPost, uri, cert)
if err != nil {
return CertificatePack{}, err
Expand Down Expand Up @@ -151,41 +140,22 @@ func (api *API) DeleteCertificatePack(ctx context.Context, zoneID, certificateID
return nil
}

// CreateAdvancedCertificatePack creates a new certificate pack associated with a zone.
//
// API Reference: https://api.cloudflare.com/#certificate-packs-order-certificate-pack
func (api *API) CreateAdvancedCertificatePack(ctx context.Context, zoneID string, cert CertificatePackAdvancedCertificate) (CertificatePackAdvancedCertificate, error) {
uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/order", zoneID)
res, err := api.makeRequestContext(ctx, http.MethodPost, uri, cert)
if err != nil {
return CertificatePackAdvancedCertificate{}, err
}

var advancedCertificatePacksDetailResponse CertificatePacksAdvancedDetailResponse
err = json.Unmarshal(res, &advancedCertificatePacksDetailResponse)
if err != nil {
return CertificatePackAdvancedCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}

return advancedCertificatePacksDetailResponse.Result, nil
}

// RestartAdvancedCertificateValidation kicks off the validation process for a
// RestartCertificateValidation kicks off the validation process for a
// pending certificate pack.
//
// API Reference: https://api.cloudflare.com/#certificate-packs-restart-validation-for-advanced-certificate-manager-certificate-pack
func (api *API) RestartAdvancedCertificateValidation(ctx context.Context, zoneID, certificateID string) (CertificatePackAdvancedCertificate, error) {
func (api *API) RestartCertificateValidation(ctx context.Context, zoneID, certificateID string) (CertificatePack, error) {
uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/%s", zoneID, certificateID)
res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, nil)
if err != nil {
return CertificatePackAdvancedCertificate{}, err
return CertificatePack{}, err
}

var advancedCertificatePacksDetailResponse CertificatePacksAdvancedDetailResponse
err = json.Unmarshal(res, &advancedCertificatePacksDetailResponse)
var certificatePackResponse CertificatePacksDetailResponse
err = json.Unmarshal(res, &certificatePackResponse)
if err != nil {
return CertificatePackAdvancedCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
return CertificatePack{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}

return advancedCertificatePacksDetailResponse.Result, nil
return certificatePackResponse.Result, nil
}
159 changes: 60 additions & 99 deletions certificate_packs_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,13 @@ var (
expiresOn, _ = time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")

desiredCertificatePack = CertificatePack{
ID: "3822ff90-ea29-44df-9e55-21300bb9419b",
Type: "custom",
Hosts: []string{"example.com", "*.example.com", "www.example.com"},
PrimaryCertificate: "b2cfa4183267af678ea06c7407d4d6d8",
ID: "3822ff90-ea29-44df-9e55-21300bb9419b",
Type: "advanced",
Hosts: []string{"example.com", "*.example.com", "www.example.com"},
PrimaryCertificate: "b2cfa4183267af678ea06c7407d4d6d8",
ValidationMethod: "txt",
ValidityDays: 90,
CertificateAuthority: "lets_encrypt",
Certificates: []CertificatePackCertificate{{
ID: "3822ff90-ea29-44df-9e55-21300bb9419b",
Hosts: []string{"example.com"},
Expand All @@ -27,13 +30,22 @@ var (
Status: "active",
BundleMethod: "ubiquitous",
GeoRestrictions: CertificatePackGeoRestrictions{Label: "us"},
ZoneID: "023e105f4ecef8ad9ca31a8372d0c353",
ZoneID: testZoneID,
UploadedOn: uploadedOn,
ModifiedOn: uploadedOn,
ExpiresOn: expiresOn,
Priority: 1,
}},
}

pendingCertificatePack = CertificatePack{
ID: "3822ff90-ea29-44df-9e55-21300bb9419b",
Type: "advanced",
Hosts: []string{"example.com", "*.example.com", "www.example.com"},
ValidationMethod: "txt",
ValidityDays: 90,
CertificateAuthority: "lets_encrypt",
}
)

func TestListCertificatePacks(t *testing.T) {
Expand All @@ -50,12 +62,15 @@ func TestListCertificatePacks(t *testing.T) {
"result": [
{
"id": "3822ff90-ea29-44df-9e55-21300bb9419b",
"type": "custom",
"type": "advanced",
"hosts": [
"example.com",
"*.example.com",
"www.example.com"
],
"validity_days": 90,
"validation_method": "txt",
"certificate_authority": "lets_encrypt",
"certificates": [
{
"id": "3822ff90-ea29-44df-9e55-21300bb9419b",
Expand All @@ -69,7 +84,7 @@ func TestListCertificatePacks(t *testing.T) {
"geo_restrictions": {
"label": "us"
},
"zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
"zone_id": "%[1]s",
"uploaded_on": "2014-01-01T05:20:00Z",
"modified_on": "2014-01-01T05:20:00Z",
"expires_on": "2016-01-01T05:20:00Z",
Expand All @@ -80,13 +95,13 @@ func TestListCertificatePacks(t *testing.T) {
}
]
}
`)
`, testZoneID)
}

mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/ssl/certificate_packs", handler)
mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs", handler)

want := []CertificatePack{desiredCertificatePack}
actual, err := client.ListCertificatePacks(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
actual, err := client.ListCertificatePacks(context.Background(), testZoneID)

if assert.NoError(t, err) {
assert.Equal(t, want, actual)
Expand All @@ -106,7 +121,10 @@ func TestListCertificatePack(t *testing.T) {
"messages": [],
"result": {
"id": "3822ff90-ea29-44df-9e55-21300bb9419b",
"type": "custom",
"type": "advanced",
"validity_days": 90,
"validation_method": "txt",
"certificate_authority": "lets_encrypt",
"hosts": [
"example.com",
"*.example.com",
Expand All @@ -125,7 +143,7 @@ func TestListCertificatePack(t *testing.T) {
"geo_restrictions": {
"label": "us"
},
"zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
"zone_id": "%[1]s",
"uploaded_on": "2014-01-01T05:20:00Z",
"modified_on": "2014-01-01T05:20:00Z",
"expires_on": "2016-01-01T05:20:00Z",
Expand All @@ -135,12 +153,12 @@ func TestListCertificatePack(t *testing.T) {
"primary_certificate": "b2cfa4183267af678ea06c7407d4d6d8"
}
}
`)
`, testZoneID)
}

mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)
mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)

actual, err := client.CertificatePack(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "3822ff90-ea29-44df-9e55-21300bb9419b")
actual, err := client.CertificatePack(context.Background(), testZoneID, "3822ff90-ea29-44df-9e55-21300bb9419b")

if assert.NoError(t, err) {
assert.Equal(t, desiredCertificatePack, actual)
Expand All @@ -155,97 +173,40 @@ func TestCreateCertificatePack(t *testing.T) {
assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
w.Header().Set("content-type", "application/json")
fmt.Fprintf(w, `{
"success": true,
"errors": [],
"messages": [],
"result": {
"id": "3822ff90-ea29-44df-9e55-21300bb9419b",
"type": "custom",
"hosts": [
"example.com",
"*.example.com",
"www.example.com"
],
"certificates": [
{
"success": true,
"errors": [],
"messages": [],
"result": {
"id": "3822ff90-ea29-44df-9e55-21300bb9419b",
"type": "advanced",
"hosts": [
"example.com"
"example.com",
"*.example.com",
"www.example.com"
],
"issuer": "GlobalSign",
"signature": "SHA256WithRSA",
"status": "active",
"bundle_method": "ubiquitous",
"geo_restrictions": {
"label": "us"
},
"zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
"uploaded_on": "2014-01-01T05:20:00Z",
"modified_on": "2014-01-01T05:20:00Z",
"expires_on": "2016-01-01T05:20:00Z",
"priority": 1
"status": "initializing",
"validation_method": "txt",
"validity_days": 90,
"certificate_authority": "lets_encrypt",
"cloudflare_branding": false
}
],
"primary_certificate": "b2cfa4183267af678ea06c7407d4d6d8"
}
}
}
`)
}

mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/ssl/certificate_packs", handler)

certificate := CertificatePackRequest{Type: "custom", Hosts: []string{"example.com", "*.example.com", "www.example.com"}}
actual, err := client.CreateCertificatePack(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", certificate)

if assert.NoError(t, err) {
assert.Equal(t, desiredCertificatePack, actual)
}
}

func TestCreateAdvancedCertificatePack(t *testing.T) {
setup()
defer teardown()

handler := func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
w.Header().Set("content-type", "application/json")
fmt.Fprintf(w, `{
"success": true,
"errors": [],
"messages": [],
"result": {
"id": "3822ff90-ea29-44df-9e55-21300bb9419b",
"type": "advanced",
"hosts": [
"example.com",
"*.example.com",
"www.example.com"
],
"status": "initializing",
"validation_method": "txt",
"validity_days": 365,
"certificate_authority": "digicert",
"cloudflare_branding": false
}
}`)
}

mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/ssl/certificate_packs/order", handler)
mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/order", handler)

certificate := CertificatePackAdvancedCertificate{
ID: "3822ff90-ea29-44df-9e55-21300bb9419b",
certificate := CertificatePackRequest{
Type: "advanced",
Hosts: []string{"example.com", "*.example.com", "www.example.com"},
ValidityDays: 365,
ValidationMethod: "txt",
CertificateAuthority: "digicert",
CloudflareBranding: false,
ValidityDays: 90,
CertificateAuthority: "lets_encrypt",
}

actual, err := client.CreateAdvancedCertificatePack(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", certificate)
actual, err := client.CreateCertificatePack(context.Background(), testZoneID, certificate)

if assert.NoError(t, err) {
assert.Equal(t, certificate, actual)
assert.Equal(t, pendingCertificatePack, actual)
}
}

Expand All @@ -271,25 +232,25 @@ func TestRestartAdvancedCertificateValidation(t *testing.T) {
"status": "initializing",
"validation_method": "txt",
"validity_days": 365,
"certificate_authority": "digicert",
"certificate_authority": "lets_encrypt",
"cloudflare_branding": false
}
}`)
}

mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)
mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)

certificate := CertificatePackAdvancedCertificate{
certificate := CertificatePack{
ID: "3822ff90-ea29-44df-9e55-21300bb9419b",
Type: "advanced",
Hosts: []string{"example.com", "*.example.com", "www.example.com"},
ValidityDays: 365,
ValidationMethod: "txt",
CertificateAuthority: "digicert",
CertificateAuthority: "lets_encrypt",
CloudflareBranding: false,
}

actual, err := client.RestartAdvancedCertificateValidation(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "3822ff90-ea29-44df-9e55-21300bb9419b")
actual, err := client.RestartCertificateValidation(context.Background(), testZoneID, "3822ff90-ea29-44df-9e55-21300bb9419b")

if assert.NoError(t, err) {
assert.Equal(t, certificate, actual)
Expand All @@ -314,9 +275,9 @@ func TestDeleteCertificatePack(t *testing.T) {
`)
}

mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)
mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)

err := client.DeleteCertificatePack(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "3822ff90-ea29-44df-9e55-21300bb9419b")
err := client.DeleteCertificatePack(context.Background(), testZoneID, "3822ff90-ea29-44df-9e55-21300bb9419b")

assert.NoError(t, err)
}

0 comments on commit af411c5

Please sign in to comment.