Skip to content

Feat/ca cleanup enrollment fields#32

Merged
spbsoluble merged 8 commits intomainfrom
feat/ca-cleanup-enrollment-fields
Apr 30, 2026
Merged

Feat/ca cleanup enrollment fields#32
spbsoluble merged 8 commits intomainfrom
feat/ca-cleanup-enrollment-fields

Conversation

@spbsoluble
Copy link
Copy Markdown
Contributor

@spbsoluble spbsoluble commented Apr 23, 2026
edited
Loading

Summary

  • feat: Add UseForEnrollment, ForceSave, and certificate cleanup fields (AllowedEnrollmentTypes, StandaloneCA, MonitorThresholds, etc.) to CA request/response models in v24/api/keyfactor/v1
  • fix: Restore AccessToken, Audience, Scopes fields to buildHttpClientV2 OAuth config (broken in prior refactor)
  • fix: Apply port-443 URL normalization fix from release-v24.0; sync CHANGELOG
  • test: Add OAuth access_token regression tests for v2 client (v24 + v25)
  • test: Add CA model regression tests covering cleanup/enrollment fields (model_certificate_authorities_test.go) for v24/v25
  • test: Port OAuth and CA model regression tests to v25

Motivation

The provider (terraform-provider-keyfactor) requires these CA model fields for the CA resource create/update/delete lifecycle — specifically ForceSave to bypass connectivity validation, AllowedEnrollmentTypes for standalone CAs, and scan schedule fields whose presence blocks CA deletion on DCOM labs. The OAuth fix is required for labs using access_token auth.

These changes have been validated against the ses2541 lab (EJBCA/OAuth) via the provider's integration test suite running on v24.1.1-rc.3.

Test plan

  • Unit tests pass: go test ./... in v24/ and v25/
  • CA model regression tests cover all new fields
  • OAuth client tests cover access_token, audience, scopes round-trip
  • Provider integration tests pass against ses2541 lab on the resulting stable tag

@spbsoluble
feat: add UseForEnrollment and certificate cleanup fields to CA models
2c45a4d
@spbsoluble
fix: restore AccessToken, Audience, Scopes to buildHttpClientV2 OAuth…
1f5dae1 
… config

Commit 2b88eb2 (2026-03-18) accidentally stripped AccessToken, Audience,
and Scopes from the CommandConfigOauth struct literal in buildHttpClientV2
in both v1/client.go and v2/client.go. This broke pre-fetched access_token
authentication mode where users supply only hostname + access_token without
client_id/client_secret/token_url.

Restore all three fields so the auth client receives the caller-provided
token, audience, and scopes.
@spbsoluble
test: add OAuth access_token regression tests (unit + integration)
8fb0d1c
@spbsoluble
test: add OAuth access_token regression tests for v2 client
0a2ee03
@spbsoluble
test: add regression tests for CA cleanup and enrollment model fields
167ba1c
@spbsoluble
fix: apply port-443 URL fix and sync CHANGELOG from release-v24.0
82abd83
@spbsoluble
test: port OAuth and CA model regression tests to v25
f0f1e43
@spbsoluble
chore(docs): add v24.1.1 and v25.1.1 CHANGELOG entries
0bb5656
@spbsoluble spbsoluble merged commit 229db7d into main Apr 30, 2026
29 of 30 checks passed
@spbsoluble spbsoluble deleted the feat/ca-cleanup-enrollment-fields branch April 30, 2026 14:57
@spbsoluble spbsoluble mentioned this pull request Apr 30, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@spbsoluble