Address code review remarks

authority/admin/api/webhook.go

@@ -56,9 +56,7 @@ func validateWebhook(webhook *linkedca.Webhook) error {
 	}
 
 	// kind
-	switch webhook.Kind {
-	case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING, linkedca.Webhook_SCEPCHALLENGE, linkedca.Webhook_NOTIFYING:
-	default:
+	if _, ok := linkedca.Webhook_Kind_name[int32(webhook.Kind)]; !ok || webhook.Kind == linkedca.Webhook_NO_KIND {
 		return admin.NewError(admin.ErrorBadRequestType, "webhook kind %q is invalid", webhook.Kind)
 	}
 

authority/provisioner/scep.go

@@ -197,12 +197,8 @@ func (c *notificationController) Success(ctx context.Context, csr *x509.Certific
 		}
 		req.X509Certificate.Raw = cert.Raw // adding the full certificate DER bytes
 		req.SCEPTransactionID = transactionID
-		resp, err := wh.DoWithContext(ctx, c.client, req, nil)
-		if err != nil {
-			return fmt.Errorf("failed executing webhook request: %w", err)
-		}
-		if !resp.Allow { // TODO(hs): different response for notifying?
-			return ErrSCEPNotificationFailed // return early
+		if _, err = wh.DoWithContext(ctx, c.client, req, nil); err != nil {
+			return fmt.Errorf("failed executing webhook request: %w: %w", ErrSCEPNotificationFailed, err)
 		}
 	}
 
@@ -218,12 +214,8 @@ func (c *notificationController) Failure(ctx context.Context, csr *x509.Certific
 		req.SCEPTransactionID = transactionID
 		req.SCEPErrorCode = errorCode
 		req.SCEPErrorDescription = errorDescription
-		resp, err := wh.DoWithContext(ctx, c.client, req, nil)
-		if err != nil {
-			return fmt.Errorf("failed executing webhook request: %w", err)
-		}
-		if !resp.Allow { // TODO(hs): different response for notifying?
-			return ErrSCEPNotificationFailed // return early
+		if _, err = wh.DoWithContext(ctx, c.client, req, nil); err != nil {
+			return fmt.Errorf("failed executing webhook request: %w: %w", ErrSCEPNotificationFailed, err)
 		}
 	}
 

scep/api/api.go

@@ -333,10 +333,7 @@ func PKIOperation(ctx context.Context, req request) (Response, error) {
 
 	certRep, err := auth.SignCSR(ctx, csr, msg)
 	if err != nil {
-		// default to ERROR_INTERNAL_ERROR: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d
-		errorCode := 0x0000054F
-		errorDescription := err.Error()
-		if notifyErr := auth.NotifyFailure(ctx, csr, transactionID, errorCode, errorDescription); notifyErr != nil {
+		if notifyErr := auth.NotifyFailure(ctx, csr, transactionID, 0, err.Error()); notifyErr != nil {
 			// TODO(hs): ignore this error case? It's not critical if the notification fails; but logging it might be good
 			_ = notifyErr
 		}

scep/context.go

@@ -1 +0,0 @@
-package scep

webhook/types.go

@@ -80,7 +80,7 @@ type RequestBody struct {
 	X509Certificate        *X509Certificate        `json:"x509Certificate,omitempty"`
 	SSHCertificateRequest  *SSHCertificateRequest  `json:"sshCertificateRequest,omitempty"`
 	SSHCertificate         *SSHCertificate         `json:"sshCertificate,omitempty"`
-	// Only set for SCEP challenge validation requests
+	// Only set for SCEP webhook requests
 	SCEPChallenge        string `json:"scepChallenge,omitempty"`
 	SCEPTransactionID    string `json:"scepTransactionID,omitempty"`
 	SCEPErrorCode        int    `json:"scepErrorCode,omitempty"`