Add a helper function to build ACME API patterns (#20180)

- Add a helper function that can accept the final API path along with the pattern function for an ACME api definition and generate the various flavors for the given API
2025-11-01 19:17:58 +00:00 · 2023-04-14 14:48:33 -04:00
parent 3e022a3910
commit 3acbeddf7a
8 changed files with 57 additions and 191 deletions
--- a/builtin/logical/pki/backend.go
+++ b/builtin/logical/pki/backend.go
@@ -216,43 +216,7 @@ func Backend(conf *logical.BackendConfig) *backend {
 			pathResignCrls(&b),
 			pathSignRevocationList(&b),

-			// ACME APIs
-			pathAcmeRootDirectory(&b),
-			pathAcmeRoleDirectory(&b),
-			pathAcmeIssuerDirectory(&b),
-			pathAcmeIssuerAndRoleDirectory(&b),
-			pathAcmeRootNonce(&b),
-			pathAcmeRoleNonce(&b),
-			pathAcmeIssuerNonce(&b),
-			pathAcmeIssuerAndRoleNonce(&b),
-			pathAcmeRootNewAccount(&b),
-			pathAcmeRoleNewAccount(&b),
-			pathAcmeIssuerNewAccount(&b),
-			pathAcmeIssuerAndRoleNewAccount(&b),
-			pathAcmeRootUpdateAccount(&b),
-			pathAcmeRoleUpdateAccount(&b),
-			pathAcmeIssuerUpdateAccount(&b),
-			pathAcmeIssuerAndRoleUpdateAccount(&b),
-			pathAcmeRootAuthorization(&b),
-			pathAcmeRoleAuthorization(&b),
-			pathAcmeIssuerAuthorization(&b),
-			pathAcmeIssuerAndRoleAuthorization(&b),
-			pathAcmeRootChallenge(&b),
-			pathAcmeRoleChallenge(&b),
-			pathAcmeIssuerChallenge(&b),
-			pathAcmeIssuerAndRoleChallenge(&b),
-			pathAcmeRootNewOrder(&b),
-			pathAcmeRoleNewOrder(&b),
-			pathAcmeIssuerNewOrder(&b),
-			pathAcmeIssuerAndRoleNewOrder(&b),
-			pathAcmeRootListOrders(&b),
-			pathAcmeRoleListOrders(&b),
-			pathAcmeIssuerListOrders(&b),
-			pathAcmeIssuerAndRoleListOrders(&b),
-			pathAcmeRootGetOrder(&b),
-			pathAcmeRoleGetOrder(&b),
-			pathAcmeIssuerGetOrder(&b),
-			pathAcmeIssuerAndRoleGetOrder(&b),
+			// ACME APIs see below
 		},

 		Secrets: []*framework.Secret{
@@ -265,6 +229,22 @@ func Backend(conf *logical.BackendConfig) *backend {
 		PeriodicFunc:   b.periodicFunc,
 	}

+	// Add ACME paths to backend
+	var acmePaths []*framework.Path
+	acmePaths = append(acmePaths, pathAcmeDirectory(&b)...)
+	acmePaths = append(acmePaths, pathAcmeNonce(&b)...)
+	acmePaths = append(acmePaths, pathAcmeNewAccount(&b)...)
+	acmePaths = append(acmePaths, pathAcmeUpdateAccount(&b)...)
+	acmePaths = append(acmePaths, pathAcmeGetOrder(&b)...)
+	acmePaths = append(acmePaths, pathAcmeListOrders(&b)...)
+	acmePaths = append(acmePaths, pathAcmeNewOrder(&b)...)
+	acmePaths = append(acmePaths, pathAcmeChallenge(&b)...)
+	acmePaths = append(acmePaths, pathAcmeAuthorization(&b)...)
+
+	for _, acmePath := range acmePaths {
+		b.Backend.Paths = append(b.Backend.Paths, acmePath)
+	}
+
 	// Add specific un-auth'd paths for ACME APIs
 	for _, acmePrefix := range []string{"", "issuer/+/", "roles/+/", "issuer/+/roles/+/"} {
 		b.PathsSpecial.Unauthenticated = append(b.PathsSpecial.Unauthenticated, acmePrefix+"acme/directory")