fix: reorder host insert before cert issuance, add migration for missing columns
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
CI Pipeline / Clippy Lints (push) Successful in 53s
CI Pipeline / Rust Unit Tests (push) Successful in 1m12s
CI Pipeline / Security Audit (push) Successful in 3s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
CI Pipeline / Build .deb & Release (push) Has been skipped
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
CI Pipeline / Clippy Lints (push) Successful in 53s
CI Pipeline / Rust Unit Tests (push) Successful in 1m12s
CI Pipeline / Security Audit (push) Successful in 3s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
CI Pipeline / Build .deb & Release (push) Has been skipped
This commit is contained in:
@ -225,7 +225,33 @@ async fn approve_enrollment(
|
|||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate PKI bundle using CA
|
// Move to hosts table FIRST (certificates table has FK reference to hosts)
|
||||||
|
let os_name = enrollment_request
|
||||||
|
.os_details
|
||||||
|
.get("name")
|
||||||
|
.and_then(|v| v.as_str())
|
||||||
|
.map(|s| s.to_string());
|
||||||
|
sqlx::query(
|
||||||
|
r#"
|
||||||
|
INSERT INTO hosts (id, fqdn, ip_address, os_name, registered_at, updated_at)
|
||||||
|
VALUES ($1, $2, $3::inet, $4, NOW(), NOW())
|
||||||
|
"#,
|
||||||
|
)
|
||||||
|
.bind(enrollment_request.id)
|
||||||
|
.bind(&enrollment_request.fqdn)
|
||||||
|
.bind(&enrollment_request.ip_address.to_string())
|
||||||
|
.bind(os_name)
|
||||||
|
.execute(&state.db)
|
||||||
|
.await
|
||||||
|
.map_err(|e| {
|
||||||
|
tracing::error!(error = %e, "Failed to insert host after approval");
|
||||||
|
(
|
||||||
|
StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
|
Json(serde_json::json!({ "error": "Database error" })),
|
||||||
|
)
|
||||||
|
})?;
|
||||||
|
|
||||||
|
// Generate PKI bundle using CA (after host row exists)
|
||||||
let issued = state
|
let issued = state
|
||||||
.ca
|
.ca
|
||||||
.issue_client_cert(
|
.issue_client_cert(
|
||||||
@ -243,33 +269,6 @@ async fn approve_enrollment(
|
|||||||
)
|
)
|
||||||
})?;
|
})?;
|
||||||
|
|
||||||
// Move to hosts table
|
|
||||||
let os_name = enrollment_request
|
|
||||||
.os_details
|
|
||||||
.get("name")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.map(|s| s.to_string());
|
|
||||||
sqlx::query(
|
|
||||||
r#"
|
|
||||||
INSERT INTO hosts (id, fqdn, ip_address, os_name, registered_at, updated_at, machine_id)
|
|
||||||
VALUES ($1, $2, $3::inet, $4, NOW(), NOW(), $5)
|
|
||||||
"#,
|
|
||||||
)
|
|
||||||
.bind(enrollment_request.id)
|
|
||||||
.bind(&enrollment_request.fqdn)
|
|
||||||
.bind(&enrollment_request.ip_address.to_string())
|
|
||||||
.bind(os_name)
|
|
||||||
.bind(enrollment_request.machine_id)
|
|
||||||
.execute(&state.db)
|
|
||||||
.await
|
|
||||||
.map_err(|e| {
|
|
||||||
tracing::error!(error = %e, "Failed to insert host after approval");
|
|
||||||
(
|
|
||||||
StatusCode::INTERNAL_SERVER_ERROR,
|
|
||||||
Json(serde_json::json!({ "error": "Database error" })),
|
|
||||||
)
|
|
||||||
})?;
|
|
||||||
|
|
||||||
// Delete from enrollment_requests table
|
// Delete from enrollment_requests table
|
||||||
db::delete_enrollment_request(&state.db, id)
|
db::delete_enrollment_request(&state.db, id)
|
||||||
.await
|
.await
|
||||||
|
|||||||
5
migrations/017_enrollment_host_columns.sql
Normal file
5
migrations/017_enrollment_host_columns.sql
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
-- Migration: 017_enrollment_host_columns
|
||||||
|
-- Add missing columns for enrollment support
|
||||||
|
ALTER TABLE hosts ADD COLUMN IF NOT EXISTS machine_id TEXT;
|
||||||
|
ALTER TABLE certificates ADD COLUMN IF NOT EXISTS ip_address INET;
|
||||||
|
ALTER TABLE certificates ADD COLUMN IF NOT EXISTS key_pem TEXT;
|
||||||
Reference in New Issue
Block a user