Add missing error handling and a few more test assertions

hashicorp · Dec 12, 2024 · bdc4abd · bdc4abd
1 parent 4af9d43
commit bdc4abd
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/builtin/logical/pki/path_acme_account_mgmt.go b/builtin/logical/pki/path_acme_account_mgmt.go
@@ -122,6 +122,9 @@ func (b *backend) pathAcmeMgmtUpdateAccount(ctx context.Context, r *logical.Requ
 	}
 
 	status, err := convertToAccountStatus(d.Get("status"))
+	if err != nil {
+		return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
+	}
 	if status != AccountStatusValid && status != AccountStatusRevoked {
 		return logical.ErrorResponse("invalid status %q", status), logical.ErrInvalidRequest
 	}

diff --git a/builtin/logical/pki/path_acme_test.go b/builtin/logical/pki/path_acme_test.go
@@ -1860,7 +1860,11 @@ func TestVaultOperatorACMEDisableWorkflow(t *testing.T) {
 	require.ErrorContains(t, err, "account in status: revoked", "Requesting an order with a revoked account should have failed")
 
 	// Switch the account back to valid and make sure we can use it again
-	_, err = vaultClient.Logical().WriteWithContext(testCtx, "pki/acme/mgmt/account/keyid/"+kid, map[string]interface{}{"status": "valid"})
+	resp, err = vaultClient.Logical().WriteWithContext(testCtx, "pki/acme/mgmt/account/keyid/"+kid, map[string]interface{}{"status": "valid"})
+	require.NoError(t, err, "failed updating writing ACME with account key")
+	require.Empty(t, resp.Data["revoked_time"], "revoked_time should have been reset")
+	require.Equal(t, "valid", resp.Data["status"], "status should have been reset to valid")
+
 	doACMEOrderWorkflow(t, vaultClient, acmeClient, acct)
 }