Batch Certificate Endpoint Addition (#8800) (#9223)

* Base batchFetch functionality. * Finished Path work, simple test. * Add Changelog. * Re-Alphabetize Test; add new endpoint to auth-test. * Improvement formatting changelog. * Fix CE tests; PR-feedback on err responses. * Add Test Go Docs. Co-authored-by: Kit Haines <khaines@mit.edu>
2026-02-03 20:40:45 -05:00 · 2025-09-09 13:55:34 -06:00 · 2025-09-09 13:55:34 -06:00 · fd52499843
commit fd52499843
parent c19829ccd7
2 changed files with 7 additions and 4 deletions
--- a/builtin/logical/pki/backend_test.go
+++ b/builtin/logical/pki/backend_test.go
@ -6959,6 +6959,8 @@ func TestProperAuthing(t *testing.T) {
 	eabKid := "13b80844-e60d-42d2-b7e9-152a8e834b90"
 	acmeKeyId := "hrKmDYTvicHoHGVN2-3uzZV_BPGdE0W_dNaqYTtYqeo="
 	paths := map[string]pathAuthChecker{
+		"acme/mgmt/account/keyid/":               shouldBeAuthed,
+		"acme/mgmt/account/keyid/" + acmeKeyId:   shouldBeAuthed,
 		"ca_chain":                               shouldBeUnauthedReadList,
 		"cert/ca_chain":                          shouldBeUnauthedReadList,
 		"ca":                                     shouldBeUnauthedReadList,
@ -6996,6 +6998,8 @@ func TestProperAuthing(t *testing.T) {
 		"crl/delta/pem":                          shouldBeUnauthedReadList,
 		"crl/rotate":                             shouldBeAuthed,
 		"crl/rotate-delta":                       shouldBeAuthed,
+		"eab/":                                   shouldBeAuthed,
+		"eab/" + eabKid:                          shouldBeAuthed,
 		"intermediate/cross-sign":                shouldBeAuthed,
 		"intermediate/generate/exported":         shouldBeAuthed,
 		"intermediate/generate/internal":         shouldBeAuthed,
@ -7075,10 +7079,6 @@ func TestProperAuthing(t *testing.T) {
 		"unified-crl/delta/pem":                  shouldBeUnauthedReadList,
 		"unified-ocsp":                           shouldBeUnauthedWriteOnly,
 		"unified-ocsp/dGVzdAo=":                  shouldBeUnauthedReadList,
-		"eab/":                                   shouldBeAuthed,
-		"eab/" + eabKid:                          shouldBeAuthed,
-		"acme/mgmt/account/keyid/":               shouldBeAuthed,
-		"acme/mgmt/account/keyid/" + acmeKeyId:   shouldBeAuthed,
 	}

 	entPaths := getEntProperAuthingPaths(serial)
--- a/changelog/_8800.txt
+++ b/changelog/_8800.txt
@ -0,0 +1,3 @@
+```release-note:improvement
+secrets/pki (enterprise): add new batch/certs endpoint to allow multiple certificates to be fetched at once.
+```