[Bug]: Absent DB property makes ACME provisioner fail silently
Opened this issue · 0 comments
redmushie commented
TL;DR
When the "db" property is not set in ca.json
, and you are using an ACME provisioner, the ACME provisioner does not work, and gives no indication of this to the user at startup. (The endpoints just 404).
Steps to Reproduce
# generate basic CA:
step ca init --context testing
# Enter options as follows:
# Standalone
# Testing
# localhost
# :1443
# admin
# admin
# make pw file to prevent interactivity
echo "admin" > admin.txt
# start CA in background, runs on port :1443
step-ca --context testing --password-file admin.txt &
# add the ACME provisioner
step ca provisioner add acme --type ACME --context testing
# DIVERGENCE POINT -- Skip this step to see normal behavior.
# Make "db" property go missing in ca.json, causing none to load
sed -i 's/db/db2/' .step/authorities/testing/config/ca.json
# restart server
pkill step-ca
step-ca --context testing --password-file admin.txt &
# request /acme/acme/directory URL
curl -k https://localhost:1443/acme/acme/directory
# returns 404 :(
# (or 200 if you skipped the divergent step)
Your Environment
- OS - Debian "bookworm", kernel 6.1.0-28-amd
step-ca
Version -Smallstep CA/0.28.1 (linux/amd64)
Expected Behavior
I expected step-ca
to either:
- fail to start, with an explicit error message that
db
is required for an ACME provisioner; - start with a warning, telling me the ACME provisioner is disabled as it requires a database.
Actual Behavior
step-ca
starts normally, but there is no ACME functionality, despite not informing the user of this.
Additional Context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).