test: comprehensive test gap closure across 24 packages

Close coverage gaps identified by dual-audit (qualitative + quantitative). New test files for config (0%→98%), router (0%→100%), handler validation, health, audit, response helpers, webhook notifier (0%→88%), email notifier, middleware (recovery, rate limiter), domain profile, service nil-safety, config helpers, issuer bootstrap, and server bootstrap wiring. Expanded existing tests for ACME (34%→42%), step-ca (42%→52%), F5, SSH, agent (43%→63%), scheduler (88%→99%), renewal service, and issuerfactory. All tests pass: go test -short, go vet, go test -race clean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-07 15:11:29 +00:00 · 2026-04-09 23:09:40 -04:00
parent 5567d4b411
commit 7382e5f03b
24 changed files with 9225 additions and 4 deletions
@@ -0,0 +1,91 @@
+package domain
+
+import (
+	"testing"
+	"time"
+)
+
+// TestIsShortLived_BelowThreshold tests that a certificate with MaxTTLSeconds
+// below 3600 seconds and AllowShortLived=true returns true.
+func TestIsShortLived_BelowThreshold(t *testing.T) {
+	profile := &CertificateProfile{
+		ID:              "prof-test-1",
+		Name:            "Short-Lived",
+		MaxTTLSeconds:   3599, // Just under 1 hour
+		AllowShortLived: true,
+		CreatedAt:       time.Now(),
+		UpdatedAt:       time.Now(),
+	}
+
+	if !profile.IsShortLived() {
+		t.Error("expected IsShortLived() to return true for MaxTTLSeconds=3599 with AllowShortLived=true")
+	}
+}
+
+// TestIsShortLived_AtThreshold tests that a certificate with MaxTTLSeconds
+// exactly at 3600 seconds returns false (threshold is exclusive: < 3600, not <=).
+func TestIsShortLived_AtThreshold(t *testing.T) {
+	profile := &CertificateProfile{
+		ID:              "prof-test-2",
+		Name:            "One-Hour",
+		MaxTTLSeconds:   3600, // Exactly 1 hour
+		AllowShortLived: true,
+		CreatedAt:       time.Now(),
+		UpdatedAt:       time.Now(),
+	}
+
+	if profile.IsShortLived() {
+		t.Error("expected IsShortLived() to return false for MaxTTLSeconds=3600 (threshold is exclusive)")
+	}
+}
+
+// TestIsShortLived_AboveThreshold tests that a certificate with MaxTTLSeconds
+// well above 3600 seconds returns false.
+func TestIsShortLived_AboveThreshold(t *testing.T) {
+	profile := &CertificateProfile{
+		ID:              "prof-test-3",
+		Name:            "Standard",
+		MaxTTLSeconds:   86400, // 24 hours
+		AllowShortLived: true,
+		CreatedAt:       time.Now(),
+		UpdatedAt:       time.Now(),
+	}
+
+	if profile.IsShortLived() {
+		t.Error("expected IsShortLived() to return false for MaxTTLSeconds=86400 (well above 1 hour)")
+	}
+}
+
+// TestIsShortLived_FlagDisabled tests that even with MaxTTLSeconds below 3600,
+// if AllowShortLived=false, the profile is not considered short-lived.
+func TestIsShortLived_FlagDisabled(t *testing.T) {
+	profile := &CertificateProfile{
+		ID:              "prof-test-4",
+		Name:            "Disabled-ShortLived",
+		MaxTTLSeconds:   100, // Well below threshold
+		AllowShortLived: false,
+		CreatedAt:       time.Now(),
+		UpdatedAt:       time.Now(),
+	}
+
+	if profile.IsShortLived() {
+		t.Error("expected IsShortLived() to return false when AllowShortLived=false, regardless of MaxTTLSeconds")
+	}
+}
+
+// TestIsShortLived_ZeroTTL tests that a certificate with MaxTTLSeconds=0
+// returns false, since the method requires MaxTTLSeconds > 0.
+func TestIsShortLived_ZeroTTL(t *testing.T) {
+	profile := &CertificateProfile{
+		ID:              "prof-test-5",
+		Name:            "Zero-TTL",
+		MaxTTLSeconds:   0,
+		AllowShortLived: true,
+		CreatedAt:       time.Now(),
+		UpdatedAt:       time.Now(),
+	}
+
+	if profile.IsShortLived() {
+		t.Error("expected IsShortLived() to return false when MaxTTLSeconds=0")
+	}
+}