certctl

gsadmin/certctl

Fork 0

mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 23:42:00 +00:00

Commit Graph

Author	SHA1	Message	Date
shankar0123	80cbd2db59	test(coverage): backfill 5 packages to clear v2.1.0 release-gate Phase 3 floors Phase 3 of /Users/shankar/Desktop/cowork/v2.1.0-release-gate.md surfaced four packages below their coverage floors. All four are regressions from new code shipped in the audit-2026-05-10/11 fix bundles that didn't get per-function tests: internal/auth/breakglass 87.5% -> 93.3% (floor: 90%) + List (was 0%) — 3 tests (disabled, empty+populated, repo err) + RemoveCredential, Unlock disabled-branch tests internal/auth/oidc 89.4% -> 95.4% (floor: 90%) + JWKSStatus (was 0%) — 2 tests (unknown provider, after AuthRequest) + TestDiscovery (was 0%) — 5 tests (discovery failure, happy path, HS256 alg-downgrade detected, missing jwks_uri, JWKS 500 fetch) internal/auth/session 89.9% -> 94.4% (floor: 90%) + SetTrustedProxies (was 0%) — round-trip + clear + ComputeCookieHMAC (was 0%) — determinism + key/inputs differ + DecryptKeyMaterial (was 0%) — round-trip + wrong-passphrase internal/api/handler 73.2% -> 75.5% (floor: 75%) + 6 auth_breakglass handler funcs (were all 0%) — 14 tests (disabled/404, invalid JSON, empty fields, service err, happy path with cookies, admin endpoints, ListCredentials no password_hash on the wire) + WithPermissionChecker setter test (was 0%, Bundle 2 MED-2) + NewAdminCRLCacheServiceImpl + CacheRows (were 0%) — 3 tests + itoaForRetryAfter + challengeURLBuilder ACME helpers (were 0%) — 4 tests All five coverage gates green: internal/service 72.7% (floor: 70%) internal/api/handler 75.5% (floor: 75%) internal/api/middleware 67.9% (floor: 30%) internal/auth 93.3% (floor: 85%) internal/service/auth 91.8% (floor: 85%) internal/auth/oidc 95.4% (floor: 90%) internal/auth/oidc/groupclaim 100.0% (floor: 95%) internal/auth/oidc/domain 97.6% (floor: 90%) internal/auth/session 94.4% (floor: 90%) internal/auth/session/domain 98.3% (floor: 90%) internal/auth/breakglass 93.3% (floor: 90%) internal/auth/breakglass/domain 100.0% (floor: 90%) internal/auth/user/domain 96.2% (floor: 90%) (and 6 more — all green) Per CLAUDE.md operating rule: 'Lowering a floor REQUIRES corresponding code-side test work — never lower the gate to make CI green.' The floors stay at their committed values; the new tests close the gap.	2026-05-11 14:12:11 +00:00

Author

SHA1

Message

Date

shankar0123

80cbd2db59

test(coverage): backfill 5 packages to clear v2.1.0 release-gate Phase 3 floors

Phase 3 of /Users/shankar/Desktop/cowork/v2.1.0-release-gate.md surfaced
four packages below their coverage floors. All four are regressions from
new code shipped in the audit-2026-05-10/11 fix bundles that didn't get
per-function tests:

  internal/auth/breakglass    87.5% -> 93.3% (floor: 90%)
    + List (was 0%) — 3 tests (disabled, empty+populated, repo err)
    + RemoveCredential, Unlock disabled-branch tests

  internal/auth/oidc          89.4% -> 95.4% (floor: 90%)
    + JWKSStatus (was 0%) — 2 tests (unknown provider, after AuthRequest)
    + TestDiscovery (was 0%) — 5 tests (discovery failure, happy path,
      HS256 alg-downgrade detected, missing jwks_uri, JWKS 500 fetch)

  internal/auth/session       89.9% -> 94.4% (floor: 90%)
    + SetTrustedProxies (was 0%) — round-trip + clear
    + ComputeCookieHMAC (was 0%) — determinism + key/inputs differ
    + DecryptKeyMaterial (was 0%) — round-trip + wrong-passphrase

  internal/api/handler        73.2% -> 75.5% (floor: 75%)
    + 6 auth_breakglass handler funcs (were all 0%) — 14 tests
      (disabled/404, invalid JSON, empty fields, service err, happy
      path with cookies, admin endpoints, ListCredentials no
      password_hash on the wire)
    + WithPermissionChecker setter test (was 0%, Bundle 2 MED-2)
    + NewAdminCRLCacheServiceImpl + CacheRows (were 0%) — 3 tests
    + itoaForRetryAfter + challengeURLBuilder ACME helpers (were 0%) —
      4 tests

All five coverage gates green:

  internal/service                                    72.7% (floor: 70%)
  internal/api/handler                                75.5% (floor: 75%)
  internal/api/middleware                             67.9% (floor: 30%)
  internal/auth                                       93.3% (floor: 85%)
  internal/service/auth                               91.8% (floor: 85%)
  internal/auth/oidc                                  95.4% (floor: 90%)
  internal/auth/oidc/groupclaim                      100.0% (floor: 95%)
  internal/auth/oidc/domain                           97.6% (floor: 90%)
  internal/auth/session                               94.4% (floor: 90%)
  internal/auth/session/domain                        98.3% (floor: 90%)
  internal/auth/breakglass                            93.3% (floor: 90%)
  internal/auth/breakglass/domain                    100.0% (floor: 90%)
  internal/auth/user/domain                           96.2% (floor: 90%)
  (and 6 more — all green)

Per CLAUDE.md operating rule: 'Lowering a floor REQUIRES corresponding
code-side test work — never lower the gate to make CI green.' The
floors stay at their committed values; the new tests close the gap.

2026-05-11 14:12:11 +00:00

1 Commits