gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 12:21:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
certctl/internal/domain/policy_test.go
T
shankar0123 03472072b8 test + docs: close 12 test gaps (~250 new tests) and expand testing guide to 34 parts 
Implements all P0-P2 test gaps from docs/test-gap-prompt.md:
- Deployment service tests (20), target service tests (18), scheduler tests (8)
- Agent binary tests (48), CSR renewal tests (8), short-lived cert tests (7)
- Domain model tests (25), context cancellation tests (9), concurrency tests (7)
- Handler negative-path tests (23 across 5 files)
- Frontend error handling tests (86) and API client tests (7)

Expands testing-guide.md from 28 to 34 parts covering certificate export,
S/MIME/EKU, OCSP/DER CRL, body size limits, Apache/HAProxy connectors,
and sub-CA mode. Fixes stale profile count (4->5) and updates sign-off table.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-28 17:57:25 -04:00

103 lines
2.7 KiB
Go
Raw Permalink Blame History

package domain
import "testing"
func TestPolicyType_Constants(t *testing.T) {
tests := map[string]PolicyType{
"AllowedIssuers": PolicyTypeAllowedIssuers,
"AllowedDomains": PolicyTypeAllowedDomains,
"RequiredMetadata": PolicyTypeRequiredMetadata,
"AllowedEnvironments": PolicyTypeAllowedEnvironments,
"RenewalLeadTime": PolicyTypeRenewalLeadTime,
}
for expected, got := range tests {
if string(got) != expected {
t.Errorf("expected %q, got %q", expected, string(got))
}
}
}
func TestPolicySeverity_Constants(t *testing.T) {
tests := map[string]PolicySeverity{
"Warning": PolicySeverityWarning,
"Error": PolicySeverityError,
"Critical": PolicySeverityCritical,
}
for expected, got := range tests {
if string(got) != expected {
t.Errorf("expected %q, got %q", expected, string(got))
}
}
}
func TestPolicyRule_Fields(t *testing.T) {
// This test verifies the PolicyRule struct can be instantiated
// with all expected fields.
rule := &PolicyRule{
ID: "rule-1",
Name: "Allowed Issuers",
Type: PolicyTypeAllowedIssuers,
Enabled: true,
}
if rule.ID != "rule-1" {
t.Errorf("expected ID 'rule-1', got %s", rule.ID)
}
if rule.Name != "Allowed Issuers" {
t.Errorf("expected Name 'Allowed Issuers', got %s", rule.Name)
}
if rule.Type != PolicyTypeAllowedIssuers {
t.Errorf("expected Type AllowedIssuers, got %s", string(rule.Type))
}
if !rule.Enabled {
t.Errorf("expected Enabled=true, got false")
}
}
func TestPolicyViolation_Fields(t *testing.T) {
// This test verifies the PolicyViolation struct can be instantiated
// with all expected fields.
violation := &PolicyViolation{
ID: "violation-1",
CertificateID: "mc-123",
RuleID: "rule-1",
Message: "Certificate issued by unauthorized CA",
Severity: PolicySeverityCritical,
}
if violation.ID != "violation-1" {
t.Errorf("expected ID 'violation-1', got %s", violation.ID)
}
if violation.CertificateID != "mc-123" {
t.Errorf("expected CertificateID 'mc-123', got %s", violation.CertificateID)
}
if violation.RuleID != "rule-1" {
t.Errorf("expected RuleID 'rule-1', got %s", violation.RuleID)
}
if violation.Severity != PolicySeverityCritical {
t.Errorf("expected Severity Critical, got %s", string(violation.Severity))
}
}
func TestPolicySeverity_Ordering(t *testing.T) {
// This test verifies severity ordering is correct (for potential future use
// in ranking violations by impact).
severities := []PolicySeverity{
PolicySeverityWarning,
PolicySeverityError,
PolicySeverityCritical,
}
for i, severity := range severities {
if string(severity) == "" {
t.Errorf("severity %d has empty string value", i)
}
}
}
Reference in New Issue View Git Blame Copy Permalink