mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 18:41:30 +00:00
shankar0123
02438ad9e1
Twelve findings from the architecture diligence audit's Phase 3 bundle
closed in one PR. All touch the CI workflows + small doc-drift fixes
across the production Go tree + migration headers.
CI workflow changes
====================
TEST-H1 — Race detection on ./... -short
.github/workflows/ci.yml:106 was a 9-package explicit list. Audit
finding TEST-H1 flagged that 25+ packages (internal/auth/*,
internal/repository/*, internal/mcp, internal/scep, internal/pkcs7,
internal/api/router, internal/api/acme, internal/cli, internal/cms,
internal/config, internal/deploy, internal/integration,
internal/ratelimit, internal/secret, internal/trustanchor, all of
cmd/) silently dropped off race coverage.
Post-fix: 'go test -race -short ./... -count=1 -timeout 600s'.
76 testing.Short() guards already cover testcontainers + live-DB
integration suites, so -short keeps the long-running tests out.
TEST-H2 — Cross-platform build matrix
New 'cross-platform-build' job in ci.yml. Matrix:
ubuntu-latest + windows-latest + macos-latest, fail-fast: false.
Builds cmd/server + cmd/agent + cmd/cli + cmd/mcp-server on each.
Catches Windows-specific regressions (path separators, file
permissions, exec.Command semantics) the pre-Phase-3 Ubuntu-only
CI missed.
TEST-L1 — actions/setup-go cache: true (explicit)
setup-go v5 defaults cache: true; making it explicit so a future
setup-go upgrade can't silently flip it. Re-runs hit the Go module
+ build cache instead of recompiling cold.
TEST-M1 — Mutation-testing floor at 55%
security-deep-scan.yml::go-mutesting step rewritten. Removed
continue-on-error + per-package '|| true'. New post-loop check
extracts every 'The mutation score is X.YZ' line and fails the
step if any package drops below 0.55. Floor rationale: starter
ratio catches major regressions without rejecting the audit's
'this is OK' steady state; raise quarterly.
TEST-M2 — 3 advisory deep-scan gates promoted to blocking
Removed continue-on-error: true from:
- gosec (filtered to G201/G202/G304/G108 high-signal rules:
SQL-injection + path-traversal + pprof-exposed)
- osv-scanner (multi-ecosystem CVE; complements govulncheck
which is already blocking in ci.yml)
- trivy image scan (--severity HIGH,CRITICAL --exit-code 1)
continue-on-error count: 15 → 11.
ZAP / schemathesis / nuclei / testssl stay advisory because their
false-positive rates on https://localhost:8443-targeted DAST runs
are high.
TEST-M3 — Playwright harness stub
web/package.json adds '@playwright/test' devDep + 'e2e' / 'e2e:install'
npm scripts. web/playwright.config.ts ships single chromium project
with webServer block pointing at 'npm run dev'. web/src/__tests__/
e2e/smoke.spec.ts proves the harness wires through. The full 15-flow
suite ships in frontend-design-audit Phase 8 (TEST-H1 in THAT audit);
this is the wiring + a single smoke test as the regression floor.
New Makefile target: 'make e2e-test'.
Doc/code drift fixes
====================
TEST-M4 + ARCH-L2 — Skip inventory artifact + CI guard
scripts/skip-inventory.sh walks every t.Skip site under cmd/ +
internal/ + deploy/test/ and emits docs/testing/skip-inventory.md
grouped by package with file:line:expression triples. Current
inventory: 142 t.Skip sites, 76 testing.Short() guards.
scripts/ci-guards/skip-inventory-drift.sh regenerates and fails on
diff (excluding the 'Last reviewed' timestamp line which drifts
daily). The Markdown is the canonical acquisition-diligence artifact
for 'what tests are being skipped and why.'
ARCH-H3 — MCP catalogue floor reconciliation
Audit framing was '121 vs floor 150 — doc/code drift.' Live count
via the test's actual regex over all 5 tool files (tools.go +
tools_audit_fix.go + tools_auth.go + tools_auth_bundle2.go +
tools_est.go): 155 unique 'Name: "certctl_*"' declarations.
Pre-Phase-3 audit measured tools.go in isolation (121) and missed
the other 4 files (+34 unique names). The test at
internal/ciparity/surface_parity_test.go::TestSurfaceParity_MCP
passes today (155 ≥ 150). Added a clarifying comment near
mcpBaselineFloor explaining the measurement scope so future
reviewers don't repeat the audit's framing error.
STATUS: stale — no code drift, just a measurement scoping error in
the audit.
ARCH-L1 — panic() rationale comments
5 panic sites in production Go (excluding _test.go):
- internal/repository/postgres/tx.go:84
- internal/service/issuer.go:861 (mustJSON)
- internal/service/est.go:728 (mustParseTime)
- internal/service/acme.go:1288 (rand source failure — already documented)
- internal/pkcs7/certrep.go:270 (OID marshal — already documented)
Added ARCH-L1 rationale comments to the 3 sites that didn't have
them. All 5 are defensible impossible-path / rethrow / hardcoded-
constant guards.
ARCH-L3 — Migration IF-NOT-EXISTS carve-outs
4 migrations skip the literal 'IF NOT EXISTS' token but ARE
idempotent via different Postgres patterns:
- 000014_policy_violation_severity_check.up.sql: ALTER TABLE
ADD CONSTRAINT CHECK doesn't accept IF NOT EXISTS; idempotency
via DROP CONSTRAINT IF EXISTS preamble.
- 000018_audit_events_worm.up.sql: CREATE OR REPLACE FUNCTION
+ DROP TRIGGER IF EXISTS + CREATE TRIGGER + DO $$ pg_roles
existence check. CREATE TRIGGER doesn't take IF NOT EXISTS.
- 000030_rbac_admin_perms.up.sql: INSERT ... ON CONFLICT DO NOTHING.
- 000039_audit_crit1_perms.up.sql: same INSERT + ON CONFLICT pattern.
Added ARCH-L3 header comments to each explaining the carve-out so
reviewers don't flag the missing literal token.
STATUS: largely stale — migrations are already idempotent.
ARCH-L4 — TODO/FIXME → see #<descriptor>
5 TODOs rewritten to the allowed 'see #<descriptor>' pattern:
- internal/repository/postgres/auth.go:220 → see #bundle-2-scope-fk
- internal/connector/discovery/gcpsm/gcpsm.go:547 → see #gcpsm-pagination
- internal/service/audit.go:244 → see #audit-pagination-count
- internal/service/job.go:295, 299 → see #validation-job-impl
New CI guard scripts/ci-guards/no-todo-in-prod.sh grep-fails any
new TODO/FIXME in cmd/ + internal/ (excluding _test.go); allows
'see #N' / 'see #<descriptor>' patterns.
Sandbox limitation
==================
The 6.1 GB certctl working tree fills the sandbox volume; go1.25.10
toolchain download fails with 'no space left on device' (sandbox has
1.25.9; go.mod requires 1.25.10). Local 'go test' / 'go build' NOT
run in this commit. Operator must run 'make verify' on their
workstation before push per CLAUDE.md operating rules.
The smoke.spec.ts NOT executed in the sandbox (no chromium installed).
Operator runs 'cd web && npm install && npx playwright install
--with-deps chromium && npm run e2e' on first wire-up.
All CI guards (no-todo-in-prod, skip-inventory-drift, G-3
env-docs-drift, doc-rot-detector, and every existing guard) verified
clean by running each individually.
Closes: cowork/certctl-architecture-diligence-audit.html#fix-TEST-H1,
cowork/certctl-architecture-diligence-audit.html#fix-TEST-H2,
cowork/certctl-architecture-diligence-audit.html#fix-TEST-M1,
cowork/certctl-architecture-diligence-audit.html#fix-TEST-M2,
cowork/certctl-architecture-diligence-audit.html#fix-TEST-M3,
cowork/certctl-architecture-diligence-audit.html#fix-TEST-M4,
cowork/certctl-architecture-diligence-audit.html#fix-TEST-L1,
cowork/certctl-architecture-diligence-audit.html#fix-ARCH-H3,
cowork/certctl-architecture-diligence-audit.html#fix-ARCH-L1,
cowork/certctl-architecture-diligence-audit.html#fix-ARCH-L2,
cowork/certctl-architecture-diligence-audit.html#fix-ARCH-L3,
cowork/certctl-architecture-diligence-audit.html#fix-ARCH-L4
235 lines
18 KiB
Markdown
235 lines
18 KiB
Markdown
# Test Skip Inventory
|
||
|
||
<!-- Auto-generated by scripts/skip-inventory.sh — do not edit by hand. -->
|
||
<!-- Re-run after adding or removing any t.Skip(). CI guard: -->
|
||
<!-- scripts/ci-guards/skip-inventory-drift.sh -->
|
||
|
||
> Last reviewed: 2026-05-13
|
||
|
||
## Summary
|
||
|
||
- Total t.Skip sites: **142**
|
||
- testing.Short() guards: **76** (these gate behind `go test -short`)
|
||
|
||
Re-run inventory with: `./scripts/skip-inventory.sh`.
|
||
|
||
## Sites (grouped by package)
|
||
|
||
### `cmd/agent`
|
||
|
||
- `cmd/agent/keymem_test.go:209` — t.Skip("permission semantics differ on windows")
|
||
- `cmd/agent/keymem_test.go:425` — t.Skip("permission semantics differ on windows")
|
||
- `cmd/agent/keymem_test.go:451` — t.Skip("permission semantics differ on windows")
|
||
- `cmd/agent/keymem_test.go:491` — t.Skip("permission semantics differ on windows")
|
||
- `cmd/agent/keymem_test.go:523` — t.Skip("permission semantics differ on windows")
|
||
- `cmd/agent/keymem_test.go:526` — t.Skip("running as root; cannot revoke parent dir write permission")
|
||
- `cmd/agent/keymem_test.go:553` — t.Skip("permission semantics differ on windows")
|
||
- `cmd/agent/keymem_test.go:556` — t.Skip("running as root; cannot revoke parent dir read+exec permission")
|
||
- `cmd/agent/keymem_test.go:623` — t.Skip("chmod-error branch is only reliably triggerable on linux via /sys (read-only fs)")
|
||
- `cmd/agent/keymem_test.go:631` — t.Skipf("/sys/kernel not stat-able as a dir on this host; skipping (%v)", err)
|
||
- `cmd/agent/keymem_test.go:637` — t.Skipf("/sys/kernel mode %#o already satisfies no-chmod branch", mode)
|
||
- `cmd/agent/keymem_test.go:652` — t.Skip("permission semantics differ on windows")
|
||
- `cmd/agent/keymem_test.go:655` — t.Skip("running as root; cannot revoke parent dir write permission")
|
||
- `cmd/agent/keymem_test.go:686` — t.Skip("permission semantics differ on windows")
|
||
- `cmd/agent/verify_test.go:402` — t.Skip("no TLS certificates configured on test server")
|
||
|
||
### `cmd/server`
|
||
|
||
- `cmd/server/preflight_demo_residual_test.go:41` — t.Skip("preflight A-8 test requires Postgres (testcontainers); skipping under -short")
|
||
- `cmd/server/preflight_demo_residual_test.go:97` — t.Skip("A-8 testcontainers unavailable; skipping")
|
||
|
||
### `deploy/test/acme-integration`
|
||
|
||
- `deploy/test/acme-integration/certmanager_test.go:54` — t.Skip("KIND_AVAILABLE unset — kind-driven cert-manager integration test skipped")
|
||
|
||
### `deploy/test`
|
||
|
||
- `deploy/test/crl_ocsp_e2e_test.go:134` — t.Skip("integration only")
|
||
- `deploy/test/crl_ocsp_e2e_test.go:65` — t.Skip("integration only")
|
||
- `deploy/test/est_e2e_test.go:124` — t.Skip("integration tests require INTEGRATION=1; skipping libest e2e suite")
|
||
- `deploy/test/est_e2e_test.go:129` — t.Skipf("libest sidecar (container %q) not running (status=%q). Run `cd deploy && docker compose -f docker-compose.test.yml --profile est-e2e up -d libest-client` to bring it up.", libestContainer, status)
|
||
- `deploy/test/est_e2e_test.go:213` — t.Skip("/config/certs/bootstrap.pem not present in libest sidecar — skipping mTLS path. To enable: mint a bootstrap cert against the per-profile mTLS trust anchor and copy into deploy/test/certs/.")
|
||
- `deploy/test/est_e2e_test.go:252` — t.Skip("server-keygen disabled on the e2e EST profile (HTTP 404). Enable via CERTCTL_EST_PROFILE_E2E_SERVER_KEYGEN_ENABLED=true in docker-compose.test.yml.")
|
||
- `deploy/test/est_e2e_test.go:333` — t.Skipf("libest build lacks --tls-exporter support: %v", err)
|
||
- `deploy/test/healthcheck_test.go:102` — t.Skip("docker not available — skipping image-level HEALTHCHECK test")
|
||
- `deploy/test/healthcheck_test.go:163` — t.Skip("docker not available — skipping image-level HEALTHCHECK test")
|
||
- `deploy/test/healthcheck_test.go:224` — t.Skip("docker not available — skipping runtime HEALTHCHECK test")
|
||
- `deploy/test/healthcheck_test.go:227` — t.Skip("runtime HEALTHCHECK test takes ~45s; skipping under -short")
|
||
- `deploy/test/healthcheck_test.go:229` — t.Skip("runtime probe contract not yet wired to a sidecar postgres; " +
|
||
- `deploy/test/healthcheck_test.go:28` — // The tests skip cleanly with t.Skip when docker is not available
|
||
- `deploy/test/healthcheck_test.go:32` — // Q-1 closure (cat-s3-58ce7e9840be): this file's 5 t.Skip sites are
|
||
- `deploy/test/healthcheck_test.go:41` — // - Line 212: hard t.Skip for the runtime probe contract — image-spec
|
||
- `deploy/test/integration_test.go:1129` — t.Skip("no PEM data in certificate version")
|
||
- `deploy/test/integration_test.go:513` — t.Skip("agent not yet online (may be slow to heartbeat)")
|
||
- `deploy/test/integration_test.go:805` — t.Skip("depends on Phase04 (Local CA cert not created)")
|
||
- `deploy/test/integration_test.go:901` — t.Skip("no discovered certificates yet (agent scan may not have run)")
|
||
- `deploy/test/integration_test.go:942` — t.Skip("no certificate in Active state for renewal test")
|
||
- `deploy/test/integration_test.go:954` — t.Skipf("renewal trigger returned: %s", body)
|
||
- `deploy/test/nginx_vendor_e2e_test.go:108` — t.Skip()
|
||
- `deploy/test/qa_test.go:1055` — t.Skip("Part 23 (S/MIME & EKU) is documented in docs/testing-guide.md::Part 23 " +
|
||
- `deploy/test/qa_test.go:1065` — t.Skip("Part 24 (OCSP/CRL) is documented in docs/testing-guide.md::Part 24 " +
|
||
- `deploy/test/qa_test.go:1175` — t.Skip("Requires compiled certctl-cli binary — manual test")
|
||
- `deploy/test/qa_test.go:1179` — t.Skip("Requires compiled mcp-server binary + stdio — manual test")
|
||
- `deploy/test/qa_test.go:1313` — t.Skip("Scheduler tests are timing-dependent — verify via Docker logs manually")
|
||
- `deploy/test/qa_test.go:1320` — t.Skip("Requires Docker log inspection — manual test")
|
||
- `deploy/test/qa_test.go:1327` — t.Skip("Requires browser — manual test")
|
||
- `deploy/test/qa_test.go:1334` — t.Skip("Requires browser — manual test")
|
||
- `deploy/test/qa_test.go:1338` — t.Skip("Requires browser — manual test")
|
||
- `deploy/test/qa_test.go:1914` — t.Skip("Part 55 (Agent Soft-Retirement) is documented in docs/testing-guide.md::Part 55 " +
|
||
- `deploy/test/qa_test.go:1924` — t.Skip("Part 56 (Notification Retry/Dead-Letter) is documented in docs/testing-guide.md::Part 56 " +
|
||
- `deploy/test/qa_test.go:38` — // Q-1 closure (cat-s3-58ce7e9840be): this file contains 11 `t.Skip("Requires
|
||
- `deploy/test/qa_test.go:46` — // the runtime t.Skip is the second-line guard for operators who run
|
||
- `deploy/test/qa_test.go:50` — // is correct, and the t.Skip messages already name the missing
|
||
- `deploy/test/qa_test.go:870` — t.Skip("Requires CA cert+key setup — manual test")
|
||
- `deploy/test/qa_test.go:874` — t.Skip("Requires ACME CA with ARI support — manual test")
|
||
- `deploy/test/qa_test.go:881` — t.Skip("Requires live Vault server — manual test")
|
||
- `deploy/test/qa_test.go:885` — t.Skip("Requires DigiCert sandbox — manual test")
|
||
- `deploy/test/scep_intune_e2e_test.go:159` — t.Skipf("integration stack not reachable at %s: %v — start docker-compose.test.yml first", serverURL, err)
|
||
- `deploy/test/scep_intune_e2e_test.go:163` — t.Skipf("/scep/%s not configured — see deploy/docker-compose.test.yml for the e2eintune profile env vars", e2eintunePathID)
|
||
- `deploy/test/scep_intune_e2e_test.go:166` — t.Skipf("/scep/%s GetCACaps returned %d — Intune profile may not be enabled in compose env", e2eintunePathID, resp.StatusCode)
|
||
- `deploy/test/scep_intune_e2e_test.go:170` — t.Skipf("/scep/%s GetCACaps body=%q does NOT advertise SCEPStandard — Intune profile may be misconfigured", e2eintunePathID, string(body))
|
||
- `deploy/test/vendor_e2e_helpers_smoke_test.go:31` — t.Skip("requires network egress to api.github.com (or similar known TLS endpoint); run manually")
|
||
- `deploy/test/vendor_e2e_helpers_smoke_test.go:36` — t.Skip("requires network egress; run manually")
|
||
- `deploy/test/vendor_e2e_helpers_smoke_test.go:41` — // When hostPath is empty the helper t.Skip's. Re-run-from-
|
||
|
||
### `internal/api/handler`
|
||
|
||
- `internal/api/handler/health_test.go:481` — t.Skip("integration-style test; covered by deploy/test/integration_test.go (//go:build integration). " +
|
||
- `internal/api/handler/health_test.go:499` — t.Skipf("postgres driver unavailable in this build: %v", err)
|
||
|
||
### `internal/auth/breakglass`
|
||
|
||
- `internal/auth/breakglass/service_test.go:417` — t.Skip("timing test skipped in -short mode (Argon2id is expensive)")
|
||
|
||
### `internal/auth/oidc/domain`
|
||
|
||
- `internal/auth/oidc/domain/types_test.go:186` — t.Skip()
|
||
|
||
### `internal/auth/oidc`
|
||
|
||
- `internal/auth/oidc/bench_keycloak_test.go:103` — // signature matters because it calls t.Skip / t.Fatal / t.Cleanup.
|
||
- `internal/auth/oidc/integration_keycloak_test.go:53` — // initialized in keycloakFor() so individual tests can `t.Skip` under
|
||
- `internal/auth/oidc/integration_okta_smoke_test.go:64` — // If any required env var is missing, the test t.Skip's with a clear
|
||
- `internal/auth/oidc/integration_okta_smoke_test.go:84` — t.Skipf("Okta smoke test requires env vars: %s — skipping", strings.Join(missing, ", "))
|
||
|
||
### `internal/ciparity`
|
||
|
||
- `internal/ciparity/surface_parity_test.go:97` — // readFileOrSkip reads a file; on ENOENT, calls t.Skipf rather than
|
||
|
||
### `internal/connector/issuer/acme`
|
||
|
||
- `internal/connector/issuer/acme/acme_failure_test.go:687` — t.Skipf("could not bind challenge server (env may not allow): %v", err)
|
||
|
||
### `internal/connector/issuer/local`
|
||
|
||
- `internal/connector/issuer/local/bundle9_coverage_test.go:467` — t.Skip("unexpectedly short DER")
|
||
- `internal/connector/issuer/local/bundle9_coverage_test.go:592` — t.Skip("permission semantics differ on windows")
|
||
- `internal/connector/issuer/local/bundle9_coverage_test.go:609` — t.Skip("permission semantics differ on windows")
|
||
- `internal/connector/issuer/local/bundle9_coverage_test.go:621` — t.Skip("permission semantics differ on windows")
|
||
- `internal/connector/issuer/local/bundle9_coverage_test.go:653` — t.Skip("permission semantics differ on windows")
|
||
|
||
### `internal/connector/issuer/openssl`
|
||
|
||
- `internal/connector/issuer/openssl/openssl_failure_test.go:124` — t.Skip("running as root; chmod 0o600 doesn't gate execution for uid 0")
|
||
- `internal/connector/issuer/openssl/openssl_failure_test.go:71` — t.Skip("openssl adapter shell-out tests assume POSIX bash; skipping on Windows")
|
||
|
||
### `internal/connector/notifier/email`
|
||
|
||
- `internal/connector/notifier/email/email_test.go:425` — t.Skip("test requires no service on smtp.example.com:587")
|
||
- `internal/connector/notifier/email/email_test.go:503` — t.Skip("test assumes no service on 127.0.0.1:54321")
|
||
|
||
### `internal/connector/target/iis`
|
||
|
||
- `internal/connector/target/iis/iis_test.go:225` — t.Skip("Skipping: powershell.exe not available (non-Windows)")
|
||
- `internal/connector/target/iis/iis_test.go:92` — t.Skip("Skipping: powershell.exe not available (non-Windows)")
|
||
|
||
### `internal/crypto`
|
||
|
||
- `internal/crypto/encryption_property_test.go:35` — t.Skip("skipping property-based test in -short mode (PBKDF2 600k rounds × 50 iters > short budget)")
|
||
- `internal/crypto/encryption_property_test.go:75` — t.Skip("skipping property-based test in -short mode (PBKDF2 cost)")
|
||
|
||
### `internal/deploy`
|
||
|
||
- `internal/deploy/coverage_test.go:403` — t.Skip("read-only chmod doesn't restrict root")
|
||
- `internal/deploy/coverage_test.go:467` — t.Skip("non-unix")
|
||
- `internal/deploy/deploy_test.go:611` — t.Skip("non-unix platform")
|
||
|
||
### `internal/ratelimit`
|
||
|
||
- `internal/ratelimit/sliding_window_test.go:146` — t.Skip("race-style test under -short")
|
||
|
||
### `internal/repository/postgres`
|
||
|
||
- `internal/repository/postgres/audit_worm_test.go:29` — t.Skip("skipping integration test in short mode")
|
||
- `internal/repository/postgres/auth_revoke_scope_test.go:118` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_revoke_scope_test.go:149` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_revoke_scope_test.go:179` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_revoke_scope_test.go:208` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_revoke_scope_test.go:56` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_revoke_scope_test.go:87` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_scope_test.go:123` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_scope_test.go:153` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_scope_test.go:181` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_scope_test.go:207` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_scope_test.go:229` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_scope_test.go:252` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_scope_test.go:281` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/auth_scope_test.go:95` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_encryption_invariant_test.go:160` — t.Skip("Phase 13 encryption invariant: integration test in short mode")
|
||
- `internal/repository/postgres/oidc_encryption_invariant_test.go:225` — t.Skip("Phase 13 encryption invariant: integration test in short mode")
|
||
- `internal/repository/postgres/oidc_encryption_invariant_test.go:62` — t.Skip("Phase 13 encryption invariant: integration test in short mode")
|
||
- `internal/repository/postgres/oidc_prelogin_encryption_test.go:163` — t.Skip("HIGH-5 legacy fallback: integration test in short mode")
|
||
- `internal/repository/postgres/oidc_prelogin_encryption_test.go:42` — t.Skip("HIGH-5 encryption invariant: integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:117` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:140` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:171` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:185` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:209` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:239` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:301` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:331` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:45` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:82` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/oidc_test.go:96` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/repo_test.go:1944` — t.Skip("integration test requires PostgreSQL")
|
||
- `internal/repository/postgres/repo_test.go:2003` — t.Skip("integration test requires PostgreSQL")
|
||
- `internal/repository/postgres/repo_test.go:2114` — t.Skip("integration test requires PostgreSQL")
|
||
- `internal/repository/postgres/seed_test.go:91` — t.Skip("skipping integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:100` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:120` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:167` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:197` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:211` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:246` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:259` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:29` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:307` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:340` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:407` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:54` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/session_test.go:86` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/testutil_test.go:39` — t.Skip("skipping integration test in short mode")
|
||
- `internal/repository/postgres/user_test.go:106` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/user_test.go:131` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/user_test.go:170` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/user_test.go:210` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/user_test.go:29` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/user_test.go:302` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/user_test.go:339` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/user_test.go:374` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/user_test.go:59` — t.Skip("integration test in short mode")
|
||
- `internal/repository/postgres/user_test.go:73` — t.Skip("integration test in short mode")
|
||
|
||
### `internal/scep/intune`
|
||
|
||
- `internal/scep/intune/challenge_golden_test.go:47` — t.Skip("regenerate fixtures only when -update-golden is passed")
|
||
- `internal/scep/intune/challenge_test.go:213` — t.Skip("encoder didn't produce padding for this fixture; skipping")
|
||
- `internal/scep/intune/rate_limit_test.go:139` — t.Skip("race-style test under -short")
|
||
- `internal/scep/intune/replay_test.go:131` — t.Skip("race-style test under -short; run full suite for coverage")
|
||
|
||
### `internal/service`
|
||
|
||
- `internal/service/coverage_extras_test.go:374` — t.Skipf("RSA keygen unavailable: %v", err)
|
||
- `internal/service/coverage_extras_test.go:394` — t.Skipf("ECDSA keygen unavailable: %v", err)
|
||
|