gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 15:01:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1b529985bee4f4685426dd74550799326fe83c72
certctl/internal
T
History
shankar0123 1b529985be fix(oidc/testfixtures): set Enabled=true on Keycloak integration-test provider 
Phase-10 live-IdP smoke re-run (after the alg-downgrade relax landed in
fefeccf) surfaced the next layer: 5 of 6 testcontainers-Keycloak
integration tests failed with 'oidc: provider is disabled'.

Root cause: the OIDCProvider struct literal in
internal/auth/oidc/testfixtures/keycloak.go omits the Enabled field.
Enabled was added by Audit 2026-05-11 MED-9 (Bundle 2 Fix 13 Phase B);
pre-fix the field didn't exist and HandleAuthRequest always proceeded.
Post-fix the default zero-value false gates every integration test
behind ErrProviderDisabled at service.go L478.

Fix: add Enabled: true to the struct literal + inline comment explaining
why the field is required for integration tests. The check is the right
behavior for production (operator-driven disable kill-switch); just
needed to be reflected in the testfixture.

Verify (sandbox): go vet -tags=integration ./internal/auth/oidc/...
clean. Workstation re-runs 'make keycloak-integration-test' to confirm
the 5 affected tests now pass against a real Keycloak 26.x.
2026-05-11 15:39:07 +00:00
..
api
test(coverage): backfill 5 packages to clear v2.1.0 release-gate Phase 3 floors
2026-05-11 14:12:11 +00:00
auth
fix(oidc/testfixtures): set Enabled=true on Keycloak integration-test provider
2026-05-11 15:39:07 +00:00
cli
auth-bundle-1 Phase 8 follow-up: classify issuer/target audit rows + auditor end-to-end tests + gofmt drift
2026-05-09 20:23:41 +00:00
cms
EST RFC 7030 hardening master bundle Phases 2-4: end-to-end mTLS sibling
2026-04-29 23:15:35 +00:00
config
harden(auth): demo-mode residual-grants detector + cleanup endpoint + CI guard (A-8)
2026-05-11 11:45:54 +00:00
connector
2026-05-05 18:18:29 +00:00
crypto
security(signer): bound FileDriver paths with SafeRoot + reject .. (CodeQL #27, CWE-22)
2026-05-04 05:04:35 +00:00
deploy
2026-05-05 18:18:29 +00:00
domain
feat(auth/rbac): scope_type+scope_id+expires_at on role grants (HIGH-10)
2026-05-10 22:47:45 +00:00
integration
chore: rename Go module path to github.com/certctl-io/certctl
2026-05-04 00:30:29 +00:00
mcp
fix(auth/rbac): scope-aware ActorRole revoke (A-4)
2026-05-11 10:50:34 +00:00
pkcs7
2026-05-05 18:18:29 +00:00
ratelimit
EST RFC 7030 hardening master bundle Phases 2-4: end-to-end mTLS sibling
2026-04-29 23:15:35 +00:00
repository
chore(lint): close 5 golangci-lint v2 findings surfaced by v2.1.0 release-gate Phase 1.3
2026-05-11 13:31:13 +00:00
scep/intune
security(scep-intune): annotate verifyES256/RS256 SHA-256 as RFC-mandated (CodeQL #21 false positive)
2026-05-04 05:08:02 +00:00
scheduler
fix(oidc/bcl): jti replay-cache + iat freshness check (HIGH-3 closure)
2026-05-10 20:53:29 +00:00
secret
secret: migrate EJBCA / GlobalSign / Sectigo credentials to *secret.Ref (Phase 2)
2026-05-02 12:53:58 +00:00
service
fix(auth/rbac): scope-aware ActorRole revoke (A-4)
2026-05-11 10:50:34 +00:00
tlsprobe
tlsprobe: add VerifyWithExponentialBackoff + rewire all connectors' runPostDeployVerify
2026-05-02 22:56:07 +00:00
trustanchor
EST RFC 7030 hardening master bundle Phases 2-4: end-to-end mTLS sibling
2026-04-29 23:15:35 +00:00
validation
ci: convert literal Unicode in headers_test.go to \u escapes (ST1018)
2026-05-04 05:00:14 +00:00