mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-09 21:58:53 +00:00
shankar0123
7382e5f03b
Close coverage gaps identified by dual-audit (qualitative + quantitative). New test files for config (0%→98%), router (0%→100%), handler validation, health, audit, response helpers, webhook notifier (0%→88%), email notifier, middleware (recovery, rate limiter), domain profile, service nil-safety, config helpers, issuer bootstrap, and server bootstrap wiring. Expanded existing tests for ACME (34%→42%), step-ca (42%→52%), F5, SSH, agent (43%→63%), scheduler (88%→99%), renewal service, and issuerfactory. All tests pass: go test -short, go vet, go test -race clean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
150 lines
4.2 KiB
Go
150 lines
4.2 KiB
Go
package issuerfactory
|
|
|
|
import (
|
|
"encoding/json"
|
|
"log/slog"
|
|
"os"
|
|
"testing"
|
|
)
|
|
|
|
func testLogger() *slog.Logger {
|
|
return slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: slog.LevelError}))
|
|
}
|
|
|
|
func TestNewFromConfig_LocalCA(t *testing.T) {
|
|
cfg := json.RawMessage(`{"ca_common_name":"Test CA"}`)
|
|
conn, err := NewFromConfig("local", cfg, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig(local) failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_GenericCA_Alias(t *testing.T) {
|
|
cfg := json.RawMessage(`{}`)
|
|
conn, err := NewFromConfig("GenericCA", cfg, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig(GenericCA) failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_ACME(t *testing.T) {
|
|
cfg := json.RawMessage(`{"directory_url":"https://acme-staging-v02.api.letsencrypt.org/directory","email":"test@example.com"}`)
|
|
conn, err := NewFromConfig("ACME", cfg, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig(ACME) failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_StepCA(t *testing.T) {
|
|
cfg := json.RawMessage(`{"ca_url":"https://ca.internal:9000","provisioner_name":"test"}`)
|
|
conn, err := NewFromConfig("StepCA", cfg, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig(StepCA) failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_OpenSSL(t *testing.T) {
|
|
cfg := json.RawMessage(`{"sign_script":"/path/to/sign.sh"}`)
|
|
conn, err := NewFromConfig("OpenSSL", cfg, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig(OpenSSL) failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_VaultPKI(t *testing.T) {
|
|
cfg := json.RawMessage(`{"addr":"https://vault:8200","token":"hvs.test","mount":"pki","role":"web","ttl":"8760h"}`)
|
|
conn, err := NewFromConfig("VaultPKI", cfg, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig(VaultPKI) failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_DigiCert(t *testing.T) {
|
|
cfg := json.RawMessage(`{"api_key":"test-key","org_id":"123","product_type":"ssl_basic"}`)
|
|
conn, err := NewFromConfig("DigiCert", cfg, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig(DigiCert) failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_Sectigo(t *testing.T) {
|
|
cfg := json.RawMessage(`{"customer_uri":"test-org","login":"api-user","password":"secret","org_id":1}`)
|
|
conn, err := NewFromConfig("Sectigo", cfg, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig(Sectigo) failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_GoogleCAS(t *testing.T) {
|
|
cfg := json.RawMessage(`{"project":"my-project","location":"us-central1","ca_pool":"my-pool","credentials":"/path/to/creds.json"}`)
|
|
conn, err := NewFromConfig("GoogleCAS", cfg, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig(GoogleCAS) failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_UnknownType(t *testing.T) {
|
|
cfg := json.RawMessage(`{}`)
|
|
_, err := NewFromConfig("UnknownCA", cfg, testLogger())
|
|
if err == nil {
|
|
t.Fatal("expected error for unknown type")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_MalformedJSON(t *testing.T) {
|
|
cfg := json.RawMessage(`{invalid json}`)
|
|
_, err := NewFromConfig("ACME", cfg, testLogger())
|
|
if err == nil {
|
|
t.Fatal("expected error for malformed JSON")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_EmptyConfig(t *testing.T) {
|
|
// Empty config should work — connectors have defaults
|
|
conn, err := NewFromConfig("local", nil, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig with nil config failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|
|
|
|
func TestNewFromConfig_AWSACMPCA(t *testing.T) {
|
|
cfg := json.RawMessage(`{"project":"my-project","location":"us-central1","ca_pool":"my-pool","credentials":"/path/to/creds.json"}`)
|
|
conn, err := NewFromConfig("AWSACMPCA", cfg, testLogger())
|
|
if err != nil {
|
|
t.Fatalf("NewFromConfig(AWSACMPCA) failed: %v", err)
|
|
}
|
|
if conn == nil {
|
|
t.Fatal("expected non-nil connector")
|
|
}
|
|
}
|