gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 15:51:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
667a30870d20ea88911bd4afda752da9ae7bb6dd
certctl/internal/domain/discovery_test.go
T
shankar0123 667a30870d feat: M18b Filesystem Certificate Discovery — agent scanning, server dedup, triage API 
Agent-side:
- Filesystem scanner walks configured directories (CERTCTL_DISCOVERY_DIRS)
- Parses PEM (.pem, .crt, .cer, .cert) and DER (.der) certificate files
- Extracts CN, SANs, serial, issuer/subject DN, validity, key info, SHA-256 fingerprint
- Reports discoveries to control plane on startup + every 6 hours
- Skips files >1MB and private key files

Server-side:
- Migration 000006: discovered_certificates + discovery_scans tables
- Domain model: DiscoveredCertificate, DiscoveryScan, DiscoveryReport
- Three triage states: Unmanaged, Managed (claimed), Dismissed
- Repository with upsert dedup (fingerprint + agent + path)
- Service layer: process reports, claim, dismiss, list, summary
- 7 new API endpoints (84 total):
  POST /agents/{id}/discoveries, GET /discovered-certificates,
  GET /discovered-certificates/{id}, POST .../claim, POST .../dismiss,
  GET /discovery-scans, GET /discovery-summary
- Audit trail: scan_completed, cert_claimed, cert_dismissed events

Tests: 28 new test functions (domain, handler, service layers)
Docs: README, quickstart, demo-guide, demo-advanced, architecture,
      concepts, connectors, features.md all updated

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-24 00:25:00 -04:00

106 lines
2.5 KiB
Go
Raw Blame History

package domain
import (
"testing"
"time"
)
func TestIsValidDiscoveryStatus(t *testing.T) {
tests := []struct {
name string
status string
want bool
}{
{"Unmanaged", "Unmanaged", true},
{"Managed", "Managed", true},
{"Dismissed", "Dismissed", true},
{"empty string", "", false},
{"invalid status", "Unknown", false},
{"partial match", "Manage", false},
{"case sensitive", "unmanaged", false},
{"lowercase managed", "managed", false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := IsValidDiscoveryStatus(tt.status); got != tt.want {
t.Errorf("IsValidDiscoveryStatus(%q) = %v, want %v", tt.status, got, tt.want)
}
})
}
}
func TestDiscoveredCertificate_IsExpired(t *testing.T) {
now := time.Now()
pastTime := now.AddDate(-1, 0, 0)
futureTime := now.AddDate(1, 0, 0)
tests := []struct {
name string
notAfter *time.Time
want bool
}{
{"expired certificate", &pastTime, true},
{"valid certificate", &futureTime, false},
{"nil NotAfter", nil, false},
{"expires at current time (edge case)", &now, false}, // Before() = false when at same time
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
dc := &DiscoveredCertificate{
ID: "dcert-1",
NotAfter: tt.notAfter,
}
if got := dc.IsExpired(); got != tt.want {
t.Errorf("IsExpired() = %v, want %v", got, tt.want)
}
})
}
}
func TestDiscoveredCertificate_DaysUntilExpiry(t *testing.T) {
now := time.Now()
tests := []struct {
name string
notAfter *time.Time
wantDays int
}{
{"nil NotAfter", nil, -1},
{"expires in 30 days", &time.Time{}, 0}, // placeholder, will be calculated below
{"expires in 1 day", &time.Time{}, 1},
{"expires in 0 days (expired)", &time.Time{}, 0},
}
// Test with actual future times
thirtyDaysFromNow := now.AddDate(0, 0, 30)
oneDayFromNow := now.AddDate(0, 0, 1)
pastTime := now.AddDate(0, 0, -1)
testCases := []struct {
name string
notAfter *time.Time
wantMin int
wantMax int
}{
{"nil NotAfter", nil, -1, -1},
{"expires in 30 days", &thirtyDaysFromNow, 29, 31},
{"expires in 1 day", &oneDayFromNow, 0, 2},
{"already expired", &pastTime, -2, -1},
}
for _, tt := range testCases {
t.Run(tt.name, func(t *testing.T) {
dc := &DiscoveredCertificate{
ID: "dcert-2",
NotAfter: tt.notAfter,
}
got := dc.DaysUntilExpiry()
if got < tt.wantMin || got > tt.wantMax {
t.Errorf("DaysUntilExpiry() = %d, want between %d and %d", got, tt.wantMin, tt.wantMax)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink