mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 23:01:30 +00:00
cowork
933edfb1d0
Closes M-001 partially; M-002, M-003, and CI threshold raise #2 deferred. Stubs coverage shipped across 8 issuer connectors via per-connector <conn>_stubs_test.go (~50 LoC each) pinning the not-supported issuer.Connector interface methods (GenerateCRL, SignOCSPResponse, GetCACertPEM, GetRenewalInfo). Most CAs delegate CRL/OCSP/CA-cert distribution to managed services, so these are documented stubs that return errors. Pinning them ensures the stubs aren't silently replaced with no-ops in a future refactor. Coverage delta: digicert: 79.3% -> 81.0% (+1.7pp) ejbca: 75.8% -> 76.5% (+0.7pp) entrust: 70.8% -> 70.8% (stubs already covered) sectigo: 78.0% -> 79.4% (+1.4pp) vault: 81.0% -> 84.1% (+3.1pp) openssl: 76.9% -> 78.0% (+1.1pp) googlecas: 81.0% -> 83.4% (+2.4pp) globalsign: 75.9% -> 78.2% (+2.3pp) (awsacmpca not included; its 0%-coverage hotspots are stubClient methods structurally different from the others' interface stubs. Already at 83.5%.) Why the gates aren't yet met: the stub functions are tiny (1-2 lines each, mostly 'return nil, fmt.Errorf("not supported")'). Lifting each connector to >=85% requires per-connector failure-mode test files mirroring Bundle J's ACME pattern (httptest.Server + canned 401/403/ 429+Retry-After/5xx/malformed responses against the actual API methods). That's ~200-300 LoC x 9 connectors = ~2000-2700 LoC of bespoke per-CA mock work; exceeds this session's budget. Tracked as follow-on Bundle N.A-extended / N.B-extended. Deferred sub-batches: N.C (M-002 + M-003): internal/service (70.5%) + internal/api/handler (79.4%) round-out NOT YET STARTED. Tracked as Bundle N.C-extended. N.CI (CI threshold raise #2): prescribed raises require underlying coverage at proposed floors first. Premature raise would fail CI immediately. Tracked as Bundle N.CI-extended. Verification: go vet ./internal/connector/issuer/{8-pkgs}/... clean gofmt -l clean go test -short -count=1 PASS for all 8 Audit deliverables: gap-backlog.md: M-001 partial-strikethrough with per-connector table + Bundle N closure-log entry covering all 4 sub-batch statuses closure-plan.md: Bundle N [~] with per-sub-batch status breakdown CHANGELOG.md: [unreleased] Bundle N entry