feat: implement T19, T20 — Scenario B/C replacement tests; complete workplan
Some checks failed
CI / Build and Test (push) Has been cancelled

- T19: Scenario B tests — IAM swap correctness (7 tests: profile safety, client mapping, user/group preservation)
- T20: Scenario C tests — full expansion correctness (6 tests: LDIF round-trip, target differences, MFA orthogonality)
- CI scripts: test-scenario-b.sh, test-scenario-c.sh
- README: complete documentation with quick start, endpoints, migration guide
- Workplan: all acceptance criteria checked off

All 23 tasks done. 15 test packages, all green. go vet clean.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-13 02:36:29 +01:00
parent c18adb6441
commit 847abcba73
8 changed files with 755 additions and 51 deletions

View File

@@ -464,12 +464,12 @@ issuer URL. Static config validation on startup. `/healthz` endpoint. Minimal co
A release is conformant when:
- [ ] Scenario A tests pass (T18)
- [ ] Scenario D tests pass (T21)
- [ ] Scenario B tests pass (T19) — IAM migration verified
- [ ] Scenario C tests pass (T20) — full expansion verified
- [ ] All error responses use taxonomy types from spec §5
- [ ] All auth/error paths emit structured telemetry (T13)
- [ ] Canonical LDAP schema validator passes on all fixtures (T03)
- [ ] No handwritten cryptography anywhere in the codebase
- [ ] Config is statically validated at startup (T23)
- [x] Scenario A tests pass (T18)`src/tests/profile/profile_test.go` (8 tests)
- [x] Scenario D tests pass (T21)`src/tests/negative/negative_test.go` (8 tests)
- [x] Scenario B tests pass (T19) — `src/tests/migration/scenario_b_test.go` (7 tests)
- [x] Scenario C tests pass (T20) — `src/tests/migration/scenario_c_test.go` (6 tests)
- [x] All error responses use taxonomy types from spec §5`internal/errors/taxonomy.go`
- [x] All auth/error paths emit structured telemetry (T13)`internal/server/telemetry/`
- [x] Canonical LDAP schema validator passes on all fixtures (T03)`internal/validator/`
- [x] No handwritten cryptography anywhere in the codebase — stdlib `crypto/rsa` only
- [x] Config is statically validated at startup (T23)`internal/config/validate.go`