Change ttl from 3600 (implied type nanoseconds) to one hour to avoid timing race issues. (#10851) (#10855)

Co-authored-by: Kit Haines <khaines@mit.edu>
2025-11-20 10:11:34 +01:00 · 2025-11-17 12:09:09 -05:00 · 2025-11-17 12:09:09 -05:00 · 6db1f3f937
commit 6db1f3f937
parent ab45220ae3
1 changed files with 10 additions and 10 deletions
--- a/builtin/logical/pki/cert_util_test.go
+++ b/builtin/logical/pki/cert_util_test.go
@ -156,12 +156,12 @@ func TestPki_PermitFQDNs(t *testing.T) {
 					Schema: fields,
 					Raw: map[string]interface{}{
 						"common_name": "example.com.",
-						"ttl":         3600,
+						"ttl":         time.Hour,
 					},
 				},
 				role: &issuing.RoleEntry{
 					AllowAnyName:     true,
-					MaxTTL:           3600,
+					MaxTTL:           time.Hour,
 					EnforceHostnames: true,
 				},
 			},
@ -175,13 +175,13 @@ func TestPki_PermitFQDNs(t *testing.T) {
 					Raw: map[string]interface{}{
 						"common_name": "Example.Net",
 						"alt_names":   "eXaMPLe.COM",
-						"ttl":         3600,
+						"ttl":         time.Hour,
 					},
 				},
 				role: &issuing.RoleEntry{
 					AllowedDomains:   []string{"example.net", "EXAMPLE.COM"},
 					AllowBareDomains: true,
-					MaxTTL:           3600,
+					MaxTTL:           time.Hour,
 				},
 			},
 			expectedDnsNames: []string{"Example.Net", "eXaMPLe.COM"},
@ -193,13 +193,13 @@ func TestPki_PermitFQDNs(t *testing.T) {
 					Schema: fields,
 					Raw: map[string]interface{}{
 						"common_name": "SUB.EXAMPLE.COM",
-						"ttl":         3600,
+						"ttl":         time.Hour,
 					},
 				},
 				role: &issuing.RoleEntry{
 					AllowedDomains:   []string{"example.com", "*.Example.com"},
 					AllowGlobDomains: true,
-					MaxTTL:           3600,
+					MaxTTL:           time.Hour,
 				},
 			},
 			expectedDnsNames: []string{"SUB.EXAMPLE.COM"},
@ -211,13 +211,13 @@ func TestPki_PermitFQDNs(t *testing.T) {
 					Schema: fields,
 					Raw: map[string]interface{}{
 						"common_name": "test@testemail.com",
-						"ttl":         3600,
+						"ttl":         time.Hour,
 					},
 				},
 				role: &issuing.RoleEntry{
 					AllowedDomains:   []string{"test@testemail.com"},
 					AllowBareDomains: true,
-					MaxTTL:           3600,
+					MaxTTL:           time.Hour,
 				},
 			},
 			expectedDnsNames: []string{},
@ -229,13 +229,13 @@ func TestPki_PermitFQDNs(t *testing.T) {
 					Schema: fields,
 					Raw: map[string]interface{}{
 						"common_name": "test@testemail.com",
-						"ttl":         3600,
+						"ttl":         time.Hour,
 					},
 				},
 				role: &issuing.RoleEntry{
 					AllowedDomains:   []string{"testemail.com"},
 					AllowBareDomains: true,
-					MaxTTL:           3600,
+					MaxTTL:           time.Hour,
 				},
 			},
 			expectedDnsNames: []string{},