mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-21 02:31:11 +01:00
Code Issues Projects Releases Wiki Activity

Change ttl from 3600 (implied type nanoseconds) to one hour to avoid timing race issues. (#10851) (#10855)

Browse Source 
Co-authored-by: Kit Haines <khaines@mit.edu>
This commit is contained in:
Vault Automation 2025-11-17 12:09:09 -05:00 committed by GitHub
parent ab45220ae3
commit 6db1f3f937
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
builtin/logical/pki/cert_util_test.go
View File

@ -156,12 +156,12 @@ func TestPki_PermitFQDNs(t *testing.T) {
Schema: fields, Schema: fields,
Raw: map[string]interface{}{ Raw: map[string]interface{}{
"common_name": "example.com.", "common_name": "example.com.",
"ttl": 3600, "ttl": time.Hour,
}, },
}, },
role: &issuing.RoleEntry{ role: &issuing.RoleEntry{
AllowAnyName: true, AllowAnyName: true,
MaxTTL: 3600, MaxTTL: time.Hour,
EnforceHostnames: true, EnforceHostnames: true,
}, },
}, },
@ -175,13 +175,13 @@ func TestPki_PermitFQDNs(t *testing.T) {
Raw: map[string]interface{}{ Raw: map[string]interface{}{
"common_name": "Example.Net", "common_name": "Example.Net",
"alt_names": "eXaMPLe.COM", "alt_names": "eXaMPLe.COM",
"ttl": 3600, "ttl": time.Hour,
}, },
}, },
role: &issuing.RoleEntry{ role: &issuing.RoleEntry{
AllowedDomains: []string{"example.net", "EXAMPLE.COM"}, AllowedDomains: []string{"example.net", "EXAMPLE.COM"},
AllowBareDomains: true, AllowBareDomains: true,
MaxTTL: 3600, MaxTTL: time.Hour,
}, },
}, },
expectedDnsNames: []string{"Example.Net", "eXaMPLe.COM"}, expectedDnsNames: []string{"Example.Net", "eXaMPLe.COM"},
@ -193,13 +193,13 @@ func TestPki_PermitFQDNs(t *testing.T) {
Schema: fields, Schema: fields,
Raw: map[string]interface{}{ Raw: map[string]interface{}{
"common_name": "SUB.EXAMPLE.COM", "common_name": "SUB.EXAMPLE.COM",
"ttl": 3600, "ttl": time.Hour,
}, },
}, },
role: &issuing.RoleEntry{ role: &issuing.RoleEntry{
AllowedDomains: []string{"example.com", "*.Example.com"}, AllowedDomains: []string{"example.com", "*.Example.com"},
AllowGlobDomains: true, AllowGlobDomains: true,
MaxTTL: 3600, MaxTTL: time.Hour,
}, },
}, },
expectedDnsNames: []string{"SUB.EXAMPLE.COM"}, expectedDnsNames: []string{"SUB.EXAMPLE.COM"},
@ -211,13 +211,13 @@ func TestPki_PermitFQDNs(t *testing.T) {
Schema: fields, Schema: fields,
Raw: map[string]interface{}{ Raw: map[string]interface{}{
"common_name": "test@testemail.com", "common_name": "test@testemail.com",
"ttl": 3600, "ttl": time.Hour,
}, },
}, },
role: &issuing.RoleEntry{ role: &issuing.RoleEntry{
AllowedDomains: []string{"test@testemail.com"}, AllowedDomains: []string{"test@testemail.com"},
AllowBareDomains: true, AllowBareDomains: true,
MaxTTL: 3600, MaxTTL: time.Hour,
}, },
}, },
expectedDnsNames: []string{}, expectedDnsNames: []string{},
@ -229,13 +229,13 @@ func TestPki_PermitFQDNs(t *testing.T) {
Schema: fields, Schema: fields,
Raw: map[string]interface{}{ Raw: map[string]interface{}{
"common_name": "test@testemail.com", "common_name": "test@testemail.com",
"ttl": 3600, "ttl": time.Hour,
}, },
}, },
role: &issuing.RoleEntry{ role: &issuing.RoleEntry{
AllowedDomains: []string{"testemail.com"}, AllowedDomains: []string{"testemail.com"},
AllowBareDomains: true, AllowBareDomains: true,
MaxTTL: 3600, MaxTTL: time.Hour,
}, },
}, },
expectedDnsNames: []string{}, expectedDnsNames: []string{},