connect/ca: simplify passing of leaf cert TTL

This commit is contained in:
Kyle Havlovitz 2018-07-25 17:51:45 -07:00
parent ce10de036e
commit f67a4d59c0
No known key found for this signature in database
GPG Key ID: 8A5E6B173056AD6C
2 changed files with 3 additions and 3 deletions

View File

@ -172,7 +172,7 @@ func (v *VaultProvider) GenerateIntermediate() (string, error) {
"allow_any_name": true,
"allowed_uri_sans": "spiffe://*",
"key_type": "any",
"max_ttl": fmt.Sprintf("%.0fm", v.config.LeafCertTTL.Minutes()),
"max_ttl": v.config.LeafCertTTL.String(),
"require_cn": false,
})
if err != nil {
@ -227,7 +227,7 @@ func (v *VaultProvider) Sign(csr *x509.CertificateRequest) (string, error) {
// Use the leaf cert role to sign a new cert for this CSR.
response, err := v.client.Logical().Write(v.config.IntermediatePKIPath+"sign/"+VaultCALeafCertRole, map[string]interface{}{
"csr": pemBuf.String(),
"ttl": fmt.Sprintf("%.0fm", v.config.LeafCertTTL.Minutes()),
"ttl": v.config.LeafCertTTL.String(),
})
if err != nil {
return "", fmt.Errorf("error issuing cert: %v", err)

View File

@ -154,7 +154,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) {
require.NotEqual(firstSerial, parsed.SerialNumber.Uint64())
// Ensure the cert is valid now and expires within the correct limit.
require.True(parsed.NotAfter.Sub(time.Now()) < 3*24*time.Hour)
require.True(parsed.NotAfter.Sub(time.Now()) < time.Hour)
require.True(parsed.NotBefore.Before(time.Now()))
}
}