connect/ca: simplify passing of leaf cert TTL

2018-07-25 17:51:45 -07:00 · 2018-07-25 17:51:45 -07:00 · 68d7a9fbd3
parent a125735d76
commit 68d7a9fbd3
2 changed files with 3 additions and 3 deletions
--- a/agent/connect/ca/provider_vault.go
+++ b/agent/connect/ca/provider_vault.go
@ -172,7 +172,7 @@ func (v *VaultProvider) GenerateIntermediate() (string, error) {
 			"allow_any_name":   true,
 			"allowed_uri_sans": "spiffe://*",
 			"key_type":         "any",
-			"max_ttl":          fmt.Sprintf("%.0fm", v.config.LeafCertTTL.Minutes()),
+			"max_ttl":          v.config.LeafCertTTL.String(),
 			"require_cn":       false,
 		})
 		if err != nil {
@ -227,7 +227,7 @@ func (v *VaultProvider) Sign(csr *x509.CertificateRequest) (string, error) {
 	// Use the leaf cert role to sign a new cert for this CSR.
 	response, err := v.client.Logical().Write(v.config.IntermediatePKIPath+"sign/"+VaultCALeafCertRole, map[string]interface{}{
 		"csr": pemBuf.String(),
-		"ttl": fmt.Sprintf("%.0fm", v.config.LeafCertTTL.Minutes()),
+		"ttl": v.config.LeafCertTTL.String(),
 	})
 	if err != nil {
 		return "", fmt.Errorf("error issuing cert: %v", err)
--- a/agent/connect/ca/provider_vault_test.go
+++ b/agent/connect/ca/provider_vault_test.go
@ -154,7 +154,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) {
 		require.NotEqual(firstSerial, parsed.SerialNumber.Uint64())

 		// Ensure the cert is valid now and expires within the correct limit.
-		require.True(parsed.NotAfter.Sub(time.Now()) < 3*24*time.Hour)
+		require.True(parsed.NotAfter.Sub(time.Now()) < time.Hour)
 		require.True(parsed.NotBefore.Before(time.Now()))
 	}
 }