From 68d7a9fbd31fbef3c5cf045e9767bf8174723627 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Wed, 25 Jul 2018 17:51:45 -0700 Subject: [PATCH] connect/ca: simplify passing of leaf cert TTL --- agent/connect/ca/provider_vault.go | 4 ++-- agent/connect/ca/provider_vault_test.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index 8c04edc0b..743ea8957 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -172,7 +172,7 @@ func (v *VaultProvider) GenerateIntermediate() (string, error) { "allow_any_name": true, "allowed_uri_sans": "spiffe://*", "key_type": "any", - "max_ttl": fmt.Sprintf("%.0fm", v.config.LeafCertTTL.Minutes()), + "max_ttl": v.config.LeafCertTTL.String(), "require_cn": false, }) if err != nil { @@ -227,7 +227,7 @@ func (v *VaultProvider) Sign(csr *x509.CertificateRequest) (string, error) { // Use the leaf cert role to sign a new cert for this CSR. response, err := v.client.Logical().Write(v.config.IntermediatePKIPath+"sign/"+VaultCALeafCertRole, map[string]interface{}{ "csr": pemBuf.String(), - "ttl": fmt.Sprintf("%.0fm", v.config.LeafCertTTL.Minutes()), + "ttl": v.config.LeafCertTTL.String(), }) if err != nil { return "", fmt.Errorf("error issuing cert: %v", err) diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go index 3769d79d1..5c248e8dc 100644 --- a/agent/connect/ca/provider_vault_test.go +++ b/agent/connect/ca/provider_vault_test.go @@ -154,7 +154,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) { require.NotEqual(firstSerial, parsed.SerialNumber.Uint64()) // Ensure the cert is valid now and expires within the correct limit. - require.True(parsed.NotAfter.Sub(time.Now()) < 3*24*time.Hour) + require.True(parsed.NotAfter.Sub(time.Now()) < time.Hour) require.True(parsed.NotBefore.Before(time.Now())) } }