From f8da8a556fad2c47279496a0dffff89045f70f68 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Wed, 5 Sep 2018 12:33:31 -0400
Subject: [PATCH] Fix PKI test; add deprecated parameter as synonym

---
 CHANGELOG.md                     | 2 +-
 builtin/logical/pki/ca_test.go   | 5 +++--
 builtin/logical/pki/path_tidy.go | 8 +++++++-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index be6568566..9aa9e7b5e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,7 +26,7 @@ BUG FIXES:
  * secrets/database: Fix nil pointer when revoking some leases [GH-5262]
  * secrets/pki: Fix sign-verbatim losing extra Subject attributes [GH-5245]
  * secrets/pki: Remove certificates from store when tidying revoked
-   certificates [GH-5231]
+   certificates and simplify API [GH-5231]
  * ui: JSON editor will not coerce input to an object, and will now show an 
    error about Vault expecting an object [GH-5271]
  
diff --git a/builtin/logical/pki/ca_test.go b/builtin/logical/pki/ca_test.go
index 342272b49..66d666a5a 100644
--- a/builtin/logical/pki/ca_test.go
+++ b/builtin/logical/pki/ca_test.go
@@ -82,7 +82,7 @@ func TestBackend_CA_Steps(t *testing.T) {
 			NotBefore:             time.Now().Add(-30 * time.Second),
 			NotAfter:              time.Now().Add(262980 * time.Hour),
 			BasicConstraintsValid: true,
-			IsCA:                  true,
+			IsCA: true,
 		}
 		caBytes, err := x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, cak.Public(), cak)
 		if err != nil {
@@ -107,7 +107,7 @@ func TestBackend_CA_Steps(t *testing.T) {
 		if err != nil {
 			panic(err)
 		}
-		subjKeyID, err = certutil.GetSubjKeyID(rak)
+		_, err = certutil.GetSubjKeyID(rak)
 		if err != nil {
 			panic(err)
 		}
@@ -437,6 +437,7 @@ func runSteps(t *testing.T, rootB, intB *backend, client *api.Client, rootName,
 	}
 
 	verifyRevocation := func(t *testing.T, serial string, shouldFind bool) {
+		t.Helper()
 		// Verify it is now revoked
 		{
 			resp, err := client.Logical().Read(rootName + "cert/" + intSerialNumber)
diff --git a/builtin/logical/pki/path_tidy.go b/builtin/logical/pki/path_tidy.go
index e1ec9d47f..e70473576 100644
--- a/builtin/logical/pki/path_tidy.go
+++ b/builtin/logical/pki/path_tidy.go
@@ -23,6 +23,11 @@ func pathTidy(b *backend) *framework.Path {
 the certificate store`,
 			},
 
+			"tidy_revocation_list": &framework.FieldSchema{
+				Type:        framework.TypeBool,
+				Description: `Deprecated; synonym for 'tidy_revoked_certs`,
+			},
+
 			"tidy_revoked_certs": &framework.FieldSchema{
 				Type: framework.TypeBool,
 				Description: `Set to true to expire all revoked
@@ -54,6 +59,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr
 	safetyBuffer := d.Get("safety_buffer").(int)
 	tidyCertStore := d.Get("tidy_cert_store").(bool)
 	tidyRevokedCerts := d.Get("tidy_revoked_certs").(bool)
+	tidyRevocationList := d.Get("tidy_revocation_list").(bool)
 
 	if safetyBuffer < 1 {
 		return logical.ErrorResponse("safety_buffer must be greater than zero"), nil
@@ -121,7 +127,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr
 				}
 			}
 
-			if tidyRevokedCerts {
+			if tidyRevokedCerts || tidyRevocationList {
 				b.revokeStorageLock.Lock()
 				defer b.revokeStorageLock.Unlock()