Ensure CA + Tiller cert never expire and Helm client cert expires quickly

author: Dylan Griffith <dyl.griffith@gmail.com> 2018-07-24 18:34:39 +0300
committer: Dylan Griffith <dyl.griffith@gmail.com> 2018-07-30 16:08:31 +0300
commit: cb21560b9174ed49d33cf974600bb2b5cf69fc62 (patch)
tree: 0ce9d092a5b4ab421df9ee21bf73b0f276f377e3 /spec/lib
parent: 039a8ebdd47d12b5f721a1e31825f079dd9e18d2 (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/spec/lib/gitlab/kubernetes/helm/certificate_spec.rb b/spec/lib/gitlab/kubernetes/helm/certificate_spec.rb
new file mode 100644
index 00000000000..f8d00c95a36
--- /dev/null
+++ b/spec/lib/gitlab/kubernetes/helm/certificate_spec.rb
@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+describe Gitlab::Kubernetes::Helm::Certificate do
+  describe '.generate_root' do
+    subject { described_class.generate_root }
+
+    it 'should generate a root CA that expires a long way in the future' do
+      expect(subject.cert.not_after).to be > 999.years.from_now
+    end
+  end
+
+  describe '#issue' do
+    subject { described_class.generate_root.issue }
+
+    it 'should generate a cert that expires soon' do
+      expect(subject.cert.not_after).to be < 60.minutes.from_now
+    end
+
+    context 'passing in INFINITE_EXPIRY' do
+      subject { described_class.generate_root.issue(expires_in: described_class::INFINITE_EXPIRY) }
+
+      it 'should generate a cert that expires a long way in the future' do
+        expect(subject.cert.not_after).to be > 999.years.from_now
+      end
+    end
+  end
+end
author	Dylan Griffith <dyl.griffith@gmail.com>	2018-07-24 18:34:39 +0300
committer	Dylan Griffith <dyl.griffith@gmail.com>	2018-07-30 16:08:31 +0300
commit	cb21560b9174ed49d33cf974600bb2b5cf69fc62 (patch)
tree	0ce9d092a5b4ab421df9ee21bf73b0f276f377e3 /spec/lib
parent	039a8ebdd47d12b5f721a1e31825f079dd9e18d2 (diff)