diff options
author | Dylan Griffith <dyl.griffith@gmail.com> | 2018-07-24 18:34:39 +0300 |
---|---|---|
committer | Dylan Griffith <dyl.griffith@gmail.com> | 2018-07-30 16:08:31 +0300 |
commit | cb21560b9174ed49d33cf974600bb2b5cf69fc62 (patch) | |
tree | 0ce9d092a5b4ab421df9ee21bf73b0f276f377e3 /spec/lib | |
parent | 039a8ebdd47d12b5f721a1e31825f079dd9e18d2 (diff) |
Ensure CA + Tiller cert never expire and Helm client cert expires quickly
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/gitlab/kubernetes/helm/certificate_spec.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/spec/lib/gitlab/kubernetes/helm/certificate_spec.rb b/spec/lib/gitlab/kubernetes/helm/certificate_spec.rb new file mode 100644 index 00000000000..f8d00c95a36 --- /dev/null +++ b/spec/lib/gitlab/kubernetes/helm/certificate_spec.rb @@ -0,0 +1,27 @@ +require 'spec_helper' + +describe Gitlab::Kubernetes::Helm::Certificate do + describe '.generate_root' do + subject { described_class.generate_root } + + it 'should generate a root CA that expires a long way in the future' do + expect(subject.cert.not_after).to be > 999.years.from_now + end + end + + describe '#issue' do + subject { described_class.generate_root.issue } + + it 'should generate a cert that expires soon' do + expect(subject.cert.not_after).to be < 60.minutes.from_now + end + + context 'passing in INFINITE_EXPIRY' do + subject { described_class.generate_root.issue(expires_in: described_class::INFINITE_EXPIRY) } + + it 'should generate a cert that expires a long way in the future' do + expect(subject.cert.not_after).to be > 999.years.from_now + end + end + end +end |