diff options
author | Dylan Griffith <dyl.griffith@gmail.com> | 2018-07-24 18:34:39 +0300 |
---|---|---|
committer | Dylan Griffith <dyl.griffith@gmail.com> | 2018-07-30 16:08:31 +0300 |
commit | cb21560b9174ed49d33cf974600bb2b5cf69fc62 (patch) | |
tree | 0ce9d092a5b4ab421df9ee21bf73b0f276f377e3 /spec/models/clusters | |
parent | 039a8ebdd47d12b5f721a1e31825f079dd9e18d2 (diff) |
Ensure CA + Tiller cert never expire and Helm client cert expires quickly
Diffstat (limited to 'spec/models/clusters')
5 files changed, 15 insertions, 0 deletions
diff --git a/spec/models/clusters/applications/helm_spec.rb b/spec/models/clusters/applications/helm_spec.rb index 535e9f15919..6396048492e 100644 --- a/spec/models/clusters/applications/helm_spec.rb +++ b/spec/models/clusters/applications/helm_spec.rb @@ -43,6 +43,9 @@ describe Clusters::Applications::Helm do expect(subject.files[:'cert.pem']).to be_present expect(subject.files[:'key.pem']).to be_present + + cert = OpenSSL::X509::Certificate.new(subject.files[:'cert.pem']) + expect(cert.not_after).to be > 999.years.from_now end end end diff --git a/spec/models/clusters/applications/ingress_spec.rb b/spec/models/clusters/applications/ingress_spec.rb index 6426818d349..c76aae432f9 100644 --- a/spec/models/clusters/applications/ingress_spec.rb +++ b/spec/models/clusters/applications/ingress_spec.rb @@ -108,6 +108,9 @@ describe Clusters::Applications::Ingress do expect(subject[:'cert.pem']).to be_present expect(subject[:'key.pem']).to be_present + + cert = OpenSSL::X509::Certificate.new(subject[:'cert.pem']) + expect(cert.not_after).to be < 60.minutes.from_now end end end diff --git a/spec/models/clusters/applications/jupyter_spec.rb b/spec/models/clusters/applications/jupyter_spec.rb index 4a470bbea74..a8cf44ac8a8 100644 --- a/spec/models/clusters/applications/jupyter_spec.rb +++ b/spec/models/clusters/applications/jupyter_spec.rb @@ -53,6 +53,9 @@ describe Clusters::Applications::Jupyter do expect(subject[:'cert.pem']).to be_present expect(subject[:'key.pem']).to be_present + + cert = OpenSSL::X509::Certificate.new(subject[:'cert.pem']) + expect(cert.not_after).to be < 60.minutes.from_now end context 'when the helm application does not have a ca_cert' do diff --git a/spec/models/clusters/applications/prometheus_spec.rb b/spec/models/clusters/applications/prometheus_spec.rb index c506d3a69e2..313bd741f88 100644 --- a/spec/models/clusters/applications/prometheus_spec.rb +++ b/spec/models/clusters/applications/prometheus_spec.rb @@ -168,6 +168,9 @@ describe Clusters::Applications::Prometheus do expect(subject[:'cert.pem']).to be_present expect(subject[:'key.pem']).to be_present + + cert = OpenSSL::X509::Certificate.new(subject[:'cert.pem']) + expect(cert.not_after).to be < 60.minutes.from_now end context 'when the helm application does not have a ca_cert' do diff --git a/spec/models/clusters/applications/runner_spec.rb b/spec/models/clusters/applications/runner_spec.rb index ab37603e4ec..65aaa1ee882 100644 --- a/spec/models/clusters/applications/runner_spec.rb +++ b/spec/models/clusters/applications/runner_spec.rb @@ -49,6 +49,9 @@ describe Clusters::Applications::Runner do expect(subject[:'cert.pem']).to be_present expect(subject[:'key.pem']).to be_present + + cert = OpenSSL::X509::Certificate.new(subject[:'cert.pem']) + expect(cert.not_after).to be < 60.minutes.from_now end context 'when the helm application does not have a ca_cert' do |