Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update an expired certificate within the cert-auth test fixtures #29289

Merged
merged 2 commits into from
Jan 6, 2025
Merged

Update an expired certificate within the cert-auth test fixtures #29289

merged 2 commits into from
Jan 6, 2025
+59 −37

Conversation

stevendpclark
Copy link
Contributor

Description

Update an expired certificate within the cert-auth test fixtures, extending it's NotAfter by 25 years to 2050 for now.

TODO only if you're a HashiCorp employee

  • Backport Labels: If this fix needs to be backported, use the appropriate backport/ label that matches the desired release branch. Note that in the CE repo, the latest release branch will look like backport/x.x.x, but older release branches will be backport/ent/x.x.x+ent.
    • LTS: If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
  • ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
    of a public function, even if that change is in a CE file, double check that
    applying the patch for this PR to the ENT repo and running tests doesn't
    break any tests. Sometimes ENT only tests rely on public functions in CE
    files.
  • Jira: If this change has an associated Jira, it's referenced either
    in the PR description, commit message, or branch name.
  • RFC: If this change has an associated RFC, please link it in the description.
  • ENT PR: If this change has an associated ENT PR, please link it in the
    description. Also, make sure the changelog is in this PR, not in your ENT PR.

@stevendpclark stevendpclark self-assigned this Jan 6, 2025
@stevendpclark stevendpclark requested a review from a team as a code owner January 6, 2025 15:03
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Jan 6, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 6, 2025
edited
Loading

CI Results:
All Go tests succeeded! ✅

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 6, 2025

Build Results:
All builds succeeded! ✅

kitography
kitography previously approved these changes Jan 6, 2025
View reviewed changes
Copy link
Contributor

@kitography kitography left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stevendpclark stevendpclark requested a review from a team as a code owner January 6, 2025 15:40
sgmiller
sgmiller reviewed Jan 6, 2025
View reviewed changes
Copy link
Collaborator

@sgmiller sgmiller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just so I'm reading this right, you're largely getting rid of expirable test fixtures in favor of cheap EC certs generated at test time?

builtin/credential/cert/test-fixtures/keys/rebuild-cert.md
@@ -0,0 +1,6 @@
To rebuild the cert.pem within this folder run the following commands
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice addition!

@stevendpclark
Copy link
Contributor Author

Just so I'm reading this right, you're largely getting rid of expirable test fixtures in favor of cheap EC certs generated at test time?

Correct, I also find it a bit easier to understand what the test requires this way, instead of various generated static certificates kind of mixed together to force the desired failure.

@sgmiller sgmiller self-requested a review January 6, 2025 16:01
@stevendpclark stevendpclark merged commit d3a91f7 into main Jan 6, 2025
91 of 92 checks passed
@stevendpclark stevendpclark deleted the stevendpclark/vault-33264-renew-cert-auth-certificate branch January 6, 2025 16:11
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgmiller sgmiller sgmiller approved these changes

@kitography kitography kitography left review comments

@ltcarbonell ltcarbonell Awaiting requested review from ltcarbonell ltcarbonell is a code owner automatically assigned from hashicorp/vault

Assignees

@stevendpclark stevendpclark

Labels
backport/ent/1.16.x+ent Changes are backported to 1.16.x+ent backport/ent/1.17.x+ent Changes are backported to 1.17.x+ent backport/1.18.x hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed pr/no-changelog pr/no-milestone test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stevendpclark @kitography @sgmiller