This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
ref(cert): remove expiration field from osm-ca-bundle secret data #4472
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Removes the use of the required expiration date data field in the
osm-ca-bundle. The certificate's expiration can be obtained
directly from the certificate rather than from the expiration
field.
This change also updates the logs in GetCertificateFromSecret to
reflect the broader use of the function.
Updates
ca_test.go
to use go testing package rather than ginkoand gomega. Adds checks for notAfter and expiration values on
the x509 certificate and the certificator respectively.
Note: It is no longer necessary to perform any formatting on
expiration time.
Resolves #4467
Testing done:
osm-ca-bundle
formatting when it was created by OSM using Tresor as the certificate providerosm-ca-bundle
secret without an expiration field when created by the userAffected area:
Please answer the following questions with yes/no.
Does this change contain code from or inspired by another project? No
Is this a breaking change? No
Has documentation corresponding to this change been updated in the osm-docs repo (if applicable)? No - will make a follow-up PR in the docs repo