Sc-8652: Handle Expired Certificates in Certman

[DanielSollis]

Scope of changes

Updates the Certman reissuance loop to handle the case where the certificate has expired.

Type of change

• bug fix
• new feature
• documentation
• other (describe)

Acceptance criteria

Describe how reviewers can test this change to be sure that it works correctly. Add a checklist if possible

Author checklist

• I have manually tested the change and/or added automation in the form of unit tests or integration tests
• I have updated the dependencies list
• I have recompiled and included new protocol buffers to reflect changes I made
• I have added new test fixtures as needed to support added tests
• Check this box if a reviewer can merge this pull request after approval (leave it unchecked if you want to do it yourself)
• I have moved the associated Shortcut story to "Ready for Review"

Reviewer(s) checklist

• Any new user-facing content that has been added for this PR has been QA'ed to ensure correct grammar, spelling, and understandability.

[pdeziel]

Looking good, I did have a few suggestions before merging but they should be fairly straightforward.

[pdeziel]

I do like this helper, however I think we can make it a bit more useful by moving it to the models package (pkg/models/v1) so other packages can use it. Then, let's replace all instances where we are encoding the serial number with this helper method so that we can standardize that a bit more (basically just search the repo for fmt.Sprintf("%X).

Also since we're moving it to a different package can we change the name of the method to GetCertID or something along those lines to better match the naming conventions there?

[DanielSollis]

That's a good idea!

[pdeziel]

We need to handle any errors returned by UpdateCert here, my first instinct is that we don't need to bail out of the loop or anything but I think we should at least log the error. What do you think?

[DanielSollis]

Fixed! I hadn't notice UpdateCert returning an error, my bad!

[pdeziel]

Was this test failing? I don't understand why this line is necessary now.

[DanielSollis]

Ya, hotelVASP's cert is expired so it was triggering the <= 7 days before expiration case by default, but now since we have a <= 0 days before expiration case it was triggering that and throwing off the expected emails and causing the test to fail, so I added this line to update it's cert expiration.

[pdeziel]

That makes complete sense, thanks.

[pdeziel]

Suggested change

	// setup the datastore to contain the modified charlieVASP
	// Setup the datastore to contain the modified hotelVASP

[DanielSollis]

Good catch!

[pdeziel]

So hotelVASP has an expired certificate by default?

[DanielSollis]

yep, see the above comment.

[pdeziel]

Thanks for making the changes, I had an additional suggestion to add a docstring but other than that feel free to merge when you're ready.