mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

TokenCredentialRequest uses actual cert expiry time instead of estimate

Browse Source 
and also audit logs both the NotBefore and NotAfter of the issued cert.
Implemented by changing the return type of the cert issuer helpers
to make them also return the NotBefore and NotAfter values of the new
cert, along with the key PEM and cert PEM.
This commit is contained in:
Ryan Richard
2024-11-21 15:18:43 -08:00
committed by Joshua Casey
parent 032160a85e
commit ae5aad178d
19 changed files with 199 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/mocks/mockissuer/mockissuer.go
View File

@@ -17,6 +17,7 @@ import (
reflect "reflect"
time "time"
cert "go.pinniped.dev/internal/cert"
gomock "go.uber.org/mock/gomock"
)
@@ -45,13 +46,12 @@ func (m *MockClientCertIssuer) EXPECT() *MockClientCertIssuerMockRecorder {
}
// IssueClientCertPEM mocks base method.
func (m *MockClientCertIssuer) IssueClientCertPEM(username string, groups []string, ttl time.Duration) ([]byte, []byte, error) {
func (m *MockClientCertIssuer) IssueClientCertPEM(username string, groups []string, ttl time.Duration) (*cert.PEM, error) {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "IssueClientCertPEM", username, groups, ttl)
ret0, _ := ret[0].([]byte)
ret1, _ := ret[1].([]byte)
ret2, _ := ret[2].(error)
return ret0, ret1, ret2
ret0, _ := ret[0].(*cert.PEM)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// IssueClientCertPEM indicates an expected call of IssueClientCertPEM.