From f6cb6b8787440e6b26d3f4051ebdeee30dba9ec5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Valais?= Date: Fri, 5 Mar 2021 16:43:59 +0100 Subject: [PATCH] ocspServers test: give a link to the TODO issue MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Maël Valais --- .../certificaterequests/ca/ca_test.go | 22 ++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/pkg/controller/certificaterequests/ca/ca_test.go b/pkg/controller/certificaterequests/ca/ca_test.go index 4795d4794..a6a6c17af 100644 --- a/pkg/controller/certificaterequests/ca/ca_test.go +++ b/pkg/controller/certificaterequests/ca/ca_test.go @@ -435,9 +435,25 @@ func TestCA_Sign(t *testing.T) { }, ))), assertSignedCert: func(t *testing.T, got *x509.Certificate) { - // Let's check that the difference between the expected and - // received time is less than one second. One second seems - // small enough since the overall duration is 30 minutes. + // Although there is less than 1µs between the time.Now + // call made by the certificate template func (in the "pki" + // package) and the time.Now below, rounding or truncating + // will always end up with a flaky test. This is due to the + // rounding made to the notAfter value when serializing the + // certificate to ASN.1 [1]. + // + // [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1 + // + // So instead of using a truncation or rounding in order to + // check the time, we use a delta of 1 second. One entire + // second is totally overkill since, as detailed above, the + // delay is probably less than a microsecond. But that will + // do for now! + // + // Note that we do have a plan to fix this. We want to be + // injecting a time (instead of time.Now) to the template + // functions. This work is being tracked in this issue: + // https://github.com/jetstack/cert-manager/issues/3738 expectNotAfter := time.Now().UTC().Add(30 * time.Minute) deltaSec := math.Abs(expectNotAfter.Sub(got.NotAfter).Seconds()) assert.LessOrEqualf(t, deltaSec, 1., "expected a time delta lower than 1 second. Time expected='%s', got='%s'", expectNotAfter.String(), got.NotAfter.String())