Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use 90 day test certs in temporal shard window #128

Merged
merged 3 commits into from
Apr 3, 2023
Merged

Use 90 day test certs in temporal shard window #128

merged 3 commits into from
Apr 3, 2023

Conversation

andygabby
Copy link
Member

Change the behavior of the test certificate generation to always create a
90 day certificate, and make sure it falls in the temporal shard window if
one is defined. If issuing a certificate for a current temporal shard
(where the system time + 90d NotAfter lands in the temporal window),
then generate a certifcate based on the current time. If generating a
certificate for a past or future temporal shard, then generate a 90d
certificate that falls in that window.

In addition, fix failing CI with updates and lint fixes:

  • Update golangci-lint
  • Add the ability to run tests and lint manually in GitHub Actions
  • Add lint exclusions
  • Fix misspelling
  • Remove duplicate tls import

Fixes #127

andygabby added 2 commits April 1, 2023 19:37
@andygabby
Use 90 day test certs in temporal shard window
d3df5af 
Change the behavior of the test certificate generation to always create a
90 day certificate, and make sure it falls in the temporal shard window if
one is defined. If issuing a certificate for a current temporal shard
(where the system time + 90d `NotAfter` lands in the temporal window),
then generate a certifcate based on the current time. If generating a
certificate for a past or future temporal shard, then generate a 90d
certificate that falls in that window.

Fixes letsencrypt#127
@andygabby
Fix failing CI tests
b19f7cc 
* Update golangci-lint
* Add the ability to run tests and lint manually in GitHub Actions
* Add lint exclusions
* Fix misspelling
* Remove duplicate tls import
@andygabby andygabby mentioned this pull request Apr 2, 2023
Merged
aarongable
aarongable previously approved these changes Apr 3, 2023
View reviewed changes
Copy link
Contributor

@aarongable aarongable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo three minor comments

.golangci.yaml Outdated Show resolved Hide resolved
pki/certs.go Outdated Show resolved Hide resolved
pki/certs.go Outdated Show resolved Hide resolved
@pgporada pgporada self-requested a review April 3, 2023 17:03
@andygabby andygabby mentioned this pull request Apr 3, 2023
Open
@andygabby andygabby requested a review from aarongable April 3, 2023 18:43
@andygabby andygabby merged commit 8cfebe7 into letsencrypt:main Apr 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aarongable aarongable aarongable approved these changes

@pgporada pgporada Awaiting requested review from pgporada

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

windowStart and windowEnd are not being respected when issuing test certificates
2 participants
@andygabby @aarongable