Fix tests: certs are truncated to seconds.

authority/provisioner/acme_test.go

@@ -91,7 +91,7 @@ func TestACME_Init(t *testing.T) {
 }
 
 func TestACME_AuthorizeRenew(t *testing.T) {
-	now := time.Now()
+	now := time.Now().Truncate(time.Second)
 	type test struct {
 		p    *ACME
 		cert *x509.Certificate

authority/provisioner/aws_test.go

@@ -824,7 +824,7 @@ func TestAWS_AuthorizeSSHSign(t *testing.T) {
 }
 
 func TestAWS_AuthorizeRenew(t *testing.T) {
-	now := time.Now()
+	now := time.Now().Truncate(time.Second)
 	p1, err := generateAWS()
 	assert.FatalError(t, err)
 	p2, err := generateAWS()

authority/provisioner/azure_test.go

@@ -536,7 +536,7 @@ func TestAzure_AuthorizeSign(t *testing.T) {
 }
 
 func TestAzure_AuthorizeRenew(t *testing.T) {
-	now := time.Now()
+	now := time.Now().Truncate(time.Second)
 	p1, err := generateAzure()
 	assert.FatalError(t, err)
 	p2, err := generateAzure()

authority/provisioner/controller.go

@@ -122,7 +122,7 @@ func DefaultAuthorizeRenew(ctx context.Context, p *Controller, cert *x509.Certif
 
 	now := time.Now().Truncate(time.Second)
 	if now.Before(cert.NotBefore) {
-		return errs.Unauthorized("certificate is not yet valid")
+		return errs.Unauthorized("certificate is not yet valid" + " " + now.UTC().Format(time.RFC3339Nano) + " vs " + cert.NotBefore.Format(time.RFC3339Nano))
 	}
 	if now.After(cert.NotAfter) && !p.Claimer.IsRenewAfterExpiry() {
 		return errs.Unauthorized("certificate has expired")

authority/provisioner/controller_test.go

@@ -134,7 +134,7 @@ func TestController_GetIdentity(t *testing.T) {
 
 func TestController_AuthorizeRenew(t *testing.T) {
 	ctx := context.Background()
-	now := time.Now()
+	now := time.Now().Truncate(time.Second)
 	type fields struct {
 		Interface          Interface
 		Claimer            *Claimer
@@ -276,7 +276,7 @@ func TestController_AuthorizeSSHRenew(t *testing.T) {
 
 func TestDefaultAuthorizeRenew(t *testing.T) {
 	ctx := context.Background()
-	now := time.Now()
+	now := time.Now().Truncate(time.Second)
 	type args struct {
 		ctx  context.Context
 		p    *Controller

authority/provisioner/gcp_test.go

@@ -698,7 +698,7 @@ func TestGCP_AuthorizeSSHSign(t *testing.T) {
 }
 
 func TestGCP_AuthorizeRenew(t *testing.T) {
-	now := time.Now()
+	now := time.Now().Truncate(time.Second)
 	p1, err := generateGCP()
 	assert.FatalError(t, err)
 	p2, err := generateGCP()

authority/provisioner/jwk_test.go

@@ -325,7 +325,7 @@ func TestJWK_AuthorizeSign(t *testing.T) {
 }
 
 func TestJWK_AuthorizeRenew(t *testing.T) {
-	now := time.Now()
+	now := time.Now().Truncate(time.Second)
 	p1, err := generateJWK()
 	assert.FatalError(t, err)
 	p2, err := generateJWK()

authority/provisioner/k8sSA_test.go

@@ -179,7 +179,7 @@ func TestK8sSA_AuthorizeRevoke(t *testing.T) {
 }
 
 func TestK8sSA_AuthorizeRenew(t *testing.T) {
-	now := time.Now()
+	now := time.Now().Truncate(time.Second)
 	type test struct {
 		p    *K8sSA
 		cert *x509.Certificate

authority/provisioner/oidc_test.go

@@ -411,7 +411,7 @@ func TestOIDC_AuthorizeRevoke(t *testing.T) {
 }
 
 func TestOIDC_AuthorizeRenew(t *testing.T) {
-	now := time.Now()
+	now := time.Now().Truncate(time.Second)
 	p1, err := generateOIDC()
 	assert.FatalError(t, err)
 	p2, err := generateOIDC()

authority/provisioner/x5c_test.go

@@ -552,7 +552,7 @@ func TestX5C_AuthorizeRevoke(t *testing.T) {
 }
 
 func TestX5C_AuthorizeRenew(t *testing.T) {
-	now := time.Now()
+	now := time.Now().Truncate(time.Second)
 	type test struct {
 		p    *X5C
 		code int