forked from TrueCloudLab/certificates
Attempt to fix TestBootstrapClientServerRotation
This change attempts to fix the test TestBootstrapClientServerRotation. Due to the backdate, the renew options get too large, causing continuous renewals, and random errors. After experimenting with different options, truncating durations to seconds have shown better results than rounding or just use the plain time.
This commit is contained in:
parent
082734474b
commit
ba0b170818
1 changed files with 5 additions and 2 deletions
|
@ -60,7 +60,10 @@ func NewTLSRenewer(cert *tls.Certificate, fn RenewFunc, opts ...tlsRenewerOption
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
period := cert.Leaf.NotAfter.Sub(cert.Leaf.NotBefore)
|
// Use the current time to calculate the initial period. Using a notBefore
|
||||||
|
// in the past might set a renewBefore too large, causing continuous
|
||||||
|
// renewals due to the negative values in nextRenewDuration.
|
||||||
|
period := cert.Leaf.NotAfter.Sub(time.Now().Truncate(time.Second))
|
||||||
if period < minCertDuration {
|
if period < minCertDuration {
|
||||||
return nil, errors.Errorf("period must be greater than or equal to %s, but got %v.", minCertDuration, period)
|
return nil, errors.Errorf("period must be greater than or equal to %s, but got %v.", minCertDuration, period)
|
||||||
}
|
}
|
||||||
|
@ -181,7 +184,7 @@ func (r *TLSRenewer) renewCertificate() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *TLSRenewer) nextRenewDuration(notAfter time.Time) time.Duration {
|
func (r *TLSRenewer) nextRenewDuration(notAfter time.Time) time.Duration {
|
||||||
d := time.Until(notAfter) - r.renewBefore
|
d := time.Until(notAfter).Truncate(time.Second) - r.renewBefore
|
||||||
n := rand.Int63n(int64(r.renewJitter))
|
n := rand.Int63n(int64(r.renewJitter))
|
||||||
d -= time.Duration(n)
|
d -= time.Duration(n)
|
||||||
if d < 0 {
|
if d < 0 {
|
||||||
|
|
Loading…
Reference in a new issue