Attempt to fix TestBootstrapClientServerRotation

This change attempts to fix the test TestBootstrapClientServerRotation.
Due to the backdate, the renew options get too large, causing
continuous renewals, and random errors. After experimenting with
different options, truncating durations to seconds have shown better
results than rounding or just use the plain time.
This commit is contained in:
Mariano Cano 2022-03-23 19:14:28 -07:00
parent 082734474b
commit ba0b170818

View file

@ -60,7 +60,10 @@ func NewTLSRenewer(cert *tls.Certificate, fn RenewFunc, opts ...tlsRenewerOption
} }
} }
period := cert.Leaf.NotAfter.Sub(cert.Leaf.NotBefore) // Use the current time to calculate the initial period. Using a notBefore
// in the past might set a renewBefore too large, causing continuous
// renewals due to the negative values in nextRenewDuration.
period := cert.Leaf.NotAfter.Sub(time.Now().Truncate(time.Second))
if period < minCertDuration { if period < minCertDuration {
return nil, errors.Errorf("period must be greater than or equal to %s, but got %v.", minCertDuration, period) return nil, errors.Errorf("period must be greater than or equal to %s, but got %v.", minCertDuration, period)
} }
@ -181,7 +184,7 @@ func (r *TLSRenewer) renewCertificate() {
} }
func (r *TLSRenewer) nextRenewDuration(notAfter time.Time) time.Duration { func (r *TLSRenewer) nextRenewDuration(notAfter time.Time) time.Duration {
d := time.Until(notAfter) - r.renewBefore d := time.Until(notAfter).Truncate(time.Second) - r.renewBefore
n := rand.Int63n(int64(r.renewJitter)) n := rand.Int63n(int64(r.renewJitter))
d -= time.Duration(n) d -= time.Duration(n)
if d < 0 { if d < 0 {