2 require 'puppet_x/certregen/certificate'
4 RSpec.describe PuppetX::Certregen::Certificate do
5 include_context "Initialize CA"
7 let(:ok_certificate) do
8 Puppet::SSL::CertificateAuthority.new.generate("ok")
11 let(:expired_certificate) do
12 one_year = 60 * 60 * 24 * 365
13 not_before = Time.now - one_year * 6
14 not_after = Time.now - one_year
15 make_certificate("expired", not_before, not_after)
18 let(:expiring_certificate) do
19 not_before = Time.now - (60 * 60 * 24 * 365 * 4)
20 not_after = Time.now + (60 * 60 * 24 * 30)
21 make_certificate("expiring", not_before, not_after)
24 let(:short_lived_certificate) do
25 not_before = Time.now - 86400
26 not_after = Time.now + (60 * 5)
27 make_certificate("expiring", not_before, not_after)
30 describe "#expiring?" do
31 it "is false for nodes outside of the expiration window" do
32 expect(described_class.expiring?(ok_certificate)).to eq(false)
35 it "is true for newly generated short lived certificates" do
36 expect(described_class.expiring?(short_lived_certificate)).to eq(false)
39 it "is true for expired nodes" do
40 expect(described_class.expiring?(expired_certificate)).to eq(true)
43 it "is true for nodes within the expiration window" do
44 expect(described_class.expiring?(expiring_certificate)).to eq(true)
49 describe "with an expired cert" do
50 subject { described_class.expiry(expired_certificate) }
51 it "has a status of expired" do
52 expect(subject[:status]).to eq :expired
55 it "includes the not after date" do
56 expect(subject[:expiration_date]).to eq expired_certificate.content.not_after
60 describe "with an expiring cert" do
61 subject { described_class.expiry(expiring_certificate) }
63 it "has a status of expiring" do
64 expect(subject[:status]).to eq :expiring
67 it "includes the not after date" do
68 expect(subject[:expiration_date]).to eq expiring_certificate.content.not_after
71 it "includes the time till expiration" do
72 expect(subject[:expires_in]).to match(/29 days, 23 hours, 59 minutes/)
76 describe "with an ok cert" do
77 subject { described_class.expiry(ok_certificate) }
79 it "has a status of ok" do
80 expect(subject[:status]).to eq :ok
83 it "includes the not after date" do
84 expect(subject[:expiration_date]).to eq ok_certificate.content.not_after
87 it "includes the time till expiration" do
88 expect(subject[:expires_in]).to match(/4 years, 364 days, 23 hours, 59 minutes/)