3rdparty/modules/certregen/spec/integration/puppet_x/certregen/certificate_spec.rb

   1 require 'spec_helper'
   2 require 'puppet_x/certregen/certificate'
   3
   4 RSpec.describe PuppetX::Certregen::Certificate do
   5   include_context "Initialize CA"
   6
   7   let(:ok_certificate) do
   8     Puppet::SSL::CertificateAuthority.new.generate("ok")
   9   end
  10
  11   let(:expired_certificate) do
  12     one_year = 60 * 60 * 24 * 365
  13     not_before = Time.now - one_year * 6
  14     not_after = Time.now - one_year
  15     make_certificate("expired", not_before, not_after)
  16   end
  17
  18   let(:expiring_certificate) do
  19     not_before = Time.now - (60 * 60 * 24 * 365 * 4)
  20     not_after = Time.now + (60 * 60 * 24 * 30)
  21     make_certificate("expiring", not_before, not_after)
  22   end
  23
  24   let(:short_lived_certificate) do
  25     not_before = Time.now - 86400
  26     not_after = Time.now + (60 * 5)
  27     make_certificate("expiring", not_before, not_after)
  28   end
  29
  30   describe "#expiring?" do
  31     it "is false for nodes outside of the expiration window" do
  32       expect(described_class.expiring?(ok_certificate)).to eq(false)
  33     end
  34
  35     it "is true for newly generated short lived certificates" do
  36       expect(described_class.expiring?(short_lived_certificate)).to eq(false)
  37     end
  38
  39     it "is true for expired nodes" do
  40       expect(described_class.expiring?(expired_certificate)).to eq(true)
  41     end
  42
  43     it "is true for nodes within the expiration window" do
  44       expect(described_class.expiring?(expiring_certificate)).to eq(true)
  45     end
  46   end
  47
  48   describe '#expiry' do
  49     describe "with an expired cert" do
  50       subject { described_class.expiry(expired_certificate) }
  51       it "has a status of expired" do
  52         expect(subject[:status]).to eq :expired
  53       end
  54
  55       it "includes the not after date" do
  56         expect(subject[:expiration_date]).to eq expired_certificate.content.not_after
  57       end
  58     end
  59
  60     describe "with an expiring cert" do
  61       subject { described_class.expiry(expiring_certificate) }
  62
  63       it "has a status of expiring" do
  64         expect(subject[:status]).to eq :expiring
  65       end
  66
  67       it "includes the not after date" do
  68         expect(subject[:expiration_date]).to eq expiring_certificate.content.not_after
  69       end
  70
  71       it "includes the time till expiration" do
  72         expect(subject[:expires_in]).to match(/29 days, 23 hours, 59 minutes/)
  73       end
  74     end
  75
  76     describe "with an ok cert" do
  77       subject { described_class.expiry(ok_certificate) }
  78
  79       it "has a status of ok" do
  80         expect(subject[:status]).to eq :ok
  81       end
  82
  83       it "includes the not after date" do
  84         expect(subject[:expiration_date]).to eq ok_certificate.content.not_after
  85       end
  86
  87       it "includes the time till expiration" do
  88         expect(subject[:expires_in]).to match(/4 years, 364 days, 23 hours, 59 minutes/)
  89       end
  90     end
  91   end
  92 end