Merge pull request #29 from mattmoyer/increase-cert-ttl
Increase client cert TTL from 5m to 1h.
This commit is contained in:
Matt Moyer
GitHub
commit
ce71a5bac8
|
|
@ -23,6 +23,9 @@ import (
|
||||||
placeholderapi "github.com/suzerain-io/placeholder-name-api/pkg/apis/placeholder"
|
placeholderapi "github.com/suzerain-io/placeholder-name-api/pkg/apis/placeholder"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// clientCertificateTTL is the TTL for short-lived client certificates returned by this API.
|
||||||
|
const clientCertificateTTL = 1 * time.Hour
|
||||||
|
|
||||||
var (
|
var (
|
||||||
_ rest.Creater = &REST{}
|
_ rest.Creater = &REST{}
|
||||||
_ rest.NamespaceScopedStrategy = &REST{}
|
_ rest.NamespaceScopedStrategy = &REST{}
|
||||||
|
|
@ -128,7 +131,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation
|
||||||
OrganizationalUnit: authResponse.User.GetGroups(),
|
OrganizationalUnit: authResponse.User.GetGroups(),
|
||||||
},
|
},
|
||||||
[]string{},
|
[]string{},
|
||||||
5*time.Minute,
|
clientCertificateTTL,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.Warningf("failed to issue short lived client certificate: %v", err)
|
klog.Warningf("failed to issue short lived client certificate: %v", err)
|
||||||
|
|
|
||||||
|
|
@ -144,7 +144,7 @@ func TestCreateSucceedsWhenGivenATokenAndTheWebhookAuthenticatesTheToken(t *test
|
||||||
CommonName: "test-user",
|
CommonName: "test-user",
|
||||||
OrganizationalUnit: []string{"test-group-1", "test-group-2"}},
|
OrganizationalUnit: []string{"test-group-1", "test-group-2"}},
|
||||||
[]string{},
|
[]string{},
|
||||||
5*time.Minute,
|
1*time.Hour,
|
||||||
).Return([]byte("test-cert"), []byte("test-key"), nil)
|
).Return([]byte("test-cert"), []byte("test-key"), nil)
|
||||||
|
|
||||||
storage := NewREST(&webhook, issuer)
|
storage := NewREST(&webhook, issuer)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue