From 90f0b7c16c68d1dd876fc88b56b58c04bc565230 Mon Sep 17 00:00:00 2001
From: Stanislav Levin <slev@altlinux.org>
Date: Fri, 6 Nov 2020 15:18:33 +0300
Subject: [PATCH] tests: Generate a proper `not-valid-after` field

Some tests assume that the mocked certificate will be valid in N
days from now(). There was a hardcoded `not-valid-after` value
which pointed to 20201205214850Z. So, from Nov 06 2020 the assertion
20201205214850Z - now() < cert_expiration_days(30days) fails.

Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/159
Signed-off-by: Stanislav Levin <slev@altlinux.org>
---
 tests/mock_certmonger.py              | 18 ++++++++++++++++--
 tests/test_ipa_expiration.py          |  8 ++++++--
 3 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/tests/mock_certmonger.py b/tests/mock_certmonger.py
index ab53620..8fa4d36 100644
--- a/tests/mock_certmonger.py
+++ b/tests/mock_certmonger.py
@@ -3,6 +3,7 @@
 #
 
 import copy
+from datetime import datetime, timedelta, timezone
 
 from ipaplatform.paths import paths
 
@@ -10,6 +11,8 @@ from ipaplatform.paths import paths
 # distinct from the value from the overrident get_defaults() method.
 template = paths.CERTMONGER_COMMAND_TEMPLATE
 
+CERT_EXPIRATION_DAYS = 30
+
 pristine_cm_requests = [
     {
         'nickname': '1234',
@@ -20,7 +23,11 @@ pristine_cm_requests = [
         'cert-storage': 'FILE',
         'cert-presave-command': template % 'renew_ra_cert_pre',
         'cert-postsave-command': template % 'renew_ra_cert',
-        'not-valid-after': 1024,
+        'not-valid-after': (
+            int(
+                datetime(1970, 1, 1, 0, 17, 4, tzinfo=timezone.utc).timestamp()
+            )
+        ),
     },
     {
         'nickname': '5678',
@@ -30,7 +37,14 @@ pristine_cm_requests = [
         'template_profile': 'caIPAserviceCert',
         'cert-storage': 'FILE',
         'cert-postsave-command': template % 'restart_httpd',
-        'not-valid-after': 1607204930,
+        'not-valid-after': (
+            int(
+                (
+                    datetime.now(timezone.utc) +
+                    timedelta(days=CERT_EXPIRATION_DAYS + 1)
+                ).timestamp()
+            )
+        ),
     },
 ]
 
diff --git a/tests/test_ipa_expiration.py b/tests/test_ipa_expiration.py
index ff3564b..fb7105b 100644
--- a/tests/test_ipa_expiration.py
+++ b/tests/test_ipa_expiration.py
@@ -11,7 +11,11 @@ from ipahealthcheck.ipa.certs import IPACertmongerExpirationCheck
 from ipahealthcheck.ipa.certs import IPACAChainExpirationCheck
 from unittest.mock import Mock, patch
 from mock_certmonger import create_mock_dbus, _certmonger
-from mock_certmonger import get_expected_requests, set_requests
+from mock_certmonger import (
+    get_expected_requests,
+    set_requests,
+    CERT_EXPIRATION_DAYS,
+)
 
 from datetime import datetime, timedelta, timezone
 
@@ -67,7 +71,7 @@ class TestExpiration(BaseTest):
         registry.initialize(framework, config.Config)
         f = IPACertmongerExpirationCheck(registry)
 
-        f.config.cert_expiration_days = '30'
+        f.config.cert_expiration_days = str(CERT_EXPIRATION_DAYS)
         self.results = capture_results(f)
 
         assert len(self.results) == 2
-- 
2.31.1