Update test to validate configurable certificate validity period

## Test Update - Fixed test failure after replacing magic number with configurable variable - Now validates both variable definition and usage patterns: - `certificate_validity_days: 3650` (configurable parameter) - `ownca_not_after: "+{{ certificate_validity_days }}d"` (variable usage) ## Improved Test Coverage - Better validation: checks that validity is configurable, not hardcoded - Maintains backwards compatibility verification (10-year default) - Ensures proper Ansible variable templating is used ## Verified - Config validation mode: All 6 tests pass ✓ - Validates the maintainability improvement from previous commit 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-03 10:33:13 +02:00 · 2025-08-04 22:22:29 -07:00 · 2025-08-04 22:22:29 -07:00 · a9bc3fe27b
commit a9bc3fe27b
parent ea04ee8b98
1 changed files with 2 additions and 1 deletions
--- a/tests/unit/test_openssl_compatibility.py
+++ b/tests/unit/test_openssl_compatibility.py
@ -448,7 +448,8 @@ def validate_certificate_chain_config():
        ('ownca_path', 'CA certificate path should be specified'),
        ('ownca_privatekey_path', 'CA private key path should be specified'),
        ('ownca_privatekey_passphrase', 'CA private key should be password protected'),
-        ('ownca_not_after: +3650d', 'Certificates should have 10-year validity'),
+        ('certificate_validity_days: 3650', 'Certificate validity should be configurable (default 10 years)'),
+        ('ownca_not_after: "+{{ certificate_validity_days }}d"', 'Certificates should use configurable validity period'),
        ('ownca_not_before: "-1d"', 'Certificates should have backdated start time'),
        ('curve: secp384r1', 'Should use strong elliptic curve cryptography'),
        ('type: ECC', 'Should use elliptic curve keys for better security')