From a9bc3fe27bb7e74116a5be997dbe867fabe3a22c Mon Sep 17 00:00:00 2001 From: Dan Guido Date: Mon, 4 Aug 2025 22:22:29 -0700 Subject: [PATCH] Update test to validate configurable certificate validity period MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Test Update - Fixed test failure after replacing magic number with configurable variable - Now validates both variable definition and usage patterns: - `certificate_validity_days: 3650` (configurable parameter) - `ownca_not_after: "+{{ certificate_validity_days }}d"` (variable usage) ## Improved Test Coverage - Better validation: checks that validity is configurable, not hardcoded - Maintains backwards compatibility verification (10-year default) - Ensures proper Ansible variable templating is used ## Verified - Config validation mode: All 6 tests pass ✓ - Validates the maintainability improvement from previous commit 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- tests/unit/test_openssl_compatibility.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/unit/test_openssl_compatibility.py b/tests/unit/test_openssl_compatibility.py index 6ccded79..320306aa 100644 --- a/tests/unit/test_openssl_compatibility.py +++ b/tests/unit/test_openssl_compatibility.py @@ -448,7 +448,8 @@ def validate_certificate_chain_config(): ('ownca_path', 'CA certificate path should be specified'), ('ownca_privatekey_path', 'CA private key path should be specified'), ('ownca_privatekey_passphrase', 'CA private key should be password protected'), - ('ownca_not_after: +3650d', 'Certificates should have 10-year validity'), + ('certificate_validity_days: 3650', 'Certificate validity should be configurable (default 10 years)'), + ('ownca_not_after: "+{{ certificate_validity_days }}d"', 'Certificates should use configurable validity period'), ('ownca_not_before: "-1d"', 'Certificates should have backdated start time'), ('curve: secp384r1', 'Should use strong elliptic curve cryptography'), ('type: ECC', 'Should use elliptic curve keys for better security')