Cert-alarm audit only considering days while comparing the alarm_before
,renew_before and expiry times this leaves a window for few hours where
an alarm is raised before the renew_before time of the certificate.
This change addresses this issue by considering hours,mins
along with days.
TestCases:
PASS: Create a certificate with duration 3hr, renewbefore 2h30min
now wait for 15mins and run full audit and verify that no alarm
is raised since expiry(2hr45min)> threshold(2hr30min)
PASS: Create a certificate with duration 3hr,renewbefore 2h30min.
delete the issuer which issued the certificate, after 30mins
the certificate renew fails then the expiry of the certificate
becomes less than threshold which is 2h30min, restart cert-alarm
service to run the full audit, notice an alarm 500.200 is raised
for this certificate, let it expire and notice that 500.200 is
cleared and 500.210 expired alarm is raised,create the issuer
and notice that 500.210 alarm cleared when active alarm audit
runs.
PASS: Install a ssl_ca certificate which expires in 1 day, notice that
an alarm 500.200 is raised and let it expire, notice that
500.210 alarm is raised and 500.200 is cleared on this certificate.
Reviewed: https:/ /review. opendev. org/c/starlingx /config/ +/910994 /opendev. org/starlingx/ config/ commit/ ce7f87aeb051512 8cadafa7b5f6d90 415222190a
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit ce7f87aeb051512 8cadafa7b5f6d90 415222190a
Author: amantri <email address hidden>
Date: Mon Mar 4 14:22:35 2024 -0500
Change cert-alarm service audit behavior
Cert-alarm audit only considering days while comparing the alarm_before
,renew_before and expiry times this leaves a window for few hours where
an alarm is raised before the renew_before time of the certificate.
This change addresses this issue by considering hours,mins
along with days.
TestCases:
certificate.
PASS: Create a certificate with duration 3hr, renewbefore 2h30min
now wait for 15mins and run full audit and verify that no alarm
is raised since expiry(2hr45min)> threshold(2hr30min)
PASS: Create a certificate with duration 3hr,renewbefore 2h30min.
delete the issuer which issued the certificate, after 30mins
the certificate renew fails then the expiry of the certificate
becomes less than threshold which is 2h30min, restart cert-alarm
service to run the full audit, notice an alarm 500.200 is raised
for this certificate, let it expire and notice that 500.200 is
cleared and 500.210 expired alarm is raised,create the issuer
and notice that 500.210 alarm cleared when active alarm audit
runs.
PASS: Install a ssl_ca certificate which expires in 1 day, notice that
an alarm 500.200 is raised and let it expire, notice that
500.210 alarm is raised and 500.200 is cleared on this
Closes-Bug: 2056071
Change-Id: I4f1a866d101d0b 8d8cb50f1bf5a2e 6698511296a
Signed-off-by: amantri <email address hidden>