@@ -17,7 +17,6 @@ limitations under the License.
1717package certwatcher_test
1818
1919import (
20- "bytes"
2120 "context"
2221 "crypto/rand"
2322 "crypto/rsa"
@@ -77,12 +76,12 @@ var _ = Describe("CertWatcher", func() {
7776 Expect (err ).ToNot (HaveOccurred ())
7877 })
7978
80- startWatcher := func () (done <- chan struct {}) {
79+ startWatcher := func (interval time. Duration ) (done <- chan struct {}) {
8180 doneCh := make (chan struct {})
8281 go func () {
8382 defer GinkgoRecover ()
8483 defer close (doneCh )
85- Expect (watcher .WithWatchInterval (time . Second ).Start (ctx )).To (Succeed ())
84+ Expect (watcher .WithWatchInterval (interval ).Start (ctx )).To (Succeed ())
8685 }()
8786 // wait till we read first cert
8887 Eventually (func () error {
@@ -93,14 +92,16 @@ var _ = Describe("CertWatcher", func() {
9392 }
9493
9594 It ("should read the initial cert/key" , func () {
96- doneCh := startWatcher ()
95+ // This test verifies the initial read succeeded. So interval doesn't matter.
96+ doneCh := startWatcher (10 * time .Second )
9797
9898 ctxCancel ()
9999 Eventually (doneCh , "4s" ).Should (BeClosed ())
100100 })
101101
102102 It ("should reload currentCert when changed" , func () {
103- doneCh := startWatcher ()
103+ // This test verifies fsnotify detects the cert change. So interval doesn't matter.
104+ doneCh := startWatcher (10 * time .Second )
104105 called := atomic.Int64 {}
105106 watcher .RegisterCallback (func (crt tls.Certificate ) {
106107 called .Add (1 )
@@ -115,7 +116,7 @@ var _ = Describe("CertWatcher", func() {
115116 Eventually (func () bool {
116117 secondcert , _ := watcher .GetCertificate (nil )
117118 first := firstcert .PrivateKey .(* rsa.PrivateKey )
118- return first .Equal (secondcert .PrivateKey ) || bytes . Equal ( firstcert .Certificate [ 0 ], secondcert .Certificate [ 0 ])
119+ return first .Equal (secondcert .PrivateKey ) || firstcert .Leaf . SerialNumber == secondcert .Leaf . SerialNumber
119120 }).ShouldNot (BeTrue ())
120121
121122 ctxCancel ()
@@ -124,7 +125,8 @@ var _ = Describe("CertWatcher", func() {
124125 })
125126
126127 It ("should reload currentCert when changed with rename" , func () {
127- doneCh := startWatcher ()
128+ // This test verifies fsnotify detects the cert change. So interval doesn't matter.
129+ doneCh := startWatcher (10 * time .Second )
128130 called := atomic.Int64 {}
129131 watcher .RegisterCallback (func (crt tls.Certificate ) {
130132 called .Add (1 )
@@ -145,7 +147,7 @@ var _ = Describe("CertWatcher", func() {
145147 Eventually (func () bool {
146148 secondcert , _ := watcher .GetCertificate (nil )
147149 first := firstcert .PrivateKey .(* rsa.PrivateKey )
148- return first .Equal (secondcert .PrivateKey ) || bytes . Equal ( firstcert .Certificate [ 0 ], secondcert .Certificate [ 0 ])
150+ return first .Equal (secondcert .PrivateKey ) || firstcert .Leaf . SerialNumber == secondcert .Leaf . SerialNumber
149151 }).ShouldNot (BeTrue ())
150152
151153 ctxCancel ()
@@ -154,7 +156,8 @@ var _ = Describe("CertWatcher", func() {
154156 })
155157
156158 It ("should reload currentCert after move out" , func () {
157- doneCh := startWatcher ()
159+ // This test verifies poll works, so we'll use 1s as interval (fsnotify doesn't detect this change).
160+ doneCh := startWatcher (1 * time .Second )
158161 called := atomic.Int64 {}
159162 watcher .RegisterCallback (func (crt tls.Certificate ) {
160163 called .Add (1 )
@@ -172,7 +175,7 @@ var _ = Describe("CertWatcher", func() {
172175 Eventually (func () bool {
173176 secondcert , _ := watcher .GetCertificate (nil )
174177 first := firstcert .PrivateKey .(* rsa.PrivateKey )
175- return first .Equal (secondcert .PrivateKey ) || bytes . Equal ( firstcert .Certificate [ 0 ], secondcert .Certificate [ 0 ])
178+ return first .Equal (secondcert .PrivateKey ) || firstcert .Leaf . SerialNumber == secondcert .Leaf . SerialNumber
176179 }, "10s" , "1s" ).ShouldNot (BeTrue ())
177180
178181 ctxCancel ()
@@ -190,7 +193,8 @@ var _ = Describe("CertWatcher", func() {
190193 })
191194
192195 It ("should get updated on successful certificate read" , func () {
193- doneCh := startWatcher ()
196+ // This test verifies fsnotify, so interval doesn't matter.
197+ doneCh := startWatcher (10 * time .Second )
194198
195199 Eventually (func () error {
196200 readCertificateTotalAfter := testutil .ToFloat64 (metrics .ReadCertificateTotal )
@@ -205,7 +209,8 @@ var _ = Describe("CertWatcher", func() {
205209 })
206210
207211 It ("should get updated on read certificate errors" , func () {
208- doneCh := startWatcher ()
212+ // This test works with fsnotify, so interval doesn't matter.
213+ doneCh := startWatcher (10 * time .Second )
209214
210215 Eventually (func () error {
211216 readCertificateTotalAfter := testutil .ToFloat64 (metrics .ReadCertificateTotal )
0 commit comments