From 8877e1f3196ce27582682497a8925964c2571f21 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur <dtantsur@protonmail.com> Date: Wed, 31 Jan 2024 10:09:13 +0100 Subject: [PATCH] Trivial: avoid deprecated utcnow Change-Id: I5dbe3c2be36e23e749fbeebbc448d413d276b401 --- ironic_python_agent/tests/unit/test_tls_utils.py | 5 ++++- ironic_python_agent/tls_utils.py | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ironic_python_agent/tests/unit/test_tls_utils.py b/ironic_python_agent/tests/unit/test_tls_utils.py index 732139a98..aaa9db78f 100644 --- a/ironic_python_agent/tests/unit/test_tls_utils.py +++ b/ironic_python_agent/tests/unit/test_tls_utils.py @@ -37,7 +37,8 @@ class GenerateTestCase(ironic_agent_base.IronicAgentTest): result = tls_utils._generate_tls_certificate(self.crt_file, self.key_file, 'localhost', '127.0.0.1') - now = datetime.datetime.utcnow() + now = datetime.datetime.now( + tz=datetime.timezone.utc).replace(tzinfo=None) self.assertTrue(result.startswith("-----BEGIN CERTIFICATE-----\n"), result) self.assertTrue(result.endswith("\n-----END CERTIFICATE-----\n"), @@ -51,6 +52,8 @@ class GenerateTestCase(ironic_agent_base.IronicAgentTest): self.assertEqual([(x509.NameOID.COMMON_NAME, 'localhost')], [(item.oid, item.value) for item in cert.subject]) # Sanity check for validity range + # FIXME(dtantsur): use timezone-aware properties and drop the replace() + # call above when we're ready to bump to cryptography 42.0. self.assertLess(cert.not_valid_before, now - datetime.timedelta(seconds=1800)) self.assertGreater(cert.not_valid_after, diff --git a/ironic_python_agent/tls_utils.py b/ironic_python_agent/tls_utils.py index 62adec9e8..11a5e6640 100644 --- a/ironic_python_agent/tls_utils.py +++ b/ironic_python_agent/tls_utils.py @@ -77,9 +77,9 @@ def _generate_tls_certificate(output, private_key_output, ]) alt_name = x509.SubjectAlternativeName([x509.IPAddress(ip_address)]) allowed_clock_skew = CONF.auto_tls_allowed_clock_skew - not_valid_before = (datetime.datetime.utcnow() + not_valid_before = (datetime.datetime.now(tz=datetime.timezone.utc) - datetime.timedelta(seconds=allowed_clock_skew)) - not_valid_after = (datetime.datetime.utcnow() + not_valid_after = (datetime.datetime.now(tz=datetime.timezone.utc) + datetime.timedelta(days=valid_for_days)) cert = (x509.CertificateBuilder() .subject_name(subject)