diff --git a/lib/auth/helpers.go b/lib/auth/helpers.go index 99818886c00dc..dd1b2fcf7e414 100644 --- a/lib/auth/helpers.go +++ b/lib/auth/helpers.go @@ -79,7 +79,7 @@ type TestAuthServerConfig struct { // CipherSuites is the list of ciphers that the server supports. CipherSuites []uint16 // Clock is used to control time in tests. - Clock clockwork.FakeClock + Clock clockwork.Clock // ClusterNetworkingConfig allows a test to change the default // networking configuration. ClusterNetworkingConfig types.ClusterNetworkingConfig diff --git a/lib/auth/tls_test.go b/lib/auth/tls_test.go index 3282e52dafd65..3c222ca7a4417 100644 --- a/lib/auth/tls_test.go +++ b/lib/auth/tls_test.go @@ -413,8 +413,9 @@ func TestAutoRotation(t *testing.T) { t.Parallel() ctx := context.Background() - testSrv := newTestTLSServer(t) - clock := testSrv.AuthServer.TestAuthServerConfig.Clock + clock := clockwork.NewFakeClock() + testSrv := newTestTLSServer(t, withClock(clock)) + var ok bool // create proxy client @@ -514,8 +515,8 @@ func TestAutoFallback(t *testing.T) { t.Parallel() ctx := context.Background() - testSrv := newTestTLSServer(t) - clock := testSrv.AuthServer.TestAuthServerConfig.Clock + clock := clockwork.NewFakeClock() + testSrv := newTestTLSServer(t, withClock(clock)) var ok bool @@ -4977,6 +4978,7 @@ func verifyJWTAWSOIDC(clock clockwork.Clock, clusterName string, pairs []*types. type testTLSServerOptions struct { cacheEnabled bool accessGraph *AccessGraphConfig + clock clockwork.Clock } type testTLSServerOption func(*testTLSServerOptions) @@ -4993,6 +4995,12 @@ func withAccessGraphConfig(cfg AccessGraphConfig) testTLSServerOption { } } +func withClock(clock clockwork.Clock) testTLSServerOption { + return func(options *testTLSServerOptions) { + options.clock = clock + } +} + // newTestTLSServer is a helper that returns a *TestTLSServer with sensible // defaults for most tests that are exercising Auth Service RPCs. // @@ -5003,9 +5011,12 @@ func newTestTLSServer(t testing.TB, opts ...testTLSServerOption) *TestTLSServer for _, opt := range opts { opt(&options) } + if options.clock == nil { + options.clock = clockwork.NewFakeClockAt(time.Now().Round(time.Second).UTC()) + } as, err := NewTestAuthServer(TestAuthServerConfig{ Dir: t.TempDir(), - Clock: clockwork.NewFakeClockAt(time.Now().Round(time.Second).UTC()), + Clock: options.clock, CacheEnabled: options.cacheEnabled, }) require.NoError(t, err)