updates comments and filters out negative values for Timeout

Venafi · Feb 28, 2024 · 21f6eb4 · 21f6eb4
1 parent dd6dc94
commit 21f6eb4
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 7 deletions.
diff --git a/pkg/certificate/request.go b/pkg/certificate/request.go
@@ -48,14 +48,16 @@ type Request struct {
 	/*	Thumbprint is here because *Request is used in RetrieveCertificate().
 		Code should be refactored so that RetrieveCertificate() uses some abstract search object, instead of *Request{PickupID} */
 	Thumbprint string
-	// Timeout we have multiple purposes for timeout (bad practice, we need to correct this in the future)
-	// TPP (a.k.a TLPSDC): we use it in order to set WorkToDoTimeout, that overrides TPP default timeout waiting time for the CA to finish
+	// Timeout usage:
+	// TPP (a.k.a TLSPDC): we use it in order to set WorkToDoTimeout, that overrides TPP default timeout waiting time for the CA to finish
 	// if the value is more than the maximum value, TPP will automatically set the maximum value supported (as of the moment of this
 	// commit, 120 seconds).
-	// Cloud (a.k.a VaaS a.k.a TLPSC) : We use this timeout in our RetrieveCertificate function which handles a retry logic
+	// Cloud (a.k.a VaaS a.k.a TLSPC) : We use this timeout in our RetrieveCertificate function which handles a retry logic
 	// TPP SSH feature: We override the http client default timeout to perform http requests.
 	// Firefly: not usage at all
-	// VCert CLI: We have hardcoded 180 seconds for retrieve certificate operation. For VaaS it will set retry logic for
+	//
+	// Note:
+	// In VCert CLI we have hardcoded 180 seconds for retrieve certificate operation. For VaaS it will set retry logic for
 	// 180 seconds and TPP will override CA timeout as the hardcoded value
 	Timeout          time.Duration
 	CustomFields     []CustomField

diff --git a/pkg/venafi/tpp/connector.go b/pkg/venafi/tpp/connector.go
@@ -653,9 +653,12 @@ func (c *Connector) prepareRequest(req *certificate.Request, zone string) (tppRe
 	//    - true: Clear the Disabled attribute, reenable, and then renew the certificate (in this request). Reuse the same CertificateDN, that is also known as a Certificate object.
 	tppReq.Reenable = true
 
-	// If enable timeout is defined by the user in the request, we use it in order
-	// override API's timeout for the CA to finish issuance
-	if req.Timeout != 0 {
+	// If "Timeout" is defined by the user in the request, we use it in order to
+	// override API's timeout for the CA to finish issuance. In TLSPDC this means
+	// using WorkToDoTimeout attribute.
+	// We make sure to get the seconds from
+	// "Timeout" as it is a "TimeDuration" and remote (TLPSDC) only expects value in seconds.
+	if req.Timeout > 0 {
 		seconds := int64(req.Timeout.Seconds())
 		secondsString := strconv.FormatInt(seconds, 10)
 		tppReq.WorkToDoTimeout = secondsString