backport of commit 464b9de169 (#20344)

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2025-10-29 17:52:32 +00:00 · 2023-04-25 12:59:09 -04:00
parent 2b244b4327
commit d63cc54647
3 changed files with 9 additions and 3 deletions
--- a/builtin/logical/pki/backend_test.go
+++ b/builtin/logical/pki/backend_test.go
@@ -4939,12 +4939,13 @@ func TestIssuanceTTLs(t *testing.T) {
 	})
 	require.Error(t, err, "expected issuance to fail due to longer default ttl than cert ttl")

-	resp, err = CBWrite(b, s, "issuer/root", map[string]interface{}{
-		"issuer_name":             "root",
+	resp, err = CBPatch(b, s, "issuer/root", map[string]interface{}{
 		"leaf_not_after_behavior": "permit",
 	})
 	require.NoError(t, err)
 	require.NotNil(t, resp)
+	require.NotNil(t, resp.Data)
+	require.Equal(t, resp.Data["leaf_not_after_behavior"], "permit")

 	_, err = CBWrite(b, s, "issue/local-testing", map[string]interface{}{
 		"common_name": "testing",
@@ -4957,6 +4958,8 @@ func TestIssuanceTTLs(t *testing.T) {
 	})
 	require.NoError(t, err)
 	require.NotNil(t, resp)
+	require.NotNil(t, resp.Data)
+	require.Equal(t, resp.Data["leaf_not_after_behavior"], "truncate")

 	_, err = CBWrite(b, s, "issue/local-testing", map[string]interface{}{
 		"common_name": "testing",
--- a/builtin/logical/pki/path_fetch_issuers.go
+++ b/builtin/logical/pki/path_fetch_issuers.go
@@ -601,7 +601,7 @@ func (b *backend) pathPatchIssuer(ctx context.Context, req *logical.Request, dat
 	}

 	// Leaf Not After Changes
-	rawLeafBehaviorData, ok := data.GetOk("leaf_not_after_behaivor")
+	rawLeafBehaviorData, ok := data.GetOk("leaf_not_after_behavior")
 	if ok {
 		rawLeafBehavior := rawLeafBehaviorData.(string)
 		var newLeafBehavior certutil.NotAfterBehavior
--- a/changelog/20341.txt
+++ b/changelog/20341.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/pki: Fix patching of leaf_not_after_behavior on issuers.
+```