Make sure replaced files have different modification times.

Depending on filesystem time resolution, the modified certificates could
have the same timestamp in tests, causing the reload to fail.

grpc_common_test.go

@@ -27,6 +27,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
+	"io/fs"
 	"math/big"
 	"net"
 	"os"
@@ -86,3 +87,32 @@ func WritePublicKey(key *rsa.PublicKey, filename string) error {
 
 	return os.WriteFile(filename, data, 0755)
 }
+
+func replaceFile(t *testing.T, filename string, data []byte, perm fs.FileMode) {
+	t.Helper()
+	oldStat, err := os.Stat(filename)
+	if err != nil {
+		t.Fatalf("can't stat old file %s: %s", filename, err)
+		return
+	}
+
+	for {
+		if err := os.WriteFile(filename, data, perm); err != nil {
+			t.Fatalf("can't write file %s: %s", filename, err)
+			return
+		}
+
+		newStat, err := os.Stat(filename)
+		if err != nil {
+			t.Fatalf("can't stat new file %s: %s", filename, err)
+			return
+		}
+
+		// We need different modification times.
+		if !newStat.ModTime().Equal(oldStat.ModTime()) {
+			break
+		}
+
+		time.Sleep(time.Millisecond)
+	}
+}

grpc_server_test.go

@@ -126,7 +126,7 @@ func Test_GrpcServer_ReloadCerts(t *testing.T) {
 
 	org2 := "Updated certificate"
 	cert2 := GenerateSelfSignedCertificateForTesting(t, 1024, org2, key)
-	os.WriteFile(certFile, cert2, 0755) // nolint
+	replaceFile(t, certFile, cert2, 0755)
 
 	cp2 := x509.NewCertPool()
 	if !cp2.AppendCertsFromPEM(cert2) {
@@ -215,7 +215,7 @@ func Test_GrpcServer_ReloadCA(t *testing.T) {
 
 	org2 := "Updated client"
 	clientCert2 := GenerateSelfSignedCertificateForTesting(t, 1024, org2, clientKey)
-	os.WriteFile(caFile, clientCert2, 0755) // nolint
+	replaceFile(t, caFile, clientCert2, 0755)
 
 	pair2, err := tls.X509KeyPair(clientCert2, pem.EncodeToMemory(&pem.Block{
 		Type:  "RSA PRIVATE KEY",