airship
/
pegleg
Code Issues Proposed changes

Merge "Check cert expiry for multiple types"

This commit is contained in:
Zuul 2020-01-15 19:16:57 +00:00 committed by Gerrit Code Review
parent 9d152ae73b c6e34b47ca
commit 3e1859010b
1 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
pegleg/engine/secrets.py
View File

@ -16,6 +16,7 @@ from collections import OrderedDict
from glob import glob from glob import glob
import logging import logging
import os import os
import re
from prettytable import PrettyTable from prettytable import PrettyTable
import yaml import yaml
@ -275,6 +276,9 @@ def check_cert_expiry(site_name, duration=60):
:rtype: str :rtype: str
""" """
cert_schemas = [
'deckhand/Certificate/v1', 'deckhand/CertificateAuthority/v1'
]
pki_util = PKIUtility(duration=duration) pki_util = PKIUtility(duration=duration)
# Create a table to output expired/expiring certs for this site. # Create a table to output expired/expiring certs for this site.
cert_table = PrettyTable() cert_table = PrettyTable()
@ -289,17 +293,21 @@ def check_cert_expiry(site_name, duration=60):
results = PeglegSecretManagement( results = PeglegSecretManagement(
docs=results).get_decrypted_secrets() docs=results).get_decrypted_secrets()
for result in results: for result in results:
if result['schema'] == \ if result['schema'] in cert_schemas:
"deckhand/Certificate/v1": text = result['data']
cert = result['data'] header_pattern = '-----BEGIN CERTIFICATE-----'
cert_info = pki_util.check_expiry(cert) find_pattern = r'%s.*?(?=%s|$)' % (
if cert_info['expired'] is True: header_pattern, header_pattern)
cert_table.add_row( certs = re.findall(find_pattern, text, re.DOTALL)
[ for cert in certs:
doc, result['metadata']['name'], cert_info = pki_util.check_expiry(cert)
cert_info['expiry_date'] if cert_info['expired'] is True:
]) cert_table.add_row(
expired_certs_exist = True [
doc, result['metadata']['name'],
cert_info['expiry_date']
])
expired_certs_exist = True
# Return table of cert names and expiration dates that are expiring # Return table of cert names and expiration dates that are expiring
return expired_certs_exist, cert_table.get_string() return expired_certs_exist, cert_table.get_string()