aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--fca.conf.example8
-rwxr-xr-xfreeipa-cert-alert.py16
3 files changed, 20 insertions, 5 deletions
diff --git a/.gitignore b/.gitignore
index bee8a64..6193042 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
__pycache__
+*.conf
diff --git a/fca.conf.example b/fca.conf.example
new file mode 100644
index 0000000..2f89665
--- /dev/null
+++ b/fca.conf.example
@@ -0,0 +1,8 @@
+# Config file for freeipa-cert-alert; dot-source this and then run the python script
+export FREEIPA_SERVER=dns1.ipa.example.com
+export FREEIPA_USERNAME=bgstack15
+export FREEIPA_PASSWORD='plaintextpassword'
+# OR
+#export FREEIPA_PASSWORD="$( printf '9237a419f3741ef734==' | base64 -d )"
+export PASTDAYS=0
+export DAYS=30
diff --git a/freeipa-cert-alert.py b/freeipa-cert-alert.py
index cd757ea..ab2c39e 100755
--- a/freeipa-cert-alert.py
+++ b/freeipa-cert-alert.py
@@ -7,8 +7,9 @@
# Title: Script that Alerts For Expiring Certs
# Purpose: Send me alerts for certs that are about to expire
# History:
+# 2022-12-18 added PASTDAYS option
# Usage:
-# Set env: FREEIPA_SERVER FREEIPA_USERNAME FREEIPA_PASSWORD DAYS
+# Set env: FREEIPA_SERVER FREEIPA_USERNAME FREEIPA_PASSWORD DAYS PASTDAYS
# References:
# https://python-freeipa.readthedocs.io/en/latest/
# https://stackoverflow.com/questions/72899/how-do-i-sort-a-list-of-dictionaries-by-a-value-of-the-dictionary/73050#73050
@@ -45,19 +46,24 @@ def show_list(inlist):
# Main
DAYS = os.getenv("DAYS",default=60)
try:
- DAYS = int(DAYS)
+ DAYS = int(DAYS)
except:
- DAYS = 60
+ DAYS = 60
+PASTDAYS = os.getenv("PASTDAYS",default=0)
+try:
+ PASTDAYS = int(PASTDAYS)
+except:
+ PASTDAYS = 60
client = python_freeipa.ClientMeta(os.getenv("FREEIPA_SERVER"))
client.login(os.getenv("FREEIPA_USERNAME"),os.getenv("FREEIPA_PASSWORD"))
-today = str(datetime.date.today( ))
+today = str(datetime.date.today() + datetime.timedelta(days=-PASTDAYS))
future = str(datetime.date.today() + datetime.timedelta(days=DAYS))
results = client.cert_find(o_validnotafter_from=today,o_validnotafter_to=future)
certs = results['result']
# Sort
certs = sorted(certs,key=lambda d: int(dparser.parse(d['valid_not_after']).strftime('%s')))
if len(certs) > 0:
- print(f"Certificates expiring within {DAYS} days from {today}")
+ print(f"Certificates expiring within {DAYS+PASTDAYS} days from {today}")
show_list(certs)
bgstack15