From 5fb2c620eadce725d5830c330297e00ebfd1731b Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Wed, 27 Oct 2021 19:46:25 -0400 Subject: init commit --- freeipa-cert-alert.py | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100755 freeipa-cert-alert.py (limited to 'freeipa-cert-alert.py') diff --git a/freeipa-cert-alert.py b/freeipa-cert-alert.py new file mode 100755 index 0000000..cd757ea --- /dev/null +++ b/freeipa-cert-alert.py @@ -0,0 +1,63 @@ +#!/usr/bin/env python3 +# File: alert.py +# Location: https://gitlab.com/bgstack15/freeipa-cert-alert +# Author: bgstack15 +# Startdate: 2021-10-27 14:00 +# SPDX-License-Identifier: GPL-3.0 +# Title: Script that Alerts For Expiring Certs +# Purpose: Send me alerts for certs that are about to expire +# History: +# Usage: +# Set env: FREEIPA_SERVER FREEIPA_USERNAME FREEIPA_PASSWORD DAYS +# References: +# https://python-freeipa.readthedocs.io/en/latest/ +# https://stackoverflow.com/questions/72899/how-do-i-sort-a-list-of-dictionaries-by-a-value-of-the-dictionary/73050#73050 +# https://stackoverflow.com/questions/6871016/adding-days-to-a-date-in-python/6871482#6871482 +# https://stackoverflow.com/questions/24027863/convert-a-utc-time-to-epoch +# https://stackoverflow.com/questions/9989334/create-nice-column-output-in-python/9996049#9996049 +# Improve: +# Dependencies: +# Somehow this is not a requisite component of freeipa! Those are named python3-ipa* +# fedora-req: python3-freeipa + +import python_freeipa, json, datetime, os, sys +import dateutil.parser as dparser + +# Functions +def show_list(inlist): + col1max = 0 + col2max = 0 + col3max = 0 + for i in inlist: + col1max = max(len(i['valid_not_before']),col1max) + col2max = max(len(i['valid_not_after']),col2max) + col3max = max(len(i['subject']),col3max) + col1max = col1max+2 + col2max = col2max+2 + if len(inlist) > 0: + a = "Not valid before" + b = "Not valid after" + c = "Subject" + print(f"{a:<{col1max}} {b:<{col2max}} {c:<{col3max}}") + for i in inlist: + print(f"{i['valid_not_before']:<{col1max}} {i['valid_not_after']:<{col2max}} {i['subject']:<{col3max}}") + +# Main +DAYS = os.getenv("DAYS",default=60) +try: + DAYS = int(DAYS) +except: + DAYS = 60 + +client = python_freeipa.ClientMeta(os.getenv("FREEIPA_SERVER")) +client.login(os.getenv("FREEIPA_USERNAME"),os.getenv("FREEIPA_PASSWORD")) + +today = str(datetime.date.today( )) +future = str(datetime.date.today() + datetime.timedelta(days=DAYS)) +results = client.cert_find(o_validnotafter_from=today,o_validnotafter_to=future) +certs = results['result'] +# Sort +certs = sorted(certs,key=lambda d: int(dparser.parse(d['valid_not_after']).strftime('%s'))) +if len(certs) > 0: + print(f"Certificates expiring within {DAYS} days from {today}") +show_list(certs) -- cgit