Merge "Improve check-pki-certs output"
This commit is contained in:
commit
ae5db00f83
@ -585,11 +585,19 @@ def check_pki_certs(site_name, days):
|
|||||||
engine.repository.process_repositories(site_name, overwrite_existing=True)
|
engine.repository.process_repositories(site_name, overwrite_existing=True)
|
||||||
config.set_global_enc_keys(site_name)
|
config.set_global_enc_keys(site_name)
|
||||||
|
|
||||||
cert_results = engine.secrets.check_cert_expiry(site_name, duration=days)
|
expired_certs_exist, cert_results = engine.secrets.check_cert_expiry(
|
||||||
|
site_name, duration=days)
|
||||||
|
|
||||||
click.echo(
|
if expired_certs_exist:
|
||||||
"The following certs will expire within {} days: \n{}".format(
|
click.echo(
|
||||||
days, cert_results))
|
"The following certs will expire within the next {} days: \n{}".
|
||||||
|
format(days, cert_results))
|
||||||
|
exit(1)
|
||||||
|
else:
|
||||||
|
click.echo(
|
||||||
|
"No certificates will expire within the next {} days.".format(
|
||||||
|
days))
|
||||||
|
exit(0)
|
||||||
|
|
||||||
|
|
||||||
@main.group(help='Commands related to types')
|
@main.group(help='Commands related to types')
|
||||||
|
@ -247,6 +247,7 @@ def check_cert_expiry(site_name, duration=60):
|
|||||||
# Create a table to output expired/expiring certs for this site.
|
# Create a table to output expired/expiring certs for this site.
|
||||||
cert_table = PrettyTable()
|
cert_table = PrettyTable()
|
||||||
cert_table.field_names = ['file', 'cert_name', 'expiration_date']
|
cert_table.field_names = ['file', 'cert_name', 'expiration_date']
|
||||||
|
expired_certs_exist = False
|
||||||
|
|
||||||
s = definition.site_files(site_name)
|
s = definition.site_files(site_name)
|
||||||
for doc in s:
|
for doc in s:
|
||||||
@ -266,9 +267,10 @@ def check_cert_expiry(site_name, duration=60):
|
|||||||
doc, result['metadata']['name'],
|
doc, result['metadata']['name'],
|
||||||
cert_info['expiry_date']
|
cert_info['expiry_date']
|
||||||
])
|
])
|
||||||
|
expired_certs_exist = True
|
||||||
|
|
||||||
# Return table of cert names and expiration dates that are expiring
|
# Return table of cert names and expiration dates that are expiring
|
||||||
return cert_table.get_string()
|
return expired_certs_exist, cert_table.get_string()
|
||||||
|
|
||||||
|
|
||||||
def get_global_creds(site_name):
|
def get_global_creds(site_name):
|
||||||
|
@ -28,7 +28,7 @@ from tests.unit import test_utils
|
|||||||
TEST_PARAMS = {
|
TEST_PARAMS = {
|
||||||
"site_name": "seaworthy",
|
"site_name": "seaworthy",
|
||||||
"site_type": "foundry",
|
"site_type": "foundry",
|
||||||
"repo_rev": '33bdd46754b7acabb2cbc2f4b335d34ecb80d4ce',
|
"repo_rev": '29c67eb3a0ce046e41cfadbb9381697cd556f659',
|
||||||
"repo_name": "treasuremap",
|
"repo_name": "treasuremap",
|
||||||
"repo_url": "https://opendev.org/airship/treasuremap.git",
|
"repo_url": "https://opendev.org/airship/treasuremap.git",
|
||||||
}
|
}
|
||||||
@ -592,10 +592,19 @@ class TestSiteSecretsActions(BaseCLIActionTest):
|
|||||||
@pytest.mark.skipif(
|
@pytest.mark.skipif(
|
||||||
not pki_utility.PKIUtility.cfssl_exists(),
|
not pki_utility.PKIUtility.cfssl_exists(),
|
||||||
reason='cfssl must be installed to execute these tests')
|
reason='cfssl must be installed to execute these tests')
|
||||||
def test_check_pki_certs(self):
|
def test_check_pki_certs_expired(self):
|
||||||
repo_path = self.treasuremap_path
|
repo_path = self.treasuremap_path
|
||||||
secrets_opts = ['secrets', 'check-pki-certs', self.site_name]
|
secrets_opts = ['secrets', 'check-pki-certs', self.site_name]
|
||||||
result = self.runner.invoke(cli.site, ['-r', repo_path] + secrets_opts)
|
result = self.runner.invoke(cli.site, ['-r', repo_path] + secrets_opts)
|
||||||
|
assert result.exit_code == 1, result.output
|
||||||
|
|
||||||
|
@pytest.mark.skipif(
|
||||||
|
not pki_utility.PKIUtility.cfssl_exists(),
|
||||||
|
reason='cfssl must be installed to execute these tests')
|
||||||
|
def test_check_pki_certs(self):
|
||||||
|
repo_path = self.treasuremap_path
|
||||||
|
secrets_opts = ['secrets', 'check-pki-certs', 'airsloop']
|
||||||
|
result = self.runner.invoke(cli.site, ['-r', repo_path] + secrets_opts)
|
||||||
assert result.exit_code == 0, result.output
|
assert result.exit_code == 0, result.output
|
||||||
|
|
||||||
@mock.patch.dict(
|
@mock.patch.dict(
|
||||||
|
Loading…
x
Reference in New Issue
Block a user