[utils/check_cert_lc] Exemple de script pour afficher les certificat expiré de la base ldap

utils/check_cert_lc.py

@@ -0,0 +1,81 @@
+#!/bin/bash /usr/scripts/python.sh
+#-*- coding: utf-8 -*-
+#
+# check_cert_lc.py -- Affiche un avertissement lorsqu'un certificat
+# stocké dans la base ldap va arriver à expiration au propriétaire de la
+# machine à laquelle le certificat est attaché
+#
+# Copyright (c) 2014 Valentin Samir
+# Authors: Valentin Samir <valentin.samir@crans.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import time
+import lc_ldap.shortcuts
+from lc_ldap.objets import AssociationCrans
+
+def get_certs(from_=None, to_=None):
+    """retourne les certificats qui expire en `from_` et `days` jours plus tard.
+    Par defaut, `from_`vautint(time.time())"""
+    if from_ is None:
+        from_ = int(time.time())
+    if to_ is None:
+        to_ = from_ + 21 * 3600 * 24
+    conn = lc_ldap.shortcuts.lc_ldap_readonly()
+    return conn.search(u"(&(xid=*)(end<=%s)(end>=%s))" % (to_, from_))
+
+if __name__ == '__main__':
+    proprio = {}
+    now = time.time()
+    # On récupère les cert quiqui expire entre 1970 et dans un an
+    for cert in get_certs(from_=0, to_=int(now) + 24*3600*365):
+        p = cert.machine().proprio()
+        if isinstance(p, AssociationCrans):
+            p_name = "Le Crans"
+        else:
+            p_name = str(p)
+        if not p_name in proprio:
+            proprio[p_name] = {}
+        m_name = cert.machine()['host'][0]
+        if not m_name in proprio[p_name]:
+            proprio[p_name][m_name] = []
+        proprio[p_name][m_name].append((round((int(cert['end'][0]) - now )/(3600.0*24), 0), cert))
+    # On les trie par ordre d'expiration
+    p_order = []
+    m_order = []
+    for p in proprio:
+        for m in proprio[p]:
+            proprio[p][m].sort()
+            m_order.append((proprio[p][m][0][0], m))
+    m_order.sort()
+    cont = False
+    for p in proprio:
+        for (t,m) in m_order:
+            if m in proprio[p] and not cont:
+                p_order.append((t,p))
+                cont = True
+        cont = False
+    p_order.sort()
+    now = int(time.time())
+    # Et on affiche tout ça sur stdout pour le moment
+    for (t,p) in p_order:
+        print "%s : " % p
+        for (t, m) in m_order:
+            if m in proprio[p]:
+                print "    * %s" % m
+                for (t, cert) in proprio[p][m]:
+                    cert_name = cert["info"][0] if cert["info"] else ", ".join(str(h) for h in cert["hostCert"])
+                    print "        * dans %s jours %s" % (t, cert_name)
+
+