Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import argparse
- from datetime import datetime
- import fnmatch
- import os
- import prettytable
- import yaml
- from OpenSSL import crypto
- def find_hiera_files(dir):
- hiera_files = []
- for root, _, filenames in os.walk(dir):
- files = (fnmatch.filter(filenames, '*.yaml') +
- fnmatch.filter(filenames, '*.yml'))
- hiera_files.extend([os.path.join(root, f) for f in files])
- return hiera_files
- def find_certificates(k, v, hiera_dir, filename):
- certificates = []
- if isinstance(v, str) and v.startswith('-----BEGIN CERTIFICATE-----'):
- fn = os.path.relpath(filename, hiera_dir)
- c = get_x509_commonname_and_notafter(v)
- certificates.append({'filename': fn,
- 'key': k,
- 'name': c[0],
- 'expire_at': c[1]})
- elif isinstance(v, dict):
- for k2, v2 in v.iteritems():
- if k is not None:
- k2 = "%s['%s']" % (k, k2)
- certificates.extend(find_certificates(k2, v2, hiera_dir, filename))
- elif isinstance(v, list):
- for k2, v2 in enumerate(v):
- if k is not None:
- k2 = "%s[%s]" % (k, k2)
- certificates.extend(find_certificates(k2, v2, hiera_dir, filename))
- return certificates
- def get_x509_commonname_and_notafter(cert):
- cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
- common_name = str(cert.get_subject().commonName)
- not_after = datetime.strptime(cert.get_notAfter(), '%Y%m%d%H%M%SZ')
- return (common_name, not_after)
- def main():
- parser = argparse.ArgumentParser()
- parser.add_argument('hiera_dir')
- args = parser.parse_args()
- hiera_dir = args.hiera_dir
- certificates = []
- filenames = find_hiera_files(hiera_dir)
- for filename in filenames:
- with open(filename, 'r') as fh:
- data = yaml.load(fh) or {}
- certs = find_certificates(None, data, hiera_dir, filename)
- certificates.extend(certs)
- fields = ['Filename', 'Key', 'Name', 'Expire at']
- pt = prettytable.PrettyTable(fields, caching=False)
- pt.align = 'l'
- for cert in certificates:
- pt.add_row((cert['filename'], cert['key'],
- cert['name'], cert['expire_at']))
- print pt.get_string(sortby='Expire at')
- if __name__ == '__main__':
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement