-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcheck_dataone_certs
executable file
·72 lines (59 loc) · 2.34 KB
/
check_dataone_certs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/bash
# Script to be called by Checkmk monitoring system, to alert when certs are within a certain
# number of days of expiring. It does this for both the prod and the test certs, by parsing the
# csv files generated by the `cert_status` script.
# Checkmk agent runs every minute, but we really don't need to pull the new csv file from GH more
# than once per day, since we're monitoring cert expiration over months/years
#
DAILY_RUN_TIME=23:23
# CRIT_DAYS - how many days before expiration should this checkmk event be marked as "CRIT"?
# WARN_DAYS - how many days before expiration should this checkmk event be marked as "WARN"?
#
CRIT_DAYS=5
WARN_DAYS=21
CSV_URL_PROD="https://raw.githubusercontent.com/DataONEorg/ca/main/prod_cert_status.csv"
CSV_URL_TEST="https://raw.githubusercontent.com/DataONEorg/ca/main/test_cert_status.csv"
CSV_FILE_PROD="/tmp/checkmk_cert_status_test.csv"
CSV_FILE_TEST="/tmp/checkmk_cert_status_prod.csv"
# Download and save CSV files only once per day,
# or if either of the csv file(s) doesn't exist locally
if [ "$(date +%H:%M)" == "$DAILY_RUN_TIME" ] \
|| [ ! -f "$CSV_FILE_PROD" ] || [ ! -f "$CSV_FILE_TEST" ]; then
curl -s "$CSV_URL_PROD" > "$CSV_FILE_PROD"
curl -s "$CSV_URL_TEST" > "$CSV_FILE_TEST"
fi
process_csv() {
# expects 2 args: <input_file_path> <"prod"|"test">
local input_file_path=$1
local environment=$2
awk -v expiry_warn_days="$WARN_DAYS" \
-v expiry_CRIT_DAYS="$CRIT_DAYS" \
-v environment="$environment" -F',' '
{
# header row
if(NR==1) {
if($8 != "Created"){
print "2", "d1_" environment "_cert_checks", "-", "Did not get valid CSV file!";
exit 1;
}
next;
}
dn = $3$4$5;
expires = $9;
expire_days = $8;
dn = gensub(/"/, "", "g", dn);
cn = gensub(/CN=/, "", "g", $5);
cn = gensub(/"$/, "", "g", cn);
service_name = "d1_" environment "_cert_" cn
if(expire_days < expiry_CRIT_DAYS){
status = "2";
} else if(expire_days < expiry_warn_days){
status = "1";
} else {
status = "0";
}
print status, service_name, "-", "expires in", expire_days, "days:", dn;
}' "$input_file_path"
}
process_csv "$CSV_FILE_PROD" "prod"
process_csv "$CSV_FILE_TEST" "test"