jessedearing/check_expiration.py

## check_expiration.py
#!/usr/bin/env python3

import base64
import argparse
from datetime import datetime, timedelta
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from kubernetes import client, config

config.load_kube_config()

v1 = client.CoreV1Api()

parser = argparse.ArgumentParser(description="TLS secret checker")
parser.add_argument('--delete', dest='delete',
                    type=bool, const=True, default=False, nargs='?')


def main():
    namespaces = v1.list_namespace()
    for namespace in namespaces.items:
        if namespace.metadata.name.startswith("tmc-"):
            check_secrets_in_namespace(namespace.metadata.name)


def check_secrets_in_namespace(namespace):
    for secret in v1.list_namespaced_secret(namespace).items:
        if secret.metadata.annotations is not None and \
                secret.metadata.annotations.get("cert-manager.io/issuer-name") \
                == "dev" \
                and \
                secret.metadata.annotations.get("cert-manager.io/issuer-kind") \
                == "Issuer":
            ca_cert = base64.b64decode(secret.data.get("ca.crt"))
            cert = x509.load_pem_x509_certificate(ca_cert, default_backend())
            timeleft = cert.not_valid_after - datetime.now()
            threshold = timedelta(days=14)
            if timeleft < threshold:
                print(f"namespace: {secret.metadata.namespace}, \
                        secret_name: {secret.metadata.name}, \
                        time_left: {timeleft}")
                args = parser.parse_args()
                if args.delete:
                    print(f"deleting {secret.metadata.name} in \
                            {secret.metadata.namespace}")
                    v1.delete_namespaced_secret(secret.metadata.name,
                                                secret.metadata.namespace)


if __name__ == "__main__":
    main()
	#!/usr/bin/env python3

	import base64
	import argparse
	from datetime import datetime, timedelta
	from cryptography import x509
	from cryptography.hazmat.backends import default_backend
	from kubernetes import client, config

	config.load_kube_config()

	v1 = client.CoreV1Api()

	parser = argparse.ArgumentParser(description="TLS secret checker")
	parser.add_argument('--delete', dest='delete',
	type=bool, const=True, default=False, nargs='?')


	def main():
	namespaces = v1.list_namespace()
	for namespace in namespaces.items:
	if namespace.metadata.name.startswith("tmc-"):
	check_secrets_in_namespace(namespace.metadata.name)


	def check_secrets_in_namespace(namespace):
	for secret in v1.list_namespaced_secret(namespace).items:
	if secret.metadata.annotations is not None and \
	secret.metadata.annotations.get("cert-manager.io/issuer-name") \
	== "dev" \
	and \
	secret.metadata.annotations.get("cert-manager.io/issuer-kind") \
	== "Issuer":
	ca_cert = base64.b64decode(secret.data.get("ca.crt"))
	cert = x509.load_pem_x509_certificate(ca_cert, default_backend())
	timeleft = cert.not_valid_after - datetime.now()
	threshold = timedelta(days=14)
	if timeleft < threshold:
	print(f"namespace: {secret.metadata.namespace}, \
	secret_name: {secret.metadata.name}, \
	time_left: {timeleft}")
	args = parser.parse_args()
	if args.delete:
	print(f"deleting {secret.metadata.name} in \
	{secret.metadata.namespace}")
	v1.delete_namespaced_secret(secret.metadata.name,
	secret.metadata.namespace)


	if __name__ == "__main__":
	main()