Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add check for certs expiring within 30 days (LG-3928) #179

Merged
merged 7 commits into from
Dec 15, 2020
Merged

Add check for certs expiring within 30 days (LG-3928) #179

merged 7 commits into from
Dec 15, 2020

Conversation

zachmargolis
Copy link
Contributor

@zachmargolis zachmargolis commented Dec 14, 2020
edited
Loading

  • Run the task nightly in CircleCI

Here's some example output. Bad news, we have a cert expiring tomorrow 馃槺

Expiring Certs found, deadline: 2021-01-13 23:58:57 UTC
- Expiration: 2020-12-15 21:10:27 UTC
  Subject: /C=US/O=Entrust/OU=Certification Authorities/OU=Entrust Managed Services Root CA
  Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA
  Key ID: 9C:62:66:26:9D:71:B6:A7:75:53:64:E1:AC:B1:C7:25:3C:44:5D:0D
- Expiration: 2021-01-12 00:52:59 UTC
  Subject: /C=US/O=ORC PKI/CN=ORC SSP 3
  Issuer: /C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA
  Key ID: 6A:88:6D:52:FC:B1:44:9E:30:AE:33:18:4D:C0:39:9D:96:6B:24:B0

@zachmargolis
Add check for expiring within 30 days (LG-3928)
bc574a5 
- Run the task nightly in CircleCI
stevegsa
stevegsa approved these changes Dec 15, 2020
View reviewed changes
Copy link
Contributor

@stevegsa stevegsa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice!

solipet
solipet approved these changes Dec 15, 2020
View reviewed changes
Copy link
Contributor

@solipet solipet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! And timely, too!

aduth
aduth approved these changes Dec 15, 2020
View reviewed changes
Copy link
Member

@aduth aduth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

馃憤

.circleci/config.yml
Comment on lines +132 to +135
- slack/status:
fail_only: true
failure_message: ":piv-card::red_circle::scream: identity-pki has certs expiring within 30 days"
include_project_field: false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have access to check, but am I correct in assuming we'll need to configure a webhook in the GitHub project settings for this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah will have to add a config

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just following up: I added a SLACK_WEBHOOK env var to this project

.circleci/config.yml Outdated Show resolved Hide resolved
@zachmargolis zachmargolis merged commit 0d5a56f into master Dec 15, 2020
@zachmargolis zachmargolis deleted the margolis-expiring-cert-job branch December 15, 2020 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aduth aduth aduth approved these changes

@solipet solipet solipet approved these changes

@stevegsa stevegsa stevegsa approved these changes

@jmhooper jmhooper Awaiting requested review from jmhooper

@mitchellhenke mitchellhenke Awaiting requested review from mitchellhenke

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@zachmargolis @aduth @solipet @stevegsa