gnuviech/gva
1
0
Fork 0
Code Issues 6 Pull requests Releases Wiki Activity

finish vagrant configuration

Browse source 
- ignore collected assets
- setup virtualenv and environment variables
- import additional salt state modules
This commit is contained in:
Jan Dittberner 2015-10-04 23:02:04 +02:00
parent b07ab0a14b
commit 33338af352
11 changed files with 359 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

61
salt/roots/_states/x509_certificate.py Normal file
View file

@ -0,0 +1,61 @@
# -*- coding: utf8 -*-
'''
Manage X.509 certificate life cycle
===================================
This state is useful for managing X.509 certificates' life cycles.
Copyright (c) 2014 Jan Dittberner <jan@dittberner.info>
'''
from M2Crypto import X509
from datetime import datetime
import os
def _error(ret, err_msg):
ret['result'] = False
ret['comment'] = err_msg
return ret
def valid_certificate(
name, mindays=14, keyfile=None,
checkchain=False, trustedcerts=None):
'''
Checks whether the given certificate file is valid.
name
The name of the certificate file to check
mindays
Mark the certificate as invalid if it is valid for less then this many
days
'''
ret = {
'name': name,
'changes': {},
'result': None,
'comment': ''}
if not os.path.isfile(name):
return _error(
ret, 'certificate file {0} does not exist'.format(name))
try:
cert = X509.load_cert(name)
except Exception as e:
return _error(
ret,
'error loading certificate {0}: {1}'.format(name, e))
notafter = cert.get_not_after().get_datetime()
delta = notafter - datetime.now(notafter.tzinfo)
if delta.days < mindays:
return _error(
ret,
'certificate {0} is only valid for {1} more day(s)'.format(
name, delta.days))
# TODO: check keyfile match
# TODO: check trust chain
ret['comment'] = (
'certificate {0} is ok and still valid for {1} days'.format(
name, delta.days))
ret['result'] = True
return ret