28 lines
934 B
Bash
Executable File
28 lines
934 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# script/get_crl_expiry: Will print the names and expiration dates
|
|
# for CRLs that exist in a given ATAT namespace.
|
|
# usage: `script/get_crl_expiry [NAMESPACE]`
|
|
# defaults to `atat` for the namespace
|
|
# You must have a valid k8s config for the ATAT clusters to run
|
|
# this. Keep in mind it parses every CRL so it is slow.
|
|
|
|
if [[ $# -eq 0 ]]; then
|
|
NAMESPACE=atat
|
|
else
|
|
NAMESPACE=$1
|
|
fi
|
|
|
|
# we only need to run these commands against one existing pod
|
|
ATST_POD=$(kubectl -n ${NAMESPACE} get pods -l app=atst -o custom-columns=NAME:.metadata.name --no-headers | sed -n 1p)
|
|
|
|
echo "expiration information for $NAMESPACE namespace, pod $ATST_POD"
|
|
|
|
for i in $(kubectl -n $NAMESPACE exec $ATST_POD -c atst -- ls crls); do
|
|
expiry=$(kubectl -n $NAMESPACE exec $ATST_POD -c atst -- cat crls/$i | \
|
|
openssl crl -inform def -noout -text | \
|
|
grep "Next Update" | \
|
|
sed -E "s/ +Next Update: //g")
|
|
echo "$i: $expiry";
|
|
done
|