Adding additional reporting and refactoring existing setup. (#620)

2016-12-20 12:48:14 -08:00
parent 9ac10a97ce
commit beba2ba092
6 changed files with 148 additions and 102 deletions
--- a/lemur/reporting/init.py
+++ b/lemur/reporting/init.py
--- a/lemur/reporting/cli.py
+++ b/lemur/reporting/cli.py
@ -0,0 +1,61 @@
+"""
+.. module: lemur.reporting.cli
+    :platform: Unix
+    :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
+    :license: Apache, see LICENSE for more details.
+.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
+"""
+from tabulate import tabulate
+from flask_script import Manager
+
+from lemur.reporting.service import fqdns, expiring_certificates
+
+manager = Manager(usage="Reporting related tasks.")
+
+
+@manager.option('-v', '--validity', dest='validity', choices=['all', 'expired', 'valid'], default='all', help='Filter certificates by validity.')
+@manager.option('-d', '--deployment', dest='deployment', choices=['all', 'deployed', 'ready'], default='all', help='Filter by deployment status.')
+def fqdn(deployment, validity):
+    """
+    Generates a report in order to determine the number of FQDNs covered by Lemur issued certificates.
+    """
+    headers = ['FQDN', 'Root Domain', 'Issuer', 'Owner', 'Validity End', 'Total Length (days), Time Until Expiration (days)']
+    rows = []
+
+    for cert in fqdns(validity=validity, deployment=deployment).all():
+        for domain in cert.domains:
+            rows.append([
+                domain.name,
+                '.'.join(domain.name.split('.')[1:]),
+                cert.issuer,
+                cert.owner,
+                cert.not_after,
+                cert.validity_range.days,
+                cert.validity_remaining.days
+            ])
+
+    print(tabulate(rows, headers=headers))
+
+
+@manager.option('-ttl', '--ttl', dest='ttl', default=30, help='Days til expiration.')
+@manager.option('-d', '--deployment', dest='deployment', choices=['all', 'deployed', 'ready'], default='all', help='Filter by deployment status.')
+def expiring(ttl, deployment):
+    """
+    Returns certificates expiring in the next n days.
+    """
+    headers = ['Common Name', 'Owner', 'Issuer', 'Validity End', 'Endpoint']
+    rows = []
+
+    for cert in expiring_certificates(ttl=ttl, deployment=deployment).all():
+        for endpoint in cert.endpoints:
+            rows.append(
+                [
+                    cert.cn,
+                    cert.owner,
+                    cert.issuer,
+                    cert.not_after,
+                    endpoint.dnsname
+                ]
+            )
+
+    print(tabulate(rows, headers=headers))
--- a/lemur/reporting/service.py
+++ b/lemur/reporting/service.py
@ -0,0 +1,77 @@
+import arrow
+from datetime import timedelta
+
+from sqlalchemy import cast, not_
+from sqlalchemy_utils import ArrowType
+
+from lemur import database
+from lemur.certificates.models import Certificate
+
+
+def filter_by_validity(query, validity=None):
+    if validity == 'expired':
+        query = query.filter(Certificate.expired == True)  # noqa
+
+    elif validity == 'valid':
+        query = query.filter(Certificate.expired == False)  # noqa
+
+    return query
+
+
+def filter_by_owner(query, owner=None):
+    if owner:
+        return query.filter(Certificate.owner == owner)
+
+    return query
+
+
+def filter_by_issuer(query, issuer=None):
+    if issuer:
+        return query.filter(Certificate.issuer == issuer)
+
+    return query
+
+
+def filter_by_deployment(query, deployment=None):
+    if deployment == 'deployed':
+        query = query.filter(Certificate.endpoints.any())
+
+    elif deployment == 'ready':
+        query = query.filter(not_(Certificate.endpoints.any()))
+
+    return query
+
+
+def filter_by_validity_end(query, validity_end=None):
+    if validity_end:
+        return query.filter(cast(Certificate.not_after, ArrowType) <= validity_end)
+
+    return query
+
+
+def fqdns(**kwargs):
+    """
+    Returns an FQDN report.
+    :return:
+    """
+    query = database.session_query(Certificate)
+    query = filter_by_deployment(query, deployment=kwargs.get('deployed'))
+    query = filter_by_validity(query, validity=kwargs.get('validity'))
+    return query
+
+
+def expiring_certificates(**kwargs):
+    """
+    Returns an Expiring report.
+    :return:
+    """
+    ttl = kwargs.get('ttl', 30)
+    now = arrow.utcnow()
+    validity_end = now + timedelta(days=ttl)
+
+    query = database.session_query(Certificate)
+    query = filter_by_deployment(query, deployment=kwargs.get('deployed'))
+    query = filter_by_validity(query, validity='valid')
+    query = filter_by_validity_end(query, validity_end=validity_end)
+
+    return query
--- a/lemur/reporting/views.py
+++ b/lemur/reporting/views.py