Add requirements.txt, handle an empty cert file

This commit is contained in:
Yann Verry 2019-05-05 22:59:35 +02:00 committed by Verry Yann
parent 882c473d2b
commit d062ceafa4
No known key found for this signature in database
GPG key ID: 9AAFFD75444F4F19
3 changed files with 25 additions and 8 deletions

View file

@ -20,4 +20,5 @@ python vault-cert-openssh.py ~/.ssh/<your SSH key>-cert.pub
Prerequisite: Prerequisite:
* Python >=3.7 * Python >=3.7
* hvac * hvac
* pipreqs
* Vault * Vault

13
requirements.txt Normal file
View file

@ -0,0 +1,13 @@
Cython==0.29.7
pyOpenSSL==19.0.0
cryptography==2.6.1
protobuf==3.7.1
hvac==0.8.2
ipaddr==2.2.0
lxml==4.3.3
mock==3.0.4
numpy==1.16.3
ordereddict==1.1
simplejson==3.16.0
usercustomize==1.0.0
wincertstore==0.2

View file

@ -31,7 +31,7 @@ import time, os
import base64 import base64
from struct import unpack from struct import unpack
def vaultrenewkey(filename, vault_var): def vaultRenewKey(filename, vault_var):
sshKey = filename.replace('-cert','') sshKey = filename.replace('-cert','')
public_key = open(sshKey,'r') public_key = open(sshKey,'r')
client = hvac.Client(url=vault_var['VAULT_ADDR'], token=vault_var['VAULT_TOKEN']) client = hvac.Client(url=vault_var['VAULT_ADDR'], token=vault_var['VAULT_TOKEN'])
@ -162,13 +162,16 @@ if __name__ == "__main__":
exit(1) exit(1)
if len(sys.argv) > 1: if len(sys.argv) > 1:
with open(sys.argv[1],'r') as f: try:
key = Decode(f.read().split(" ")[1]) with open(sys.argv[1],'r') as f:
if int(time.time()) > key['valid before']: key = Decode(f.read().split(" ")[1])
print("Need to renew" + sys.argv[1]) if int(time.time()) > key['valid before']:
vaultrenewkey(sys.argv[1],vault_var) print("Need to renew" + sys.argv[1])
else: vaultRenewKey(sys.argv[1],vault_var)
print("Nothing to do") else:
print("Nothing to do")
except FileNotFoundError:
vaultRenewKey(sys.argv[1],vault_var)
else: else:
print("Usage: %s [path to certificate]" % sys.argv[0]) print("Usage: %s [path to certificate]" % sys.argv[0])
exit(1) exit(1)