Merge pull request #502 from dduportal/chore/updatecli/fix-cert-expiration

dduportal · web-flow · commit e80b5a77a8d6 · 2026-01-28T15:54:31.000+01:00
chore(updatecli) fix and improvement of the openvpn-cert-expiration manifest
diff --git a/updatecli/scripts/cert-expiry-check.sh b/updatecli/scripts/cert-expiry-check.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Check if certificate expires within 30 days
-set -eu -o pipefail
+set -eux -o pipefail
 
 currentexpirydate="${1}"
 
diff --git a/updatecli/updatecli.d/cert-expiration.tpl b/updatecli/updatecli.d/cert-expiration.tpl
@@ -1,6 +1,5 @@
 {{- range $username := splitList "," .certificates }}
 ---
-# yamllint disable rule:line-length
 name: "Check VPN certificate expiration for {{ $username }}"
 
 scms:
@@ -19,9 +18,7 @@ sources:
     name: "Extract expiration date from {{ $username }}'s certificate"
     kind: shell
     spec:
-      command: bash ./updatecli/scripts/cert-expiry-extract.sh cert/pki/issued/{{ $username }}.crt
-      environments:
-        - name: PATH
+      command: bash ./updatecli/scripts/cert-expiry-extract.sh cert/pki/issued/{{ $username }}.crt x509
 
 conditions:
   checkIfExpiringSoon:
@@ -30,15 +27,14 @@ conditions:
     sourceid: certExpiryDate
     spec:
       command: bash ./updatecli/scripts/cert-expiry-check.sh
-      environments:
-        - name: PATH
 
 targets:
   markCertExpiring:
     name: "Mark {{ $username }}'s certificate as expiring"
     kind: file
+    disablesourceinput: true
     spec:
-      file: cert/pki/issued/{{ $username }}.crt.expiring
+      file: cert/pki/issued/{{ $username }}.crt
       content: |
         Certificate for {{ $username }} expires on {{ source "certExpiryDate" }}.
         Please renew your VPN certificate as soon as possible.
@@ -63,7 +59,6 @@ actions:
         **Note:** This is an automated notification PR.
         It is not meant to be merged and can be closed once acknowledged.
       labels:
-        - vpn
         - certificate-expiration
         - action-required
 {{- end }}
