Notification of keystore about to expire

This guide describes how to configure notifications for keystores that are about to expire.

NOTE: The configuration below is an example of how this can be done.

PAS 4.4 or later is required.

Description

Notifications can be sent out using a configured schedule.
Below steps will describe how to retrieve the needed information and then use a schedule for notifications using SMTP.

NOTE: Make sure to have a recent copy of the file /config/phenix-store.json before proceeding.

Configuration for notifications

In the Configuration GUI, go to the ADVANCED tab and then Pipes.
 Add the pipe below, making sure to set the values according to your environment.


{
"id": "extractkeystore",
"valves": [
    {
        "name": "KeystoreExtractorValve",
        "_description": "Creates an item with properties for every keystore found in PAS configuration",
        "config": {}
    },
    {
        "name": "DateGeneratorValve",
        "_description": "Creates a today + 30 days as the date to use for validity",
        "config": {
            "itemAttribute": "validationdate1",
            "daysFromNow": "30",
            "datePattern": "yyyy-MM-dd"
        }
    },
    {
        "name": "PropertyAddValve",
        "_description": "Appends the correct syntax to the validationdate",
        "config": {
            "name": "validationdate2",
            "value": "{{item.validationdate1}}T00:00:00.000Z"
        }
    },
    {
        "name": "PipeExecutorValve",
        "_description": "Triggers the pipe that will perform the validation, runs once for each item.",
        "config": {
            "pipe_id": "ValidateKeystore",
            "enable_multi_value": "false",
            "item_include_expr": "true"
        }
    },
    {
        "name": "ItemRemoveValve",
        "_description": "Removes the keystore that are considered valid.",
        "config": {
            "item_include_expr": "item.containsProperty('valid')"
        }
    },
    {
        "name": "PropertyAddValve",
        "_description": "The mailadress for the recipient.",
        "config": {
            "name": "recipient",
            "value": "[email protected]"
        }
    },
    {
        "name": "PipeExecutorValve",
        "_description": "Triggers the pipe that will send the notification",
        "config": {
            "pipe_id": "pipeSendNotification",
            "enable_multi_value": "false",
            "item_include_expr": "true"
        }
    }
]
},
{
"id": "ValidateKeystore",
"valves": [
    {
        "name": "DateTimeValidatorValve",
        "_description": "Validates the date",
        "config": {
            "value": "{{request.validationdate2}}",
            "not_before": "{{request.not_before}}",
            "not_after": "{{request.not_after}}"
        }
    },
    {
        "name": "ItemCreateValve",
        "_description": "Creates an item with the same name as the original item.",
        "config": {
            "dest_id": "{{request.subject}}"
        }
    },
    {
        "name": "PropertyAddValve",
        "_description": "Adds valid=true to keystores still in flow.",
        "config": {
            "name": "valid",
            "value": "true"
        }
    }
]
},
{
"id": "pipeSendNotification",
"description": "Sending the mail",
"valves": [
    {
        "name": "ItemCreateValve",
        "_description": "Creates an item with the same name as the original item.",
        "config": {
            "dest_id": "{{request.subject}}"
        }
    },
    {
        "name": "SMTPValve",
        "_description": "Sends the email.",
        "config": {
            "mail_template": "",
            "smtp_username": "[email protected]",
            "smtp_password": "{enc}x4EsQ4180jT29oXqTSbj+tIkHSFQjftOXre3XaNHuGU=",
            "smtp_host": "smtp.gmail.com",
            "smtp_port": "587",
            "mail_param_name": "{{request.recipient}}",
            "smtp_from_address": "[email protected]",
            "message_subject": "Keystore about to expire",
            "message_body": "The keystore with subject $$subject will expire on $$DATE.",
            "dynamic_values": "$$subject={{request.subject}}|$$DATE={{request.not_after}}"
        }
    }
]
}

Add schedule for notifications

In the Configuration GUI, go to the ADVANCED tab and then Schedules.
Add the configuration below, making sure to set the values according to your environment.

{
	"id": "notification",
	"description": "Will notify if profile will expire in 30 days. Once a week on [email protected]",
	"enabled": "true",
	"boundToNode": "phenixid_node",
	"cronSyntax": "0 0 10 ? * MON *",
	"pipeid": "extractkeystore"
}

The configuration above will run the schedule every Monday at 10am.
More information about the cronSyntax can be found here.