From f361686b04e978c652f4d7442f12511fdfd06719 Mon Sep 17 00:00:00 2001
From: Lucas Di Pentima <lucas.dipentima@curii.com>
Date: Wed, 25 Oct 2023 17:07:31 -0300
Subject: [PATCH] 20953: Sets sensible coloring thresholds on cert expire
 dates.

If using Let's Encrypt certificates, the max lifetime is 3 months, so it'll
show green if the expiration is >2 months out, yellow if it's >1.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
---
 tools/salt-install/common.sh                              | 8 ++++++++
 .../aws/dashboards/ssl-certificate-monitor.json           | 4 ++--
 tools/salt-install/provision.sh                           | 4 +++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/tools/salt-install/common.sh b/tools/salt-install/common.sh
index 5d9dba14cd..360c2c7cc3 100644
--- a/tools/salt-install/common.sh
+++ b/tools/salt-install/common.sh
@@ -48,6 +48,14 @@ for node in "${!NODES[@]}"; do
   done
 done
 
+# Sets TLS certificate expiration thresholds
+TLS_EXPIRATION_YELLOW=5184000 # > 2 months
+TLS_EXPIRATION_GREEN=15552000 # > 6 months
+if [[ "${SSL_MODE}" == "lets-encrypt" ]]; then
+  TLS_EXPIRATION_YELLOW=2592000 # > 1 months
+  TLS_EXPIRATION_GREEN=5184000 # > 2 months
+fi
+
 # Auto-detects load-balancing mode
 if [ -z "${ROLE2NODES['balancer']:-}" ]; then
   ENABLE_BALANCER="no"
diff --git a/tools/salt-install/config_examples/multi_host/aws/dashboards/ssl-certificate-monitor.json b/tools/salt-install/config_examples/multi_host/aws/dashboards/ssl-certificate-monitor.json
index 92eb5391a7..fc4f8c6679 100644
--- a/tools/salt-install/config_examples/multi_host/aws/dashboards/ssl-certificate-monitor.json
+++ b/tools/salt-install/config_examples/multi_host/aws/dashboards/ssl-certificate-monitor.json
@@ -171,11 +171,11 @@
                       },
                       {
                         "color": "semi-dark-yellow",
-                        "value": 12096000
+                        "value": __TLS_EXPIRATION_YELLOW__
                       },
                       {
                         "color": "semi-dark-green",
-                        "value": 25920000
+                        "value": __TLS_EXPIRATION_GREEN__
                       }
                     ]
                   }
diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh
index a93899a61a..9b69bbffec 100755
--- a/tools/salt-install/provision.sh
+++ b/tools/salt-install/provision.sh
@@ -722,7 +722,9 @@ else
         # "ArvadosPromDataSource" is the hardcoded UID for Prometheus' datasource
         # in Grafana.
         for f in $(ls "${GRAFANA_DASHBOARDS_DIR}"/*.json); do
-          sed 's#${DS_PROMETHEUS}#ArvadosPromDataSource#g' \
+          sed "s#__TLS_EXPIRATION_YELLOW__#${TLS_EXPIRATION_YELLOW}#g;
+               s#__TLS_EXPIRATION_GREEN__#${TLS_EXPIRATION_GREEN}#g;
+               s#\${DS_PROMETHEUS}#ArvadosPromDataSource#g" \
           "${f}" > "${GRAFANA_DASHBOARDS_DEST_DIR}"/$(basename "${f}")
         done
 
-- 
2.30.2