1 files changed, 33 insertions, 36 deletions

diff --git a/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py b/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py
index 0242f5b43..e355266b0 100644
--- a/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py
+++ b/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py
@@ -4,6 +4,7 @@
 
 """For details on this module see DOCUMENTATION (below)"""
 
+import base64
 import datetime
 import io
 import os
@@ -104,6 +105,7 @@ platforms missing the Python OpenSSL library.
         self.extensions = []
 
         PARSING_ALT_NAMES = False
+        PARSING_HEX_SERIAL = False
         for line in self.cert_string.split('\n'):
             l = line.strip()
             if PARSING_ALT_NAMES:
@@ -114,10 +116,26 @@ platforms missing the Python OpenSSL library.
                 PARSING_ALT_NAMES = False
                 continue
 
+            if PARSING_HEX_SERIAL:
+                # Hex serials arrive colon-delimited
+                serial_raw = l.replace(':', '')
+                # Convert to decimal
+                self.serial = int('0x' + serial_raw, base=16)
+                PARSING_HEX_SERIAL = False
+                continue
+
             # parse out the bits that we can
             if l.startswith('Serial Number:'):
-                # Serial Number: 11 (0xb)
-                # => 11
+                # Decimal format:
+                #   Serial Number: 11 (0xb)
+                #   => 11
+                # Hex Format (large serials):
+                #   Serial Number:
+                #       0a:de:eb:24:04:75:ab:56:39:14:e9:5a:22:e2:85:bf
+                #   => 14449739080294792594019643629255165375
+                if l.endswith(':'):
+                    PARSING_HEX_SERIAL = True
+                    continue
                 self.serial = int(l.split()[-2])
 
             elif l.startswith('Not After :'):
@@ -210,32 +228,6 @@ object"""
         return self.subjects
 
 
-# We only need this for one thing, we don't care if it doesn't have
-# that many public methods
-#
-# pylint: disable=too-few-public-methods
-class FakeSecHead(object):
-    """etcd does not begin their config file with an opening [section] as
-required by the Python ConfigParser module. We hack around it by
-slipping one in ourselves prior to parsing.
-
-Source: Alex Martelli - http://stackoverflow.com/a/2819788/6490583
-    """
-    def __init__(self, fp):
-        self.fp = fp
-        self.sechead = '[ETCD]\n'
-
-    def readline(self):
-        """Make this look like a file-type object"""
-        if self.sechead:
-            try:
-                return self.sechead
-            finally:
-                self.sechead = None
-        else:
-            return self.fp.readline()
-
-
 ######################################################################
 def filter_paths(path_list):
     """`path_list` - A list of file paths to check. Only files which exist
@@ -255,7 +247,7 @@ Params:
 
 - `cert_string` (string) - a certificate loaded into a string object
 - `now` (datetime) - a datetime object of the time to calculate the certificate 'time_remaining' against
-- `base64decode` (bool) - run .decode('base64') on the input?
+- `base64decode` (bool) - run base64.b64decode() on the input
 - `ans_module` (AnsibleModule) - The AnsibleModule object for this module (so we can raise errors)
 
 Returns:
@@ -263,7 +255,7 @@ A tuple of the form:
     (cert_subject, cert_expiry_date, time_remaining, cert_serial_number)
     """
     if base64decode:
-        _cert_string = cert_string.decode('base-64')
+        _cert_string = base64.b64decode(cert_string).decode('utf-8')
     else:
         _cert_string = cert_string
 
@@ -293,6 +285,9 @@ A tuple of the form:
     # Read all possible names from the cert
     cert_subjects = []
     for name, value in cert_loaded.get_subject().get_components():
+        if isinstance(name, bytes) or isinstance(value, bytes):
+            name = name.decode('utf-8')
+            value = value.decode('utf-8')
         cert_subjects.append('{}:{}'.format(name, value))
 
     # To read SANs from a cert we must read the subjectAltName
@@ -515,7 +510,7 @@ an OpenShift Container Platform cluster
         ######################################################################
         # Load the certificate and the CA, parse their expiration dates into
         # datetime objects so we can manipulate them later
-        for _, v in cert_meta.items():
+        for v in cert_meta.values():
             with io.open(v, 'r', encoding='utf-8') as fp:
                 cert = fp.read()
                 (cert_subject,
@@ -631,12 +626,14 @@ an OpenShift Container Platform cluster
     etcd_cert_params.append('dne')
     try:
         with io.open('/etc/etcd/etcd.conf', 'r', encoding='utf-8') as fp:
+            # Add dummy header section.
+            config = io.StringIO()
+            config.write(u'[ETCD]\n')
+            config.write(fp.read().replace('%', '%%'))
+            config.seek(0, os.SEEK_SET)
+
             etcd_config = configparser.ConfigParser()
-            # Reason: This check is disabled because the issue was introduced
-            # during a period where the pylint checks weren't enabled for this file
-            # Status: temporarily disabled pending future refactoring
-            # pylint: disable=deprecated-method
-            etcd_config.readfp(FakeSecHead(fp))
+            etcd_config.readfp(config)
 
         for param in etcd_cert_params:
             try: