Add clientcert expiration date as core fact.

[reverson]

Use Case

Would be nice to see when clientcerts expire so we know when they need to be rotated, especially when using an external cert provider.

Describe the Solution You Would Like

Add expiration_date to the trusted fact hash

Describe Alternatives You've Considered

Build custom facts, however, the cert name is not available during the custom fact generation in order to get the cert file.

Additional Context

Add any other context or screenshots about the feature request here.

[kruegerkyle95]

This would be convenient to have as a core fact. @reverson in my environment, we did write a custom fact to collect this information in part by using the puppet_ssldir fact from the puppet_agent module.

require 'openssl'
    begin
      hostname = Facter.value(:networking)['fqdn'].downcase
      cert_path = "#{Facter.value(:puppet_sslpaths)['certdir']['path']}/#{hostname}.pem"
      cert = OpenSSL::X509::Certificate.new File.read(cert_path)
      expiration = cert.not_after
    rescue
      expiration = nil
    end
    expiration

[tvpartytonight]

Thank you for reporting this issue. While we agree this is likely an improvement, we do not anticipate addressing this any time soon. We have add the help wanted label in case there are other contributors available to submit a patch.