Open JimTomlinson-UW opened 1 year ago
BTW, on iamtools21 the DAW service doc'ed at https://wiki.cac.washington.edu/display/Tools/UWNetidsFromFQDN can be tested via
wget -q -O - --certificate=/data/local/cs/gws.cac-uw.crt --private-key=/data/local/cs/gws.cac-uw.key https://api.tools.s.uw.edu/daw/json/DNS_TOOLS/v2/UWNetidsFromFQDN/fqdn/[FQDN]
Certificate renewal via certservice (INC2655945) was broken due to 'overzealous cleanup' of https://wiki.cac.washington.edu/display/Tools/UWNetidsFromFQDN (REF0045270). This also broke the certs_warn process on iamtools21 (on iamtools21, iamcert's crontab includes
01 01 * * * /data/local/cs/util/certs_warn.sh >> /dev/null 2>&1
) Errors when retrieving netids associated with a FQDN via the DAW webservice should be surfaced and logged in a much more meaningful, understandable manner by both certservice and the certs_warn process. For example, rather than listing expiring certificates, when the DAW call fails the resulting email to cert-dev@uw.edu simply contained (literally)