# frozen_string_literal: true

# lib/facter/vault_cert_expiring.rb
require 'puppet'

Facter.add(:vault_cert_expiring) do
  setcode do
    require 'openssl'
    cert_path = '/etc/pki/tls/vault/certificate.crt'
    if File.exist?(cert_path)
      # If the certificate file exists, check its expiration
      cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
      cert_expiry = cert.not_after
      days_remaining = (cert_expiry - Time.now).to_i / (24 * 60 * 60)
      days_remaining < 30
    else
      # Report true if the certificate file does not exist
      true
    end
  end
end