* Clean up targets whose last scan is older than the specified date/time, * which can also be an English textual datetime description like "2 days". * Defaults to "1 month". * * EXAMPLES * * Remove any targets that have not been scanned for at least two months and any certificates that are no longer * used. * * icingacli x509 cleanup --since-last-scan="2 months" * */ public function indexAction() { /** @var string $sinceLastScan */ $sinceLastScan = $this->params->get('since-last-scan', '-1 month'); $lastScan = $sinceLastScan; if ($lastScan[0] !== '-') { // When the user specified "2 days" as a threshold strtotime() will compute the // timestamp NOW() + 2 days, but it has to be NOW() + (-2 days) $lastScan = "-$lastScan"; } try { $sinceLastScan = new DateTime($lastScan); } catch (Exception $_) { throw new InvalidArgumentException(sprintf( 'The specified last scan time is in an unknown format: %s', $sinceLastScan )); } try { $conn = Database::get(); $query = $conn->delete( 'x509_target', ['last_scan < ?' => $sinceLastScan->format('Uv')] ); if ($query->rowCount() > 0) { Logger::info( 'Removed %d targets matching since last scan filter: %s', $query->rowCount(), $sinceLastScan->format('Y-m-d H:i:s') ); } $query = $conn->delete('x509_job_run', ['start_time < ?' => $sinceLastScan->getTimestamp() * 1000]); if ($query->rowCount() > 0) { Logger::info('Removed %d jobs activities', $query->rowCount()); } CertificateUtils::cleanupNoLongerUsedCertificates($conn); } catch (Throwable $err) { Logger::error($err); } } }