From d02ee4e293f2caaa798a13b3da082ea2f0c13bce Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Thu, 16 Nov 2023 12:37:56 +0100
Subject: [PATCH 1/2] Introduce `cleanup activities` command

---
 application/clicommands/CleanupCommand.php | 10 ++++++++++
 phpstan-baseline.neon                      | 20 --------------------
 2 files changed, 10 insertions(+), 20 deletions(-)

diff --git a/application/clicommands/CleanupCommand.php b/application/clicommands/CleanupCommand.php
index 748648cd..61c43d4a 100644
--- a/application/clicommands/CleanupCommand.php
+++ b/application/clicommands/CleanupCommand.php
@@ -24,6 +24,10 @@ class CleanupCommand extends Command
      * after the specified period. Any certificates that are no longer used are also removed. This can either be
      * because the associated target has been removed or because it is presenting a new certificate chain.
      *
+     * This command will also remove jobs activities created before the given date/time. Jobs activities are usually
+     * some stats about the job runs performed by the scheduler or/and manually executed using the `scan` and/or
+     * `jobs` command.
+     *
      * USAGE
      *
      *     icingacli x509 cleanup [OPTIONS]
@@ -45,6 +49,7 @@ class CleanupCommand extends Command
      */
     public function indexAction()
     {
+        /** @var string $sinceLastScan */
         $sinceLastScan = $this->params->get('since-last-scan', '-1 month');
         $lastScan = $sinceLastScan;
         if ($lastScan[0] !== '-') {
@@ -77,6 +82,11 @@ public function indexAction()
                 );
             }
 
+            $query = $conn->delete('x509_job_run', ['start_time < ?' => $sinceLastScan->getTimestamp() * 1000]);
+            if ($query->rowCount() > 0) {
+                Logger::info('Removed %d jobs activities', $query->rowCount());
+            }
+
             CertificateUtils::cleanupNoLongerUsedCertificates($conn);
         } catch (Throwable $err) {
             Logger::error($err);
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
index 028c8b07..d8f2198f 100644
--- a/phpstan-baseline.neon
+++ b/phpstan-baseline.neon
@@ -65,31 +65,11 @@ parameters:
 			count: 3
 			path: application/clicommands/CheckCommand.php
 
-		-
-			message: "#^Cannot access offset 0 on mixed\\.$#"
-			count: 1
-			path: application/clicommands/CleanupCommand.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Clicommands\\\\CleanupCommand\\:\\:indexAction\\(\\) has no return type specified\\.$#"
 			count: 1
 			path: application/clicommands/CleanupCommand.php
 
-		-
-			message: "#^Parameter \\#1 \\$datetime of class DateTime constructor expects string, mixed given\\.$#"
-			count: 1
-			path: application/clicommands/CleanupCommand.php
-
-		-
-			message: "#^Parameter \\#2 \\.\\.\\.\\$values of function sprintf expects bool\\|float\\|int\\|string\\|null, mixed given\\.$#"
-			count: 1
-			path: application/clicommands/CleanupCommand.php
-
-		-
-			message: "#^Part \\$lastScan \\(mixed\\) of encapsed string cannot be cast to string\\.$#"
-			count: 1
-			path: application/clicommands/CleanupCommand.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Clicommands\\\\ImportCommand\\:\\:indexAction\\(\\) has no return type specified\\.$#"
 			count: 1

From 3fc7fcac3c7ca74f56f84b56682bccf4cd73a862 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Thu, 16 Nov 2023 12:38:17 +0100
Subject: [PATCH 2/2] Add `Housekeeping` docs

---
 doc/11-Housekeeping.md | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 doc/11-Housekeeping.md

diff --git a/doc/11-Housekeeping.md b/doc/11-Housekeeping.md
new file mode 100644
index 00000000..174a9efc
--- /dev/null
+++ b/doc/11-Housekeeping.md
@@ -0,0 +1,38 @@
+# <a id="Datbase Housekeeping"></a>Database Housekeeping
+
+Your database may grow over time and contain some outdated information. Icinga Certificate Monitoring provides you
+the ability to clean up these outdated info in an easy way.
+
+## Certificates and Targets
+
+The default `cleanup` action removes targets whose last scan is older than a certain date/time and certificates that
+are no longer used.
+
+By default, any targets whose last scan is older than `1 month` are removed. The last scan information is always updated
+when scanning a target, regardless of whether a successful connection is made or not. Therefore, targets that have been
+decommissioned or are no longer part of a job configuration are removed after the specified period. Any certificates
+that are no longer used are also removed. This can either be because the associated target has been removed or because
+it is presenting a new certificate chain.
+
+The `cleanup` command will also remove additionally all jobs activities created before the given date/time.
+Jobs activities are usually just some stats about the job runs performed by the scheduler or/and manually
+executed using the [scan](04-Scanning.md#scan-command) and/or [jobs](04-Scanning.md#scheduling-jobs) command.
+
+### Usage
+
+This command can be used like any other Icinga Web cli operations like this: `icingacli x509 cleanup [OPTIONS]`
+
+**Options:**
+
+```
+--since-last-scan=<datetime>    Clean up targets whose last scan is older than the specified date/time,
+                                which can also be an English textual datetime description like "2 days".
+                                Defaults to "1 month".
+```
+
+#### Example
+
+Remove any targets that have not been scanned for at least two months and any certificates that are no longer used.
+```
+icingacli x509 cleanup --since-last-scan="2 months"
+```