mgr/cephadm: add get cert/key commands

In order to be able to grab certs/keys stored
in the new CertKeyStore class

Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit 2dd0ce91a53a898b8b3635f8943cc2d0e39b4ec1)
(cherry picked from commit f357f9b1afb5a417f541bfe0cc69d9777accf136)

diff --git a/src/pybind/mgr/cephadm/module.py b/src/pybind/mgr/cephadm/module.py
index 057d56eca3a96b0d1054f13235f5f9e7f632fbad..8af13722001a79d0726a63ac915380c0fc805ef6 100644 (file)
--- a/src/pybind/mgr/cephadm/module.py
+++ b/src/pybind/mgr/cephadm/module.py
@@ -3139,6 +3139,40 @@ Then run the following:
     def cert_store_key_ls(self) -> Dict[str, Any]:
         return self.cert_key_store.key_ls()
 
+    @handle_orch_error
+    def cert_store_get_cert(
+        self,
+        entity: str,
+        service_name: Optional[str] = None,
+        hostname: Optional[str] = None
+    ) -> str:
+        cert = self.cert_key_store.get_cert(entity, service_name or '', hostname or '')
+        if not cert:
+            err_msg = f'No cert found for entity {entity}'
+            if service_name:
+                err_msg += f' with service name {service_name}'
+            if hostname:
+                err_msg += f' with hostname {hostname}'
+            raise OrchestratorError(err_msg)
+        return cert
+
+    @handle_orch_error
+    def cert_store_get_key(
+        self,
+        entity: str,
+        service_name: Optional[str] = None,
+        hostname: Optional[str] = None
+    ) -> str:
+        key = self.cert_key_store.get_key(entity, service_name or '', hostname or '')
+        if not key:
+            err_msg = f'No key found for entity {entity}'
+            if service_name:
+                err_msg += f' with service name {service_name}'
+            if hostname:
+                err_msg += f' with hostname {hostname}'
+            raise OrchestratorError(err_msg)
+        return key
+
     @handle_orch_error
     def apply_mon(self, spec: ServiceSpec) -> str:
         return self._apply(spec)

diff --git a/src/pybind/mgr/orchestrator/_interface.py b/src/pybind/mgr/orchestrator/_interface.py
index a1e099ef5c815e7067473b1f692af8e69bc7ca63..e7f94f7c74b34b82389eba81464253f654b13543 100644 (file)
--- a/src/pybind/mgr/orchestrator/_interface.py
+++ b/src/pybind/mgr/orchestrator/_interface.py
@@ -563,6 +563,22 @@ class Orchestrator(object):
     def cert_store_key_ls(self) -> OrchResult[Dict[str, Any]]:
         raise NotImplementedError()
 
+    def cert_store_get_cert(
+        self,
+        entity: str,
+        service_name: Optional[str] = None,
+        hostname: Optional[str] = None
+    ) -> OrchResult[str]:
+        raise NotImplementedError()
+
+    def cert_store_get_key(
+        self,
+        entity: str,
+        service_name: Optional[str] = None,
+        hostname: Optional[str] = None
+    ) -> OrchResult[str]:
+        raise NotImplementedError()
+
     @handle_orch_error
     def apply(self, specs: Sequence["GenericSpec"], no_overwrite: bool = False) -> List[str]:
         """

diff --git a/src/pybind/mgr/orchestrator/module.py b/src/pybind/mgr/orchestrator/module.py
index 9dcab2e625d26c70367d132268bb7f6522c24e2a..cd4d6d4161efd4bc002e157c3e73a4d334373731 100644 (file)
--- a/src/pybind/mgr/orchestrator/module.py
+++ b/src/pybind/mgr/orchestrator/module.py
@@ -1160,6 +1160,30 @@ class OrchestratorCli(OrchestratorClientMixin, MgrModule,
             result_str = self._process_cert_store_json(key_ls, 0)
             return HandleCommandResult(stdout=result_str)
 
+    @_cli_read_command('orch cert-store get cert')
+    def _cert_store_get_cert(
+        self,
+        entity: str,
+        _end_positional_: int = 0,
+        service_name: Optional[str] = None,
+        hostname: Optional[str] = None
+    ) -> HandleCommandResult:
+        completion = self.cert_store_get_cert(entity, service_name, hostname)
+        cert = raise_if_exception(completion)
+        return HandleCommandResult(stdout=cert)
+
+    @_cli_read_command('orch cert-store get key')
+    def _cert_store_get_key(
+        self,
+        entity: str,
+        _end_positional_: int = 0,
+        service_name: Optional[str] = None,
+        hostname: Optional[str] = None
+    ) -> HandleCommandResult:
+        completion = self.cert_store_get_key(entity, service_name, hostname)
+        key = raise_if_exception(completion)
+        return HandleCommandResult(stdout=key)
+
     def _get_credentials(self, username: Optional[str] = None, password: Optional[str] = None, inbuf: Optional[str] = None) -> Tuple[str, str]:
 
         _username = username