From 16417abe39e6a1c009c373b77c734ceae915b2a4 Mon Sep 17 00:00:00 2001 From: Adam King Date: Wed, 31 Jan 2024 10:15:00 -0500 Subject: [PATCH] mgr/cephadm: add cert-store ls commands To see what certs cephadm has stored in its internal cert store Signed-off-by: Adam King --- src/pybind/mgr/cephadm/module.py | 8 ++++++ src/pybind/mgr/orchestrator/_interface.py | 6 +++++ src/pybind/mgr/orchestrator/module.py | 31 +++++++++++++++++++++++ 3 files changed, 45 insertions(+) diff --git a/src/pybind/mgr/cephadm/module.py b/src/pybind/mgr/cephadm/module.py index 62819c06fb93d..b68d571de68cc 100644 --- a/src/pybind/mgr/cephadm/module.py +++ b/src/pybind/mgr/cephadm/module.py @@ -3131,6 +3131,14 @@ Then run the following: 'password': password, 'certificate': self.http_server.service_discovery.ssl_certs.get_root_cert()} + @handle_orch_error + def cert_store_cert_ls(self) -> Dict[str, Any]: + return self.cert_key_store.cert_ls() + + @handle_orch_error + def cert_store_key_ls(self) -> Dict[str, Any]: + return self.cert_key_store.key_ls() + @handle_orch_error def apply_mon(self, spec: ServiceSpec) -> str: return self._apply(spec) diff --git a/src/pybind/mgr/orchestrator/_interface.py b/src/pybind/mgr/orchestrator/_interface.py index d0570caf0f47b..8a04e31170aeb 100644 --- a/src/pybind/mgr/orchestrator/_interface.py +++ b/src/pybind/mgr/orchestrator/_interface.py @@ -557,6 +557,12 @@ class Orchestrator(object): """ raise NotImplementedError() + def cert_store_cert_ls(self) -> OrchResult[Dict[str, Any]]: + raise NotImplementedError() + + def cert_store_key_ls(self) -> OrchResult[Dict[str, Any]]: + raise NotImplementedError() + @handle_orch_error def apply(self, specs: Sequence["GenericSpec"], no_overwrite: bool = False) -> List[str]: """ diff --git a/src/pybind/mgr/orchestrator/module.py b/src/pybind/mgr/orchestrator/module.py index 4969e1f5eb78f..0ee3e86ee413d 100644 --- a/src/pybind/mgr/orchestrator/module.py +++ b/src/pybind/mgr/orchestrator/module.py @@ -1136,6 +1136,37 @@ class OrchestratorCli(OrchestratorClientMixin, MgrModule, return HandleCommandResult(stdout=table.get_string()) + def _process_cert_store_json(self, d: Dict[str, Any], level: int = 0) -> str: + result_str = '' + indent = ' ' * level + for k, v in d.items(): + if isinstance(v, dict): + result_str += f'{indent}{k}\n' + result_str += self._process_cert_store_json(v, level + 1) + else: + result_str += f'{indent}{k} - {v}\n' + return result_str + + @_cli_read_command('orch cert-store cert ls') + def _cert_store_cert_ls(self, format: Format = Format.plain) -> HandleCommandResult: + completion = self.cert_store_cert_ls() + cert_ls = raise_if_exception(completion) + if format != Format.plain: + return HandleCommandResult(stdout=to_format(cert_ls, format, many=False, cls=None)) + else: + result_str = self._process_cert_store_json(cert_ls, 0) + return HandleCommandResult(stdout=result_str) + + @_cli_read_command('orch cert-store key ls') + def _cert_store_key_ls(self, format: Format = Format.plain) -> HandleCommandResult: + completion = self.cert_store_key_ls() + key_ls = raise_if_exception(completion) + if format != Format.plain: + return HandleCommandResult(stdout=to_format(key_ls, format, many=False, cls=None)) + else: + result_str = self._process_cert_store_json(key_ls, 0) + return HandleCommandResult(stdout=result_str) + def _get_credentials(self, username: Optional[str] = None, password: Optional[str] = None, inbuf: Optional[str] = None) -> Tuple[str, str]: _username = username -- 2.39.5