From 6f2d92cc6d6cccf6c84af5e3a3cea26f51a73399 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 16 Apr 2025 14:55:47 -0400 Subject: [PATCH] python-common/cryptotools: use json for structured output Where possible try to use structured output in JSON for easier parsing and interaction with the parent process. Signed-off-by: John Mulligan --- .../ceph/pybind/mgr/cryptotools.py | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/python-common/ceph/pybind/mgr/cryptotools.py b/src/python-common/ceph/pybind/mgr/cryptotools.py index c14f9b2a45315..dd9f5367b6a17 100644 --- a/src/python-common/ceph/pybind/mgr/cryptotools.py +++ b/src/python-common/ceph/pybind/mgr/cryptotools.py @@ -29,7 +29,8 @@ def password_hash(args: Namespace) -> None: else: salt = salt_password.encode('utf8') - print(bcrypt.hashpw(password.encode('utf8'), salt).decode()) + hash_str = bcrypt.hashpw(password.encode('utf8'), salt).decode('utf-8') + json.dump({'hash': hash_str}, sys.stdout) def create_self_signed_cert(args: Namespace) -> None: @@ -108,7 +109,8 @@ def verify_cacrt_content(args: Namespace) -> None: # Certificate still valid, calculate and return days until expiration with warnings.catch_warnings(): warnings.simplefilter("ignore") - print((end_date - datetime.datetime.utcnow()).days) + days_until_exp = (end_date - datetime.datetime.utcnow()).days + json.dump({'days_until_expiration': int(days_until_exp)}, sys.stdout) def get_cert_issuer_info(args: Namespace) -> None: @@ -123,12 +125,11 @@ def get_cert_issuer_info(args: Namespace) -> None: org_name = c[1].decode() elif c[0].decode() == 'CN': # common name comp cn = c[1].decode() + json.dump({'org_name': org_name, 'cn': cn}, sys.stdout) - if args.org_name: - print(org_name) - if args.cn: - print(cn) +def _fail_message(msg: str) -> None: + json.dump({'error': msg}, sys.stdout) def verify_tls(args: Namespace) -> None: @@ -142,12 +143,12 @@ def verify_tls(args: Namespace) -> None: _key = crypto.load_privatekey(crypto.FILETYPE_PEM, key) _key.check() except (ValueError, crypto.Error) as e: - print('Invalid private key: %s' % str(e)) + _fail_message('Invalid private key: %s' % str(e)) try: crt_buffer = crt.encode("ascii") if isinstance(crt, str) else crt _crt = crypto.load_certificate(crypto.FILETYPE_PEM, crt_buffer) except ValueError as e: - print('Invalid certificate key: %s' % str(e)) + _fail_message('Invalid certificate key: %s' % str(e)) try: context = SSL.Context(SSL.TLSv1_METHOD) @@ -158,9 +159,9 @@ def verify_tls(args: Namespace) -> None: context.check_privatekey() except crypto.Error as e: - print('Private key and certificate do not match up: %s' % str(e)) + _fail_message('Private key and certificate do not match up: %s' % str(e)) except SSL.Error as e: - print(f'Invalid cert/key pair: {e}') + _fail_message(f'Invalid cert/key pair: {e}') if __name__ == "__main__": -- 2.39.5