Wire up cert signing to nodecertutil

confluent_client/bin/nodecertutil

@@ -76,6 +76,10 @@ if __name__ == '__main__':
 
     list_parser = subparsers.add_parser('listbmccacerts', help='List BMC CA certificates')
 
+    sign_bmc_parser = subparsers.add_parser('signbmccert', help='Sign BMC certificate')
+    sign_bmc_parser.add_argument('--days', type=int, help='Number of days the certificate is valid for')
+    sign_bmc_parser.add_argument('--added-names', type=str, help='Additional names to include in the certificate')
+
     args = parser.parse_args()
     c = client.Command()
     if args.command == 'installbmccacert':
@@ -84,6 +88,17 @@ if __name__ == '__main__':
         removebmccacert(args.noderange, args.id, c)
     elif args.command == 'listbmccacerts':
         listbmccacerts(args.noderange, c)
+    elif args.command == 'signbmccert':
+        payload = {}
+        if args.days is not None:
+            payload['days'] = args.days
+        else:
+            print("Error: --days is required for signbmccert", file=sys.stderr)
+            sys.exit(1)
+        if args.added_names:
+            payload['added_names'] = args.added_names
+        for res in c.update(f'/noderange/{args.noderange}/configuration/management_controller/certificate/sign', payload):
+            print(repr(res))
     else:
         parser.print_help()
         sys.exit(1)

confluent_server/confluent/messages.py

@@ -723,6 +723,9 @@ class InputConfigChangeSet(InputExpression):
         endattrs = {}
         for attr in attrs:
             origval = attrs[attr]
+            if isinstance(origval, int):
+                endattrs[attr] = origval
+                continue
             if isinstance(origval, bytes) or isinstance(origval, unicode):
                 origval = {'expression': origval}
             if 'expression' not in origval:
@@ -963,15 +966,15 @@ class InputSigningParameters(InputConfigChangeSet):
     def get_days(self, node):
         attribs = self.get_attributes(node)
         return int(attribs['days'])
-    
-    def get_added_san(self, node):
+
+    def get_added_names(self, node):
         attribs = self.get_attributes(node)
-        addsans = []
-        for subj in attribs.get('added_san', '').split(','):
+        addnames = []
+        for subj in (attribs.get('added_names') or '').split(','):
             if subj:
-                addsans.append(subj.strip())
-        return addsans
-        
+                addnames.append(subj.strip())
+        return addnames
+
 
 class InputCertificateAuthority(ConfluentInputMessage):
     keyname = 'pem'

confluent_server/confluent/plugins/hardwaremanagement/redfish.py

@@ -592,7 +592,7 @@ class IpmiHandler(object):
             raise Exception('Not implemented')
         if self.element[0] == 'sign' and self.op == 'update':
             csr = self.ipmicmd.get_bmc_csr()
-            subj, san = util.get_bmc_subject_san(self.cfm, self.node, self.inputdata.get_added_san(self.node))
+            subj, san = util.get_bmc_subject_san(self.cfm, self.node, self.inputdata.get_added_names(self.node))
             with tempfile.NamedTemporaryFile() as tmpfile:
                 tmpfile.write(csr.encode())
                 tmpfile.flush()