From 073f6d1389042ad4102dcff52867ab444898186e Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 31 Oct 2025 12:04:27 -0400 Subject: [PATCH] Wire up cert signing to nodecertutil --- confluent_client/bin/nodecertutil | 15 +++++++++++++++ confluent_server/confluent/messages.py | 17 ++++++++++------- .../plugins/hardwaremanagement/redfish.py | 2 +- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/confluent_client/bin/nodecertutil b/confluent_client/bin/nodecertutil index 3b220b3d..f2e20896 100644 --- a/confluent_client/bin/nodecertutil +++ b/confluent_client/bin/nodecertutil @@ -76,6 +76,10 @@ if __name__ == '__main__': list_parser = subparsers.add_parser('listbmccacerts', help='List BMC CA certificates') + sign_bmc_parser = subparsers.add_parser('signbmccert', help='Sign BMC certificate') + sign_bmc_parser.add_argument('--days', type=int, help='Number of days the certificate is valid for') + sign_bmc_parser.add_argument('--added-names', type=str, help='Additional names to include in the certificate') + args = parser.parse_args() c = client.Command() if args.command == 'installbmccacert': @@ -84,6 +88,17 @@ if __name__ == '__main__': removebmccacert(args.noderange, args.id, c) elif args.command == 'listbmccacerts': listbmccacerts(args.noderange, c) + elif args.command == 'signbmccert': + payload = {} + if args.days is not None: + payload['days'] = args.days + else: + print("Error: --days is required for signbmccert", file=sys.stderr) + sys.exit(1) + if args.added_names: + payload['added_names'] = args.added_names + for res in c.update(f'/noderange/{args.noderange}/configuration/management_controller/certificate/sign', payload): + print(repr(res)) else: parser.print_help() sys.exit(1) \ No newline at end of file diff --git a/confluent_server/confluent/messages.py b/confluent_server/confluent/messages.py index 5967291a..aac7aa89 100644 --- a/confluent_server/confluent/messages.py +++ b/confluent_server/confluent/messages.py @@ -723,6 +723,9 @@ class InputConfigChangeSet(InputExpression): endattrs = {} for attr in attrs: origval = attrs[attr] + if isinstance(origval, int): + endattrs[attr] = origval + continue if isinstance(origval, bytes) or isinstance(origval, unicode): origval = {'expression': origval} if 'expression' not in origval: @@ -963,15 +966,15 @@ class InputSigningParameters(InputConfigChangeSet): def get_days(self, node): attribs = self.get_attributes(node) return int(attribs['days']) - - def get_added_san(self, node): + + def get_added_names(self, node): attribs = self.get_attributes(node) - addsans = [] - for subj in attribs.get('added_san', '').split(','): + addnames = [] + for subj in (attribs.get('added_names') or '').split(','): if subj: - addsans.append(subj.strip()) - return addsans - + addnames.append(subj.strip()) + return addnames + class InputCertificateAuthority(ConfluentInputMessage): keyname = 'pem' diff --git a/confluent_server/confluent/plugins/hardwaremanagement/redfish.py b/confluent_server/confluent/plugins/hardwaremanagement/redfish.py index 163ea351..6c66ae04 100644 --- a/confluent_server/confluent/plugins/hardwaremanagement/redfish.py +++ b/confluent_server/confluent/plugins/hardwaremanagement/redfish.py @@ -592,7 +592,7 @@ class IpmiHandler(object): raise Exception('Not implemented') if self.element[0] == 'sign' and self.op == 'update': csr = self.ipmicmd.get_bmc_csr() - subj, san = util.get_bmc_subject_san(self.cfm, self.node, self.inputdata.get_added_san(self.node)) + subj, san = util.get_bmc_subject_san(self.cfm, self.node, self.inputdata.get_added_names(self.node)) with tempfile.NamedTemporaryFile() as tmpfile: tmpfile.write(csr.encode()) tmpfile.flush()