From d1b4d9c18ae6c017ee33f5f80e8f10215c2657f2 Mon Sep 17 00:00:00 2001 From: Marcelo de Castro Loebens Date: Tue, 12 Nov 2024 17:00:00 -0400 Subject: [PATCH] Re introduce CLI command to change 'https_enabled' Re introduced CLI option to switch the 'HTTPS enabled' configuration for the system. Commands re introduced are: $ system modify --https_enabled $ system modify -p Test plan: PASS: Bootstrap AIO-SX PASS: Use CLI command 'system modify --https_enabled false' to disable HTTPS. Verify that the system switches to HTTPS disabled. Force renewal of REST API/GUI cert. Check that the new ssl cert is installed. Observe that the system remains w/ HTTPS disabled. Use CLI command 'system modify --https_enabled true' to enable HTTPS. Verify that the system switches to HTTPS enabled. PASS: Test using CLI command with -p (instead of --https_enabled) Story: 2011266 Task: 51333 Change-Id: I9178cbe287ca8905cd8aa7ab745a5080aee208a7 Signed-off-by: Marcelo de Castro Loebens --- .../cgtsclient/v1/isystem_shell.py | 33 +++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/sysinv/cgts-client/cgts-client/cgtsclient/v1/isystem_shell.py b/sysinv/cgts-client/cgts-client/cgtsclient/v1/isystem_shell.py index b96c2af3b3..b08640903e 100644 --- a/sysinv/cgts-client/cgts-client/cgtsclient/v1/isystem_shell.py +++ b/sysinv/cgts-client/cgts-client/cgtsclient/v1/isystem_shell.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2021 Wind River Systems, Inc. +# Copyright (c) 2013-2024 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -82,6 +82,10 @@ def do_show(cc, args): @utils.arg('-lo', '--longitude', metavar='', help='The longitude GEO location coordinate of the system') +@utils.arg('-p', '--https_enabled', + metavar='', + choices=['true', 'false', 'True', 'False'], + help='The HTTPS enabled or disabled flag') @utils.arg('-v', '--vswitch_type', metavar='', help='The vswitch type for the system') @@ -134,7 +138,7 @@ def do_modify(cc, args): field_list = ['name', 'system_mode', 'description', 'location', 'latitude', 'longitude', 'contact', 'timezone', 'sdn_enabled', - 'vswitch_type', 'security_feature'] + 'https_enabled', 'vswitch_type', 'security_feature'] # use field list as filter user_fields = dict((k, v) for (k, v) in vars(args).items() @@ -142,12 +146,37 @@ def do_modify(cc, args): configured_fields = isystem.__dict__ configured_fields.update(user_fields) + print_https_warning = False + patch = [] for (k, v) in user_fields.items(): patch.append({'op': 'replace', 'path': '/' + k, 'value': v}) + if k == "https_enabled" and v == "true": + print_https_warning = True + + # If there is an existing ssl certificate in system, it will be used instead + # of installing the default self signed certificate. + if print_https_warning: + certificates = cc.certificate.list() + for certificate in certificates: + if certificate.certtype == 'ssl': + warning = \ + "HTTPS is enabled with existing certificate %s." % \ + certificate.uuid + break + else: + warning = \ + "HTTPS is enabled with a system generated self-signed " \ + "certificate.\nThis should be changed to a CA-signed " \ + "certificate using the 'Update system-local-ca or Migrate " \ + "Platform Certificates to use Cert Manager' procedure." + try: isystem = cc.isystem.update(isystem.uuid, patch) except exc.HTTPNotFound: raise exc.CommandError('system not found: %s' % isystem.uuid) _print_isystem_show(isystem) + + if print_https_warning: + print(warning)