Add an API /v1/certificate/get_all_certs to retrieve all the
platform certs(oidc, wra, adminep, etcd,
service account certs, system-restapi-gui-certificate,
open-ldap, openstack, system-registry-local-certificate,
k8s certs) in JSON response and use this response to format
the "system certificate-list" output as "show-certs.sh" output.
Add an API /v1/certificate/get_all_k8s_certs to retrieve all the
tls,opaque certs in JSON response and use this response to
format the "system k8s-certificate-list" output as
"show-certs.sh -k" output
Implement "system certificate-show <cert name>",
"system k8s-certificate-show <cert name>" to show the full
details of the certificate.
Implement filters in api and cli to show the expired and expiry
certificates
Testcases:
PASS: Verify all the cert values(Residual Time,Issue Date, Expiry Date
,Issuer,Subject,filename,Renewal) are showing fine for all the
following cert paths when "system certificate-list" is executed
/etc/kubernetes/pki/apiserver-etcd-client.crt
/etc/kubernetes/pki/apiserver-kubelet-client.crt
/etc/pki/ca-trust/source/anchors/dc-adminep-root-ca.crt
/etc/ssl/private/admin-ep-cert.pem
/etc/etcd/etcd-client.crt
/etc/etcd/etcd-server.crt
/etc/kubernetes/pki/front-proxy-ca.crt
/etc/kubernetes/pki/front-proxy-client.crt
/var/lib/kubelet/pki/kubelet-client-current.pem
/etc/kubernetes/pki/ca.crt
/etc/ldap/certs/openldap-cert.crt
/etc/ssl/private/registry-cert.crt
/etc/ssl/private/server-cert.pem
PASS: Verify all the cert values(Residual Time,Issue Date, Expiry Date
,Issuer,Subject,filename,Renewal) are showing fine for all the
service accts when "system certificate-list" is executed
/etc/kubernetes/scheduler.conf
/etc/kubernetes/admin.conf
/etc/kubernetes/controller-manager.conf
PASS: Verify the system-local-ca secret is shown in the output of
"system certificate-list"
PASS: List ns,secret name in the output of ssl,docker certs if the
system-restapi-gui-certificate, system-registry-local-certificate
exist on the system when "system certificate-list" executed
PASS: Apply oidc app verify that in "system certificate-list" output
"oidc-auth-apps-certificate", oidc ca issuer and wad cert are
shown with all proper values
PASS: Deploy WRA app verify that "mon-elastic-services-ca-crt",
"mon-elastic-services-extca-crt" secrets are showing in the
"system certificate-list" output and also kibana,
elastic-services cert from mon-elastic-services-secrets secret
PASS: Verify all the cert values(Residual Time,Issue Date, Expiry Date
,Issuer,Subject,filename,Renewal) are showing fine for all the
Opaque,tls type secrets when "system k8s-certificate-list" is
executed
PASS: Execute "system certificate-show <cert name>" for each
cert in the "system ceritificate-list" output and
check all details of it
PASS: Execute "system certificate-list --expired" shows the
certificates which are expired
PASS: Execute "system certificate-list --soon_to_expiry <N>"
shows the expiring certificates with in the specified
N days
PASS: Execute "system k8s-certificate-list --expired" shows the
certificates which are expired
PASS: Execute "system k8s-certificate-list --soon_to_expiry <N>"
shows the expiring certificates with in the specified
N days
PASS: On DC system verify that admin endpoint certificates are
shown with all values when "system certificate-list" is
executed
PASS: Verify the following apis
/v1/certificate/get_all_certs
/v1/certificate/get_all_k8s_certs
/v1/certificate/get_all_certs?soon_to_expiry=<no of days>
/v1/certificate/get_all_k8s_certs?soon_to_expiry=<no of days>
/v1/certificate/get_all_certs?expired=True
/v1/certificate/get_all_k8s_certs?expired=True
Story: 2010848
Task: 48730
Task: 48785
Task: 48786
Change-Id: Ia281fe1610348596ccc1e3fad7816fe577c836d1
Signed-off-by: amantri <ayyappa.mantri@windriver.com>
cca5becb65