Add support for host certificate deletion, display and installation #483
Conversation
Signed-off-by: tejaswi_goel <[email protected]>
Tejaswi-Goel
force-pushed
the
pki-host-cert-install-del
branch
from
4990cf9 to
48be4f8
Compare
|
|
||
| PATCH = "patch" | ||
| DELETE = "delete" | ||
| PUT = "put" | ||
| POST = 'post' |
There was a problem hiding this comment.
| POST = 'post' | |
| POST = "post" |
A little nitpick but for consistency you should use double quotes here
| "path": INSTALL_PATH, | ||
| "method": POST, | ||
| "data": {"openconfig-pki-rpc:input": | ||
| {"file-path": cert.get('file_path'), |
There was a problem hiding this comment.
| {"file-path": cert.get('file_path'), | |
| {"file-path": cert.get("file_path"), |
A little nitpick but for consistency you should use double quotes here
| "data": {"openconfig-pki-rpc:input": | ||
| {"file-path": cert.get('file_path'), | ||
| "key-path": cert.get('key_path'), | ||
| "fips-cert": cert.get('fips_cert')}} |
There was a problem hiding this comment.
| "fips-cert": cert.get('fips_cert')}} | |
| "fips-cert": cert.get("fips_cert")}} |
A little nitpick but for consistency you should use double quotes here
| @@ -322,6 +325,20 @@ def _state_merged(self, want, have, diff): | |||
| } | |||
| ) | |||
|
|
|||
| # Handle INSTALL for certificates | |||
| for cert in commands.get("host_cert") or []: | |||
There was a problem hiding this comment.
Can you explain why the empty list is necessary here? I don't immediately see a function of that or clause here.
| @@ -371,6 +388,22 @@ def _state_deleted(self, want, have, diff): | |||
| if ts.get("name") in current_ts: | |||
| requests.extend(mk_ts_delete(ts, have)) | |||
|
|
|||
| # Handle DELETE for certificates | |||
| for cert in commands.get("host_cert") or []: | |||
There was a problem hiding this comment.
Can you explain why the empty list is necessary here? I don't immediately see a function of that or clause here.
| if cert_data and len(cert_data) > 0 and "openconfig-pki-rpc:output" in cert_data[0][1]: | ||
| cert_data = cert_data[0][1].get("openconfig-pki-rpc:output", {}) | ||
| if cert_data and "filename" in cert_data: | ||
| filenames = cert_data.get("filename", []) or [] |
There was a problem hiding this comment.
Does the "or []" do anything in this statement? If the get() does not find anything with the key "filename" it will return an empty list. I am unclear on what the "or []" snippet does here.
SUMMARY
Add ansible support for SONiC PKI host certificates install, delete and display.
GitHub Issues
List the GitHub issues impacted by this PR. If no Github issues are affected, please indicate this with "N/A".
ISSUE TYPE
COMPONENT NAME
sonic_pki
OUTPUT
Regression Run Output
regression_sonic_pki_tasks_result.txt
Checklist:
How Has This Been Tested?
Regression test with updated testcases.