Merge pull request #15 from cisco-open/add-sign-task

Add sign task
cisco-open · May 13, 2024 · 9a8aed3 · 9a8aed3
2 parents aa593ea + 8ff170f
commit 9a8aed3
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# Catalyst SD-WAN Lab 2.0.10 [May 13, 2024]
+
+- Added sign task
+
 # Catalyst SD-WAN Lab 2.0.10 [May 10, 2024]
 
 - Added support for Python 3.12

diff --git a/README.md b/README.md
@@ -77,6 +77,7 @@ Task indicates the operation to be performed. The following tasks are currently
 * [Backup](#backup-task): Backup the Catalyst SD-WAN Lab runnning in CML, including the CML topology and all its nodes, SD-WAN device states and templates / configuration groups.
 * [Restore](#restore-task): Restore the Catalyst SD-WAN Lab from backup, onboard and confgure control components and create basic feature templates / configuration groups. If there are any WAN Edges, automatically onboard the WAN Edges back to the SD-WAN Manager using the configuration from the backup.
 * [Delete](#delete-task): Delete currently running lab from CML and remove all lab data.
+* [Sign](#sign-task): Sign Certificate Signing Request (CSR) using SD-WAN Lab Deployment Tool Root CA
 
 Task-specific parameters are provided after the task argument.
 
@@ -96,6 +97,7 @@ Task-specific parameters are provided after the task argument.
           backup              Backup running Catalyst SD-WAN lab pod.
           restore             Restore Catalyst SD-WAN POD from backup.
           delete              Delete the CML lab and all the lab data.
+          sign                Sign CSR using the SD-WAN Lab Deployment Tool Root CA.
       
       optional arguments:
         -h, --help            show this help message and exit
@@ -309,6 +311,18 @@ This task has several task-specific parameters.
         --lab <lab_name>  Lab name
         --force           Delete the lab without asking for confirmation. Note the all lab data will be lost!
 
+### Sign Task
+This tasks reads the Certificate Signing Request (CSR) from a file and signs it using SD-WAN Lab Deployment Tool Root CA.
+At the end, the task prints the signed certificate in standard output.
+
+This task has several task-specific parameters.
+
+      sdwan-lab delete -h
+      usage: sdwan-lab.py sign [-h] <csr_file>
+      
+      positional arguments:
+        <csr_file>  Certificate Signing Request (CSR) File
+
 ## Limitations and scale
 The tool supports the following scale per CML lab:
 

diff --git a/catalyst_sdwan_lab/__main__.py b/catalyst_sdwan_lab/__main__.py
@@ -22,7 +22,7 @@
 
 import catalyst_sdwan_lab
 
-from .tasks import add, backup, delete, deploy, restore, setup
+from .tasks import add, backup, delete, deploy, restore, setup, sign
 
 # Setup logging
 log = logging.getLogger(__name__)
@@ -490,6 +490,15 @@ def main() -> None:
         ]
     )
 
+    sign_parser = task_subparsers.add_parser(
+        "sign", help="Sign CSR using the SD-WAN Lab Deployment Tool Root CA."
+    )
+    sign_parser.add_argument(
+        "csr_file",
+        metavar="<csr_file>",
+        help="Certificate Signing Request (CSR) File",
+    )
+
     cli_args = main_parser.parse_args()
 
     # Depending on the selected task, prompt for additional arguments (if needed).
@@ -580,6 +589,11 @@ def main() -> None:
         )
     elif cli_args.task == "delete":
         delete.main(cml, cli_args.lab, cli_args.force, cli_args.loglevel)
+    elif cli_args.task == "sign":
+        sign.main(
+            cli_args.csr_file,
+            cli_args.loglevel,
+        )
 
 
 def verify_cml_version(cml: ClientLibrary) -> None:

diff --git a/catalyst_sdwan_lab/tasks/sign.py b/catalyst_sdwan_lab/tasks/sign.py
@@ -0,0 +1,30 @@
+# Copyright (c) 2024 Cisco Systems, Inc. and its affiliates.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+#
+# SPDX-License-Identifier: bsd
+from typing import Union
+
+from .utils import create_cert, load_certificate_details, setup_logging, track_progress
+
+
+def main(csr_file_path: str, loglevel: Union[int, str]) -> None:
+
+    # Setup logging
+    log = setup_logging(loglevel)
+
+    # Prepare the CA for controllers certificate signing
+    track_progress(log, "Loading root CA details...")
+    ca_cert, ca_key, ca_chain = load_certificate_details()
+
+    track_progress(log, "Loading csr from file...")
+    with open(csr_file_path, "r") as file:
+        csr = file.read()
+
+    track_progress(log, "Signing CSR...")
+    cert = create_cert(ca_cert.encode(), ca_key.encode(), csr.encode())
+
+    track_progress(log, "Certificate signed: \n")
+    print(cert.decode())
+
+    return
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "catalyst-sdwan-lab"
-version = "2.0.10"
+version = "2.0.11"
 description = "Catalyst SD-WAN Lab Deployment Tool - Automation Tool for managing Cisco Catalyst SD-WAN labs inside Cisco Modeling Labs"
 license = "BSD-3-Clause"
 authors = ["Tomasz Zarski <[email protected]>"]
@@ -19,7 +19,7 @@ requests = "^2.28.1"
 pyopenssl = "^24.0.0"
 pyats = ">=23.1,<=24.2"
 passlib = "^1.7.4"
-jinja2 = "^3.1.3"
+jinja2 = "3.1.4"
 cisco-sdwan = "^1.23"
 ruamel-yaml = "^0.17.21"
 urllib3 = "^1.26.18"