commit df0e1a45d4ea13879d53d2e6e80b3011223431d3
author Marri Devender Rao <devenrao@in.ibm.com> Mon Sep 09 08:18:27 2019 -0500
committer Andrew Geissler <geissonator@yahoo.com> Fri Sep 13 13:51:57 2019 +0000
tree b003fe68dbc24e0a8bb088b1172914e399a02a1c
parent 87f087b011ead155ebd5f506249527f09572b980

Remove key bit length parameter to generatecsr command

As only 2048 key bit length is supported for RSA algorithm removing
the option for the user to enter key bit length value. Bmcweb
defaults it to 2048 if no value is provided.

This change is done to fix a defect where user is not allowed to enter
0 value for optional parameter keybit length as per redfish specificaton.

Tested:
python openbmctool.py -H $bmc -U $user -P $password certificate generatecsr server NJ w3.ibm.com US IBM IBM-UNIT NY EC prime256v1 cp abc.com an.com,bm.com gn sn un in
Attempting login...
Generating CSR url=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/
GenerateCSR complete.
{
  "CSRString": "-----BEGIN CERTIFICATE REQUEST-----\nMIIBtDCCAVsCAQEwgfgxDznzsk4oHCBWfI=\n-----END CERTIFICATE REQUEST-----\n",
  "CertificateCollection": {
    "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/"
  }
}

Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: I98d77e79ae010c4b323d419f24b6cae20982907d

thalerj/openbmctool.py

diff --git a/thalerj/openbmctool.py b/thalerj/openbmctool.py
index 14df78e..34ed5b5 100644
--- a/thalerj/openbmctool.py
+++ b/thalerj/openbmctool.py
@@ -2739,8 +2739,8 @@
         Called by certificate management function. Generate CSR for server/
         client certificates
         Example:
-        certificate generatecsr server NJ w3.ibm.com US IBM IBM-UNIT NY EC 2048 prime256v1 cp abc.com an.com,bm.com gn sn un in
-        certificate generatecsr client NJ w3.ibm.com US IBM IBM-UNIT NY EC 2048 prime256v1 cp abc.com an.com,bm.com gn sn un in
+        certificate generatecsr server NJ w3.ibm.com US IBM IBM-UNIT NY EC prime256v1 cp abc.com an.com,bm.com gn sn un in
+        certificate generatecsr client NJ w3.ibm.com US IBM IBM-UNIT NY EC prime256v1 cp abc.com an.com,bm.com gn sn un in
         @param host: string, the hostname or IP address of the bmc
         @param args: contains additional arguments used by the certificate replace sub command
         @param session: the active session to use
@@ -2768,8 +2768,7 @@
             "CommonName":args.commonName, "City":args.city,
             "Country":args.country, "Organization":args.organization,
             "OrganizationalUnit":args.organizationUnit, "State":args.state,
-            "KeyPairAlgorithm":args.keyPairAlgorithm,
-            "KeyBitLength":int(args.keyBitLength), "KeyCurveId":args.keyCurveId,
+            "KeyPairAlgorithm":args.keyPairAlgorithm, "KeyCurveId":args.keyCurveId,
             "AlternativeNames":alt_name_list, "ContactPerson":args.contactPerson,
             "Email":args.email, "GivenName":args.givenname, "Initials":args.initials,
             "KeyUsage":usage_list, "Surname":args.surname,
@@ -4429,8 +4428,6 @@
         help="The state, province, or region of the organization making the request.")
     certGenerateCSR.add_argument('keyPairAlgorithm',  choices=['RSA', 'EC'],
         help="The type of key pair for use with signing algorithms.")
-    certGenerateCSR.add_argument('keyBitLength', choices=['2048'],
-        help="The length of the key in bits, if needed based on the value of the 'KeyPairAlgorithm' parameter.")
     certGenerateCSR.add_argument('keyCurveId',
         help="The curve ID to be used with the key, if needed based on the value of the 'KeyPairAlgorithm' parameter.")
     certGenerateCSR.add_argument('contactPerson',