added '/-/config/root-ca' endpoint

2025-04-16 08:37:28 +02:00 · 2025-04-16 08:37:28 +02:00 · 31957ec6d7
commit 31957ec6d7
parent da31c5f0a7
3 changed files with 18 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -541,6 +541,10 @@ Status endpoint, used for *healthcheck*.

 Shows current runtime environment variables and their values.

+**`GET /-/config/root-ca`**
+
+Returns the Root-CA Certificate which is used. This is required for patching `nvidia-gridd` on 18.x releases.
+
 **`GET /-/readme`**

 HTML rendered README.md.
--- a/app/main.py
+++ b/app/main.py
@ -53,6 +53,7 @@ PRODUCT_MAPPING = ProductMapping(filename=join(dirname(__file__), 'static/produc

 # Create certificate chain and signing keys
 ca_setup = CASetup(service_instance_ref=INSTANCE_REF)
+my_root_certificate = Cert.from_file(ca_setup.root_certificate_filename)
 my_ca_certificate = Cert.from_file(ca_setup.ca_certificate_filename)
 my_si_certificate = Cert.from_file(ca_setup.si_certificate_filename)
 my_si_private_key = PrivateKey.from_file(ca_setup.si_private_key_filename)
@ -148,6 +149,11 @@ async def _config():
    })


+@app.get('/-/config/root-ca', summary='* Root CA', description='returns Root-CA needed for patching nvidia-gridd')
+async def _config():
+    return Response(content=my_root_certificate.pem().decode('utf-8'), media_type='text/plain')
+
+
@app.get('/-/readme', summary='* Readme')
 async def _readme():
    from markdown import markdown
--- a/test/main.py
+++ b/test/main.py
@ -16,7 +16,7 @@ sys.path.append('../')
 sys.path.append('../app')

 from app import main
-from util import CASetup, PrivateKey, PublicKey
+from util import CASetup, PrivateKey, PublicKey, Cert

 client = TestClient(main.app)

@ -26,6 +26,7 @@ ORIGIN_REF, ALLOTMENT_REF, SECRET = str(uuid4()), '20000000-0000-0000-0000-00000

 # CA & Signing
 ca_setup = CASetup(service_instance_ref=INSTANCE_REF)
+my_root_certificate = Cert.from_file(ca_setup.root_certificate_filename)
 my_si_private_key = PrivateKey.from_file(ca_setup.si_private_key_filename)
 my_si_private_key_as_pem = my_si_private_key.pem()
 my_si_public_key = my_si_private_key.public_key()
@ -74,6 +75,12 @@ def test_config():
    assert response.status_code == 200


+def test_config_root_ca():
+    response = client.get('/-/config/root-ca')
+    assert response.status_code == 200
+    assert response.content.decode('utf-8') == my_root_certificate.pem().decode('utf-8')
+
+
 def test_readme():
    response = client.get('/-/readme')
    assert response.status_code == 200