From 62b74f93f51ddd51f2000f185604c6fb1c67faa9 Mon Sep 17 00:00:00 2001
From: amantri <ayyappa.mantri@windriver.com>
Date: Fri, 19 Apr 2024 10:42:57 -0400
Subject: [PATCH] Add IPsec certificate to "system certificate-list"

check for /etc/swanctl/x509/system-ipsec-certificate-<hostname>.crt
exist and show in the output of "system certificate-list" also
show certificate details with "system certificate-show IPsec"

Test Cases:
PASS: Enable IPsec on controller-0, verify that IPsec certificate
      list in the output of "system certificate-list" and
      "system certificate-show IPsec" shows details of IPsec
      certificate
PASS: Enable IPsec on controller-1, verify that IPsec certificate
      list in the output of "system certificate-list" and
      "system certificate-show IPsec" shows details of IPsec
      certificate
PASS: verify that IPsec certificate not shown in the output of
      "system certificate-list" if /etc/swanctl/x509/system-ipsec-
      certificate-<hostname>.crt doesn't exit

Story: 2010940
Task: 49891

Change-Id: I95be304d99feff83e69750b90de289c1dde18b0c
Signed-off-by: amantri <ayyappa.mantri@windriver.com>
---
 sysinv/sysinv/sysinv/sysinv/conductor/manager.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
index dd989b8845..a22befed3d 100644
--- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
+++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py
@@ -19208,6 +19208,15 @@ class ConductorManager(service.PeriodicService):
                    "/etc/kubernetes/pki/apiserver-kubelet-client.crt"),
                   ("front-proxy-client", constants.AUTOMATIC, "/etc/kubernetes/pki/front-proxy-client.crt"),
                   ("front-proxy-ca", constants.AUTOMATIC, "/etc/kubernetes/pki/front-proxy-ca.crt")]
+
+        # IPsec certificate
+        try:
+            hostname = socket.gethostname()
+            ipsec_path = f"/etc/swanctl/x509/system-ipsec-certificate-{hostname}.crt"
+            certs.append(("ipsec", constants.AUTOMATIC, ipsec_path))
+        except socket.error:
+            LOG.debug("Failed to get local hostname to retrieve IPsec certificate")
+
         kube_operator = kubernetes.KubeOperator()
         certificates = kube_operator.list_custom_resources("cert-manager.io", "v1", "certificates")
         k8s_secrets_list = [cert["spec"]["secretName"] for cert in certificates]