NAS-133619 / 25.04 / Convert ca_profiles.py to new api

src/middlewared/middlewared/api/v25_04_0/__init__.py

@@ -17,6 +17,7 @@
 from .config import *  # noqa
 from .core import *  # noqa
 from .cronjob import *  # noqa
+from .crypto_ca_profiles import *  # noqa
 from .crypto_cert_profiles import *  # noqa
 from .device import *  # noqa
 from .disk import *  # noqa

src/middlewared/middlewared/api/v25_04_0/crypto_ca_profiles.py

@@ -0,0 +1,58 @@
+from typing import final
+
+from middlewared.api.base import BaseModel
+
+__all__ = ("CAProfilesArgs", "CAProfilesResults", "CAPROFILES")
+
+# Defines the default lifetime of a certificate
+# (https://support.apple.com/en-us/HT211025)
+DEFAULT_LIFETIME_DAYS = 397
+
+
+@final
+class KeyUsageModel(BaseModel):
+    enabled: bool = True
+    key_cert_sign: bool = True
+    crl_sign: bool = True
+    extension_critical: bool = True
+
+
+@final
+class BasicConstraintsModel(BaseModel):
+    enabled: bool = True
+    ca: bool = True
+    extension_critical: bool = True
+
+
+@final
+class ExtendedKeyUsageModel(BaseModel):
+    enabled: bool = True
+    extension_critical: bool = True
+    usages: list[str] = ["SERVER_AUTH"]
+
+
+@final
+class CertExtensionsModel(BaseModel):
+    KeyUsage: KeyUsageModel = KeyUsageModel()
+    BasicConstraints: BasicConstraintsModel = BasicConstraintsModel()
+    ExtentedKeyUsage: ExtendedKeyUsageModel = ExtendedKeyUsageModel()
+
+
+@final
+class CAModel(BaseModel):
+    key_length: int = 2048
+    key_type: str = "RSA"
+    lifetime: int = DEFAULT_LIFETIME_DAYS
+    digest_algorithm: str = "SHA256"
+    cert_extensions: CertExtensionsModel = CertExtensionsModel()
+
+
+class CAProfilesArgs(BaseModel):
+    pass
+
+
+class CAProfilesResults(BaseModel):
+    result: CAModel = CAModel()
+
+
+CAPROFILES = CAModel().model_dump(by_alias=True)

src/middlewared/middlewared/plugins/crypto_/ca_profiles.py

@@ -1,49 +1,20 @@
-from middlewared.schema import accepts, Dict, returns
+from middlewared.api import api_method
+from middlewared.api.current import (
+    CAPROFILES,
+    CAProfilesArgs,
+    CAProfilesResults,
+)
 from middlewared.service import Service
 
-from .utils import DEFAULT_LIFETIME_DAYS
-
 
 class CertificateAuthorityService(Service):
-
     class Config:
-        cli_namespace = 'system.certificate.authority'
-
-    PROFILES = {
-        'CA': {
-            'key_length': 2048,
-            'key_type': 'RSA',
-            'lifetime': DEFAULT_LIFETIME_DAYS,
-            'digest_algorithm': 'SHA256',
-            'cert_extensions': {
-                'KeyUsage': {
-                    'enabled': True,
-                    'key_cert_sign': True,
-                    'crl_sign': True,
-                    'extension_critical': True
-                },
-                'BasicConstraints': {
-                    'enabled': True,
-                    'ca': True,
-                    'extension_critical': True
-                },
-                'ExtendedKeyUsage': {
-                    'enabled': True,
-                    'extension_critical': False,
-                    'usages': ['SERVER_AUTH']
-                }
-            }
-        }
-    }
+        cli_namespace = "system.certificate.authority"
 
-    @accepts(roles=['CERTIFICATE_AUTHORITY_READ'])
-    @returns(Dict(
-        'certificate_authority_profiles',
-        *[Dict(profile, additional_attrs=True) for profile in PROFILES]
-    ))
+    @api_method(CAProfilesArgs, CAProfilesResults, roles=["CERTIFICATE_AUTHORITY_READ"])
     async def profiles(self):
         """
-        Returns a dictionary of predefined options for specific use cases i.e OpenVPN certificate authority
-        configurations which can be used for creating certificate authorities.
+        Returns a dictionary of predefined options for
+        creating certificate authority requests.
         """
-        return self.PROFILES
+        return CAPROFILES

src/middlewared/middlewared/plugins/webui/crypto.py

@@ -1,5 +1,8 @@
 from middlewared.api import api_method
 from middlewared.api.current import (
+    CAPROFILES,
+    CAProfilesArgs,
+    CAProfilesResult,
     CERTPROFILES,
     CertProfilesArgs,
     CertProfilesResult,
@@ -26,9 +29,13 @@ class Config:
     async def certificate_profiles(self):
         return CERTPROFILES
 
-    @accepts(roles=['READONLY_ADMIN'])
+    @api_method(
+        CAProfilesArgs,
+        CAProfilesResult,
+        roles=['READONLY_ADMIN']
+    )
     async def certificateauthority_profiles(self):
-        return await self.middleware.call('certificateauthority.profiles')
+        return CAPROFILES
 
     @accepts(Int('cert_id'), roles=['READONLY_ADMIN'])
     async def get_certificate_domain_names(self, cert_id):