Support parsing enrollment file in client (#80)

* Support parsing enrollment file

* ensure the enrollment file is a file

* Use real enrollment file when testing

* Create/file/secret are mutually exclusive

Makefile

@@ -13,7 +13,7 @@ CA_FINGERPRINT=		root_ca_fingerprint.txt
 CA_PASSWORD=		root_ca_password.txt
 
 STEP_CA_FILES=		$(CA_CERT) $(CA_PASSWORD) $(CA_FINGERPRINT) $(CA_PROVISIONER_FILES)
-CLIENT_FILES=		data.json tls.crt tls.key tls-ca.crt
+CLIENT_FILES=		data.json tls.crt tls.key tls-ca.crt enrollment.json
 
 all: $(DEPENDS)
 
@@ -38,7 +38,8 @@ test-client: test-client-enroll test-client-renew
 
 test-client-enroll:
 	rm -f tls.crt tls-ca.crt tls.key data.json
-	NODEMAN_USERNAME=username NODEMAN_PASSWORD=password poetry run nodeman_client --debug enroll --create
+	curl -X POST --verbose --user username:password -o enrollment.json http://127.0.0.1:8080/api/v1/node
+	poetry run nodeman_client --debug enroll --file enrollment.json
 	step crypto jwk public < data.json
 	step certificate inspect tls.crt
 	step certificate inspect tls-ca.crt

nodeman/client.py

@@ -3,6 +3,7 @@
 import logging
 import os
 from datetime import datetime, timezone
+from pathlib import Path
 from urllib.parse import urljoin
 
 import httpx
@@ -217,10 +218,29 @@ def command_enroll(args: argparse.Namespace) -> NodeConfiguration:
     """Enroll node"""
 
     if args.create:
+        server = args.server
         node_bootstrap_information = command_create(args)
         name = node_bootstrap_information.name
         enrollment_key = JWK(**node_bootstrap_information.key.model_dump())
+    elif args.file:
+        file_path = Path(args.file)
+        if not file_path.exists():
+            logging.error("Enrollment file does not exist: %s", args.file)
+            raise SystemExit(2)
+        if not file_path.is_file():
+            logging.error("Enrollment file is not a file: %s", args.file)
+            raise SystemExit(2)
+        with open(file_path) as fp:
+            enrollment_data = json.load(fp)
+        try:
+            name = enrollment_data["name"]
+            server = enrollment_data["nodeman_url"]
+            enrollment_key = JWK(**enrollment_data["key"])
+        except Exception as exc:
+            logging.error("Error parsing enrollment file", exc_info=exc)
+            raise SystemExit(2) from exc
     else:
+        server = args.server
         name = args.name
         enrollment_key = JWK(kty="oct", k=args.secret, alg="HS256")
 
@@ -231,7 +251,7 @@ def command_enroll(args: argparse.Namespace) -> NodeConfiguration:
     data_key = JWK.generate(kty=args.kty, crv=args.crv, kid=name)
     x509_key = generate_x509_key(kty=args.kty, crv=args.crv)
 
-    result = enroll(name=name, server=args.server, enrollment_key=enrollment_key, data_key=data_key, x509_key=x509_key)
+    result = enroll(name=name, server=server, enrollment_key=enrollment_key, data_key=data_key, x509_key=x509_key)
 
     with open(args.data_jwk_file, "w") as fp:
         fp.write(data_key.export())
@@ -339,10 +359,11 @@ def main() -> None:
     add_admin_arguments(admin_list_parser)
 
     enroll_parser = subparsers.add_parser("enroll", help="Enroll new node")
-    enroll_parser.add_argument("--create", action="store_true", help="Create node")
     enroll_parser.set_defaults(func=command_enroll)
-    enroll_parser.add_argument("--name", metavar="name", help="Node name")
-    enroll_parser.add_argument("--secret", metavar="secret", help="Node secret")
+    enrollment_group = enroll_parser.add_mutually_exclusive_group(required=True)
+    enrollment_group.add_argument("--create", action="store_true", help="Create node")
+    enrollment_group.add_argument("--file", metavar="filename", help="JSON file containing enrollment data")
+    enrollment_group.add_argument("--secret", metavar="secret", help="Node secret")
     enroll_parser.add_argument("--kty", metavar="type", help="Key type", default="OKP")
     enroll_parser.add_argument("--crv", metavar="type", help="Key curve", default="Ed25519")