lxc · stgraber · Dec 11, 2023 · Dec 10, 2023 · Dec 10, 2023 · Dec 10, 2023
@@ -719,6 +719,7 @@ func certificatesPost(d *Daemon, r *http.Request) response.Response {
 				Name:        name,
 				Certificate: string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})),
 				Restricted:  req.Restricted,
+				Description: req.Description,
 			}
 
 			_, err := dbCluster.CreateCertificateWithProjects(ctx, tx.Tx(), dbCert, req.Projects)
@@ -975,6 +976,7 @@ func doCertificateUpdate(d *Daemon, dbInfo api.Certificate, req api.CertificateP
 			Restricted:  req.Restricted,
 			Name:        req.Name,
 			Type:        reqDBType,
+			Description: req.Description,
 		}
 
 		var userCanEditCertificate bool
@@ -1012,6 +1014,7 @@ func doCertificateUpdate(d *Daemon, dbInfo api.Certificate, req api.CertificateP
 				Restricted:  dbInfo.Restricted,
 				Name:        dbInfo.Name,
 				Type:        reqDBType,
+				Description: req.Description,
 			}
 
 			certProjects = dbInfo.Projects

@@ -2296,3 +2296,7 @@ when moving an instance between projects and/or storage pools.
 ## `ovn_ssl_config`
 This introduces new server configuration keys to provide the SSL CA and client key pair to access the OVN databases.
 The new configuration keys are `network.ovn.ca_cert`, `network.ovn.client_cert` and `network.ovn.client_key`.
+
+## `certificate_description`
+
+Adds a `description` field to certificate.
@@ -7,6 +7,11 @@ definitions:
                 example: X509 PEM certificate
                 type: string
                 x-go-name: Certificate
+            description:
+                description: Certificate description
+                example: X509 certificate
+                type: string
+                x-go-name: Description
             fingerprint:
                 description: SHA256 fingerprint of the certificate
                 example: fd200419b271f1dc2a5591b693cc5774b7f234e1ff8c6b78ad703b6888fe2b69
@@ -82,6 +87,11 @@ definitions:
                 example: X509 PEM certificate
                 type: string
                 x-go-name: Certificate
+            description:
+                description: Certificate description
+                example: X509 certificate
+                type: string
+                x-go-name: Description
             name:
                 description: Name associated with the certificate
                 example: castiana
@@ -117,6 +127,11 @@ definitions:
                 example: X509 PEM certificate
                 type: string
                 x-go-name: Certificate
+            description:
+                description: Certificate description
+                example: X509 certificate
+                type: string
+                x-go-name: Description
             name:
                 description: Name associated with the certificate
                 example: castiana

@@ -44,6 +44,7 @@ type Certificate struct {
 	Name        string
 	Certificate string
 	Restricted  bool
+	Description string
 }
 
 // CertificateFilter specifies potential query parameter fields.
@@ -77,6 +78,7 @@ func (cert *Certificate) ToAPI(ctx context.Context, tx *sql.Tx) (*api.Certificat
 	resp.Name = cert.Name
 	resp.Restricted = cert.Restricted
 	resp.Type = cert.ToAPIType()
+	resp.Description = cert.Description
 
 	projects, err := GetCertificateProjects(ctx, tx, cert.ID)
 	if err != nil {

@@ -20,20 +20,20 @@ import (
 var _ = api.ServerEnvironment{}
 
 var certificateObjects = RegisterStmt(`
-SELECT certificates.id, certificates.fingerprint, certificates.type, certificates.name, certificates.certificate, certificates.restricted
+SELECT certificates.id, certificates.fingerprint, certificates.type, certificates.name, certificates.certificate, certificates.restricted, certificates.description
   FROM certificates
   ORDER BY certificates.fingerprint
 `)
 
 var certificateObjectsByID = RegisterStmt(`
-SELECT certificates.id, certificates.fingerprint, certificates.type, certificates.name, certificates.certificate, certificates.restricted
+SELECT certificates.id, certificates.fingerprint, certificates.type, certificates.name, certificates.certificate, certificates.restricted, certificates.description
   FROM certificates
   WHERE ( certificates.id = ? )
   ORDER BY certificates.fingerprint
 `)
 
 var certificateObjectsByFingerprint = RegisterStmt(`
-SELECT certificates.id, certificates.fingerprint, certificates.type, certificates.name, certificates.certificate, certificates.restricted
+SELECT certificates.id, certificates.fingerprint, certificates.type, certificates.name, certificates.certificate, certificates.restricted, certificates.description
   FROM certificates
   WHERE ( certificates.fingerprint = ? )
   ORDER BY certificates.fingerprint
@@ -45,8 +45,8 @@ SELECT certificates.id FROM certificates
 `)
 
 var certificateCreate = RegisterStmt(`
-INSERT INTO certificates (fingerprint, type, name, certificate, restricted)
-  VALUES (?, ?, ?, ?, ?)
+INSERT INTO certificates (fingerprint, type, name, certificate, restricted, description)
+  VALUES (?, ?, ?, ?, ?, ?)
 `)
 
 var certificateDeleteByFingerprint = RegisterStmt(`
@@ -59,14 +59,14 @@ DELETE FROM certificates WHERE name = ? AND type = ?
 
 var certificateUpdate = RegisterStmt(`
 UPDATE certificates
-  SET fingerprint = ?, type = ?, name = ?, certificate = ?, restricted = ?
+  SET fingerprint = ?, type = ?, name = ?, certificate = ?, restricted = ?, description = ?
  WHERE id = ?
 `)
 
 // certificateColumns returns a string of column names to be used with a SELECT statement for the entity.
 // Use this function when building statements to retrieve database entries matching the Certificate entity.
 func certificateColumns() string {
-	return "certificates.id, certificates.fingerprint, certificates.type, certificates.name, certificates.certificate, certificates.restricted"
+	return "certificates.id, certificates.fingerprint, certificates.type, certificates.name, certificates.certificate, certificates.restricted, certificates.description"
 }
 
 // getCertificates can be used to run handwritten sql.Stmts to return a slice of objects.
@@ -75,7 +75,7 @@ func getCertificates(ctx context.Context, stmt *sql.Stmt, args ...any) ([]Certif
 
 	dest := func(scan func(dest ...any) error) error {
 		c := Certificate{}
-		err := scan(&c.ID, &c.Fingerprint, &c.Type, &c.Name, &c.Certificate, &c.Restricted)
+		err := scan(&c.ID, &c.Fingerprint, &c.Type, &c.Name, &c.Certificate, &c.Restricted, &c.Description)
 		if err != nil {
 			return err
 		}
@@ -99,7 +99,7 @@ func getCertificatesRaw(ctx context.Context, tx *sql.Tx, sql string, args ...any
 
 	dest := func(scan func(dest ...any) error) error {
 		c := Certificate{}
-		err := scan(&c.ID, &c.Fingerprint, &c.Type, &c.Name, &c.Certificate, &c.Restricted)
+		err := scan(&c.ID, &c.Fingerprint, &c.Type, &c.Name, &c.Certificate, &c.Restricted, &c.Description)
 		if err != nil {
 			return err
 		}
@@ -279,14 +279,15 @@ func CreateCertificate(ctx context.Context, tx *sql.Tx, object Certificate) (int
 		return -1, api.StatusErrorf(http.StatusConflict, "This \"certificates\" entry already exists")
 	}
 
-	args := make([]any, 5)
+	args := make([]any, 6)
 
 	// Populate the statement arguments.
 	args[0] = object.Fingerprint
 	args[1] = object.Type
 	args[2] = object.Name
 	args[3] = object.Certificate
 	args[4] = object.Restricted
+	args[5] = object.Description
 
 	// Prepared statement to use.
 	stmt, err := Stmt(tx, certificateCreate)
@@ -369,7 +370,7 @@ func UpdateCertificate(ctx context.Context, tx *sql.Tx, fingerprint string, obje
 		return fmt.Errorf("Failed to get \"certificateUpdate\" prepared statement: %w", err)
 	}
 
-	result, err := stmt.Exec(object.Fingerprint, object.Type, object.Name, object.Certificate, object.Restricted, id)
+	result, err := stmt.Exec(object.Fingerprint, object.Type, object.Name, object.Certificate, object.Restricted, object.Description, id)
 	if err != nil {
 		return fmt.Errorf("Update \"certificates\" entry failed: %w", err)
 	}

@@ -13,6 +13,7 @@ CREATE TABLE certificates (
     name TEXT NOT NULL,
     certificate TEXT NOT NULL,
     restricted INTEGER NOT NULL DEFAULT 0,
+    description TEXT NOT NULL DEFAULT "",
     UNIQUE (fingerprint)
 );
 CREATE TABLE "certificates_projects" (
@@ -621,5 +622,5 @@ CREATE TABLE "warnings" (
 );
 CREATE UNIQUE INDEX warnings_unique_node_id_project_id_entity_type_code_entity_id_type_code ON warnings(IFNULL(node_id, -1), IFNULL(project_id, -1), entity_type_code, entity_id, type_code);
 
-INSERT INTO schema (version, updated_at) VALUES (69, strftime("%s"))
+INSERT INTO schema (version, updated_at) VALUES (70, strftime("%s"))
 `
@@ -106,6 +106,20 @@ var updates = map[int]schema.Update{
 	67: updateFromV66,
 	68: updateFromV67,
 	69: updateFromV68,
+	70: updateFromV69,
+}
+
+// updateFromV69 adds description column to certificate.
+func updateFromV69(ctx context.Context, tx *sql.Tx) error {
+	q := `
+	ALTER TABLE certificates ADD COLUMN description TEXT NOT NULL DEFAULT "";
+	`
+	_, err := tx.Exec(q)
+	if err != nil {
+		return fmt.Errorf("Failed adding description column to certificate: %w", err)
+	}
+
+	return nil
 }
 
 // updateFromV68 fixes unique index for record name to make it zone specific.

@@ -387,6 +387,7 @@ var APIExtensions = []string{
 	"storage_cephfs_create_missing",
 	"instance_move_config",
 	"ovn_ssl_config",
+	"certificate_description",
 }
 
 // APIExtensionsCount returns the number of available API extensions.

@@ -66,6 +66,12 @@ type CertificatePut struct {
 	//
 	// API extension: certificate_self_renewal
 	Certificate string `json:"certificate" yaml:"certificate"`
+
+	// Certificate description
+	// Example: X509 certificate
+	//
+	// API extension: certificate_description
+	Description string `json:"description" yaml:"description"`
 }
 
 // Certificate represents a certificate