From 7b076bf5909fbdf71d266f8f0d3543348ce5f040 Mon Sep 17 00:00:00 2001
From: Krzysztof Piotrowski <krzysztof.piotrowski@inetum.com>
Date: Mon, 3 Mar 2025 09:34:58 +0000
Subject: [PATCH] fix: add csr path to cloud profiles

Signed-off-by: Krzysztof Piotrowski <krzysztof.piotrowski@inetum.com>
---
 .../src/tedge_config_cli/tedge_config.rs      | 29 ++++++++++++++++++-
 crates/core/tedge/src/cli/certificate/cli.rs  | 15 ++--------
 2 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/crates/common/tedge_config/src/tedge_config_cli/tedge_config.rs b/crates/common/tedge_config/src/tedge_config_cli/tedge_config.rs
index 5c568fafb5..0ebe017c88 100644
--- a/crates/common/tedge_config/src/tedge_config_cli/tedge_config.rs
+++ b/crates/common/tedge_config/src/tedge_config_cli/tedge_config.rs
@@ -127,7 +127,7 @@ define_tedge_config! {
         cert_path: Utf8PathBuf,
 
         /// Path where the device's certificate signing request is stored
-        #[tedge_config(example = "/etc/tedge/device-certs/tedge.csr", default(function = "default_device_csr"))]
+        #[tedge_config(example = "/etc/tedge/device-certs/tedge.csr", default(function = "default_device_csr"), reader(private))]
         #[doku(as = "PathBuf")]
         csr_path: Utf8PathBuf,
 
@@ -204,6 +204,11 @@ define_tedge_config! {
             #[tedge_config(example = "/etc/tedge/device-certs/tedge-certificate.pem", default(from_key = "device.cert_path"))]
             #[doku(as = "PathBuf")]
             cert_path: Utf8PathBuf,
+
+            /// Path where the device's certificate signing request is stored
+            #[tedge_config(example = "/etc/tedge/device-certs/tedge.csr", default(from_key = "device.csr_path"))]
+            #[doku(as = "PathBuf")]
+            csr_path: Utf8PathBuf,
         },
 
         smartrest: {
@@ -399,6 +404,11 @@ define_tedge_config! {
             #[tedge_config(example = "/etc/tedge/device-certs/tedge-certificate.pem", default(from_key = "device.cert_path"))]
             #[doku(as = "PathBuf")]
             cert_path: Utf8PathBuf,
+
+            /// Path where the device's certificate signing request is stored
+            #[tedge_config(example = "/etc/tedge/device-certs/tedge.csr", default(from_key = "device.csr_path"))]
+            #[doku(as = "PathBuf")]
+            csr_path: Utf8PathBuf,
         },
 
         mapper: {
@@ -468,6 +478,11 @@ define_tedge_config! {
             #[tedge_config(example = "/etc/tedge/device-certs/tedge-certificate.pem", default(from_key = "device.cert_path"))]
             #[doku(as = "PathBuf")]
             cert_path: Utf8PathBuf,
+
+            /// Path where the device's certificate signing request is stored
+            #[tedge_config(example = "/etc/tedge/device-certs/tedge.csr", default(from_key = "device.csr_path"))]
+            #[doku(as = "PathBuf")]
+            csr_path: Utf8PathBuf,
         },
 
         mapper: {
@@ -902,6 +917,18 @@ impl TEdgeConfigReader {
         })
     }
 
+    pub fn device_csr_path<'a>(
+        &self,
+        cloud: Option<impl Into<Cloud<'a>>>,
+    ) -> Result<&Utf8Path, MultiError> {
+        Ok(match cloud.map(<_>::into) {
+            None => &self.device.csr_path,
+            Some(Cloud::C8y(profile)) => &self.c8y.try_get(profile)?.device.csr_path,
+            Some(Cloud::Az(profile)) => &self.az.try_get(profile)?.device.csr_path,
+            Some(Cloud::Aws(profile)) => &self.aws.try_get(profile)?.device.csr_path,
+        })
+    }
+
     pub fn device_id<'a>(&self, cloud: Option<impl Into<Cloud<'a>>>) -> Result<&str, ReadError> {
         Ok(match cloud.map(<_>::into) {
             None => self.device.id()?,
diff --git a/crates/core/tedge/src/cli/certificate/cli.rs b/crates/core/tedge/src/cli/certificate/cli.rs
index 310d69f1f8..26553de70c 100644
--- a/crates/core/tedge/src/cli/certificate/cli.rs
+++ b/crates/core/tedge/src/cli/certificate/cli.rs
@@ -6,8 +6,6 @@ use super::show::ShowCertCmd;
 use super::upload::*;
 
 use anyhow::anyhow;
-use camino::Utf8PathBuf;
-use clap::ValueHint;
 use tedge_config::OptionalConfigError;
 use tedge_config::ProfileName;
 use tedge_config::TEdgeConfig;
@@ -37,10 +35,6 @@ pub enum TEdgeCertCli {
         #[clap(long = "device-id", global = true)]
         id: Option<String>,
 
-        /// Path where a Certificate signing request will be stored
-        #[clap(long = "output-path", global = true, value_hint = ValueHint::FilePath)]
-        output_path: Option<Utf8PathBuf>,
-
         #[clap(subcommand)]
         cloud: Option<CloudArg>,
     },
@@ -91,18 +85,13 @@ impl BuildCommand for TEdgeCertCli {
                 cmd.into_boxed()
             }
 
-            TEdgeCertCli::CreateCsr {
-                id,
-                output_path,
-                cloud,
-            } => {
+            TEdgeCertCli::CreateCsr { id, cloud } => {
                 let cloud: Option<Cloud> = cloud.map(<_>::try_into).transpose()?;
 
                 let cmd = CreateCsrCmd {
                     id: get_device_id(id, &config, &cloud)?,
                     key_path: config.device_key_path(cloud.as_ref())?.to_owned(),
-                    // Use output file instead of csr_path from tedge config if provided
-                    csr_path: output_path.unwrap_or_else(|| config.device.csr_path.clone()),
+                    csr_path: config.device_csr_path(cloud.as_ref())?.to_owned(),
                     user: user.to_owned(),
                     group: group.to_owned(),
                 };