Is your feature request related to a problem? Please describe.
Once a standalone certificate is generated, its payload, PEM and Private Key, is stored securely in the database. However, this payload is currently inaccessible to the OpenWISP configuration engine, meaning administrators cannot actually deploy the certificates into the device's configuration files.
Describe the solution you'd like
I will extend the configuration variable context to inject certificate payloads directly into the templating engine:
-
Context Generation: implement a get_cert_context() method extending Config.get_context(). This will iterate over the devicecertificate_set and build an Ordered Dictionary of the active certificates.
-
UUID Namespacing: to prevent variable collisions when multiple cert templates are assigned to a single device, generate predictable, UUID-namespaced variables. Specifically:
cert_{template_pk_hex}_pem: the generated certificate.cert_{template_pk_hex}_key: the private key.cert_{template_pk_hex}_uuid: the object UUID.
-
Template Usage: administrators will then be able to reference these variables dynamically inside standard OpenWISP templates using the {{ variable_name }} syntax.
Requirement from the GSoC proposal
The proposal requires exposing the certificate PEM, private key PEM, and certificate UUID in Config.get_context() using a UUID-based namespace to avoid conflicts.
Decision to keep open
The proposal example uses names like cert_<template_uuid>_pem, while this issue currently uses cert_{template_pk_hex}_pem. The exact UUID-based namespace should be confirmed during implementation and documented before merging.
Measurable outcomes: 5
Implementation points: 4, 5
Is your feature request related to a problem? Please describe.
Once a standalone certificate is generated, its payload, PEM and Private Key, is stored securely in the database. However, this payload is currently inaccessible to the OpenWISP configuration engine, meaning administrators cannot actually deploy the certificates into the device's configuration files.
Describe the solution you'd like
I will extend the configuration variable context to inject certificate payloads directly into the templating engine:
Context Generation: implement a
get_cert_context()method extendingConfig.get_context(). This will iterate over thedevicecertificate_setand build an Ordered Dictionary of the active certificates.UUID Namespacing: to prevent variable collisions when multiple cert templates are assigned to a single device, generate predictable, UUID-namespaced variables. Specifically:
cert_{template_pk_hex}_pem: the generated certificate.cert_{template_pk_hex}_key: the private key.cert_{template_pk_hex}_uuid: the object UUID.Template Usage: administrators will then be able to reference these variables dynamically inside standard OpenWISP templates using the
{{ variable_name }}syntax.Requirement from the GSoC proposal
The proposal requires exposing the certificate PEM, private key PEM, and certificate UUID in
Config.get_context()using a UUID-based namespace to avoid conflicts.Decision to keep open
The proposal example uses names like
cert_<template_uuid>_pem, while this issue currently usescert_{template_pk_hex}_pem. The exact UUID-based namespace should be confirmed during implementation and documented before merging.Measurable outcomes: 5
Implementation points: 4, 5