certificate install returns code 200 on errors

While this issue does not gate the stx.2.0 release, the error paths in the code should be cleaned up to provide a proper error reason.

Adding stx.helpwanted tag. This would be a good candidate for a newer community member to take on.

By convention, non-gating issues are marked as low priority.

Reproduced it, will try to check it.

Hi all,
I prefer to return "400 BAD REQUEST", "to indicate that the input data is invalid."

Here is the status code 400's definition:
400 BAD REQUEST
The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

Please notify me if you have better suggestion. Here is the link for http status code definition:
https://httpstatuses.com/

Hello,
  With the help of Allain Legacy, I have reproduced bugs in the latest starlingx (2019/06/26) environment. Currently, the script code is parsed and debugged mainly according to the log. The scope of the bug may be a bit large and takes a little time.
  If you have good suggestions, welcome to share.
  The following is the log of the bug reproduction.

[sysadmin@controller-0 ~(keystone_admin)]$ system --debug certificate-install -m dummy mykey.pem
DEBUG (base:187) Making authentication request to http://192.178.204.2:5000/v3/auth/tokens
DEBUG (connectionpool:207) Starting new HTTP connection (1): 192.178.204.2
DEBUG (connectionpool:395) http://192.178.204.2:5000 "POST /v3/auth/tokens HTTP/1.1" 201 4540
DEBUG (base:192) {"token": {"is_domain": false, "methods": ["password"], "roles": [{"id": "02cf8679e4bd4feebde070949562670f", "name": "reader"}, {"id": "97e6164b985f44b3899ad8022de3eb60", "name": "member"}, {"id": "09115934acf44204b3c4df69742c6286", "name": "admin"}], "expires_at": "2019-07-05T08:42:27.000000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "0c2bf514002948238cbecadda2440dce", "name": "admin"}, "catalog": [{"endpoints": [{"url": "http://10.10.10.3:18002", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "646e43841db1442f89e792bfee0d1f03"}, {"url": "http://192.178.204.2:18002", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "eb616ad932e14bef86a5bfda895187d3"}, {"url": "http://192.178.204.2:18002", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "76017e49ff524950a8653cd189e1ca7b"}], "type": "faultmanagement", "id": "962af3c06eab47c385eeb74f6128e721", "name": "fm"}, {"endpoints": [{"url": "http://10.10.10.3:9311", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "35a27d0482c14ce99e0a23d25c8a963d"}, {"url": "http://192.178.204.2:9311", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "1fae0f3821514985943d302d47d1780b"}, {"url": "http://192.178.204.2:9311", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "fd2f04cb9ef34c0d93763030624541a6"}], "type": "key-manager", "id": "3bd317389fd14168adbbfdbc9aa60f1c", "name": "barbican"}, {"endpoints": [{"url": "http://10.10.10.3:5000/v3", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "d14134cd59b146ad814f404189ad12de"}, {"url": "http://192.178.204.2:5000/v3", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "5a2368d1c33e4c88bf9fd6b92a14feb5"}, {"url": "http://192.178.204.2:5000/v3", "interface": "admin", "region": "RegionOne", "region_id": "RegionOne", "id": "bdf089a0187440b58323a181ca501e9b"}], "type": "identity", "id": "bb9aab9eafbb4ce2bbb3e1d333a15a71", "name": "keystone"}, {"endpoints": [{"url": "http://10.10.10.3:6385/v1", "interface": "public", "region": "RegionOne", "region_id": "RegionOne", "id": "99f16d7f6ee146b5b7d39b3025a21e24"}, {"url": "http://192.178.204.2:6385/v1", "interface": "internal", "region": "RegionOne", "region_id": "RegionOne", "id": "1204f5edebe44657aa0ee9f631e6c67b"}, {"url": "http://192.178.204.2:6385/v1...

Issue reproduced by Neusoft engineer.

Hello,
    I recently mainly analyzed the log information of the command and the script code related to the http status code. Currently, I have not found a place to set the status code.In the course of the investigation, there are several speculations.
    1.code return value 200 indicates that the server and the client are successfully connected, and successfully received the POST request, and has not performed the related operations of the certificate installation, so it returns 200.
    2.The format of the command "system --debug certificate-install -m dummy mykey.pem" is correct. The parameter mode is set incorrectly (dummy). The http server does not recognize the error.
    3.http status code is a standard numeric code common to HTTP. In openstack, the corresponding code return value judgment processing, whether it may have been encapsulated, is directly obtained through system functions during use.

    The following are two cases (mode=default) that I debug this command, for reference only.
    case1：
      [sysadmin@controller-0 ~(keystone_admin)]$ system --debug certificate-install mykey.pem
      DEBUG (base:187) Making authentication request to http://192.178.204.2:5000/v3/auth/tokens
      DEBUG (connectionpool:207) Starting new HTTP connection (1): 192.178.204.2
      DEBUG (connectionpool:395) http://192.178.204.2:5000 "POST /v3/auth/tokens HTTP/1.1" 201 4540
      .......
      DEBUG (connectionpool:207) Starting new HTTP connection (1): 192.178.204.2
      DEBUG (connectionpool:395) http://192.178.204.2:6385 "POST /v1/certificate/certificate_install HTTP/1.1" 200 82
      Certificate mykey.pem not installed: No certificates have been added, https is not enabled.

    case2：
      [sysadmin@controller-0 ~(keystone_admin)]$ system modify --https_enabled=True
      [sysadmin@controller-0 ~(keystone_admin)]$ system --debug certificate-install mykey.pem
      DEBUG (base:187) Making authentication request to http://192.178.204.2:5000/v3/auth/tokens
      DEBUG (connectionpool:207) Starting new HTTP connection (1): 192.178.204.2
      DEBUG (connectionpool:395) http://192.178.204.2:5000 "POST /v3/auth/tokens HTTP/1.1" 201 4540
      ......
      DEBUG (connectionpool:207) Starting new HTTP connection (1): 192.178.204.2
      DEBUG (connectionpool:395) http://192.178.204.2:6385 "POST /v1/certificate/certificate_install HTTP/1.1" 500 0
      Certificate mykey.pem not installed: Expecting value: line 1 column 1 (char 0)

    The error in case 2 above (code=500) may be because HTTPS does not currently support container configuration, see https://wiki.openstack.org/wiki/StarlingX/Containers/Limitations.

    According to the code "/usr/lib64/python2.7/site-packages/sysinv/api/controllers/v1/certificate.py", the parameter mode in the command is defined as follows:
         default: install certificate for ssl
         tpm_mode: install certificate to tpm devices for ssl
         docker_registry: install certificate for docker registry
         openstack: install certificate for openstack
         openstack_ca: install ca certificate for openstack

    If you have good suggestions, welcome to share.

No progress on this bug for more than 2 years. Candidate for closure.

If there is no update, this issue is targeted to be closed as 'Won't Fix' by March 22.

Changing the status to 'Won't Fix' as there is no activity.