APIs Return Different data for List of Certificates

TrueNAS General
1

We’ve been writing a python program to add a certificate. Before adding we query for the list of current certs so that we can verify that the cert does not exist.

When using the truenas_client package, we get an empty list returned.

with TrueNASClient(ws_uri, args.api_key, verify_ssl=verify_ssl) as client:
            # Query certificates
            try:
                certs = client.call("certificate.query") or []
            except Exception as e:
                logger.exception("Failed to call certificate.query: %s", e)
                return 3

            if args.filter_name:
                matched = [c for c in certs if isinstance(c, dict) and c.get("name") == args.filter_name]
                logger.info("Found %d certificates matching name '%s'", len(matched), args.filter_name)
                pretty_print(matched, raw=args.raw)
            else:
                logger.info("certificate.query returned %d entries", len(certs))
                pretty_print(certs, raw=args.raw)

The REST API returns the list of certificates found in TrueNAS.

    args = get_args()
    host = args.host or os.environ.get("TRUENAS_HOST")
    api_key = args.api_key or os.environ.get("TRUENAS_API_KEY")
    if not host:
        print("Missing host. Provide --host or set TRUENAS_HOST environment variable.", file=sys.stderr)
        sys.exit(2)
    if not api_key:
        print("Missing API key. Provide --api-key or set TRUENAS_API_KEY environment variable.", file=sys.stderr)
        sys.exit(2)

    base = build_base_url(host)
    url = f"{base}/api/v2.0/certificate/"

    verify = not args.insecure
    if not verify:
        urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

    headers = {"Authorization": f"Bearer {api_key}"}

    try:
        resp = requests.get(url, headers=headers, verify=verify, timeout=30)
        resp.raise_for_status()
    except requests.RequestException as e:
        print(f"HTTP request failed: {e}", file=sys.stderr)
        sys.exit(3)

    # Try parse JSON, but fall back to raw text
    ctype = resp.headers.get("Content-Type", "")
    body = None
    if "application/json" in ctype or resp.text.strip().startswith("[") or resp.text.strip().startswith("{"):
        try:
            body = resp.json()
        except Exception:
            # fallback: print text
            print("Failed to parse JSON response; raw body below:\n", file=sys.stderr)
            print(resp.text)
            sys.exit(0)
    else:
        print(resp.text)
        sys.exit(0)

    # Optionally filter by name
    if args.filter_name:
        filtered = [c for c in body if isinstance(c, dict) and c.get("name") == args.filter_name]
    else:
        filtered = body

    if args.raw:
        print(json.dumps(filtered))
    else:
        print(json.dumps(filtered, indent=2, ensure_ascii=False))

Using curl we get the complete list as well.

-H "Authorization: Bearer REDACTED" https://freenas.cidercreekranch.net/api/v2.0/certificate/ \
-w "\nHTTP_STATUS:%{http_code}\n"

We’ve been looking high and low for a clue to what we are possibly doing wrong and have come up empty.

We wrote the above code to isolate the issue, the above are just portions of the scripts. Apparently, you cant upload python!

Can any one see what we are doing wrong with the truenas_client certificate call?

Thanks.

2

This may not be exactly what you’re looking for, but it sounds close:

3

@dan Thanks for the prompt reply. We had come across your script in out research. Look nice, but we are wanting to use the truenas_client API.

Thanks again and have Happy Holidays.

4

Aside from the script itself possibly making your work moot, it also uses the truenas_client API (and optionally deletes certs whose names match a certain pattern), so parts of it may help with what you’re trying to do. Since you haven’t given any indication of the output of your code snippet, it’s hard to suggest more.