Adds cli command to generate certificate

This will add the code needed to generate certificates. It will
also add a command to our cli for generating certificates.

Our Dockerfile will also use the generate-certs command to be
executed before the server is deployed. Meaning we will always
have the certificates created in case they don't exist.

Note that for having the certificates at host we would need to
mount a volume to the container

Author: aponcedeleonch

.gitignore

@@ -47,4 +47,4 @@ weaviate_data/
 codegate.db
 
 # certificate directory
-certs/
+*certs/

cert_gen.py

@@ -29,10 +29,12 @@ codegate serve [OPTIONS]
   - Overrides configuration file and environment variables
 
 - `--log-level [ERROR|WARNING|INFO|DEBUG]`: Set the log level (default: INFO)
+  - Optional
   - Case-insensitive
   - Overrides configuration file and environment variables
 
 - `--log-format [JSON|TEXT]`: Set the log format (default: JSON)
+  - Optional
   - Case-insensitive
   - Overrides configuration file and environment variables
 
@@ -72,6 +74,10 @@ codegate serve [OPTIONS]
 - `--embedding-model TEXT`: Name of the model used for embeddings
   - Optional
 
+- `--db-path TEXT`: Path to a SQLite DB. It will create one if it doesn't exist. (default: ./codegate_volume/db/codegate.db)
+  - Optional
+  - Overrides configuration file and environment variables
+
 ### show-prompts
 
 Display the loaded system prompts:
@@ -87,6 +93,46 @@ codegate show-prompts [OPTIONS]
   - Must be a valid YAML file
   - If not provided, shows default prompts from prompts/default.yaml
 
+### generate_certs
+
+Generate certificates for the CodeGate server.
+
+```bash
+codegate generate-certs [OPTIONS]
+```
+
+#### Options
+
+- `--certs-out-dir PATH`: Directory path where the certificates are going to be generated. (default: ./codegate_volume/certs)
+  - Optional
+  - Overrides configuration file and environment variables
+
+- `--ca-cert-name TEXT`: Name that will be given to the created CA certificate. (default: ca.crt)
+  - Optional
+  - Overrides configuration file and environment variables
+
+- `--ca-key-name TEXT`: Name that will be given to the created CA key. (default: ca.key)
+  - Optional
+  - Overrides configuration file and environment variables
+
+- `--server-cert-name TEXT`: Name that will be given to the created server certificate. (default: server.crt)
+  - Optional
+  - Overrides configuration file and environment variables
+
+- `--server-key-name TEXT`: Name that will be given to the created server key. (default: server.key)
+  - Optional
+  - Overrides configuration file and environment variables
+
+- `--log-level [ERROR|WARNING|INFO|DEBUG]`: Set the log level (default: INFO)
+  - Optional
+  - Case-insensitive
+  - Overrides configuration file and environment variables
+  
+- `--log-format [JSON|TEXT]`: Set the log format (default: JSON)
+  - Optional
+  - Case-insensitive
+  - Overrides configuration file and environment variables
+
 ## Error Handling
 
 The CLI provides user-friendly error messages for:
@@ -144,3 +190,9 @@ codegate show-prompts
 Show prompts from a custom file:
 ```bash
 codegate show-prompts --prompts my-prompts.yaml
+```
+
+Generate certificates with default settings:
+```bash
+codegate generate-certs
+```

docs/cli.md

@@ -7,6 +7,7 @@ BACKUP_PATH="/tmp/weaviate_backup"
 BACKUP_NAME="backup"
 MODEL_BASE_PATH="/app/codegate_volume/models"
 CODEGATE_DB_FILE="/app/codegate_volume/db/codegate.db"
+CODEGATE_CERTS="/app/codegate_volume/certs"
 
 # Function to restore backup if paths are provided
 restore_backup() {
@@ -22,6 +23,11 @@ restore_backup() {
     fi
 }
 
+genrerate_certs() {
+    echo "Generating certificates..."
+    python -m src.codegate.cli generate-certs --certs-out-dir "$CODEGATE_CERTS"
+}
+
 # Function to start Nginx server for the dashboard
 start_dashboard() {
     echo "Starting the dashboard..."
@@ -54,8 +60,11 @@ echo "Initializing entrypoint script..."
 # Step 1: Restore backup if applicable
 restore_backup
 
-# Step 2: Start the dashboard
+# Step 2: Generate certificates
+genrerate_certs
+
+# Step 3: Start the dashboard
 start_dashboard
 
-# Step 3: Start the main application
+# Step 4: Start the main application
 start_application

poetry.lock

@@ -297,7 +297,7 @@ def generate_certificates(self) -> Tuple[str, str]:
 
         # CA generated, now generate server certificate
 
-        # Generate new certificate for domain
+        ## Generate new certificate for domain
         logger.debug("Generating private key for server")
         server_key = rsa.generate_private_key(
             public_exponent=65537,
@@ -369,31 +369,34 @@ def generate_certificates(self) -> Tuple[str, str]:
             )
 
         # Print instructions for trusting the certificates
-        print("Certificates generated successfully in the 'certs' directory")
-        print("\nTo trust these certificates:")
-        print("\nOn macOS:")
-        print(
-            "`sudo security add-trusted-cert -d -r trustRoot "
-            "-k /Library/Keychains/System.keychain certs/ca.crt"
-        )
-        print("\nOn Windows (PowerShell as Admin):")
-        print(
-            'Import-Certificate -FilePath "certs\\ca.crt" '
-            '-CertStoreLocation Cert:\\LocalMachine\\Root'
-        )
-        print("\nOn Linux:")
-        print("sudo cp certs/ca.crt /usr/local/share/ca-certificates/codegate.crt")
-        print("sudo update-ca-certificates")
-        print("\nFor VSCode, add to settings.json:")
-        print(
-            """{
+        logger.info(
+            """
+Certificates generated successfully in the 'certs' directory
+To trust these certificates:
+
+On macOS:
+`sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain certs/ca.crt`
+
+On Windows (PowerShell as Admin):
+`Import-Certificate -FilePath "certs\\ca.crt" -CertStoreLocation Cert:\\LocalMachine\\Root`
+
+On Linux:
+`sudo cp certs/ca.crt /usr/local/share/ca-certificates/codegate.crt`
+`sudo update-ca-certificates`
+
+For VSCode, add to settings.json:
+{
     "http.proxy": "https://localhost:8990",
+    "http.proxyStrictSSL": true,
     "http.proxySupport": "on",
     "github.copilot.advanced": {
+        "debug.useNodeFetcher": true,
+        "debug.useElectronFetcher": true,
         "debug.testOverrideProxyUrl": "https://localhost:8990",
         "debug.overrideProxyUrl": "https://localhost:8990"
-    }
-}"""
+    },
+}
+"""
         )
         logger.debug("Certificates generated successfully")
         return server_cert, server_key
@@ -434,10 +437,9 @@ def ensure_certificates_exist(self) -> None:
             logger.debug("Certificates not found, generating new certificates")
             self.generate_certificates()
         else:
-            logger.debug(
-                f"Certificates found at: {Config.get_config().server_cert} "
-                "and {Config.get_config().server_key}"
-            )
+            server_cert = Config.get_config().server_cert
+            server_key = Config.get_config().server_key
+            logger.debug(f"Certificates found at: {server_cert} and {server_key}.")
 
     def get_ssl_context(self) -> ssl.SSLContext:
         """Get SSL context with certificates"""