fix!: Rename function for creating an OpenPGP certificate

The function `NetHsm::add_openpgp_cert` only creates an OpenPGP certificate and does not in fact persist the resulting certificate in the NetHSM. Persisting the certificate using `NetHsm::import_key_certificate` would require switching to a user in the Administrator role and the function would therefore require using both users in the Operator and in the Administrator role. Renaming the function to `NetHsm::create_openpgp_cert` and adapting its documentation is the more future-proof solution, as it narrows the permission scope and reflects the current implementation properly. Signed-off-by: David Runge <dvzrv@archlinux.org>

fix!: Rename function for creating an OpenPGP certificate
d3f3dd04 · David Runge · 8b5b6f3f · d3f3dd04 · d3f3dd04
Verified Commit d3f3dd04 authored 7 months ago by David Runge
--- a/nethsm-cli/src/main.rs
+++ b/nethsm-cli/src/main.rs
@@ -728,7 +728,7 @@ fn main() -> Result<(), Error> {
                        auth_passphrase.clone(),
                    )?;

-                let cert = nethsm.add_openpgp_cert(
+                let cert = nethsm.create_openpgp_cert(
                    &command.key_id,
                    flags,
                    &command.user_id,

--- a/nethsm/src/lib.rs
+++ b/nethsm/src/lib.rs
@@ -4280,11 +4280,11 @@ impl NetHsm {
        Base64::decode_vec(&base64_bytes).map_err(Error::Base64Decode)
    }

-    /// Adds an OpenPGP certificate to an existing key
+    /// Creates an OpenPGP certificate for an existing key
    ///
-    /// The NetHSM key is used to sign the self-certification and the resulting [OpenPGP certificate](https://openpgp.dev/book/certificates.html) is persisted in the NetHSM.
+    /// The NetHSM key is used to sign the self-certification and the resulting [OpenPGP certificate](https://openpgp.dev/book/certificates.html) is returned.
    ///
-    /// This call requires using credentials of a user in the "operator" *and* "administrator" [roles](https://docs.nitrokey.com/nethsm/administration#roles).
+    /// This call requires using credentials of a user in the "operator" [role](https://docs.nitrokey.com/nethsm/administration#roles).
    ///
    /// # Errors
    ///
@@ -4292,7 +4292,7 @@ impl NetHsm {
    /// * retrieving random bytes fails
    /// * the device is not in state [`SystemState::Operational`]
    /// * the used credentials are not correct
-    /// * the used credentials are not those of users in the "operator" and "administrator" role
+    /// * the used credentials are not those of a user in the "operator" role
    /// * the key does not exist
    /// * the used operator credentials do not grant access to the used key
    ///
@@ -4323,7 +4323,7 @@ impl NetHsm {
    /// ));
    ///
    /// assert!(!nethsm
-    ///     .add_openpgp_cert(
+    ///     .create_openpgp_cert(
    ///         "key",
    ///         OpenPgpKeyUsageFlags::default(),
    ///         "Test <test@example.com>",
@@ -4333,7 +4333,7 @@ impl NetHsm {
    /// # Ok(())
    /// # }
    /// ```
-    pub fn add_openpgp_cert(
+    pub fn create_openpgp_cert(
        &self,
        key_id: &str,
        flags: openpgp::KeyUsageFlags,