Support multiple certificates

Add new api number() to ClientCertProvider. The old way to invoke ClientCertProvider api still works Change-Id: I2bdef4ab4a2c6f24a28a4f41d7f58657c3e31bee
2022-04-26 16:10:04 +08:00 · 2022-04-26 16:10:04 +08:00 · 60b6ad0771
parent 778dd72e86
commit 60b6ad0771
2 changed files with 17 additions and 10 deletions
--- a/vmware_nsxlib/v3/client_cert.py
+++ b/vmware_nsxlib/v3/client_cert.py
@ -357,5 +357,8 @@ class ClientCertProvider(object):
    def __exit__(self, type, value, traceback):
        pass

-    def filename(self):
-        return self._filename
+    def filename(self, index=0):
+        return self._filename[index]
+
+    def number(self):
+        return len(self._filename)
--- a/vmware_nsxlib/v3/cluster.py
+++ b/vmware_nsxlib/v3/cluster.py
@ -151,15 +151,19 @@ class TimeoutSession(requests.Session):
        # Optimal solution for this would be to expose certificate as variable
        # and not as a file to the SSL library
        with get_cert_provider() as provider:
-            self.cert = provider.filename()
-            try:
-                ret = request_with_retry_on_ssl_error(*args, **kwargs)
-            except Exception as e:
+            for index in range(0, provider.number()):
+                self.cert = provider.filename(index)
+                try:
+                    ret = request_with_retry_on_ssl_error(*args, **kwargs)
+                    break
+                except Exception as e:
+                    self.cert = None
+                    LOG.debug("request with cert error %s, index %s",
+                              e, str(index))
+                    if index == provider.number() - 1:
+                        raise e
                self.cert = None
-                raise e
-
-            self.cert = None
-
+        self.cert = None
        return ret