Merge "NSX PI: Do not use deprecated API when registering identity"

2021-08-02 15:32:59 +00:00 · 2021-08-02 15:32:59 +00:00 · ca644652cc
parent 36be37d942 bb21f169fd
commit ca644652cc
3 changed files with 8 additions and 20 deletions
--- a/vmware_nsxlib/tests/unit/v3/test_cert.py
+++ b/vmware_nsxlib/tests/unit/v3/test_cert.py
@ -72,13 +72,9 @@ class NsxV3ClientCertificateTestCase(nsxlib_testcase.NsxClientTestCase):
                             'error_message': 'bad luck'}))

    def _get_mocked_trust(self, action, cert_pem):
-
        fake_responses = []
        if 'create' in action:
-            # import cert and return its id
-            results = [{'id': self.cert_id}]
-            fake_responses.append(self._get_mocked_response(201, results))
-            # and then bind this id to principal identity
+            # Create principal identity with cert
            fake_responses.append(self._get_mocked_response(201, []))

        if 'delete' in action:
@ -119,18 +115,12 @@ class NsxV3ClientCertificateTestCase(nsxlib_testcase.NsxClientTestCase):
        """Verify API calls to create cert and identity on backend"""
        # verify API call to import cert on backend
        base_uri = 'https://1.2.3.4/api/v1/trust-management'
-        uri = base_uri + '/certificates?action=import'
-        expected_body = {'pem_encoded': cert_pem}
-        test_client.assert_json_call('post', mocked_trust.client, uri,
-                                     single_call=False,
-                                     data=jsonutils.dumps(expected_body))
-
-        # verify API call to bind cert to identity on backend
-        uri = base_uri + '/principal-identities'
+        # verify API call to create identity with cert on backend
+        uri = base_uri + '/principal-identities/with-certificate'
        expected_body = {'name': self.identity,
+                         'certificate_pem': cert_pem,
                         'node_id': self.node_id,
-                         'permission_group': 'read_write_api_users',
-                         'certificate_id': self.cert_id,
+                         'role': 'enterprise_admin',
                         'is_protected': True}
        test_client.assert_json_call('post', mocked_trust.client, uri,
                                     single_call=False,
--- a/vmware_nsxlib/v3/client_cert.py
+++ b/vmware_nsxlib/v3/client_cert.py
@ -334,9 +334,8 @@ class ClientCertificateManager(object):
    def _register_cert(self, cert, node_id):
        cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)

-        self._nsx_trust_management.create_cert_and_identity(self._identity,
-                                                            cert_pem,
-                                                            node_id)
+        self._nsx_trust_management.create_identity_with_cert(
+            self._identity, cert_pem, node_id, 'enterprise_admin')


 class ClientCertProvider(object):
--- a/vmware_nsxlib/v3/trust_management.py
+++ b/vmware_nsxlib/v3/trust_management.py
@ -84,7 +84,7 @@ class NsxLibTrustManagement(utils.NsxLibApiBase):
                arg_val=permission_group,
                arg_name='permission_group')
        body = {'name': name, 'certificate_id': cert_id,
-                'node_id': node_id, 'permission_group': permission_group,
+                'node_id': node_id, 'role': permission_group,
                'is_protected': True}
        self.client.create(ID_SECTION, body)

@ -101,7 +101,6 @@ class NsxLibTrustManagement(utils.NsxLibApiBase):

        if not isinstance(cert_pem, str):
            cert_pem = cert_pem.decode('ascii')
-
        cert_ids = [cert['id'] for cert in certs
                    if cert['pem_encoded'] == cert_pem]
        if not cert_ids: