From f81be47cb7ba307c0b7807c91492a525d1af178b Mon Sep 17 00:00:00 2001
From: Anna Khmelnitsky <akhmelnitsky@vmware.com>
Date: Wed, 14 Oct 2020 12:10:37 -0700
Subject: [PATCH] Avoid invoking session/create API with client cert

This fails on NSX since the API is only supported with basic auth.

Change-Id: I4043836d9b0d96ec659f33cef19ec31b73747667
---
 vmware_nsxlib/v3/cluster.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/vmware_nsxlib/v3/cluster.py b/vmware_nsxlib/v3/cluster.py
index 6d8b5229..9abd42b9 100644
--- a/vmware_nsxlib/v3/cluster.py
+++ b/vmware_nsxlib/v3/cluster.py
@@ -241,6 +241,12 @@ class NSXRequestsHTTPProvider(AbstractHTTPProvider):
         # Add allow-overwrite if configured
         if allow_overwrite_header:
             session.default_headers['X-Allow-Overwrite'] = 'true'
+
+        if session.cert_provider:
+            # Session create will fail with cert provider
+            LOG.debug("Skipping session create with client certificate auth")
+            return
+
         # Perform the initial session create and get the relevant jsessionid &
         # X-XSRF-TOKEN for future requests
         req_data = ''
@@ -258,11 +264,6 @@ class NSXRequestsHTTPProvider(AbstractHTTPProvider):
                 LOG.error("Session create failed for endpoint %s due to "
                           "error in retrieving JSON Web Token: %s",
                           provider.url, e)
-        elif session.cert_provider:
-            # Session create will fail without token_provider, returning 403
-            LOG.debug("Skipping get_default_headers due to missing "
-                      "token_provider")
-            return
         else:
             # With client certificate authentication, username and password
             # may not be provided.