Commit Graph

4 Commits (66298bf16999b389b8628735070a2c174425219c)

Author SHA1 Message Date
Anna Khmelnitsky 1ac9c11b03 Support multiple client certificate per identity
When openstack runs in HA mode, admin might choose to assign two
separate client certificates for each openstack host. This is
possible with storage_type=none. This change allows deleting cert
and identity based not only on identity name, but on cert pem.
In addition, allow faster cluster recovery in case of certificate

Change-Id: Ia4eea874cfa2bf4befc724b719e53e936292e11f
6 years ago
Salvatore Orlando ff8a2044e0 Pass node ID and user permissions when creating NSX identity
Ths patch simply adds 3 attributes to the request body sent to NSX
when creating principal identities for certificates, adjusts the
code in vmware_nsxlib.v3.client_cert accordingly, and removes
code that was based on "single cert per identity" assumtion.

Change-Id: Ib4e1f44e98843d7cb308c57434e3ecc68f7b8dc2
6 years ago
Anna Khmelnitsky 763f024ab8 Support client certificate import
In addition, add getters for certificate fields,
and ensure certificate object has short lifespan, since
it might change in storage

Change-Id: I2abbec0e48d82d432c9cc18afaca62bae7558d7c
6 years ago
Anna Khmelnitsky e8ef5db4e9 Client certificate management for NSXV3 authentication
Client certificate authentication will replace basic authentication.
A single client certificate will be generated by admin for the
configuration agent (openstack, container,..).

This commit focuses on certificate generation and coordination of
certificate management on backend, storage and in the agent itself.

Change-Id: Ib00e2c00aecb53cec63a746e9db6829a5594eb3a
6 years ago