When openstack runs in HA mode, admin might choose to assign two
separate client certificates for each openstack host. This is
possible with storage_type=none. This change allows deleting cert
and identity based not only on identity name, but on cert pem.
In addition, allow faster cluster recovery in case of certificate
Ths patch simply adds 3 attributes to the request body sent to NSX
when creating principal identities for certificates, adjusts the
code in vmware_nsxlib.v3.client_cert accordingly, and removes
code that was based on "single cert per identity" assumtion.
Client certificate authentication will replace basic authentication.
A single client certificate will be generated by admin for the
configuration agent (openstack, container,..).
This commit focuses on certificate generation and coordination of
certificate management on backend, storage and in the agent itself.