When openstack runs in HA mode, admin might choose to assign two
separate client certificates for each openstack host. This is
possible with storage_type=none. This change allows deleting cert
and identity based not only on identity name, but on cert pem.
In addition, allow faster cluster recovery in case of certificate
change.
Change-Id: Ia4eea874cfa2bf4befc724b719e53e936292e11f
Ths patch simply adds 3 attributes to the request body sent to NSX
when creating principal identities for certificates, adjusts the
code in vmware_nsxlib.v3.client_cert accordingly, and removes
code that was based on "single cert per identity" assumtion.
Change-Id: Ib4e1f44e98843d7cb308c57434e3ecc68f7b8dc2
In addition, add getters for certificate fields,
and ensure certificate object has short lifespan, since
it might change in storage
Change-Id: I2abbec0e48d82d432c9cc18afaca62bae7558d7c
Client certificate authentication will replace basic authentication.
A single client certificate will be generated by admin for the
configuration agent (openstack, container,..).
This commit focuses on certificate generation and coordination of
certificate management on backend, storage and in the agent itself.
Change-Id: Ib00e2c00aecb53cec63a746e9db6829a5594eb3a
Anna Khmelnitsky