diff --git a/vmware_nsxlib/tests/unit/v3/test_cert.py b/vmware_nsxlib/tests/unit/v3/test_cert.py index 5f0d5840..0fb2aa96 100644 --- a/vmware_nsxlib/tests/unit/v3/test_cert.py +++ b/vmware_nsxlib/tests/unit/v3/test_cert.py @@ -72,13 +72,9 @@ class NsxV3ClientCertificateTestCase(nsxlib_testcase.NsxClientTestCase): 'error_message': 'bad luck'})) def _get_mocked_trust(self, action, cert_pem): - fake_responses = [] if 'create' in action: - # import cert and return its id - results = [{'id': self.cert_id}] - fake_responses.append(self._get_mocked_response(201, results)) - # and then bind this id to principal identity + # Create principal identity with cert fake_responses.append(self._get_mocked_response(201, [])) if 'delete' in action: @@ -119,18 +115,12 @@ class NsxV3ClientCertificateTestCase(nsxlib_testcase.NsxClientTestCase): """Verify API calls to create cert and identity on backend""" # verify API call to import cert on backend base_uri = 'https://1.2.3.4/api/v1/trust-management' - uri = base_uri + '/certificates?action=import' - expected_body = {'pem_encoded': cert_pem} - test_client.assert_json_call('post', mocked_trust.client, uri, - single_call=False, - data=jsonutils.dumps(expected_body)) - - # verify API call to bind cert to identity on backend - uri = base_uri + '/principal-identities' + # verify API call to create identity with cert on backend + uri = base_uri + '/principal-identities/with-certificate' expected_body = {'name': self.identity, + 'certificate_pem': cert_pem, 'node_id': self.node_id, - 'permission_group': 'read_write_api_users', - 'certificate_id': self.cert_id, + 'role': 'enterprise_admin', 'is_protected': True} test_client.assert_json_call('post', mocked_trust.client, uri, single_call=False, diff --git a/vmware_nsxlib/v3/client_cert.py b/vmware_nsxlib/v3/client_cert.py index 67455fa8..6ff7751a 100644 --- a/vmware_nsxlib/v3/client_cert.py +++ b/vmware_nsxlib/v3/client_cert.py @@ -334,9 +334,8 @@ class ClientCertificateManager(object): def _register_cert(self, cert, node_id): cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) - self._nsx_trust_management.create_cert_and_identity(self._identity, - cert_pem, - node_id) + self._nsx_trust_management.create_identity_with_cert( + self._identity, cert_pem, node_id, 'enterprise_admin') class ClientCertProvider(object): diff --git a/vmware_nsxlib/v3/trust_management.py b/vmware_nsxlib/v3/trust_management.py index 168694de..b6afed68 100644 --- a/vmware_nsxlib/v3/trust_management.py +++ b/vmware_nsxlib/v3/trust_management.py @@ -84,7 +84,7 @@ class NsxLibTrustManagement(utils.NsxLibApiBase): arg_val=permission_group, arg_name='permission_group') body = {'name': name, 'certificate_id': cert_id, - 'node_id': node_id, 'permission_group': permission_group, + 'node_id': node_id, 'role': permission_group, 'is_protected': True} self.client.create(ID_SECTION, body) @@ -101,7 +101,6 @@ class NsxLibTrustManagement(utils.NsxLibApiBase): if not isinstance(cert_pem, str): cert_pem = cert_pem.decode('ascii') - cert_ids = [cert['id'] for cert in certs if cert['pem_encoded'] == cert_pem] if not cert_ids: