x/vmware-nsxlib
Code Issues Proposed changes

Merge "NSX PI: Do not use deprecated API when registering identity"

Browse Source
This commit is contained in:
Zuul 2021-08-02 15:32:59 +00:00 committed by Gerrit Code Review
commit ca644652cc
3 changed files with 8 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
vmware_nsxlib/tests/unit/v3/test_cert.py
View File

@ -72,13 +72,9 @@ class NsxV3ClientCertificateTestCase(nsxlib_testcase.NsxClientTestCase):
'error_message': 'bad luck'})) 'error_message': 'bad luck'}))
def _get_mocked_trust(self, action, cert_pem): def _get_mocked_trust(self, action, cert_pem):
fake_responses = [] fake_responses = []
if 'create' in action: if 'create' in action:
# import cert and return its id # Create principal identity with cert
results = [{'id': self.cert_id}]
fake_responses.append(self._get_mocked_response(201, results))
# and then bind this id to principal identity
fake_responses.append(self._get_mocked_response(201, [])) fake_responses.append(self._get_mocked_response(201, []))
if 'delete' in action: if 'delete' in action:
@ -119,18 +115,12 @@ class NsxV3ClientCertificateTestCase(nsxlib_testcase.NsxClientTestCase):
"""Verify API calls to create cert and identity on backend""" """Verify API calls to create cert and identity on backend"""
# verify API call to import cert on backend # verify API call to import cert on backend
base_uri = 'https://1.2.3.4/api/v1/trust-management' base_uri = 'https://1.2.3.4/api/v1/trust-management'
uri = base_uri + '/certificates?action=import' # verify API call to create identity with cert on backend
expected_body = {'pem_encoded': cert_pem} uri = base_uri + '/principal-identities/with-certificate'
test_client.assert_json_call('post', mocked_trust.client, uri,
single_call=False,
data=jsonutils.dumps(expected_body))
# verify API call to bind cert to identity on backend
uri = base_uri + '/principal-identities'
expected_body = {'name': self.identity, expected_body = {'name': self.identity,
'certificate_pem': cert_pem,
'node_id': self.node_id, 'node_id': self.node_id,
'permission_group': 'read_write_api_users', 'role': 'enterprise_admin',
'certificate_id': self.cert_id,
'is_protected': True} 'is_protected': True}
test_client.assert_json_call('post', mocked_trust.client, uri, test_client.assert_json_call('post', mocked_trust.client, uri,
single_call=False, single_call=False,

5
vmware_nsxlib/v3/client_cert.py
View File

@ -334,9 +334,8 @@ class ClientCertificateManager(object):
def _register_cert(self, cert, node_id): def _register_cert(self, cert, node_id):
cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
self._nsx_trust_management.create_cert_and_identity(self._identity, self._nsx_trust_management.create_identity_with_cert(
cert_pem, self._identity, cert_pem, node_id, 'enterprise_admin')
node_id)
class ClientCertProvider(object): class ClientCertProvider(object):

3
vmware_nsxlib/v3/trust_management.py
View File

@ -84,7 +84,7 @@ class NsxLibTrustManagement(utils.NsxLibApiBase):
arg_val=permission_group, arg_val=permission_group,
arg_name='permission_group') arg_name='permission_group')
body = {'name': name, 'certificate_id': cert_id, body = {'name': name, 'certificate_id': cert_id,
'node_id': node_id, 'permission_group': permission_group, 'node_id': node_id, 'role': permission_group,
'is_protected': True} 'is_protected': True}
self.client.create(ID_SECTION, body) self.client.create(ID_SECTION, body)
@ -101,7 +101,6 @@ class NsxLibTrustManagement(utils.NsxLibApiBase):
if not isinstance(cert_pem, str): if not isinstance(cert_pem, str):
cert_pem = cert_pem.decode('ascii') cert_pem = cert_pem.decode('ascii')
cert_ids = [cert['id'] for cert in certs cert_ids = [cert['id'] for cert in certs
if cert['pem_encoded'] == cert_pem] if cert['pem_encoded'] == cert_pem]
if not cert_ids: if not cert_ids: