Merge "NSX PI: Do not use deprecated API when registering identity"

This commit is contained in:
Zuul 2021-08-02 15:32:59 +00:00 committed by Gerrit Code Review
commit ca644652cc
3 changed files with 8 additions and 20 deletions

View File

@ -72,13 +72,9 @@ class NsxV3ClientCertificateTestCase(nsxlib_testcase.NsxClientTestCase):
'error_message': 'bad luck'}))
def _get_mocked_trust(self, action, cert_pem):
fake_responses = []
if 'create' in action:
# import cert and return its id
results = [{'id': self.cert_id}]
fake_responses.append(self._get_mocked_response(201, results))
# and then bind this id to principal identity
# Create principal identity with cert
fake_responses.append(self._get_mocked_response(201, []))
if 'delete' in action:
@ -119,18 +115,12 @@ class NsxV3ClientCertificateTestCase(nsxlib_testcase.NsxClientTestCase):
"""Verify API calls to create cert and identity on backend"""
# verify API call to import cert on backend
base_uri = 'https://1.2.3.4/api/v1/trust-management'
uri = base_uri + '/certificates?action=import'
expected_body = {'pem_encoded': cert_pem}
test_client.assert_json_call('post', mocked_trust.client, uri,
single_call=False,
data=jsonutils.dumps(expected_body))
# verify API call to bind cert to identity on backend
uri = base_uri + '/principal-identities'
# verify API call to create identity with cert on backend
uri = base_uri + '/principal-identities/with-certificate'
expected_body = {'name': self.identity,
'certificate_pem': cert_pem,
'node_id': self.node_id,
'permission_group': 'read_write_api_users',
'certificate_id': self.cert_id,
'role': 'enterprise_admin',
'is_protected': True}
test_client.assert_json_call('post', mocked_trust.client, uri,
single_call=False,

View File

@ -334,9 +334,8 @@ class ClientCertificateManager(object):
def _register_cert(self, cert, node_id):
cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
self._nsx_trust_management.create_cert_and_identity(self._identity,
cert_pem,
node_id)
self._nsx_trust_management.create_identity_with_cert(
self._identity, cert_pem, node_id, 'enterprise_admin')
class ClientCertProvider(object):

View File

@ -84,7 +84,7 @@ class NsxLibTrustManagement(utils.NsxLibApiBase):
arg_val=permission_group,
arg_name='permission_group')
body = {'name': name, 'certificate_id': cert_id,
'node_id': node_id, 'permission_group': permission_group,
'node_id': node_id, 'role': permission_group,
'is_protected': True}
self.client.create(ID_SECTION, body)
@ -101,7 +101,6 @@ class NsxLibTrustManagement(utils.NsxLibApiBase):
if not isinstance(cert_pem, str):
cert_pem = cert_pem.decode('ascii')
cert_ids = [cert['id'] for cert in certs
if cert['pem_encoded'] == cert_pem]
if not cert_ids: