MP2P migration: migrate certificates used by md proxies

Change-Id: I716c56e6a5c2325671b4fe978ed92c567ab1fdc1
2020-08-03 11:15:30 +02:00 · 2020-08-03 11:15:30 +02:00 · 6fb7f64425
parent 9895c39488
commit 6fb7f64425
1 changed files with 19 additions and 0 deletions
--- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py
@ -581,6 +581,25 @@ def migrate_md_proxies(nsxlib, nsxpolicy, plugin):
            if mdproxy_id not in neutron_md:
                neutron_md.append(port['attachment'].get('id'))

+    # make sure to migrate all certificates used by those MD proxies
+    certificates = []
+    for md_id in neutron_md:
+        md_resource = nsxlib.native_md_proxy.get(md_id)
+        certificates.extend(md_resource.get('metadata_server_ca_ids', []))
+
+    if certificates:
+        def cert_cond(resource):
+            return resource.get('id') in certificates
+
+        entries = get_resource_migration_data(
+            nsxlib.trust_management, None,
+            'CERTIFICATE',
+            resource_condition=cert_cond,
+            policy_resource_get=nsxpolicy.certificate.get)
+        migrate_resource(nsxlib, 'CERTIFICATE', entries,
+                         MIGRATE_LIMIT_CERT)
+
+    # Now migrate the MD proxies
    def cond(resource):
        return resource.get('id') in neutron_md