From 6fb7f644255c84fb827201d55bbd9b9466a3b5d5 Mon Sep 17 00:00:00 2001
From: asarfaty <asarfaty@vmware.com>
Date: Mon, 3 Aug 2020 11:15:30 +0200
Subject: [PATCH] MP2P migration: migrate certificates used by md proxies

Change-Id: I716c56e6a5c2325671b4fe978ed92c567ab1fdc1
---
 .../plugins/nsxv3/resources/migration.py      | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py
index be8de352b9..884f6effa2 100644
--- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/migration.py
@@ -581,6 +581,25 @@ def migrate_md_proxies(nsxlib, nsxpolicy, plugin):
             if mdproxy_id not in neutron_md:
                 neutron_md.append(port['attachment'].get('id'))
 
+    # make sure to migrate all certificates used by those MD proxies
+    certificates = []
+    for md_id in neutron_md:
+        md_resource = nsxlib.native_md_proxy.get(md_id)
+        certificates.extend(md_resource.get('metadata_server_ca_ids', []))
+
+    if certificates:
+        def cert_cond(resource):
+            return resource.get('id') in certificates
+
+        entries = get_resource_migration_data(
+            nsxlib.trust_management, None,
+            'CERTIFICATE',
+            resource_condition=cert_cond,
+            policy_resource_get=nsxpolicy.certificate.get)
+        migrate_resource(nsxlib, 'CERTIFICATE', entries,
+                         MIGRATE_LIMIT_CERT)
+
+    # Now migrate the MD proxies
     def cond(resource):
         return resource.get('id') in neutron_md