From 5fb0084192882a6ee7ee1ee34c0f6fe8267e980d Mon Sep 17 00:00:00 2001
From: Anna Khmelnitsky <akhmelnitsky@vmware.com>
Date: Wed, 14 Oct 2020 12:10:37 -0700
Subject: [PATCH] Avoid invoking session/create API with client cert

This fails on NSX since the API is only supported with basic auth.

Change-Id: I4043836d9b0d96ec659f33cef19ec31b73747667
---
 vmware_nsxlib/v3/cluster.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/vmware_nsxlib/v3/cluster.py b/vmware_nsxlib/v3/cluster.py
index 13339838..63ddfa3a 100644
--- a/vmware_nsxlib/v3/cluster.py
+++ b/vmware_nsxlib/v3/cluster.py
@@ -243,6 +243,12 @@ class NSXRequestsHTTPProvider(AbstractHTTPProvider):
         # Add allow-overwrite if configured
         if allow_overwrite_header:
             session.default_headers['X-Allow-Overwrite'] = 'true'
+
+        if session.cert_provider:
+            # Session create will fail with cert provider
+            LOG.debug("Skipping session create with client certificate auth")
+            return
+
         # Perform the initial session create and get the relevant jsessionid &
         # X-XSRF-TOKEN for future requests
         req_data = ''
@@ -260,7 +266,7 @@ class NSXRequestsHTTPProvider(AbstractHTTPProvider):
                 LOG.error("Session create failed for endpoint %s due to "
                           "error in retrieving JSON Web Token: %s",
                           provider.url, e)
-        elif not session.cert_provider:
+        else:
             # With client certificate authentication, username and password
             # may not be provided.
             # If provided, backend treats these credentials as authentication