From 9d90a33ecd2241535eea8083d09662ff3fbd9048 Mon Sep 17 00:00:00 2001
From: Anna Khmelnitsky <akhmelnitsky@vmware.com>
Date: Tue, 3 Jul 2018 15:49:33 -0700
Subject: [PATCH] NSXAdminV3: Add message on client cert generation

When certificate is generated with nsxadmin, alert the user to
restart neutron service, but only in case no previous certificate
existed.
If previous certificate was functional, neutron server will pick
up certificate change on next request automatically.

Change-Id: I79b390b32b570afdcf40b3cdd522566bca76027e
---
 .../shell/admin/plugins/nsxv3/resources/certificates.py    | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/certificates.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/certificates.py
index c30e000daa..84fa21a56b 100644
--- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/certificates.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/certificates.py
@@ -113,11 +113,13 @@ def generate_cert(resource, event, trigger, **kwargs):
     subject[client_cert.CERT_SUBJECT_UNIT] = properties.get('org')
     subject[client_cert.CERT_SUBJECT_HOST] = properties.get('host')
 
+    regenerate = False
     with get_certificate_manager(**kwargs) as cert:
         if cert.exists():
             LOG.info("Deleting existing certificate")
             # Need to delete cert first
             cert.delete()
+            regenerate = True
 
         try:
             cert.generate(subject, key_size, valid_for_days, signature_alg)
@@ -126,6 +128,11 @@ def generate_cert(resource, event, trigger, **kwargs):
             return
 
     LOG.info("Client certificate generated successfully")
+    if not regenerate:
+        # No certificate existed, so client authentication service was likely
+        # changed to true just now. The user must restart neutron to avoid
+        # failures.
+        LOG.info("Please restart neutron service")
 
 
 @admin_utils.output_header